The EAP-Tunneled Transport Layer Security (EAP-TTLS) protocol is an extension of the EAP-TLS mechanism.
EAP-TTLS is different from EAP-TLS because it does away with the EAP-TLS requirement of a supplicant-side certificate. Only the authentication server component requires a digital certificate.
The authentication server is authenticated using its digital certificate. An encrypted tunnel is then established between the peer (or supplicant) and the authentication server. The peer's authentication credentials, such as a digital certificate or password, are passed to the authentication server over the established tunnel. The peer can use other authentication methods such as Challenge-Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), and Microsoft CHAP (MS-CHAP) v2.
Having to manage certificates only on the server side makes EAP-TTLS much easier to manage, because the wireless administrator does not have to worry about creating and managing digital certificates on all the wireless client STAs.
In this tutorial:
- Securing Wireless Networks
- Security Background
- Security Services
- Cryptographic Concepts and Terms
- Encryption and Decryption
- Exclusive OR (XOR)
- Asymmetric Encryption Algorithms
- Public-Private Key Cryptography
- Concealment Ciphers vs. Running Key Ciphers
- Stream Ciphers vs. Block Ciphers
- Cipher Examples
- Cipher Implementations
- Wi-Fi Protected Access
- Wi-Fi Protected Access 2 (WPA2)
- Hash Functions
- EAP Entities
- EAP Grammar
- EAP Types
- IEEE 802.11i
- Four-Way Handshake
- IEEE 802.11i Considerations