Networking / Beginners

EAP-TTLS

The EAP-Tunneled Transport Layer Security (EAP-TTLS) protocol is an extension of the EAP-TLS mechanism.

EAP-TTLS is different from EAP-TLS because it does away with the EAP-TLS requirement of a supplicant-side certificate. Only the authentication server component requires a digital certificate.

The authentication server is authenticated using its digital certificate. An encrypted tunnel is then established between the peer (or supplicant) and the authentication server. The peer's authentication credentials, such as a digital certificate or password, are passed to the authentication server over the established tunnel. The peer can use other authentication methods such as Challenge-Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), and Microsoft CHAP (MS-CHAP) v2.

Having to manage certificates only on the server side makes EAP-TTLS much easier to manage, because the wireless administrator does not have to worry about creating and managing digital certificates on all the wireless client STAs.

[Previous] [Contents] [Next]

In this tutorial:

  1. Securing Wireless Networks
  2. Security Background
  3. Security Services
  4. Cryptographic Concepts and Terms
  5. Encryption and Decryption
  6. Keyspace
  7. Exclusive OR (XOR)
  8. Algorithm
  9. Asymmetric Encryption Algorithms
  10. Public-Private Key Cryptography
  11. Cipher
  12. Concealment Ciphers vs. Running Key Ciphers
  13. Stream Ciphers vs. Block Ciphers
  14. Cipher Examples
  15. Cipher Implementations
  16. Wi-Fi Protected Access
  17. TKIP/WPA
  18. Wi-Fi Protected Access 2 (WPA2)
  19. CCMP/AES
  20. Hash Functions
  21. EAP
  22. EAP Entities
  23. EAP Grammar
  24. EAP Types
  25. EAP-TTLS
  26. EAP-PSK
  27. EAP-SIM
  28. EAP-AKA
  29. IEEE 802.11i
  30. Four-Way Handshake
  31. IEEE 802.11i Considerations