International Engineering Consortium
Web ProForums
Home / On-Line Education / Web ProForums
EAP Methods for 802.11 Wireless LAN Security

Table of Contents:
Definition and Overview
1. Introduction
2. Requirements for Wireless Authentication
3. Certificate based Authentication methods
4. Password Authentication Methods
5. Conclusion
6. Appendix A
Self-Test
Glossary
Download PDFPDF of this tutorial
5. Conclusion
Securing your wireless network provides tremendous cost savings, productivity benefits, and a competitive market advantage. It’s not a question of whether enterprises will require wireless network security, but when. Choosing the highest level of security available is a good investment, because security breaches can be a significant expense. Most attacks go unnoticed, and enterprises can be vulnerable to damages. Security breaches such as stolen information, corrupt data, and network downtime can be expensive. They can also result in consequential damages, such as those resulting from increasing a competitor’s position or market share at the expense of your future revenues and profitability. The cost can be both significant and recurring.

In table 1, we compare several families of EAP methods we have considered in this tutorial: legacy, certificate, password, and strong password. For an explanation of the requirements and features found in the left hand column, see Section 2. As shown in the table, older EAP methods such as EAP-MD5 are not suitable for wireless authentication because they do not meet all the requirements.

Both the certificate-based methods and the strong password methods meet the basic requirements and may be used on wireless networks. Certificate-based methods possess some special properties that may be valuable in some environments, such as the ability to protect and augment legacy methods that may already be in use. However, the password method is much easier to set up and administer.

The SPEKE method fits especially well into environments where certificates are not practical; such as for SOHO users and public hot spots. SOHO users will find SPEKE is easy to implement and low cost. Carriers and service providers will find SPEKE very flexible, since it is not proprietary to specific infrastructures. SPEKE can be implemented easily into SOHO and hot spot environments where client distribution can be controlled and managed, because clients can be downloaded from a website or provided on an installation CD with the access points.

Note: Readers who are interested in the technical aspects of EAP-SPEKE should read APPENDIX A.

  Legacy EAP Methods (EAP-MD5) Certificate (TLS, TTLS, PEAP) Password (LEAP) Strong Password (SPEKE, etc.)
Must Haves
Mutual No Yes Yes Yes
Self Protecting Yes Yes Yes Yes
Immune to dictionary attacks Only with long, randomly generated passwords Yes No Yes
Produces session keys No Yes Yes Yes
Credential Security None Strong Weak Strong
Should Haves
Authenticates User Not with long, randomly generated passwords Not if cert is stored on disk Yes Yes
Foreward Secrecy N/A Not with commonly used cipher suites Yes Yes
Quick and efficient Yes No Yes Yes
Low maintenance cost Yes No Yes Yes
Convenient for users Yes Only if cert is stored on disk Yes Yes
Broad AP Support Yes Yes No Yes
May Haves
Augments legacy N/A Yes No No
Fast Reauthentication No, must go to home domain Yes No No, must go to home domain

Table 1 - Comparison of EAP Methods

6. Appendix A>>

Copyright © 2007 International Engineering Consortium
Terms of Use | Privacy Statement | Site Map
Registered Users
Enjoy exclusive access to free On-Line Education and receive the biweekly IEC newsletter.
IEC Newsletter
Get the latest industry information including critical insights from key industry leaders, technology briefings, and an Analyst Corner.
Current
Subscribe
Newsroom
IEC News
June 04, 2008
Top Broadband Innovations in Asia-Pacific Recognized with IEC Announcement of 2008 InfoVision Finalists
April 30, 2008
IEC and Convergence World Magazine Announce Top NGN Innovators at SOFNET 08 in London
April 22, 2008
Excellence, Innovation and Leadership Recognized as IEC and Convergence World Announce 2008 Awards Finalists
IEC on Radio
IEC on radio Tele-Semana, commentary on NXTComm 2007 and future IEC programming.
IEC on TV
CCTV Highlights Broadband World Forum Asia 2007
BBWF Asia Comes to China

View all Press Releases
On-line Press Kit
IEC Corporate Member
Advertising Kit
Overview
IEC.org Web Banner Ads
Event Web Banner Ads
E-Newsletters
Exhibit Preview
TecPreview