论文信息 - Extensible authentication protocols for IEEE standards 802.11 and 802.16

Extensible authentication protocols for IEEE standards 802.11 and 802.16

In this paper, the challenges involved in authentication over wireless networks including wireless LANs, IEEE 802.11, and WIMAX, IEEE 802.16 are described. Both IEEE 802.11i and 802.16e support EAP (Extensible Authentication Protocol) for authentication, but do not specify the EAP method required for authentication. This paper examines four different categories of EAP methods: legacy methods such as EAP-MD5 and CHAP, certificate-based authentication methods such as EAP-TLS, EAP-TTLS, and PEAP; password-based authentication methods, such as EAP-LEAP and EAP-FAST; and strong password-based authentication methods such as EAP-SPEKE. The EAP methods are examined with respect to their vulnerabilities as well as their convenience of utilization. The legacy methods do not meet the criteria established by RFC 4017 to be used for wireless communication. The conclusion is that although certificate-based authentication methods such as EAP-TLS which is specifically mentioned in 802.16e have the strongest security, these methods are not very convenient to use. Password-based authentication methods, on the other hand, are very convenient to use, but provide the least amount of security. The strong password-based authentication methods may be a good alternative to certificate-based authentication, providing a strong level of security while being convenient to use as well as providing authentication of the user as well as the device.

David Q. Liu | Mark Coslow

[1] Paula A. Jarzemsky,et al. Look Before You Leap: Lessons Learned When Introducing Clinical Simulation , 2008, Nurse educator.

[2] William Allen Simpson,et al. PPP Challenge Handshake Authentication Protocol (CHAP) , 1996, RFC.

[3] Glen Zorn,et al. Microsoft PPP CHAP Extensions, Version 2 , 2000, RFC.

[4] Simon Blake-Wilson,et al. EAP Tunneled TLS Authentication Protocol Version 1 (EAP-TTLSv1) , 2006 .

[5] Dan Simon,et al. PPP EAP TLS Authentication Protocol , 1999, RFC.

[6] L. Groban,et al. Look before you leap. , 2000, Anesthesia and analgesia.

[7] Peter Gutmann,et al. Everything you Never Wanted to Know about PKI but were Forced to Find Out , 2002 .

[8] Ashwin Palekar,et al. Microsoft's PEAP version 0 (Implementation in Windows XP SP1) , 2002 .

[9] Bernard Aboba,et al. Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs , 2005, RFC.

[10] Bernard Aboba,et al. Extensible Authentication Protocol (EAP) , 2004, RFC.

[11] Dan Simon,et al. The EAP-TLS Authentication Protocol , 2008, RFC.

[12] Larry J. Blunk,et al. PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[13] Hao Zhou,et al. The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST) , 2007, RFC.