Wireless Local Area Network Security 154
Figure 7.8: Simplified EAP-TTLS message flow.
802.1X Supplicant
802.11 Station
802.11 Association
EAP Start
EAP Request Identity
EAP Response (Empty/Domain)
EAP Request-TTLS(TTLS Start) EAP Request-TTLS(TTLS Start)
EAP Response-TTLS (TTLSClient_hello) EAP Response-TTLS (TTLSClient_hello)
EAP TTLS with CHAP
Authentication Example
EAP Request(TTLS Server_Hello,TTLS Certificate,Server key exchange)
EAP Resp-TTLS (TTLSCert, Client key exch,cert ver,TTLS fin)
EAP Request-TTLS(changecipher spec)
EAP Response-TTLS (username,challenge,chap pwd )
EAP Request(TTLS Server_Hello,TTLS Certificate,Server key exchange)
EAP Resp-TTLS (TTLSCert, Client key exch,cert verify,TTLS fin)
EAP Request-TTLS(changecipher spec)
EAP Response-TTLS (username,challenge,chap pwd )
802.1X Authenticator
802.11 AP
TTLS, Authentication
Server (RADIUS)
EAP Response (Empty/Domain)
Access
Request
Access
Accept
EAP Request-TTLS
EAP Response-TTLS (no data ) EAP Response-TTLS ( )
EAP Success
EAPOL-Key (multi-cast/global key)
Generate Multi-cast Global Key
TTLS CHAP
EAP Success, Master Session Key
802.11 Authentication (Open System)
EAP Request-TTLS
7.
Pages:
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404