EAP总结.pptPEAP&EAP-TTLSEAP-TLSDrawbacksPEAPEAP-TTLSEAP-TTLS–-TTLSOtherEAPmethodsSummary1Sofar…EAPwasintroduced,itdoesn’-TLSprovidesprotectionfrommostattacks2EAP-TLSDrawbacksLackofuseridentityprotectionPassedintheEAP/puters(Coffeshop…)-TLSExtensionsTwoquitesimilarprotocolsaredevelopedinordertoimprovetheweakerpointsofEAP-,–ProtectedEAPDevelopedbyMicrosoft,CiscoandRSASecurityCurrentstatus:draft(draft-josefsson-pppext-eap-tls-eap-06.)Provides:Mutualauthentication,–TheParticipantsClientNASBackendServerPerformPEAP(NASusesaspass-through)TrustCanbethesamemachineorseparatedTheNASdoesn’thavetoknowPEAPSomeLinkLayerSecuredLink6PEAP–TheProtocolTwophases:,,……TLSMessageLengthTLSData….(EAPpackets)VerCode:1-Request2-ResponseIdentifier–UsedtomatchresponsetorequestType-25(PEAP)Flags:Lengthincluded,Morefragments,Startflag8PEAP–Phase1EAP-Request/IdentityEAP-Response/Identity[MyDomain]EAP-Request(Type=PEAP,start)TLSHandshakeClientPEAPServerTLSChannelEstablishedEAP-Response(empty)9PEAP–Phase2PEAPServerClientIntheTLSChannelEAP-Request/IdentityEAP-Response/Identity[MyID]EAP-Request/Type=X(MD5,OTP,etc)EstablishEAPmethodandPerformauthenticationEAP-ess/EAP-FailureTransferofthegeneratedkeyfromthePEAPservertotheNASifondifferentmachines10
EAP总结 来自淘豆网m.daumloan.com转载请标明出处.
