Fact-checked by Grok 2 weeks ago

Extensible Authentication Protocol

The Extensible Authentication Protocol (EAP) is an framework that supports multiple methods to provide flexible and secure access to networks, operating directly over data link layers such as (PPP) or without requiring connectivity. Defined by the (IETF) in 3748, EAP enables an authenticator to initiate with a peer through a series of request-response exchanges, culminating in success or failure, while allowing backend servers to handle the actual method-specific verification. This design supports , key derivation for session security, and extensibility for new methods, making it a foundational for port-based . EAP originated as a PPP extension in RFC 2284, published in March 1998, which introduced the core packet format and initial authentication types like MD5-Challenge and (OTP) to allow deferred method selection during the authentication phase. It was updated and obsoleted by RFC 3748 in June 2004, expanding security considerations, adding support for expanded type codes, and defining key hierarchies such as the Master Session Key (MSK) and Extended Master Session Key (EMSK) for deriving cryptographic material. Concurrently, EAP was integrated into the standard for port-based network access control, first published in 2001, where it is encapsulated as EAP over LAN (EAPOL) for authenticating devices on wired and local area networks (s). This adoption extended EAP's use beyond dial-up connections to enterprise , Ethernet switches, and VPNs, with IETF RFC 3580 providing RADIUS usage guidelines tailored to 802.1X in 2003. At its core, EAP involves three main entities: the peer (the supplicant device seeking access), the authenticator (e.g., a or access point that enforces access), and an optional authentication server (e.g., ) that performs the heavy computation for complex methods. The protocol relies on lower-layer mechanisms for packet delivery and retransmission but includes features like duplicate detection and optional fragmentation within methods. Security properties vary by method but generally aim to resist , replay, and man-in-the-middle attacks, with requirements for at least 128 bits of effective key strength in the MSK and EMSK for methods supporting key derivation. EAP does not natively provide or for its packets, deferring those to underlying transports or derived keys. EAP's extensibility is evident in its registry of over 50 method types maintained by IANA, allowing diverse mechanisms from simple challenges to -based or SIM-card verification. Notable methods include EAP-MD5 (Type 4) for basic password challenges, though vulnerable to attacks; EAP-TLS (Type 13), defined in 5216 for mutual using (TLS); and tunneled methods like Protected EAP (PEAP, Type 25) or EAP-TTLS (Type 21) that protect inner authentications. More recent developments include 9190 in 2022 updating EAP-TLS to support TLS 1.3 and 9427 in 2023 extending this to other TLS-based methods, with ongoing work on post-quantum enhancements as of 2025. These methods enable EAP's widespread deployment in scenarios requiring strong identity verification, such as enterprise wireless access and mobile network .

Introduction

Definition and Purpose

The Extensible Authentication Protocol (EAP) is an IETF standard protocol defined in RFC 3748, functioning as an framework that supports multiple authentication methods to transport authentication data between a peer (such as a client device) and a server (such as an server). This framework operates at the , enabling authentication without requiring connectivity, and is typically encapsulated within protocols like or for . The core purpose of EAP is to provide extensible and flexible methods for authenticating users and devices across diverse network environments, including wired and wireless local area networks (via ), virtual private networks (VPNs), and (PPP) connections. By allowing the integration of various authentication mechanisms, EAP ensures secure access to networks while accommodating evolving security requirements without overhauling the underlying transport layers. Key features of EAP include method negotiation via EAP-Request (sent by the ) and EAP-Response (sent by the peer) messages, which facilitate dynamic selection of the most suitable authentication approach from supported options. It also provides support for , where both the peer and verify each other's , and key derivation, generating a Master Session Key (MSK) and Extended Master Session Key (EMSK)—each at least 64 octets long—for deriving session-specific cryptographic material to protect subsequent communications. In distinction from legacy protocols like the (PAP) and (CHAP), which rely on fixed, non-extensible mechanisms embedded directly in transport protocols such as PPP, EAP acts as a pluggable framework that decouples logic from the , enabling new methods to be added without protocol modifications. This design promotes greater security and adaptability in modern network infrastructures.

Applications and Scope

The Extensible Authentication Protocol (EAP) finds primary application in securing network access across diverse environments, including wireless local area networks (WLANs) through WPA2-Enterprise and WPA3-Enterprise modes, which leverage EAP within the IEEE 802.1X framework to authenticate users and devices before granting Wi-Fi access. In wired Ethernet networks, EAP integrates with IEEE 802.1X for port-based access control, enabling authentication at the physical layer to prevent unauthorized connections on switches and routers. For mobile networks, EAP methods such as EAP-AKA' support 3GPP standards, including forward secrecy extensions in RFC 9678 (December 2024), facilitating secure authentication in cellular systems like 5G non-public networks. Additionally, EAP is employed in virtual private networks (VPNs), particularly with protocols like IKEv2 and FlexVPN, where it provides extensible authentication for remote access scenarios. Recent deployments extend EAP to Internet of Things (IoT) devices, enabling lightweight authentication in resource-constrained settings. EAP's scope is deliberately limited to the authentication phase of network access, focusing on verifying peer identities without handling authorization or accounting functions directly. To address these broader aspects, EAP is commonly paired with the Remote Authentication Dial-In User Service (), which transports EAP messages via dedicated attributes and manages the full , , and (AAA) workflow. This separation ensures EAP remains a flexible, method-agnostic framework while relying on backend systems like RADIUS for comprehensive enforcement. Originally developed as an extension for (PPP) authentication, EAP has evolved significantly to support port-based in standards and beyond, adapting to modern infrastructures without requiring IP-layer dependencies. Its scope has broadened to include IoT protocols, such as the (CoAP), where CoAP-EAP—as standardized in RFC 9820 (September 2025)—enables efficient authentication for low-power devices by transporting EAP over UDP-based messaging to establish secure associations. This progression reflects EAP's design for extensibility, allowing seamless integration into diverse link layers from dial-up origins to constrained wireless environments. In practical scenarios, EAP underpins enterprise authentication, where devices negotiate methods like EAP-TLS or PEAP to access corporate networks securely via servers. For cellular security, EAP methods such as EAP-ERP facilitate re-authentication during inter-technology transitions, minimizing while maintaining session keys across and mobile networks in environments.

History and Standards

Development Timeline

The Extensible Authentication Protocol (EAP) originated with its initial proposal in RFC 2284, published in March 1998 by authors L. Blunk and J. Vollbrecht, which introduced EAP as a flexible authentication framework specifically designed for use with the Point-to-Point Protocol (PPP) to support multiple authentication mechanisms. A significant advancement came in June 2004 with the publication of RFC 3748 by B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz (editor), which obsoleted RFC 2284 and established the current base specification for EAP by expanding the range of supported authentication types and incorporating explicit security requirements to enhance robustness. Post-2004 developments included the August 2008 release of 5247, which defined the EAP key hierarchy and outlined a framework for transporting and utilizing keying material derived from EAP methods, addressing needs across various deployments. In December 2013, 7057 further refined EAP's applicability by updating the guidance from 3748 to align with evolving usage scenarios in network authentication. Since 2022, the (IETF) has initiated discussions on refreshing the base EAP specification (RFC 3748) to accommodate contemporary security and interoperability demands, as reflected in activities within the EAP Method Update () working group. Additionally, EAP has been integrated into standards by the (3GPP), notably through methods like EAP-AKA' for primary authentication in both 3GPP and non-3GPP accesses as specified in TS 33.501.

