MEAP, modified EAP protocol for WLAN authentication

Wireless networking is becoming increasingly popular. However, the use of Wireless Local Area Networks (WLAN) also creates many security issues that do not exist in a wired world. WLAN connection no longer requires cable. Instead, data packets are sent on the air and are available to anyone with the ability to intercept and decode them. Traditional physical security measures like firewalls and security guards are less efficient in this new domain. The IEEE has organized the 802.11i Task Group to address 802.11 security. To solve the user authentication problem, it adopted 802.1x standard. The standard relies on Extensible Authentication Protocol (EAP) to provide the authentication function. However, after the basic EAP authentication process, the Access Point (AP) still needs to be authenticated by the client. In order to implement mutual authentication, Protected EAP (PEAP), EAP-Transport Layer Security (TLS), EAP-Tunneled TLS (TTLS) or other variants of EAP are developed. But some [are] still weak in the authentication procedure. In this thesis, a new authentication mechanism called Modified EAP (MEAP) is proposed. MEAP is based on PEAP. MEAP adds a TLS layer on top of EAP, and then uses the resulting TLS session as a tunnel to protect the later Simple Password-authenticated Exponential Key Exchange (SPEKE), which is a strong password method. MEAP can provide mutual authentication to satisfy strong authentication requirements in WLAN.