Extensible Authentication Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:13, 3 November 2021 edit Davidburgess (talk \| contribs) 26 edits m →Lightweight Extensible Authentication Protocol (LEAP) ← Previous edit		Latest revision as of 12:02, 4 August 2025 edit undo Mad Jim Bey (talk \| contribs) Extended confirmed users 2,690 edits Reverting edit(s) by 2A01:5EC0:B802:6196:B94B:9B56:F7D7:F8AF (talk) to rev. 1288312694 by Eveninglatte: Disruptive editing (RW 16.1) Tags: RW Undo
(28 intermediate revisions by 17 users not shown)
Line 1: {{Short description\|Authentication protocol for the point-to-point protocol}} '''Extensible Authentication Protocol''' ('''EAP''') is an authentication framework frequently used in network and internet connections. It is defined in <nowiki>RFC 3748</nowiki>, which made <nowiki>RFC 2284</nowiki> obsolete, and is updated by <nowiki>RFC 5247</nowiki>. '''Extensible Authentication Protocol''' ('''EAP''') is an authentication framework frequently used in network and internet connections. It is defined in {{IETF RFC\|3748}}, which made {{IETF RFC\|2284}} obsolete, and is updated by {{IETF RFC\|5247}}. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a [[wire protocol]]; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages. EAP is in wide use. For example, in [[IEEE 802.11]] (~~WiFi~~Wi-Fi) the WPA and WPA2 standards have adopted IEEE 802.1X (with various EAP types) as the canonical authentication mechanism. ==Methods== EAP is an authentication framework, not a specific authentication mechanism.<ref name="rfc3748_sec1">~~RFC~~{{cite IETF\|rfc=3748,\|title=Extensible §Authentication Protocol (EAP)\|section=1\|sectionname=Introduction}}</ref> It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined. Methods defined in [[IETF]] RFCs include EAP-MD5, EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA, and EAP-AKA'. Additionally, a number of vendor-specific methods and new proposals exist. Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, [[Lightweight Extensible Authentication Protocol\|LEAP]] and EAP-TTLS. Requirements for EAP methods used in wireless LAN authentication are described in ~~RFC~~{{IETF RFC\|4017}}. The list of type and packets codes used in EAP is available from the IANA EAP Registry.<ref>{{Cite web\|title=Extensible Authentication Protocol (EAP) Registry\|url=https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml\|access-date=2021-06-01\|website=www.iana.org}}</ref> The standard also describes the conditions under which the AAA key management requirements described in ~~RFC~~{{IETF RFC\|4962}} can be satisfied. ===Lightweight Extensible Authentication Protocol (LEAP)=== Line 17 ⟶ 18: ==={{anchor\|EAP-TLS}}EAP Transport Layer Security (EAP-TLS)=== EAP Transport Layer Security (EAP-TLS), defined in ~~RFC~~{{IETF RFC\|5216}}, is an IETF [[open standard]] that uses the [[Transport Layer Security]] (TLS) protocol, and is well-supported among wireless vendors. EAP-TLS is the original, standard wireless LAN EAP authentication protocol. EAP-TLS is still considered one of the most secure EAP standards available, although TLS provides strong security only as long as the user understands potential warnings about false credentials, and is universally supported by all manufacturers of wireless LAN hardware and software. Until April 2005, EAP-TLS was the only EAP type vendors needed to certify for a WPA or WPA2 logo.