Key RFC Specifications

The Extensible Authentication Protocol (EAP) is fundamentally defined by RFC 3748, published in June 2004 as a Proposed Standard by the IETF. This document obsoletes the earlier RFC 2284 and establishes the core EAP framework, which supports multiple authentication methods without specifying any particular mechanism, allowing for extensibility in network access authentication. It specifies the EAP packet format, consisting of a one-octet Code field (indicating Request, Response, Success, or Failure), a one-octet Identifier for matching requests and responses, a two-octet Length field for the total packet size, and a variable-length Data field containing method-specific information. Additionally, RFC 3748 assigns initial EAP method types, such as type 1 for Identity (to request or provide peer identity) and type 4 for MD5-Challenge (a simple challenge-response method using MD5 hashing). Building on this framework, 5216, published in August 2008 as a Proposed Standard, defines the EAP-TLS authentication protocol, which integrates (TLS) for certificate-based between the EAP peer and server. This details the handling of certificates, including fragmentation and reassembly for large certificates, and specifies key derivation processes to generate the Master Session Key (MSK) and Extended Master Session Key (EMSK) from the TLS . EAP-TLS supports optional client authentication and emphasizes strong cryptographic protections, making it suitable for environments requiring (PKI). It obsoletes the earlier 2716 and aligns with TLS versions up to 1.2 at the time of publication. This was updated by 9190, published in July 2022 as a Proposed Standard, which specifies the use of EAP-TLS with TLS 1.3, providing , enhanced privacy through mandatory identity protection, and compatibility with existing implementations. Similarly, RFC 5281, published in August 2008 as a Proposed Standard, specifies EAP-TTLS (Tunneled TLS), a method that establishes a TLS-encrypted for subsequent inner , protecting sensitive credentials from eavesdroppers. This RFC outlines the protocol's phases, including the outer TLS for and the inner phase supporting protocols like EAP, , CHAP, or within the tunnel. Key agreement in EAP-TTLS relies on the underlying TLS session, deriving shared keys for while allowing phased where the is authenticated first, followed by the peer. EAP-TTLS enhances by anonymizing the peer's during initial exchanges. More recent advancements include RFC 7170, published in May 2014 as a Proposed Standard, which introduces the Tunnel Extensible Authentication Protocol (TEAP), a versatile tunneled method that combines outer TLS authentication (e.g., via certificates or PSK) with inner EAP methods for compound authentication, such as simultaneous machine and user credentials. TEAP supports post-authentication attributes and key wrapping for secure . This RFC was updated by RFC 9427 in June 2023 (Proposed Standard), which adapts TLS-based EAP methods—including TEAP, EAP-TLS, and EAP-TTLS—for compatibility with TLS 1.3 by defining new key derivation functions and addressing changes in TLS structures, ensuring continued against modern threats. Another notable recent specification is RFC 9140, published in December 2021 as a Proposed Standard, defining EAP-NOOB (Nimble Authentication), designed for resource-constrained devices lacking pre-shared credentials. This method uses a user-assisted channel (e.g., or ) for initial pairing and key establishment, followed by password-authenticated (PAKE) for subsequent authentications, providing a lightweight bootstrapping solution. Most EAP-related RFCs hold Proposed Standard status within the IETF, indicating they are well-tested but not yet elevated to due to the framework's ongoing evolution. Interdependencies are common; for instance, key agreement in (EAP-TTLS) depends on TLS primitives for secure tunneling and derivation of session keys. As of November 2025, ongoing IETF drafts, such as draft-ietf-emu-rfc7170bis, propose further updates to TEAP for enhanced and alignments, while the broader EAP in continues to be refined through errata and companion RFCs like for .

Protocol Architecture

Core Components

The Extensible Authentication Protocol (EAP) operates through a defined set of core components that facilitate between entities. The primary roles include the EAP peer, which is the entity seeking to the and responds to authentication challenges; the , which controls to the and initiates the EAP ; and the EAP server, which terminates the EAP process and may reside within the or as a separate backend system. In pass-through mode, the relays EAP messages between the peer and the EAP server without performing the itself. At the lower layer, EAP is encapsulated and transported over various protocols to carry authentication messages between the peer and . Common transports include the Link Control Protocol (LCP) for (PPP) environments and the EAP over LAN (EAPOL) protocol for local area networks, ensuring reliable delivery with error detection and a minimum MTU of 1020 octets. These lower-layer mechanisms handle the framing and transmission of EAP packets without altering their content. For upper-layer integration, EAP often interfaces with Authentication, Authorization, and Accounting () protocols, such as , to enable centralized backend authentication and . The EAP server communicates with the AAA infrastructure to verify credentials and derive session keys, which are then transported back to the for securing the link. This integration supports scalable deployment in enterprise networks by offloading complex authentication logic from the authenticator. The EAP protocol employs a state machine to manage the authentication process, ensuring orderly progression through attempts. The EAP peer state machine consists of four primary states: Disabled, in which no authentication occurs due to lack of service or port control; Authenticate, where the peer processes incoming requests and generates responses; Authenticated, reached upon successful completion of authentication; and Failure, entered if authentication cannot proceed or fails. Transitions between these states are triggered by specific events, such as the receipt of an EAP-Success packet (=3) moving from Authenticate to Authenticated, or an EAP-Failure packet (=4) advancing to Failure, with the machine resetting to Disabled on port disable or timeout. A similar state machine governs the , coordinating with the peer and backend to enforce these transitions.

Message Exchange Process

The Extensible Authentication Protocol (EAP) message exchange process defines a structured sequence of interactions between the peer (supplicant) and the (often proxied to an server) to negotiate and complete authentication. This process operates over a reliable , such as PPP or , and consists of four primary packet types: EAP Request, EAP Response, EAP Success, and EAP Failure, each identified by a Code field and an Identifier for matching requests to responses. The exchange begins when the authenticator initiates communication and concludes with success or failure notification, enabling the peer to gain or be denied network access. Initiation typically starts with the authenticator sending an EAP-Request/Identity packet to the peer, prompting it to provide its , though this step is optional if the identity is already known through lower-layer mechanisms. The peer responds with an EAP-Response/Identity containing the requested information. Following this, the (or ) proposes an by sending an EAP-Request packet with the Type field indicating the desired , such as EAP-MD5 or EAP-TLS. If the peer does not support the proposed , it rejects it by sending an EAP-Response/Nak (Type 3), listing one or more preferred alternative methods from those it supports, or an Expanded Nak (Type 254) for additional details. The then selects a mutually supported and proceeds with an EAP-Request using that method's Type code. Once a is negotiated, the proceeds through a series of method-specific EAP-Request and EAP-Response exchanges, where the issues challenges or requests, and the peer provides credentials or proofs, potentially involving multiple round trips until the method completes. These exchanges may include if supported by the method, but the EAP layer itself does not dictate the internal logic, leaving it to the selected method. Upon successful completion, the authentication server notifies the authenticator, which sends an EAP-Success packet (Code 3) to the peer, granting access without any additional data payload. Conversely, if authentication fails, an EAP-Failure packet (Code 4) is sent, denying access and also carrying no data. EAP methods that provide keying material optionally derive a Master Session Key (MSK), a cryptographically strong key of at least 64 octets, which the peer and can use to establish link-layer , such as for encrypting the connection post-authentication. This key is generated during the method's execution and tunneled securely if needed, supporting subsequent protocols like TLS for session protection. For error handling, the peer uses Nak responses specifically for method negotiation rejection, while the manages retransmissions of unacknowledged Requests by incrementing the Identifier and resending, with a recommended limit of 3 to 5 attempts to prevent indefinite loops. Lower-layer protocols handle general transport errors, ensuring the EAP exchange remains reliable.

