This section gives a brief overview of the EAP-TLS [18],
EAP-MD5 [19], and EAP-TTLS [20] EAP methods, together with 802.11 authentication
(used with the EAP methods) and RADIUS MAC-based authentication.
Decrypted frame
FC Dur A1 A2 A3 A4 SC QC PC Data
AES_E(K) AES_E(K) AES_E(K) AES_E(K) AES_E(K)
0 padded
CBC-MAC
AES_E(K) AES_E(K)
FC Dur A1 A2 A3 A4 SC QC PC Data MIC
Pl(2) Pl(1)
Counter preload
Received
encrypted frame
IV
AES_E(K)
MIC
check
FCS
Flag Nonce Dlen
Flag Nonce Cnt
Hlen
AES_E(K)
Pl(C)
AES_E(K)
Pl(0)
Figure 7.5: CCMP Decapsulation.
Digital certificates and shared secrets (passwords) are common credentials used to
authenticate an end user or device. A standard, common certificate-based authentication
method is EAP-TLS. Multiple EAP methods have been defined, and each authentication
method has advantages and disadvantages [21]. The needs of individual deployments may
require use of a method supporting a specific type of user credential. IEEE 802.11 EAP
method requirements are defined in [22].
The benefit of the using EAP for authentication is that additional EAP types can be
easily defined and added to a system.
Pages:
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398