<ref>{{cite web\|title=Understanding the updated WPA and WPA2 standards\|url=http://blogs.techrepublic.com.com/Ou/?p=67\|publisher=techrepublic.com\|access-date=2008-02-17}}</ref> There are client and server implementations of EAP-TLS in 3Com, Apple, [[Avaya]], Brocade Communications, Cisco, Enterasys Networks, Fortinet, Foundry, Hirschmann, HP, Juniper, Microsoft, and open source operating systems. EAP-<span lang="Vi" dir="ltr">TLS</span> is natively supported in Mac OS X 10.3 and above, [[wpa_supplicant]], Windows 2000 SP4, Windows XP and above, Windows Mobile 2003 and above, Windows CE 4.2, and Apple's iOS mobile operating system. Unlike most TLS implementations of [[HTTPS]], such as on the [[World Wide Web]], the majority of implementations of EAP-TLS require mutual authentication using client-side [[X.509]] certificates without giving the option to disable the requirement, even though the standard does not mandate their use.<ref name="opensecurewireless"/><ref name="rfc5216s211"/> Some have identified this as having the potential to dramatically reduce adoption of EAP-TLS and prevent "open" but encrypted access points.<ref name="opensecurewireless">{{cite web\|title=Open Secure Wireless \|first=Christopher \|last=Byrd \|date=5 May 2010 \|url=http://riosec.com/files/Open-Secure-Wireless.pdf \|access-date=2013-08-14 \|url-status=dead \|archive-url=https://web.archive.org/web/20131212085700/http://riosec.com/files/Open-Secure-Wireless.pdf \|archive-date=12 December 2013 }}</ref><ref name="rfc5216s211">{{~~citation~~Cite IETF\|rfc=5216\|title=~~RFC 5216:~~ The EAP-TLS Authentication Protocol\|date=March 2008~~\|publisher=[[Internet Engineering Task Force]]~~\|quote=The certificate_request message is included when the server desires the peer to authenticate itself via public key. While the EAP server SHOULD require peer authentication, this is not mandatory, since there are circumstances in which peer authentication will not be needed (e.g., emergency services, as described in [UNAUTH]), or where the peer will authenticate via some other means.}}</ref> On 22 August 2012 [[hostapd]] (and wpa_supplicant) added support in its [[Git (software)\|Git]] repository for an UNAUTH-TLS vendor-specific EAP type (using the hostapd/wpa_supplicant project ~~RFC~~{{IETF RFC\|5612}} Private Enterprise Number),<ref>{{cite web \| title= Add UNAUTH-TLS vendor specific EAP type \| work= [[hostapd]] \| access-date= 2013-08-14 \| url= http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commit;h=065d2895b4693e8c923580dbfa31123297c8bb7d \| url-status= dead \| archive-url= https://archive.today/20130213070147/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commit;h=065d2895b4693e8c923580dbfa31123297c8bb7d \| archive-date= 2013-02-13 }}</ref> and on 25 February 2014 added support for the WFA-UNAUTH-TLS vendor-specific EAP type (using the [[Wi-Fi Alliance]] Private Enterprise Number),<ref>{{cite web \| title= HS 2.0R2: Add WFA server-only EAP-TLS peer method \| work= [[hostapd]] \| access-date= 2014-05-06 \| url= http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=8e5fdfabf69a7692d1a0d04f00fa103e9ff72010 \| url-status= dead \| archive-url= https://archive.today/20140930045346/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=8e5fdfabf69a7692d1a0d04f00fa103e9ff72010 \| archive-date= 2014-09-30 }}</ref><ref>{{cite web \| title= HS 2.0R2: Add WFA server-only EAP-TLS server method \| work= [[hostapd]] \| access-date= 2014-05-06 \| url= http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=b61e70c4f37837baf17956817f8d80a586f75770 \| url-status= dead \| archive-url= https://archive.today/20140930045348/http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=b61e70c4f37837baf17956817f8d80a586f75770 \| archive-date= 2014-09-30 }}</ref> which only do server authentication. This would allow for situations much like HTTPS, where a wireless hotspot allows free access and does not authenticate station clients but station clients wish to use encryption ([[IEEE 802.11i-2004]] i.e. [[WPA2]]) and potentially authenticate the wireless hotspot. There have also been proposals to use [[IEEE 802.11u]] for access points to signal that they allow EAP-TLS using only server-side authentication, using the standard EAP-TLS IETF type instead of a vendor-specific EAP type.