Title: Selection of an EAP authentication method for a WLAN

Authors: Khidir M. Ali, Thomas J. Owens

Addresses: ECE, School of Engineering and Design, Brunel University, Uxbridge, Middlesex UB8 3PH, UK. ' ECE, School of Engineering and Design, Brunel University, Uxbridge, Middlesex UB8 3PH, UK

Abstract: IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the question of how to select the authentication method that suits an organisation|s requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples.

Keywords: extensible authentication protocol; IEEE 802.1X; information security; computer security; lightweight EAP; LEAP; message digest 5; protected EAP; public key infrastructure; Remote Access Dial In User Services; RADIUS; transport layer security; tunnelled transport layer security; WLANs; wireless LANs; wireless networks.

DOI: 10.1504/IJICS.2007.012251

International Journal of Information and Computer Security, 2007 Vol.1 No.1/2, pp.210 - 233

Published online: 31 Jan 2007 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article