Jump to content

Extensible Authentication Protocol

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Dewet (talk | contribs) at 20:09, 8 March 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Extensible Authentication Protocol, or EAP (pronounced "eep"), is an authentication mechanism for wireless networks. Combined with 802.1x, it attempts to solve the shortcomings of WEP.

EAP comes in a number of different implementations:

LEAP

Lightweight Extensible Authentication Protocol, or LEAP, is a proprietary implementation by Cisco Systems.

Cisco has since made efforts to entrench the protocol by approaching other vendors to enable them to produce LEAP-compliant products. The protocol is therefore relatively well-supported in all major operating systems and offers a convenient solution; however, it is vulnerable to man-in-the-middle attacks.

EAP-TLS

EAP-TLS is an IETF open standard, and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered the successor of the SSL standard. It uses PKI to secure communication to the RADIUS authentication server, and this fact may make it seem like a daunting task to set up. So even though EAP-TLS provides excellent security, the overhead of client-side certificates may be its Achilles heel.

Microsoft is a staunch backer of this protocol, and has already included native support for EAP-TLS in Windows XP, and announced updates for Windows 2000, NT, 98 and Mobile to allow wide-spread support. Because of it being a propietary protocol, vendor support is somewhat lacking for the Cisco LEAP protocol, and they have subsequently started offering support for EAP-TLS as a fallback in their products.

EAP-MD5

EAP-MD5 is another IETF open standard, but offers minimal security. The MD5 cipher is vulnerable to dictionary attacks, and as used in EAP does not support dynamic WEP.

EAP-TTLS

EAP-TTLS was designed by Funk Software, and is currently an IETF draft open standard. It is widely supported across platforms, and offers very good security, using PKI certificates only on the authentication server.

PEAP

PEAP is a joint proposal by Cisco Systems, Microsoft and RSA as an open standard. It is already widely available in products, and provides very good security. It is similar in design to EAP-TTLS, requiring only a server-side PKI certificate, but extending encryption to password transmission, lessening the problems brought by dictionary attacks.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Extensible_Authentication_Protocol&oldid=11025976"