EAP Authentication Methods

Tunneled Methods

Tunneled EAP methods establish a , typically using (TLS), to protect subsequent inner authentication exchanges from and man-in-the-middle attacks. These methods negotiate an outer TLS tunnel between the client (supplicant) and authentication server, within which legacy or simpler inner authentication protocols can operate securely. This approach allows enterprises to leverage existing credential systems, such as passwords, without exposing them directly to the network. EAP-TTLS, defined in RFC 5281, creates a server-side TLS tunnel initiated by the authentication server presenting its certificate to the client. Once the tunnel is established, inner authentication methods such as PAP, CHAP, MS-CHAP, or even another EAP method can be negotiated and executed within it, encapsulating packets in EAP-Message AVPs for transport. Mutual authentication is optional, as the client certificate is not required, though server certificate validation by the client is recommended to prevent impersonation. This flexibility supports a range of legacy protocols while ensuring the inner exchange remains confidential. Protected EAP (PEAP), a Microsoft-developed method documented in the MS-PEAP specification, similarly encapsulates an inner EAP method within an outer TLS tunnel secured by a server-side certificate. Unlike EAP-TTLS, PEAP does not mandate client validation of the server certificate by default in some implementations, though it is configurable; the inner method is typically MS-CHAPv2 for password-based authentication against Active Directory. The tunnel protects the inner negotiation, enabling secure use of non-certificate credentials in environments like wireless LANs. EAP-FAST, specified in RFC 4851 and developed by , uses TLS to form a mutually authenticated tunnel and incorporates Protected Access Credentials (PACs) for expedited re-authentication in subsequent sessions. The protocol operates in phases: an optional provisioning phase to distribute PACs, followed by tunnel establishment, and then inner authentication using methods like EAP-MSCHAPv2 or EAP-GTC. PACs, which are opaque keys binding the client and server, enable fast by resuming sessions without full re-handshakes, reducing latency in dynamic environments. The Tunnel Extensible Authentication Protocol (TEAP), outlined in RFC 7170, extends tunneling capabilities by combining TLS-based outer protection with support for multiple chained inner EAP methods, allowing simultaneous authentication of user and device credentials. It facilitates key sharing and expansion for methods like EAP-SIM, integrating SIM-based authentication securely within the tunnel. TEAP enhances prior methods by mandating cryptographic binding between inner and outer authentications to mitigate downgrade attacks, and it supports session resumption via TLS tickets for efficiency. These tunneled methods offer key advantages in enterprise deployments, including mitigation of and brute-force attacks on credentials by encrypting inner exchanges, compatibility with existing password infrastructures without requiring client certificates, and improved resistance to passive . Their widespread adoption stems from balancing with deployment simplicity, particularly in heterogeneous networks where full PKI rollout is impractical.

Certificate-Based Methods

Certificate-based methods in the Extensible Authentication Protocol (EAP) leverage (PKI) to provide robust between the peer and the authenticator, ensuring both parties verify each other's identities through digital certificates issued by trusted certificate authorities (CAs). These methods are particularly suited for environments requiring high assurance of authenticity, as they rely on asymmetric cryptography rather than shared secrets, mitigating risks associated with credential compromise. The primary example is EAP-TLS, which integrates the (TLS) protocol directly into the EAP framework to facilitate certificate exchange and session key establishment. EAP-TLS, defined in RFC 5216, enables full where both the server (authenticator) and the client (peer) present certificates during the TLS embedded within EAP messages. The process begins with the server sending its certificate to the peer for validation against a trusted chain, confirming the server's identity; conversely, the peer may optionally present its own certificate for server verification, though this is configurable based on deployment needs. Following certificate validation, the parties negotiate TLS cipher suites and derive shared session keys using the TLS Pseudorandom Function (PRF), which generates master and transient keys for securing subsequent communications. EAP-TLS was updated in RFC 9190 (2022) to support TLS 1.3 while remaining backwards compatible, replacing the PRF with the HMAC-based (HKDF), enabling post- , and improving fragmentation for large certificates. To enhance resilience against denial-of-service () attacks, EAP-TLS incorporates an optional client puzzle , where the peer solves a cryptographic challenge before proceeding, thereby increasing the computational cost for attackers attempting resource exhaustion. The security strength of certificate-based methods like EAP-TLS stems from their dependence on PKI, which provides resistance to and man-in-the-middle (MitM) attacks by binding identities to verifiable public keys, eliminating the need for transmitting sensitive credentials over the network. However, this approach necessitates a robust certificate management infrastructure, including issuance, revocation checking via Certificate Revocation Lists (CRLs) or (OCSP), and periodic renewal, which can introduce operational overhead. In practice, EAP-TLS is widely deployed in high-security environments such as government and enterprise networks, where the trade-off of certificate distribution complexity is justified by the need for strong, non-repudiable ; for instance, it underpins secure access in IEEE 802.1X-protected LANs for sensitive data transmission.

Password and Token-Based Methods

Password and token-based methods within the Extensible Authentication Protocol (EAP) framework provide authentication mechanisms that rely on shared secrets, such as passwords, or dynamic tokens, enabling deployment in environments where is unavailable or overly complex. These methods prioritize ease of use with user-held credentials while varying in security strength, particularly against offline attacks and replay scenarios. Key examples include EAP-MD5, EAP-GTC, EAP-PSK, EAP-PWD, and EAP-POTP, each defined in IETF RFCs and tailored for specific use cases like or wired network access. EAP-MD5 employs a simple challenge-response mechanism using the MD5 hash function, where the authenticator sends a random challenge to the peer, which responds with the MD5 hash of the concatenated challenge, shared password, and peer identifier. This method provides one-way authentication without mutual verification, integrity protection, or key derivation, making it lightweight but insecure for modern networks. It is vulnerable to offline dictionary attacks, as captured exchanges allow attackers to brute-force passwords without server interaction, and lacks protection against replay or man-in-the-middle attacks; consequently, it is deprecated in favor of stronger alternatives. EAP-GTC, or Generic Token Card, supports authentication via one-time passwords (OTPs) or challenge-response tokens, where the authenticator issues a prompt, and the peer replies with the generated token value or entered credential in cleartext. Designed for hardware tokens like smart cards, it enables server-side verification against a shared secret or token database but offers no built-in mutual authentication, confidentiality, or replay protection. While suitable for tunneled environments to avoid cleartext exposure, its use outside protected channels risks credential interception, and it does not generate session keys. EAP-PSK authenticates using a pre-shared symmetric (typically 16 bytes) for and session key agreement over insecure channels, such as networks. The protocol involves a four-message exchange: the server sends a random challenge and request; the peer responds with its , random , and a () using AES-CMAC; the server verifies and replies with its ; and the peer confirms. It derives an authentication and key-derivation from the PSK via AES-128 in modified counter mode, producing transient keys, master session keys, and extended master session keys, while providing integrity and replay protection through nonces and MACs. EAP-PSK draws from the key exchange family (inspired by AKEP2), ensuring resistance to passive attacks but lacking perfect . EAP-PWD enables password-based authentication with low-entropy secrets, resistant to offline dictionary attacks through a three-message exchange leveraging an Diffie-Hellman (ECDH) key exchange akin to (SAE) in WPA3. The initiates with , identities, and a scalar/point; the peer responds with its and ; and the finalizes with its , deriving shared keys from the password-preprocessed ECDH secret. This hunter-prey design prevents passive eavesdroppers from isolating the password for brute-force attempts, as each run incorporates ephemeral values and supports with key . It generates master and extended master session keys for subsequent . EAP-POTP facilitates protected one-time password authentication for tokens, supporting both unilateral and mutual modes with key material generation, ideal for protocols like or IKEv2. In protected mode, the peer submits an OTP TLV (using for derivation) alongside version and key identifiers; the server verifies the OTP (potentially updating PINs) and sends a confirm TLV with an HMAC-SHA-256 MAC for mutual proof; subsequent messages use AES-CBC . This HMAC-based protection ensures and of the OTP exchange, thwarting replay and modification attacks, while deriving master and extended master session keys from the . Basic mode omits protection, requiring external tunneling.