<ref>{{cite web\|title=Open Secure Wireless 2.0 \|first=Christopher \|last=Byrd \|date=1 November 2011 \|url=http://riosec.com/open-secure-wireless-2.0 \|access-date=2013-08-14 \|url-status=dead \|archive-url=https://web.archive.org/web/20131126183610/http://riosec.com/open-secure-wireless-2.0 \|archive-date=26 November 2013 }}</ref> The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. With a client-side certificate, a compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side certificate; indeed, a password is not even needed, as it is only used to encrypt the client-side certificate for storage. The highest security available is when the "private keys" of client-side certificate are housed in [[smart card]]s.<ref>{{cite book\|url=https://books.google.com/books?id=5x7iLC7fKIAC&pg=PA244\|title=Microsoft Exchange Server 2003 Unleashed\|author=Rand Morimoto \|author2=Kenton Gardinier \|author3=Michael Noel \|author4=Joe Coca\|year=2003\|publisher=Sams\|isbn=978-0-672-32581-6\|page=244}}</ref> This is because there is no way to steal a client-side certificate's corresponding private key from a smart card without stealing the card itself. It is more likely that the physical theft of a smart card would be noticed (and the smart card immediately revoked) than a (typical) password theft would be noticed. In addition, the private key on a smart card is typically encrypted using a PIN that only the owner of the smart card knows, minimizing its utility for a thief even before the card has been reported stolen and revoked. ===EAP-MD5=== EAP-MD5 was the only IETF Standards Track based EAP method when it was first defined in the original RFC for EAP, ~~RFC~~{{IETF RFC\|2284}}. It offers minimal security; the [[MD5]] [[hash function]] is vulnerable to [[dictionary attack]]s, and does not support key generation, which makes it unsuitable for use with dynamic WEP, or WPA/WPA2 enterprise. EAP-MD5 differs from other EAP methods in that it only provides authentication of the EAP peer to the EAP server but not mutual authentication. By not providing EAP server authentication, this EAP method is vulnerable to man-in-the-middle attacks.<ref>{{cite web\|title = Alternative Encryption Schemes: Targeting the weaknesses in static WEP\|url=https://arstechnica.com/articles/paedia/security.ars/4\|website = Ars Technica \| access-date = 2008-02-17}}</ref> EAP-MD5 support was first included in [[Windows 2000]] and deprecated in [[Windows Vista]].<ref>{{citation \| chapter-url = http://support.microsoft.com/kb/922574 \| publisher = Microsoft \| title = Knowledge Base \| chapter = 922574}}</ref> ===EAP Protected One-Time Password (EAP-POTP)=== EAP Protected One-Time Password (EAP-POTP), which is described in ~~RFC~~{{IETF RFC\|4793}}, is an EAP method developed by RSA Laboratories that uses one-time password (OTP) tokens, such as a handheld hardware device or a hardware or software module running on a personal computer, to generate authentication keys. EAP-POTP can be used to provide unilateral or mutual authentication and key material in protocols that use EAP. The EAP-POTP method provides two-factor user authentication, meaning that a user needs both physical access to a token and knowledge of a [[personal identification number]] (PIN) to perform authentication.