David Q. Liu
ABSTRACT
In this paper, the challenges involved in authentication over wireless networks including wireless LANs, IEEE 802.11, and WIMAX, IEEE 802.16 are described. Both IEEE 802.11i and 802.16e support EAP (Extensible Authentication Protocol) for authentication, but do not specify the EAP method required for authentication. This paper examines four different categories of EAP methods: legacy methods such as EAP-MD5 and CHAP, certificate-based authentication methods such as EAP-TLS, EAP-TTLS, and PEAP; password-based authentication methods, such as EAP-LEAP and EAP-FAST; and strong password-based authentication methods such as EAP-SPEKE. The EAP methods are examined with respect to their vulnerabilities as well as their convenience of utilization. The legacy methods do not meet the criteria established by RFC 4017 to be used for wireless communication. The conclusion is that although certificate-based authentication methods such as EAP-TLS which is specifically mentioned in 802.16e have the strongest security, these methods are not very convenient to use. Password-based authentication methods, on the other hand, are very convenient to use, but provide the least amount of security. The strong password-based authentication methods may be a good alternative to certificate-based authentication, providing a strong level of security while being convenient to use as well as providing authentication of the user as well as the device.
- Adoba, B., Blunk, L., Vollbrecht, J., Carlson, J. and Levkowetz, E. 2004. Extensible authentication protocol (EAP). RFC 3748.Google Scholar
- Simpson, W. 1996. PPP challenge handshake authentication protocol (CHAP). RFC 1994. Google ScholarDigital Library
- Zorn, G. and Cobb, S. 1998. Microsoft PPP CHAP extensions. RFC 2433. Google ScholarDigital Library
- Zorn, G. 2000. Microsoft PPP CHAP extensions, version 2. RFC 2759. Google ScholarDigital Library
- Gutmann, P. Everything you never wanted to know about pki but were force to find out. U. of AucklandGoogle Scholar
- Simon, D., Aboba, B., and Hurst, R. 2008. The EAP-TLS authentication protocol. RFC 2716. Google ScholarDigital Library
- Funk, P. and Blake-Wilson, S. 2008. EAP tunneled TLS authentication protocol version 0 (EAP-TLSv0). Internet-Draft.Google Scholar
- Kamath, V., Palekar, A, and Wodrich, M. 2002. Microsoft's PEAP version 0 (implementation in windows XP SP1). Internet-Draft.Google Scholar
- IETF. 2007. EAP methods for 802.11 wireless LAN security.Google Scholar
- Jones, D. 2003. Look before you LEAP. Unstrung.com October, 2003.Google Scholar
- Cam-Winget, N., Mcgrew, D., Salowey, J., Zhou, H. 2007. The flexible authentication via secure tunneling extensible authentication protocol method (EAP-FAST). RFC 4851.Google Scholar
- Stanley, D., Walker, J., and Aboba, B. 2005. Extensible authentication protocol (EAP) method requirements for wireless LANs. RFC 4017Google Scholar
Index Terms
- Extensible authentication protocols for IEEE standards 802.11 and 802.16
Recommendations
USIM-based EAP-TLS authentication protocol for wireless local area networks
Due to the rapid growth in popularity of Wireless Local Area Network (WLAN), wireless security has become one of many important research issues. For the WLAN security, the IEEE 802.1X standard provides an authentication framework that is based on the ...
Comments