Cisco Systems PI21AG, CB21AG manual How PEAP-GTC Works, 3-22

Chapter 3 Configuring EAP Types

How PEAP-GTC Works

apparent. These weaknesses include a lack of protection of user identity, notification messages, or the EAP negotiation; no standardized mechanism for key exchange; no built-in support for fragmentation and reassembly; no support for acknowledged success or failure indicators; and a lack of support for fast reconnect.

Protected Extensible Authentication Protocol (PEAP) addresses these weaknesses by wrapping the EAP protocol within a Transport Layer Security (TLS) channel. Any EAP method running within PEAP is provided with the following:

•Identity protection—The identity exchange is encrypted, and client certificates are provided after negotiation of the TLS channel.

•Header protection—Because the EAP method conversation is conducted within a TLS channel, the EAP header is protected against modification.

•Protected negotiation—Within PEAP, the EAP conversation is authenticated; integrity and replay are protected on a per-packet basis; and the EAP method negotiation that occurs within PEAP is protected, as are error messages sent within the TLS channel.

•Support for key exchange—To provide keying material for a wide range of link-layer ciphersuites, EAP methods should provide a key hierarchy that generates authentication and encryption keys, as well as initialization vectors. By relying on the TLS key derivation method, PEAP provides the required keying material for any EAP method running within it.

•Packet fragmentation and reassembly—Because EAP does not include support for fragmentation and reassembly, individual EAP methods need to include this capability. By including support for fragmentation and reassembly within PEAP, methods leveraging PEAP do not need to support fragmentation and reassembly on their own.

•Acknowledged success or failure indications—By sending success or failure indications within the TLS channel, PEAP provides support for protected termination of the EAP conversation. Acknowledged indications prevent an attacker from carrying out denial-of-service (DOS) attacks by spoofing EAP failure messages or by tricking the EAP peer into accepting a rogue NAS by spoofing an EAP success message.

•Fast reconnect—Where EAP is used for authentication in wireless networks, the EAP method should be able to quickly reauthenticate when the client is roaming between access points. PEAP supports fast reconnect by leveraging the TLS session resumption facility. Any EAP method running within PEAP can use fast reconnect.

•Dictionary attack resistance—By conducting the EAP conversation within a TLS channel, PEAP protects an EAP method that might be subject to offline dictionary attacks if the EAP conversation had been conducted in the clear.

How PEAP-GTC Works

PEAP-GTC works in two phases.

In phase 1, an authentication server performs TLS authentication to create an encrypted tunnel and to achieve server-side authentication in a manner that is similar to Web server authentication that uses Secure Sockets Layer (SSL). When phase 1 of PEAP is successfully completed, all data is encrypted, including all sensitive user information.

Phase 2 is extensible. The client can authenticate by using the GTC method within the TLS tunnel.