SIM and AKA-Based Methods

EAP methods based on Subscriber Identity Module () and Authentication and Key Agreement () leverage credentials stored on mobile network subscriber cards to enable secure authentication in both cellular and non-cellular access scenarios. These methods are particularly designed for interoperability between mobile networks and other access technologies, such as WLAN, by utilizing hardware-bound secrets from SIM or Universal SIM (USIM) cards rather than shared passwords. They support between the user equipment () and the network, along with derivation of session keys for protecting subsequent communications. EAP-SIM, defined in RFC 4186, provides an authentication framework specifically for networks using cards. The process employs a challenge-response mechanism where the EAP server, typically interfacing with the Home Location Register (HLR), retrieves multiple GSM authentication —each consisting of a random challenge (), signed response (SRES), and ciphering key (Kc)—to perform authentication without exposing the permanent subscriber identity. The UE's computes the SRES using the Ki and , enabling verification by the server, while derived keys from multiple enhance security against replay attacks. This method supports fast re-authentication and key hierarchy for lower-layer protections, such as in environments. EAP-AKA, specified in RFC 4187, extends the SIM-based approach to third-generation () Universal Mobile Telecommunications System () networks with USIM cards, incorporating stronger . It uses 128-bit authentication keys (shared between the USIM and the Authentication Center) to generate a 128-bit and authentication token (AUTN) for , ensuring the network's legitimacy via the USIM's verification of the AUTN. Unlike EAP-SIM's 64-bit , EAP-AKA derives a 128-bit ciphering key (CK) and integrity key (IK), which form the basis for material suitable for or encryption. This method also facilitates 256-bit key support in later adaptations for contexts, maintaining compatibility with evolving mobile standards. EAP-AKA', introduced in RFC 5448 and updated in (2021), enhances EAP-AKA for non-3GPP accesses like WLAN by introducing home-routed , where the verifies the serving network's identity to prevent unauthorized . Key improvements include binding derived keys to the access network name using a new (KDF) with SHA-256 hashing (replacing ), support for identifiers such as Subscription Permanent Identifier (SUPI) and Subscription Concealed Identifier (SUCI), and mechanisms to negotiate KDF inputs for better . The update in adds privacy enhancements, such as pseudonym management for identity protection, and ensures backward compatibility while addressing vulnerabilities in legacy implementations. It was further updated in RFC 9678 (2025) to include a forward secrecy extension (EAP-AKA' FS), which uses ephemeral Diffie-Hellman to provide perfect for the generated session keys. A core feature across these methods is identity hiding through temporary identifiers or pseudonyms, which the provides in initial EAP messages to obscure the permanent IMSI or SUPI from eavesdroppers on untrusted links. Following successful , a key hierarchy derives Master Session Keys (MSK) and Transient Session Keys (TSK) from the base keys ( for EAP-SIM, CK/ for EAP-AKA/AKA'), enabling secure tunneling in protocols like or . These derived keys support both confidentiality and integrity protection for the authenticated session. In specifications, and AKA-based EAP methods are integral to Evolved Packet System () and 5G System (5GS) authentication. For , EAP-AKA and EAP-AKA' are mandated for non-3GPP access authentication via the Evolved Packet Data Gateway (ePDG) or trusted WLAN, interfacing with the 3GPP AAA server as per TS 33.401. In 5GS, EAP-AKA' is a required primary method alongside 5G AKA for non-3GPP accesses, with the Unified Data Management (UDM) and Authentication Server Function (AUSF) handling vector generation, as detailed in TS 33.501. This integration ensures seamless mobility and security across 3GPP and non-3GPP domains.

Other Specialized Methods

Cisco's Lightweight Extensible Authentication Protocol (LEAP), introduced in the early as a EAP method, provides using a challenge-response mechanism similar to , where the client's username and hashed password are exchanged over the network. LEAP generates dynamic (WEP) keys per user session to enhance security over static WEP, but it transmits usernames in cleartext and uses reversible for passwords, making it susceptible to offline attacks. Due to these vulnerabilities, including the inherent weaknesses of WEP and tools like ASLEAP that exploit them, Cisco deprecated LEAP around 2004 in favor of more secure protocols like EAP-TLS and PEAP. EAP-IKEv2, specified in RFC 5106, adapts the version 2 (IKEv2) protocol for EAP to enable in scenarios requiring IPsec-like key exchange, supporting both certificate-based and pre-shared key (PSK) authentication. This method uses Diffie-Hellman key exchange to derive shared secrets securely, providing forward secrecy and resistance to man-in-the-middle attacks when certificates are employed, though PSK variants may be vulnerable if keys are weak. EAP-IKEv2 is particularly suited for environments needing strong cryptographic protections without relying on TLS, such as certain VPN integrations. The EAP Encrypted Key Exchange (EAP-EKE) method, detailed in an expired IETF from 2010, aims to authenticate users via protected by encrypted to prevent and dictionary attacks. It employs symmetric of the during the exchange, using Diffie-Hellman for key agreement, to ensure that even compromised sessions do not reveal credentials. Despite its innovative approach to , EAP-EKE saw limited adoption due to concerns at the time and the rise of more robust alternatives like EAP-TLS, with the expiring without advancement to status. EAP-NOOB (Nimble Out-of-Band), defined in RFC 9140 published in , facilitates secure bootstrapping for (IoT) devices through an channel, such as QR codes or , to establish initial trust without pre-shared secrets. The method involves a phase where the device and exchange application identifiers and nonces out-of-band, followed by an in-band EAP exchange to derive keys and authenticate, supporting both password and certificate modes post-pairing. Designed for resource-constrained environments, EAP-NOOB emphasizes simplicity and resistance to online guessing attacks by limiting attempts and using randomized nonces, making it ideal for one-time setup in smart home or industrial networks. EAP-EAP, outlined in RFC 4733, serves as a tunneling mechanism to encapsulate one EAP method within another, allowing nested authentication for enhanced security or compatibility in heterogeneous networks. This approach enables an outer EAP method (e.g., EAP-TLS) to carry an inner method (e.g., EAP-MSCHAPv2) securely, protecting sensitive credentials from exposure during transmission. Primarily used in scenarios requiring , such as when legacy authentication must be secured within a modern framework, EAP-EAP supports key derivation from the inner method for session establishment while maintaining the outer method's protections.

