Cyber Security Expo
 
Extensible Authentication Protocol (EAP) Security Issues by Samuel Sotillo on 09/03/08

The Extensible Authentication Protocol (EAP) is an Internet standard that provides an infrastructure for network access clients and authentication servers. It is described in the RFC 3748 [1].

EAP is not and does not specify any specific authentication mechanism. Instead, EAP procures a framework that provides some common functions and a negotiation of the desired authentication mechanism [2].

Originally, EAP was created as an extension to PPP that allows for the development of arbitrary plug-in modules for current and future authentication methods and technologies [3]. Today, EAP is most often used in wireless LANs [2]. Particularly, two wireless standards, WPA and WPA2, which have officially adopted several EAP methods as their main authentication mechanisms [2].

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.