<ref>{{cite web\|url=http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/sw-sbrc-admin/html/EAP-027.html \|title=EAP-POTP Authentication Protocol \|publisher=Juniper.net \|access-date=2014-04-17}}</ref> ===EAP Pre-Shared Key (EAP-PSK)=== <ref name="rfc3748_sec1" /> EAP Pre-shared key (EAP-PSK), defined in ~~RFC~~{{IETF RFC\|4764}}, is an EAP method for mutual authentication and session key derivation using a [[pre-shared key]] (PSK). It provides a protected communication channel, when mutual authentication is successful, for both parties to communicate and is designed for authentication over insecure networks such as IEEE 802.11. EAP-PSK is documented in an experimental RFC that provides a lightweight and extensible EAP method that does not require any public-key cryptography. The EAP method protocol exchange is done in a minimum of four messages. ===EAP Password (EAP-PWD)=== EAP Password (EAP-PWD), defined in ~~RFC~~{{IETF RFC\|5931}}, is an EAP method which uses a shared password for authentication. The password may be a low-entropy one and may be drawn from some set of possible passwords, like a dictionary, which is available to an attacker. The underlying key exchange is resistant to active attack, passive attack, and dictionary attack. EAP-PWD is in the base of Android 4.0 (ICS),. itIt is in FreeRADIUS <ref>[http://code.metager.de/source/xref/freeradius/server/src/modules/rlm_eap/types/ FreeRADIUS EAP module rlm_eap_pwd]</ref> and Radiator <ref>[{{cite mailing list\|url=http://www.open.com.au/pipermail/radiator-announce/2012-June/000018.html \|title=Added support for EAP-PWD per RFC 5931]\|first=Mike\|last=McCauley\|mailing-list=radiator-announce}}</ref> RADIUS servers, and it is in hostapd and wpa_supplicant.<ref>[http://community.arubanetworks.com/t5/Technology-Blog/Secure-authentication-with-only-a-password/ba-p/36524 Secure-authentication with only a password]</ref> {{anchor\|EAP-TTLS}} ===EAP Tunneled Transport Layer Security (EAP-TTLS)=== {{Redirect\|TTLS\|the children's song\|Twinkle, Twinkle, Little Star}} EAP Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends [[Transport Layer Security\|TLS]]. It was co-developed by [[Funk Software]] and [[Certicom]] and is widely supported across platforms. Microsoft did not incorporate native support for the EAP-TTLS protocol in [[Windows XP]], [[Windows Vista\|Vista]], or [[Windows 7\|7]]. Supporting TTLS on these platforms requires third-party Encryption Control Protocol (ECP) certified software. [[Microsoft Windows]] started EAP-TTLS support with [[Windows 8]],<ref>[https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11) Extensible Authentication Protocol (EAP) Settings for Network Access]</ref> support for EAP-TTLS<ref>{{cite web\|url=http://forums.wpcentral.com/windows-phone-8/200619-802-1x-eap-ttls-support.html \|title=802.1x / EAP TTLS support? – Windows Phone Central Forums \|publisher=Forums.wpcentral.com \|access-date=2014-04-17}}</ref> appeared in Windows Phone [[Windows Phone 8.1\|version 8.1]].<ref>{{cite web\|url=https://technet.microsoft.com/library/dn643706.aspx \|title=Enterprise Wi-Fi authentication (EAP) \|publisher=Microsoft.com \|access-date=2014-04-23}}</ref> Line 52 ⟶ 54: After the server is securely authenticated to the client via its CA certificate and optionally the client to the server, the server can then use the established secure connection ("tunnel") to authenticate the client. It can use an existing and widely deployed authentication protocol and infrastructure, incorporating legacy password mechanisms and authentication databases, while the secure tunnel provides protection from [[eavesdropping]] and [[man-in-the-middle attack]]. Note that the user's name is never transmitted in unencrypted clear text, improving privacy. Two distinct versions of EAP-TTLS exist: original EAP-TTLS (a.k.a. EAP-TTLSv0) and EAP-TTLSv1. EAP-TTLSv0 is described in ~~RFC~~{{IETF RFC\|5281}}, EAP-TTLSv1 is available as an Internet draft.