Transport and Encapsulation

IEEE 802.1X Integration

The Extensible Authentication Protocol (EAP) is integrated into the standard for port-based , enabling secure over local area such as Ethernet and . In this framework, EAP messages are encapsulated within EAP over LAN (EAPOL) frames, which facilitate communication between the supplicant (the client device) and the authenticator (typically a switch or access point). EAPOL frames are transmitted using the 0x888E and include a protocol version field (1 octet, typically version 2), a type field (1 octet, e.g., 0 for EAP Packet, 1 for EAPOL-Start, 2 for EAPOL-Logoff, 3 for EAPOL-Key), a length field (2 octets indicating the body length), and a variable-length data field containing the EAP payload for exchanges. This encapsulation allows EAP to operate directly over media without requiring , supporting and key agreement between ports attached to the same LAN. IEEE 802.1X employs a controlled model where the port initially resides in an unauthorized , permitting only EAPOL frames for while blocking other traffic to prevent unauthorized access. Upon successful EAP authentication, the port transitions to the authorized state, enabling full transmission; failure results in the port remaining or reverting to unauthorized. This state management is handled by state machines in the supplicant and Port Access Entities (PAEs), applying to both wired Ethernet and environments like networks. The authenticator, operating in pass-through mode, relays EAP messages to a backend , such as a , using the EAP-Message RADIUS attribute to encapsulate the EAP packets. Successful authentication yields a Master Session Key (MSK) from the EAP method, from which the Pairwise Master Key () is derived—typically the first 256 bits of the MSK—for use in the WPA2/WPA3 key hierarchy, including the four-way to generate transient keys for session encryption. The 2010 revision of introduced support for (Media Access Control Security, per ) through the MACsec Key Agreement (MKA) protocol, which uses EAP-derived keys to distribute Secure Association Keys (SAKs) for link-layer encryption and integrity protection. This amendment enables incremental deployment of secure connectivity associations, including virtual ports and cipher suites like GCM-AES-128, enhancing protection against threats in shared segments. with EAP integration is widely deployed in campus networks for securing wired and wireless access, providing scalable authentication for thousands of users while integrating with directory services for centralized management.

PPP and PANA Usage

The Extensible Authentication Protocol (EAP) is integrated into the () as a flexible authentication mechanism, enabling secure network access in dial-up and (VPN) scenarios. During PPP's Link Control Protocol (LCP) phase, EAP is negotiated through the Authentication Protocol Configuration Option, identified by the protocol value C227 in , which allows the to select the authentication method dynamically without prior knowledge of the peer's capabilities. EAP packets are then encapsulated within PPP Data Link Layer frames using the same protocol field, supporting request-response exchanges between the and peer to establish and credentials. Upon successful completion of the EAP method, the transmits an (Code 3), signaling approval and triggering the negotiation of the Internet Protocol Control Protocol (IPCP) to configure network-layer parameters, such as assignment, thereby granting the peer access to the network. This integration supports legacy remote access environments where operates over serial links or switched circuits, postponing detailed until after link establishment to accommodate backend authentication servers. In contrast, the for Carrying Authentication for Network Access (PANA) provides a UDP-based transport for EAP at the network layer, facilitating authentication in scenarios without dedicated link-layer support, such as home networks or pre- phases. Defined in RFC 5191, PANA uses port 716 for communication, with the PANA Client () serving as the EAP peer and the PANA Authentication Agent (PAA) as the EAP authenticator, enabling EAP exchanges over even before full IP configuration is complete. The protocol includes mechanisms for reliable delivery through retransmissions and supports post-authentication IP reconfiguration, making it suitable for non-IPsec environments where lightweight bootstrapping is required. Unlike , which operates at the for point-to-point connections, PANA functions as a transport-layer independent of the underlying , allowing EAP to be carried in packets for flexible deployment in diverse topologies. This design is particularly advantageous for constrained devices in home or emerging networks, where PANA bootstraps secure access prior to or other higher-layer protections, contrasting with Ethernet-framed transports like .

RADIUS and Diameter Support

The Extensible Authentication Protocol (EAP) integrates with the Remote Authentication Dial-In User Service (RADIUS) to enable centralized authentication in network access scenarios, where the Network Access Server (NAS) acts as a pass-through authenticator relaying EAP messages to a backend RADIUS server. The EAP-Message attribute, defined as Type 79 in the RADIUS attribute registry, encapsulates complete EAP packets, allowing the NAS to forward them without interpreting the underlying EAP method. This attribute appears in RADIUS Access-Request packets to convey EAP-Response messages from the peer, in Access-Challenge packets to deliver EAP-Request messages from the server, and in Access-Accept packets to signal EAP-Success upon successful authentication. Multiple EAP-Message attributes may be concatenated in a single RADIUS packet if the EAP payload exceeds 253 octets, ensuring support for larger messages in multi-round exchanges. Diameter, as an evolution of RADIUS, provides enhanced scalability for AAA functions, particularly in mobile and roaming environments, through its support for EAP via the Diameter EAP Application defined in RFC 4072. The application uses an Application-Id of 5, specifically aligned with specifications for mobile networks, and employs Attribute-Value Pairs (AVPs) analogous to RADIUS attributes for message transport. The EAP-Payload AVP (AVP Code 462) carries EAP packets in Diameter-EAP-Request (DER) and Diameter-EAP-Answer (DEA) commands, enabling the NAS or authenticator to relay authentication data to backend servers while supporting proxy and redirect mechanisms for efficient handling in large-scale deployments. This structure facilitates seamless integration in architectures, where Diameter's peer-to-peer model and failure handling improve reliability over RADIUS for high-mobility scenarios. EAP methods that derive session keys transport this material securely within and to establish encrypted links, particularly in PPP contexts. In , the MS-MPPE-Recv-Key attribute (Vendor-Specific Type 16 from ) delivers the receive-side key for Microsoft Point-to-Point Encryption (MPPE) in Access-Accept packets, supporting methods like EAP-MSCHAPv2 that export keys for PPP sessions. For broader EAP key management, the EAP-Key-Name AVP (AVP Code 102 in ) provides an opaque identifier for keys derived by EAP methods, allowing secure reference and distribution without exposing the keys themselves. These mechanisms ensure that keying material remains protected during transit from the authentication server to the . To address potential man-in-the-middle (MITM) attacks where a malicious might impersonate the EAP server, EAP supports channel binding extensions that verify the integrity of the lower-layer transport. RFC 6677 defines channel-binding mechanisms for EAP methods, enabling the peer to bind authentication attributes to the channel (e.g., or ) and detect discrepancies that could indicate interception or substitution. This extension integrates with and by including channel-binding data in EAP messages carried via EAP-Message or EAP-Payload attributes, thereby preventing lying attacks without requiring changes to the core protocols.

