Extensible authentication protocols for IEEE standards 802.11 and 802.16
Mobility '08 Proceedings of the International Conference on Mobile Technology, Applications, and Systems
Place of Publication
New York, NY, USA
In this paper, the challenges involved in authentication over wireless networks including wireless LANs, IEEE 802.11, and WIMAX, IEEE 802.16 are described. Both IEEE 802.11i and 802.16e support EAP (Extensible Authentication Protocol) for authentication, but do not specify the EAP method required for authentication. This paper examines four different categories of EAP methods: legacy methods such as EAP-MD5 and CHAP, certificate-based authentication methods such as EAP-TLS, EAP-TTLS, and PEAP; password-based authentication methods, such as EAP-LEAP and EAP-FAST; and strong password-based authentication methods such as EAP-SPEKE. The EAP methods are examined with respect to their vulnerabilities as well as their convenience of utilization. The legacy methods do not meet the criteria established by RFC 4017 to be used for wireless communication. The conclusion is that although certificate-based authentication methods such as EAP-TLS which is specifically mentioned in 802.16e have the strongest security, these methods are not very convenient to use. Password-based authentication methods, on the other hand, are very convenient to use, but provide the least amount of security. The strong password-based authentication methods may be a good alternative to certificate-based authentication, providing a strong level of security while being convenient to use as well as providing authentication of the user as well as the device.
EAP, Extensible Authentication Protocol, IEEE 802.11, Wireless LAN, IEEE 802.16, WIMAX
OS and Networks
David Q. Liu and Mark Coslow (2008).
Extensible authentication protocols for IEEE standards 802.11 and 802.16. Mobility '08 Proceedings of the International Conference on Mobile Technology, Applications, and Systems. 285-292. New York, NY, USA: ACM.