<ref>~~[//tools.ietf.org/html/~~{{cite IETF\|draft=draft-funk-eap-ttls-v1-01\|title=EAP ~~TTLSv1~~Tunneled ~~Internet~~TLS ~~draft]~~Authentication Protocol Version 1 (EAP-TTLSv1)}}</ref> ===EAP Internet Key Exchange v. 2 (EAP-IKEv2)=== Line 60 ⟶ 62: ;Symmetric keys: High-entropy bit strings that are known to both the server and the peer. It is possible to use a different authentication [[credential]] (and thereby technique) in each direction. For example, the EAP server authenticates itself using public/private key pair and the EAP peer using symmetric key. ~~In particular~~However, not all of the ~~following~~nine theoretical combinations are expected toin bepractice. ~~used~~Specifically, inthe ~~practice~~standard {{IETF RFC\|5106}} lists four use cases: The server authenticating with an asymmetric key pair while the client uses any of the three methods; and that both sides use a symmetric key. EAP-IKEv2 is described in ~~RFC~~{{IETF RFC\|5106}}, and a [http://eap-ikev2.sourceforge.net prototype implementation] exists. ===EAP Flexible Authentication via Secure Tunneling (EAP-FAST)=== Flexible Authentication via Secure Tunneling (EAP-FAST; ~~RFC~~{{IETF RFC\|4851}}) is a protocol proposal by [[Cisco Systems]] as a replacement for [[Lightweight Extensible Authentication Protocol\|LEAP]].<ref>{{cite web\|title=Ultimate wireless security guide: A primer on Cisco EAP-FAST authentication\|url=http://articles.techrepublic.com.com/5100-1035-6148557.html\|archive-url=https://web.archive.org/web/20080324094115/http://articles.techrepublic.com.com/5100-1035-6148557.html\|url-status=dead\|archive-date=2008-03-24\|publisher=techrepublic.com\|access-date=2008-02-17}}</ref> The protocol was designed to address the weaknesses of LEAP while preserving the "lightweight" implementation. Use of server certificates is optional in EAP-FAST. EAP-FAST uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified. EAP-FAST has three phases:<ref>{{cite web\|url=http://www.ciscopress.com/articles/article.asp?p=369223&seqNum=5 \|title=EAP-FAST > EAP Authentication Protocols for WLANs \|publisher=Ciscopress.com \|access-date=2014-04-17}}</ref> Line 80 ⟶ 82: \|} When automatic PAC provisioning is enabled, EAP-FAST has a ~~slight~~ vulnerability where an attacker can intercept the PAC and use that to compromise user credentials. This vulnerability is mitigated by manual PAC provisioning or by using server certificates for the PAC provisioning phase. It is worth noting that the PAC file is issued on a per-user basis. This is a requirement in ~~RFC~~{{IETF RFC\|4851}} sec 7.4.4 so if a new user logs on the network from a device, a new PAC file must be provisioned first. This is one reason why it is difficult not to run EAP-FAST in insecure anonymous provisioning mode. The alternative is to use device passwords instead, but then the device is validated on the network not the user. EAP-FAST can be used without PAC files, falling back to normal TLS. EAP-FAST is natively supported in Apple OS X 10.4.8 and newer. [[Cisco]] supplies an EAP-FAST module<ref>[{{cite web\|url=http://www.cisco.com/en/US/docs/wireless/wlan_adapter/eap_types/fast/admin/guide/FAST_admin.html\|title=EAP-FAST ]for ~~{{webarchive~~Windows Vista Administrator Guide\|archive-url=https://web.archive.org/web/20090210002337/http://www.cisco.com/en/US/docs/wireless/wlan_adapter/eap_types/fast/admin/guide/FAST_admin.html \|archive-date=February 10, 2009 }}</ref> for [[Windows Vista]]<ref>[http://blogs.msdn.com/eapteam/archive/2008/10/17/how-do-i-install-cisco-eap-fast-on-my-computer.aspx How do I install CISCO EAP-FAST on my computer?]</ref> and later operating systems which have an extensible EAPHost architecture for new authentication methods and supplicants.