Security Considerations

Common Vulnerabilities

The Extensible Authentication Protocol (EAP) exposes user identities during the initial authentication phase, as the EAP-Response/Identity packet is transmitted in cleartext, allowing eavesdroppers to snoop and capture sensitive information such as usernames or other identifiers. This vulnerability persists unless phased identity requests or anonymized identifiers are employed, but the base protocol does not enforce protection. EAP negotiation is prone to method downgrade attacks, where an attacker intercepts and modifies unprotected NAK response packets to force the selection of a weaker authentication method, such as MD5-Challenge instead of a more secure TLS-based option. This risk arises because EAP method selection lacks inherent integrity protection, enabling manipulation during the initial exchange phase. Tunneled EAP methods, including EAP-TTLS and PEAP, are susceptible to vulnerabilities within the inner if the outer TLS tunnel is compromised, such as through server spoofing that allows an attacker to impersonate the and eavesdrop on or alter inner communications. In such scenarios, the lack of cryptographic binding between outer and inner methods can expose the peer's credentials or enable man-in-the-middle interception of subsequent data. Certain EAP methods, particularly those involving intensive cryptographic operations like EAP-TLS, are vulnerable to denial-of-service attacks due to the high computational cost of TLS handshakes and fragmentation reassembly, which can exhaust server resources through repeated initiation or malformed packets. Additionally, unrestricted restart attempts in EAP-TLS can amplify this risk by allowing attackers to trigger multiple resource-draining sessions per peer. As of 2025, EAP methods relying on , such as EAP-PWD and EAP-AKA', face emerging quantum threats, where cryptographically relevant quantum computers could solve the problem, enabling private key recovery, bypass, and impersonation attacks on captured handshakes. These vulnerabilities stem from the underlying ECDH key exchanges in these protocols, which quantum algorithms like Shor's can efficiently break, compromising long-term session security.

Mitigation Strategies

To mitigate vulnerabilities in EAP deployments, such as man-in-the-middle attacks identified in prior analyses, several best practices focus on robust handling, mechanisms, usage , selection, and . certificate validation is essential for certificate-based and tunneled EAP methods like EAP-TLS, where peers must verify the server's identity against trusted certificate authorities (CAs) to prevent impersonation. According to RFC 5216, EAP-TLS implementations require peers to perform path validation on the server certificate chain per RFC 5280, ensuring the certificate includes the server authentication extended key usage (id-kp-serverAuth) and is issued by a trusted CA. This validation is mandatory for tunneled methods to protect against rogue servers, with administrators configuring clients to reject untrusted or self-signed certificates. Channel binding enhances security in tunneled EAP methods by linking the outer authentication to the inner authentication, detecting discrepancies that indicate splits or lying authenticators. Defined in RFC 6677, this mechanism allows the EAP peer and server to exchange binding data (e.g., channel identifiers or attributes) at the end of the inner method, enabling verification that the same authenticator handles both phases and thwarting attacks where an alters perceived network details. Key confirmation ensures that the Master Session Key (MSK) derived from EAP is properly utilized for link-layer protection, particularly in environments. As outlined in RFC 3748, the MSK serves as input to derive the Pairwise Master Key (), which is confirmed during the 4-way in WPA3-Enterprise mode through the Key Confirmation Key (KCK) for integrity checks on subsequent messages. This process verifies mutual possession of the keys, preventing unauthorized access even if succeeds but fails. Policy enforcement involves disabling legacy weak EAP methods and prioritizing robust alternatives to reduce exposure to known flaws. NIST Special Publication 800-120 recommends deprecating methods like EAP-MD5 (vulnerable to offline dictionary attacks) and LEAP (susceptible to brute-force cracking), while favoring EAP-TLS for certificate-based or EAP-AKA' for SIM-derived keys with enhanced cryptographic protections. Administrators should configure authenticators and servers to reject unsupported or insecure methods via access control lists. To address emerging quantum threats to elliptic curve-based methods, implementations should transition to enhancements, such as hybrid algorithms combining classical and PQC key encapsulation mechanisms. As of November 2025, IETF drafts propose updates to EAP-TLS and EAP-AKA' incorporating post-quantum key exchanges to maintain against quantum attacks while preserving compatibility. Auditing EAP exchanges through comprehensive logging supports incident detection and , with records capturing attempts, outcomes, and key events. Best practices from Network Policy Server documentation emphasize enabling detailed logging for both and accounting in RADIUS servers, including timestamps, user identities, and EAP method details, to facilitate forensic analysis. For methods involving pre-shared keys (PSKs), such as certain password-based variants, regular (e.g., every 90 days or upon suspicion of compromise) is advised to limit exposure, as per general cryptographic guidelines in NIST SP 800-57.

Implementations and Recent Developments

Software and Hardware Support

The Extensible Authentication Protocol (EAP) enjoys widespread integration in major operating systems, enabling secure network authentication through native components. In Microsoft Windows, EAP is supported via the EAPHost framework, which serves as the supplicant for 802.1X scenarios and natively handles methods such as Protected EAP (PEAP) and EAP-Transport Layer Security (EAP-TLS). On systems, the daemon provides robust EAP support for authentication, facilitating /WPA2/WPA3-Enterprise connections across various distributions. Apple's macOS includes built-in EAP capabilities for WPA-Enterprise networks, supporting 802.1X methods like EAP-TLS and PEAP through system-level configuration profiles. EAP implementations often rely on open-source libraries for cryptographic operations and server-side processing. provides the underlying TLS support essential for EAP methods involving certificate-based authentication, such as EAP-TLS, and is integrated into many EAP stacks for handling secure tunnels. FreeRADIUS, a prominent open-source RADIUS server, offers comprehensive backend support for EAP, including EAP-TLS, PEAP, and other methods, making it a standard choice for authentication servers in enterprise environments. Hardware support for EAP is embedded in Wi-Fi chipsets and mobile components, ensuring protocol execution at the firmware level. Wi-Fi adapters, for instance, incorporate EAPOL (EAP over LAN) functionality in their to support 802.1X authentication with methods like EAP-TLS, TTLS, and PEAP. Similarly, Wi-Fi chipsets enable EAPOL processing through firmware updates, allowing seamless integration with enterprise Wi-Fi security. In mobile devices, cards facilitate EAP-SIM authentication, leveraging / credentials for WLAN access as defined in specifications. Interoperability across EAP implementations is promoted through certification programs, particularly by the , which tests and validates devices for WPA2-Enterprise and WPA3-Enterprise compliance, including support for key EAP methods like EAP-TLS and PEAP. This ensures consistent behavior in mixed-vendor environments, reducing deployment challenges for 802.1X networks.

Updates and Emerging Extensions

In 2025, the IETF published RFC 9678, which introduces a extension to the Improved Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' FS). This extension employs ephemeral keys to ensure that session keys derived during authentication remain secure even if long-term credentials are compromised in the future, enhancing protection against retrospective attacks in mobile and networks. Similarly, RFC 9820, released in September 2025, defines an authentication service leveraging EAP over the (CoAP) to support resource-constrained devices. Known as CoAP-EAP, this mechanism enables lightweight EAP exchanges in environments with limited and power, facilitating secure authentication for ecosystems without relying on heavier transport protocols. Addressing threats, 2025 IETF drafts such as draft-ietf-emu-hybrid-pqc-eapaka propose hybrid (PQC) integrations for EAP-AKA', combining classical algorithms with quantum-resistant ones like ML-KEM (based on NIST's CRYSTALS-Kyber). These enhancements extend to EAP methods using TLS, such as EAP-TLS, by incorporating hybrid key encapsulation to mitigate risks from quantum attacks on . The IETF's EAP Method Update (EMU) Working Group is actively pursuing updates to the EAP framework, including revisions to the base specification in RFC 3748, to counter modern security challenges like those in , where dynamic resource allocation demands robust, adaptable . Emerging applications position EAP as a core component in zero-trust architectures, enabling continuous verification in perimeterless networks via integrations with 802.1X. Broader discussions within standards bodies, including NIST and NSA guidelines, advocate for mandatory quantum resistance in protocols like EAP by 2030 to align with CNSA 2.0 requirements and preempt "" threats.

