Several authentication protocols were designed for network access control frameworks using EAP. The most used EAP methods (EAP-FAST [rfc4851], EAP-PEAPv0 [draft-kamath-pppext-peapv0], EAP-TLS [rfc2716], etc…) rely on TLS for its strong public-key cryptography. Only the EAP-TLS method requires that clients have public-key certificates. Other TLS-based methods create a TLS tunnel between the client device and the authentication server, then, use a second passowrd-based authentication method to validate the user's identity. The TLS tunnel only requires server side certificate and provides integrity and confidentiality for the inner method. This article is a ongoing effort to overview and compare the available EAP methods for wireless and wired network access control.

Moreover, the EAP-TLS is not very popular because it requires maintaining user certificates.

When EAP-TLS is used for controlling network access, a user can not use a machine for accessing the network unless it installs its public-key certificate in the machine.

Imagine a situation where a company has a pool of wireless devices that are shared amongst employees. The company may want to keep log of who used which device to connect to the network. With EAP-TLS, each employee has to install his/her certificate in the device each time it uses one. At the end of the day, once finished, he/she must remove the certificates because another user may use the device the next day.

Some shared secret EAP methods such as EAP-MSCHAPv2 and EAP-MD5 do not provide mutual authentication and do not generate keying materials necessary for establishing a security association at link layer between the network client and the NAS. For this reason, these EAP methods are only used in combination with TLS where a TLS tunnel is created between the network client and the AAA sever over EAP.

The IETF is undertaking the specification of a new password-based method, called EAP-GPSK (EAP Generalized Pre-Shared Key method). The goal is to design a Pre-Shared Key/password method that will provide security, convenience and maintainability in the same time.

The most used EAP methods are those that establish a TLS tunnel between the network client and the AAA server based on the AAA server's certificate. These methods require the maintenance of two kind of credentials for network access: certificates for serves, and shared secret credentials for clients.

Networks using EAP for access control and authentication most probably will use TLS-Encapsulated EAP methods or the future EAP-GPSK password-based EAP method. However, both these have shortcomings. The TLS-Encapsulated EAP methods require a PKI in addition to the users credential database (LDAP, Windows AD, etc..). Moreover, TLS-Encapsulated EAP Methods are computationally expensive due to the public-key cryptography upon which TLS is based. Moreover, handover performance issues arise especially for roaming clients [zrelli-AINTEC07]. TLS-Encapsulated methods generally provide fast re-authentication features based on TLS session resumption feature. However, initial authentications may requires large number of round-trips due to fragmentation especially in case of long certification chains that generate large size certificates. If the server's certificate has large size, fragmentation becomes necessary because of limited MTUs sizes (~1500 for 802.11b). For example, a certificate chain of 15000 octets in size would require ten round-trips for an MTU of 1500 octets. The EAP-GPSK on the other hand, does not provide re-authentication features. For roaming users, this may generate unacceptable delays because the EAP authentication requires several round-trips over the Internet. For roaming scenarios, small low-end devices, and low bandwidth networks, the actual EAP methods would generate large delays incompatible with real-time applications such as control systems, voice and multimedia.

Labels: wireless, security, performance