B-17
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
AppendixB Authentication in ACS 5.4
PEAPv0/1

Protected Exchange of Arbitrary Parameters

TLV tuples provide a way to exchange arbitrary information between the peer and ACS within a
secure channel.

Cryptobinding TLV Extension

The cryptobinding TLV extension in MS PEAP authentication is used to ensure that both the EAP peer
(client) and the EAP server (ACS) are participating in the inner and outer EAP authentications of the
PEAP authentication.
This cryptobinding process takes place as a two-way handshake between the PEAP server and PEAP
peer. It consists of two messages, which include the cryptobinding request that is sent from a PEAP
server to the PEAP peer and the cryptobinding response that is sent back from the PEAP peer to the
PEAP server. This feature is implemented in ACS as primary for the MS Win 7 supplicant.
The TLV contains a compound MAC that is calculated using the following: PRF based on
HMAC-SHA1-160 with TLV body as input data, a key derived from the PEAP tunnel key, and the inner
method as session key. ACS verifies that the cryptobinding response TLV is received from the client. If
the compound MAC is not equal to the expected data, then ACS fails the conversation. Cryptobinding is
available for all inner methods. Cryptobinding is restricted to PEAPv0, because there are differences in
protected termination flow. Cryptobinding is also applicable for PEAP session r esume and fast
reconnect. Some supplicants may not support cryptobinding TLV. If you send a cryptobinding TLV to a
supplicant that does not support cryptobinding, then the supplicant does not provide a proper
cryptobinding response. This improper response is considered to be an e rror on ACS and is accompanied
with a PEAP_CRYPTOBINDING_FAILED message.
PEAP Flow in ACS 5.4
The PEAP protocol allows authentication between ACS and the peer by using the PKI-based secure
tunnel establishment and the EAP-MSCHAPv2 protocol as the inner method i nside the tunnel. The local
certificate can be validated by the peer (server-authenticated mode) or not validated
(server-unauthenticated mode).
This section contains:
Creating the TLS Tunnel, page B-18
Authenticating with MSCHAPv2, pageB-19
Figure B-3 shows the PEAP processing flow between the host, access point, network device, and ACS
EAP-TLS server.