References

  1. [1]
    RFC 3748 - Extensible Authentication Protocol (EAP)
    This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods.
  2. [2]
    RFC 2284 - PPP Extensible Authentication Protocol (EAP)
    This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements.
  3. [3]
    Extensible Authentication Protocol (EAP) Registry
    Apr 9, 2004 · Extensible Authentication Protocol (EAP) Registry · Packet Codes · EAP Initiate and Finish Attributes · Method Types · EAP-FAST TLV Types (Value 43).
  4. [4]
    RFC 9190: EAP-TLS 1.3: Using the Extensible Authentication ...
    The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods.Table of Contents · Introduction · Protocol Overview · Security Considerations
  5. [5]
    Extensible Authentication Protocol (EAP) for network access
    Jul 9, 2025 · This article presents information about the Extensible Authentication Protocol (EAP) settings and configuration in Windows-based computers.Security Settings · Server Certificate... · Wpa3-Enterprise 192-Bit Mode
  6. [6]
    How to Configure VPN Access Control Using 802.1X Authentication
    The VPN Access Control Using 802.1X Authentication feature allows enterprise employees to access their enterprise networks from homeMissing: VPNs | Show results with:VPNs
  7. [7]
    RFC 9048 - Improved Extensible Authentication Protocol Method for ...
    Sep 24, 2024 · The 3GPP mobile network Authentication and Key Agreement (AKA) is an authentication mechanism for devices wishing to access mobile networks.
  8. [8]
    Configure AnyConnect Flexvpn with EAP and DUO Authentication
    Jun 26, 2023 · This document describes how to configure external two-factor authentication for AnyConnect IPSec connection to a Cisco IOS® XE router.
  9. [9]
    EAP-based Authentication Service for CoAP - IETF
    Jul 26, 2021 · This document specifies an authentication service that uses the Extensible Authentication Protocol (EAP) transported employing Constrained ...Missing: PPP port-
  10. [10]
    RFC 3579 - RADIUS (Remote Authentication Dial In User Service ...
    This document defines Remote Authentication Dial In User Service (RADIUS) support for the Extensible Authentication Protocol (EAP), an authentication framework
  11. [11]
    EAP Authentication with RADIUS Server - Cisco
    Oct 19, 2009 · This document provides a sample configuration of a Cisco IOS® based access point for Extensible Authentication Protocol (EAP) authentication of wireless users
  12. [12]
    Information on RFC 2284 - » RFC Editor
    RFC 2284. PPP Extensible Authentication Protocol (EAP), March 1998. File formats: icon for text file icon ... Publication Queue · Style Guide · Advanced Search.
  13. [13]
    Information on RFC 3748 - » RFC Editor
    This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods.
  14. [14]
    Information on RFC 5247 » RFC Editor
    - **Publication Date:** August 2008
  15. [15]
    Information on RFC 7057 - » RFC Editor
    This document updates the Extensible Authentication Protocol (EAP) applicability statement from RFC 3748 to reflect recent usage of the EAP protocol.
  16. [16]
    Extensible Authentication Protocol (EAP) in next-generation networks
    Apr 6, 2022 · EAP is an authentication framework used by networks for authenticating devices (the EAP peers) before they are authorized to access the internet ...
  17. [17]
    RFC 5216 - The EAP-TLS Authentication Protocol - IETF Datatracker
    This document defines EAP-TLS, which includes support for certificate-based mutual authentication and key derivation.
  18. [18]
    RFC 5281 - Extensible Authentication Protocol Tunneled Transport ...
    1. EAP When EAP is the tunneled authentication protocol, each tunneled EAP packet between the client and TTLS server is encapsulated in an EAP- Message AVP, ...
  19. [19]
    RFC 7170 - Tunnel Extensible Authentication Protocol (TEAP ...
    TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol.
  20. [20]
    RFC 5247 - Extensible Authentication Protocol (EAP) Key ...
    This document specifies the EAP key hierarchy and provides a framework for the transport and usage of keying material and parameters generated by EAP ...
  21. [21]
    https://datatracker.ietf.org/doc/html/rfc9190
  22. [22]
    https://datatracker.ietf.org/doc/html/rfc5281
  23. [23]
    https://datatracker.ietf.org/doc/html/rfc7170
  24. [24]
    https://datatracker.ietf.org/doc/html/rfc9140
  25. [25]
    https://datatracker.ietf.org/doc/html/rfc5247
  26. [26]
    https://datatracker.ietf.org/doc/draft-ietf-emu-rfc7170bis
  27. [27]
    https://datatracker.ietf.org/doc/html/rfc3748#section-1.2
  28. [28]
    https://datatracker.ietf.org/doc/html/rfc3748#section-3.1
  29. [29]
    https://datatracker.ietf.org/doc/html/rfc3748#section-3.2
  30. [30]
    https://datatracker.ietf.org/doc/html/rfc3579#section-2
  31. [31]
    https://datatracker.ietf.org/doc/html/rfc4137#section-3.1
  32. [32]
    https://datatracker.ietf.org/doc/html/rfc4137#section-3.2
  33. [33]
    https://datatracker.ietf.org/doc/html/rfc4137#section-4
  34. [34]
    https://datatracker.ietf.org/doc/html/rfc3748#section-2
  35. [35]
    https://datatracker.ietf.org/doc/html/rfc3748#section-4.2
  36. [36]
    https://datatracker.ietf.org/doc/html/rfc3748#section-5.1
  37. [37]
    https://datatracker.ietf.org/doc/html/rfc3748#section-5.3
  38. [38]
    RFC 6678 - Requirements for a Tunnel-Based Extensible ...
    1. Method Negotiation The tunnel method MUST support the protected negotiation of the inner EAP method. · 2. Chained Methods The tunnel method SHOULD support the ...<|separator|>
  39. [39]
    [MS-PEAP]: Overview - Microsoft Learn
    Sep 29, 2025 · EAP enables extensible authentication for network access. EAP methods operate within the EAP framework to provide support for a variety of authentication ...
  40. [40]
    RFC 4851 - The Flexible Authentication via Secure Tunneling ...
    EAP-FAST is an EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) to establish a mutually ...
  41. [41]
    RFC 4764 - The EAP-PSK Protocol: A Pre-Shared Key Extensible ...
    This document specifies EAP-PSK, an Extensible Authentication Protocol (EAP) method for mutual authentication and session key derivation using a Pre-Shared Key ...
  42. [42]
    RFC 5931 - Extensible Authentication Protocol ... - IETF Datatracker
    This memo describes an Extensible Authentication Protocol (EAP) method, EAP-pwd, which uses a shared password for authentication.
  43. [43]
    RFC 4793 - The EAP Protected One-Time Password Protocol (EAP ...
    This document describes a general Extensible Authentication Protocol (EAP) method suitable for use with One-Time Password (OTP) tokens.
  44. [44]
    RFC 4186 - Extensible Authentication Protocol Method for Global ...
    This document specifies an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution using the Global System for ...
  45. [45]
    RFC 4187 - Extensible Authentication Protocol Method for 3rd ...