<ref>[http://www.microsoft.com/technet/technetmag/issues/2007/05/CableGuy/default.aspx EAPHost in Windows]</ref> === Tunnel Extensible Authentication Protocol (TEAP) === Tunnel Extensible Authentication Protocol (TEAP; ~~RFC~~{{IETF RFC\|7170}}) is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV (Type-Length-Value) objects are used to convey authentication-related data between the EAP peer and the EAP server. In addition to peer authentication, TEAP allows the peer to ask the server for a certificate by sending a request in [[Certificate signing request\|PKCS#10]] format. After receiving the certificate request and authenticating the peer, the server can provision a certificate to the peer in ~~[rfc:2315~~ PKCS#7] format ({{IETF RFC\|2325}}). The server can also distribute trusted root certificates to the peer in ~~[rfc:2315~~ PKCS#7] format ({{IETF RFC\|2325}}). Both operations are enclosed into the corresponding TLVs and happen insecurely within the ~~secure way inside previously~~already established TLS tunnel. ===EAP Subscriber Identity Module (EAP-SIM)=== Line 102 ⟶ 104: The A3/A8 algorithms are being run a few times, with different 128 bit challenges, so there will be more 64 bit Kc-s which will be combined/mixed to create stronger keys (Kc-s won't be used directly). The lack of mutual authentication in GSM has also been overcome. EAP-SIM is described in ~~RFC~~{{IETF RFC\|4186}}. ===EAP Authentication and Key Agreement (EAP-AKA)=== Extensible Authentication Protocol Method for [[Universal Mobile Telecommunications System]] (UMTS) Authentication and Key Agreement (EAP-AKA), is an EAP mechanism for authentication and session key distribution using the UMTS Subscriber Identity Module ([[Universal Subscriber Identity Module\|USIM]]). EAP-AKA is defined in ~~RFC~~{{IETF RFC\|4187}}. ===EAP Authentication and Key Agreement [[prime (symbol)#Use in mathematics, statistics, and science\|prime]] (EAP-AKA')=== The EAP-AKA' variant of EAP-AKA, defined in ~~RFC~~{{IETF RFC\|5448}}, and is used for non-3GPP access to a [[3GPP]] core network. For example, via [[Evolution-Data Optimized\|EVDO]], [[WiFi]], or [[WiMax]]. ===EAP Generic Token Card (EAP-GTC)=== EAP Generic Token Card, or EAP-GTC, is an EAP method created by Cisco as an alternative to PEAPv0/EAP-MSCHAPv2 and defined in ~~RFC~~{{IETF RFC\|2284}} and ~~RFC~~{{IETF RFC\|3748}}. EAP-GTC carries a text challenge from the authentication server, and a reply generated by a [[security token]]. The PEAP-GTC authentication mechanism allows generic authentication to a number of databases such as [[Novell Directory Service]] (NDS) and [[Lightweight Directory Access Protocol]] (LDAP), as well as the use of a [[one-time password]]. ===EAP Encrypted Key Exchange (EAP-EKE)=== EAP with the [[encrypted key exchange]], or EAP-EKE, is one of the few EAP methods that provide secure mutual authentication using short passwords and no need for [[public key certificate]]s. It is a three-round exchange, based on the [[Diffie–Hellman key exchange\|Diffie-Hellman]] variant of the well-known EKE protocol. EAP-EKE is specified in ~~RFC~~{{IETF RFC\|6124}}. ==={{anchor\|EAP-NOOB}}Nimble out-of-band authentication for EAP (EAP-NOOB)=== Nimble out-of-band authentication for EAP<ref>{{cite ~~web~~IETF \| ~~url~~rfc = ~~https://tools.ietf.org/html/draft-ietf-emu-eap-noob~~9140 \| title = Nimble out-of-band authentication for EAP (EAP-NOOB) ~~Draft~~ \| first1 = Tuomas \| last1 = Aura \| first2 = Mohit \| last2 = Sethi \| ~~publisher~~first3 = ~~IETF~~A. ~~Trust~~\| last3 = Peltonen \| date = ~~2020-07-21~~December 2021}}</ref> (EAP-NOOB) is a ~~proposed (work in progress, not RFC)~~ generic bootstrapping solution for devices which have no