    This document specifies an Extensible Authentication Protocol (EAP) mechanism for authentication and session key distribution that uses the Authentication and ...
  46. [46]
    RFC 5448: Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')
    ### Summary of RFC 5448 - EAP-AKA'
  47. [47]
    RFC 9048 - Improved Extensible Authentication Protocol Method for ...
    The 3GPP mobile network Authentication and Key Agreement (AKA) is an authentication mechanism for devices wishing to access mobile networks.Missing: 6G | Show results with:6G
  48. [48]
    [PDF] ETSI TS 133 401 V18.3.0 (2025-04)
    The present document may refer to technical specifications or reports using their 3GPP identities. These shall be interpreted as being references to the ...
  49. [49]
    [PDF] TS 133 501 - V15.9.0 - 5G - ETSI
    UE and serving network shall support EAP-AKA' and 5G AKA authentication methods. ... EAP-AKA' and 5G AKA for non-3GPP access networks shall reside on the ...
  50. [50]
    Cisco LEAP
    Jun 22, 2009 · Cisco LEAP is an 802.1X authentication type for Wireless LANs (WLANs) that supports strong mutual authentication between the client and a RADIUS server.Missing: documentation | Show results with:documentation
  51. [51]
    Cisco Lightweight Extensible Authentication Protocol (LEAP) uses ...
    Oct 30, 2003 · The Cisco LEAP protocol is vulnerable to dictionary attacks against users' passwords. Using readily available software, weak passwords can be ...
  52. [52]
    Extensible Authentication Protocols - Cisco
    Jun 30, 2022 · EAP-GTC. EAP-GTC, defined in RFC 2284, is a simple method for transmitting a user's name and password to an authentication server. EAP-GTC ...
  53. [53]
    IEEE 802.1X-2020
    Feb 28, 2020 · 802.1X-2010; Board Approval: 2020-01-30; History. Published: 2020-02-28. Working Group Details. Society: IEEE Computer Society; Standard ...
  54. [54]
    RFC 3580 - IEEE 802.1X Remote Authentication Dial In User ...
    For example, within 802.11 the RC4 EAPOL-Key frame can be used to distribute multicast/broadcast ("default") keys, or unicast ("key mapping") keys. The ...
  55. [55]
    [PDF] 18-452/18-750 Wireless Networks and Applications - Lecture 11: WiFi
    » Campus networks: SSID corresponds to multiple APs. • Security considerations ... • IEEE 802.1x supports authenticated and encrypted access to IEEE 802 ...
  56. [56]
    RFC 5191 - Protocol for Carrying Authentication for Network Access ...
    This document defines the Protocol for Carrying Authentication for Network Access (PANA), a network-layer transport for Extensible Authentication Protocol (EAP)
  57. [57]
    RFC 2869 - RADIUS Extensions - IETF Datatracker
    1. Separation of EAP server and PPP authenticator It is possible for the EAP endpoints to mutually authenticate, negotiate a ciphersuite, and derive a session ...
  58. [58]
    https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/access_registrar/9-3/user/guide/user_guide/eap.html
  59. [59]
    RFC 4072 - Diameter Extensible Authentication Protocol (EAP ...
    This document defines the Command-Codes and AVPs necessary to carry EAP packets between a Network Access Server (NAS) and a back-end authentication server.
  60. [60]
    https://datatracker.ietf.org/doc/html/rfc3580
  61. [61]
    https://www.cs.cmu.edu/~prs/wirelessS24/handouts/L11-WiFi-mngt.pdf
  62. [62]
    https://datatracker.ietf.org/doc/html/rfc5191
  63. [63]
    https://datatracker.ietf.org/doc/html/rfc2869
  64. [64]
    https://datatracker.ietf.org/doc/html/rfc3579#section-3.1
  65. [65]
    https://datatracker.ietf.org/doc/html/rfc4072
  66. [66]
    https://datatracker.ietf.org/doc/html/rfc4072#section-2.1
  67. [67]
    RFC 3748: Extensible Authentication Protocol (EAP)
    Summary of each segment:
  68. [68]
    https://datatracker.ietf.org/doc/html/rfc4072#section-2.3
  69. [69]
    https://datatracker.ietf.org/doc/html/rfc2548#section-2.2
  70. [70]
    https://datatracker.ietf.org/doc/html/rfc4072#section-4.1.4
  71. [71]
    https://datatracker.ietf.org/doc/html/rfc3748#section-7.1
  72. [72]
    Post-Quantum Enhancements to EAP-TLS and EAP-TTLS - IETF
    Jul 7, 2025 · This document proposes enhancements to the Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) and EAP Tunneled TLS ...
  73. [73]
    Enhancing Security in EAP-AKA' with Hybrid Post-Quantum ... - IETF
    Mar 16, 2025 · Enhancing Security in EAP-AKA' with Hybrid Post-Quantum Cryptography · 1. Introduction · 2. Conventions and Definitions · 3. Terminology · 4.
  74. [74]
    Linux WPA/WPA2/WPA3/IEEE 802.1X Supplicant
    Jan 12, 2013 · wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA, WPA2 (IEEE 802.11i / RSN), and WPA3.
  75. [75]
    Dynamic WEP, WPA Enterprise, and WPA2 ... - Apple Support
    Oct 24, 2022 · Available EAP protocols. Select an Extensible Authentication Protocol (EAP) type to use for 802.1X network authentication: TLS · TTLS · PEAP.Missing: WLAN 3GPP
  76. [76]
    EAP :: The FreeRADIUS project - Documentation
    EAP-TLS, defined in RFC 2716, is an IETF open standard, and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered ...
  77. [77]
    EAP-TLS: Certificate-based authentication - FreeRADIUS
    EAP-TLS: Certificate-based authentication. Goal: To configure the server to use the EAP-TLS authentication protocol and to send and receive test packets.
  78. [78]
    Learn about Features Supported by Intel® Wi-Fi Adapters
    Learn about Features Supported by Intel® Wi-Fi Adapters ; Authentication4, WPA and WPA2, 802.1X (EAP-TLS, TTLS, PEAP, LEAP, EAP-FAST), EAP-SIM, EAP-AKA, WPA and ...
  79. [79]
    [PDF] On the use of EAP/SIM in 3G-WLAN-interworking - 3GPP
    EAP-SIM is the current working assumption in 3GPP to provide authentication and key management in the 3G-WLAN interworking system for users equipped with a SIM ...
  80. [80]
    RFC 9678 - Forward Secrecy Extension to the ... - IETF Datatracker
    The extension EAP-AKA' Forward Secrecy (EAP-AKA' FS), when negotiated, provides forward secrecy for the session keys generated as a part of the authentication ...
  81. [81]
    RFC 9820 - Authentication Service Based on the Extensible ...
    Sep 12, 2025 · Authentication Service Based on the Extensible Authentication Protocol (EAP) for Use with the Constrained Application Protocol (CoAP) RFC 9820.
  82. [82]
    draft-ietf-emu-hybrid-pqc-eapaka-00 - Enhancing Security in EAP ...
    Jul 22, 2025 · Enhancing Security in EAP-AKA' with Hybrid Post-Quantum Cryptography draft-ietf-emu-hybrid-pqc-eapaka-00 ; Internet Engineering Task Force (IETF).Missing: refresh | Show results with:refresh
  83. [83]
    EAP Method Update (emu)
    ### Summary of Recent Activity on EAP Base Spec Refresh (2022 Onward)
  84. [84]
    Zero Trust: User and Device Security Design Guide - Cisco
    Within the Zero Trust: Network and Cloud Security Design Guide, EAP-FAST is configured to authenticate and authorize both the user and their machine before ...