pre-configured authentication credentials and which are not yet registered on any server. It is especially useful for Internet-of-Things (IoT) gadgets and toys that come with no information about any owner, network or server. Authentication for this EAP method is based on a user-assisted out-of-band (OOB) channel between the server and peer. EAP-NOOB supports many types of OOB channels such as QR codes, NFC tags, audio etc. and unlike other EAP methods, the protocol security has been verified by formal modeling of the specification with [[ProVerif]] and [[MCRL2]] tools.<ref>[https://github.com/tuomaura/eap-noob/tree/master/protocolmodel EAP-NOOB Model on GitHub]</ref> EAP-NOOB performs an Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) over the in-band EAP channel. The user then confirms this exchange by transferring the OOB message. Users can transfer the OOB message from the peer to the server, when for example, the device is a smart TV that can show a QR code. Alternatively, users can transfer the OOB message from the server to the peer, when for example, the device being bootstrapped is a camera that can only read a QR code. ==Encapsulation== EAP is not a wire protocol; instead it only defines message formats. Each protocol that uses EAP defines a way to [[Encapsulation (networking)\|encapsulate]] EAP messages within that protocol's messages.<ref>{{~~Cite~~cite book \| doi=10.1007/0-387-23483-7_189 \| chapter=HTTPS, Secure HTTPS \|~~work~~ title=~~SpringerReference~~Encyclopedia of Cryptography and Security \|~~publisher~~ date=~~Springer-Verlag~~2005 \|~~doi~~ last1=~~10.1007/springerreference_292~~Pedersen \|~~title~~ first1=~~Springer~~Torben ~~''Reference''~~\|~~year~~ pages=~~2011~~268–269 \| isbn=978-0-387-23473-1 }}</ref><ref>{{Citation\|last=Plumb, Michelle \|title=CAPPS : HTTPS Networking\|oclc=944514826}}</ref> ===IEEE 802.1X=== {{Main\|IEEE 802.1X}} The encapsulation of EAP over [[IEEE 802]] is defined in [[IEEE 802.1X]] and known as "EAP over LANs" or EAPOL.<ref>~~RFC~~{{cite IETF\|rfc=3748,\|title=Extensible §Authentication Protocol (EAP)\|section=3.3\|sectionname=EAP Usage Within IEEE 802}}</ref><ref>~~RFC~~{{cite IETF\|rfc=3748,\|title=Extensible §Authentication Protocol (EAP)\|section=7.12\|sectionname=Link Layer}}</ref><ref>IEEE 802.1X-2001, § 7</ref> EAPOL was originally designed for [[IEEE 802.3]] ~~ethernet~~Ethernet in 802.1X-2001, but was clarified to suit other IEEE 802 LAN technologies such as [[IEEE 802.11]] wireless and [[Fiber Distributed Data Interface]] (ANSI X3T9.5/X3T12, adopted as ISO 9314) in 802.1X-2004.<ref>IEEE 802.1X-2004, § 3.2.2</ref> The EAPOL protocol was also modified for use with [[IEEE 802.1AE]] (MACsec) and [[IEEE 802.1#802.1AR\|IEEE 802.1AR]] (Initial Device Identity, IDevID) in 802.1X-2010.<ref>IEEE 802.1X-2010, § 5</ref> When EAP is invoked by an 802.1X enabled [[Network Access Server]] (NAS) device such as an [[IEEE 802.11i-2004]] Wireless Access Point (WAP), modern EAP methods can provide a secure authentication mechanism and negotiate a secure private key (Pair-wise Master Key, PMK) between the client and NAS which can then be used for a wireless encryption session utilizing [[Temporal Key Integrity Protocol\|TKIP]] or [[CCMP (cryptography)\|CCMP]] (based on [[Advanced Encryption Standard\|AES]]) encryption. Line 136 ⟶ 138: {{Main\|Protected Extensible Authentication Protocol}} The [[Protected Extensible Authentication Protocol]], also known as Protected EAP or simply PEAP, is a protocol that encapsulates EAP within a potentially encrypted and authenticated [[Transport Layer Security]] (TLS) [[tunneling protocol\|tunnel]].<ref>~~Microsoft's~~{{cite ~~PEAP version 0, [http://tools.ietf.org/html/~~IETF\|draft=draft-kamath-pppext-peapv0-00\|title=Microsoft's ~~draft-kamath-pppext-peapv0-00],~~PEAP version 0 (Implementation in Windows XP §SP1)\|section=1.1\|sectionname=EAP encapsulation}}</ref><ref name="peapv2-10_abstract">{{Cite IETF\|title=Protected EAP Protocol (PEAP) Version 2~~, [http://tools.ietf.org/html/~~\|draft~~-josefsson-pppext-eap-tls-eap-10~~ =draft-josefsson-pppext-eap-tls-eap-10~~], abstract~~\|section=Abstract\|nosec=yes}}</ref><ref>{{cite IETF\|title=Protected EAP Protocol (PEAP) Version 2~~, [http://tools.ietf.org/html/~~\|draft~~-josefsson-pppext-eap-tls-eap-10~~ =draft-josefsson-pppext-eap-tls-eap-10~~], §~~\|section=1\|sectionname=Introduction}}</ref> The purpose was to correct deficiencies in EAP; EAP assumed a protected communication channel, such as that provided by physical security, so facilities for protection of the EAP conversation were not provided.<ref>{{cite IETF\|title=Protected EAP Protocol (PEAP) Version 2~~, [http://tools.ietf.org/html/~~\|draft~~-josefsson-pppext-eap-tls-eap-07~~ =draft-josefsson-pppext-eap-tls-eap-07~~], §~~\|section=1\|sectionname=Introduction}}</ref> PEAP was jointly developed by Cisco Systems, Microsoft, and RSA Security. PEAPv0 was the version included with [[Microsoft]] [[Windows XP]] and was nominally defined in [http://tools.ietf.org/html/draft-kamath-pppext-peapv0-00 draft-kamath-pppext-peapv0-00]. PEAPv1 and PEAPv2 were defined in different versions of ''draft-josefsson-pppext-eap-tls-eap''. PEAPv1 was defined in [http://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-00 draft-josefsson-pppext-eap-tls-eap-00] through [http://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-05 draft-josefsson-pppext-eap-tls-eap-05],<ref>{{cite IETF\|title=Protected EAP Protocol (PEAP)~~, [http://tools.ietf.org/html/~~\|draft~~-josefsson-pppext-eap-tls-eap-05~~ =draft-josefsson-pppext-eap-tls-eap-05~~], §~~\|section=2.3}}</ref> and PEAPv2 was defined in versions beginning with [http://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-06 draft-josefsson-pppext-eap-tls-eap-06].<ref>{{cite IETF\|title=Protected EAP Protocol (PEAP)~~, [http://tools.ietf.org/html/~~\|draft~~-josefsson-pppext-eap-tls-eap-06~~ =draft-josefsson-pppext-eap-tls-eap-06~~], §~~\|section=2.3\|sectionname=Version negotiation}}</ref> The protocol only specifies chaining multiple EAP mechanisms and not any specific method.<ref name="peapv2-10_abstract"/><ref>{{cite IETF\|title=Protected EAP Protocol (PEAP) Version 2~~, [http://tools.ietf.org/html/~~\|draft~~-josefsson-pppext-eap-tls-eap-10~~ =draft-josefsson-pppext-eap-tls-eap-10],\|page=11\|sectionname=Protocol §2Overview}}</ref> Use of the [[EAP-MSCHAPv2]] and [[EAP-GTC]] methods are the most commonly supported.{{Citation needed\|date=April 2010}} ===RADIUS and Diameter=== Line 155 ⟶ 157: {{Main\|Point-to-Point Protocol}} EAP was originally an authentication extension for the [[Point-to-Point Protocol]] (PPP). PPP has supported EAP since EAP was created as an alternative to the [[Challenge-Handshake Authentication Protocol]] (CHAP) and the [[Password Authentication Protocol]] (PAP), which were eventually incorporated into EAP. The EAP extension to PPP was first defined in ~~RFC~~{{IETF RFC\|2284}}, now obsoleted by ~~RFC~~{{IETF RFC\|3748}}. ==See also== Line 177 ⟶ 179: * [http://wire.cs.nctu.edu.tw/wire1x/ WIRE1x] * [https://web.archive.org/web/20071023234216/http://www.ietf.org/html.charters/emu-charter.html "IETF EAP Method Update (emu) Working Group"] * [{{cite web\|url=http://www.juniper.net/techpubs/software/aaa_802/sbrc/sbrc70/sw-sbrc-admin/html/EAP-027.html\|title=EAP-POTP Authentication Protocol\|work=Steel Belted Radius Carrier 7.0 Administration and Configuration Guide\|publisher=[[Juniper Networks]]}} {{Authentication APIs}}