The Alliance That Says EAP

By Eric Griffith

April 12, 2005

Later this week, the Wi-Fi Alliance will offer its members interoperability testing with authentication servers.

The Wi-Fi Alliance—the industry consortium of companies that handles testing of 802.11-based products to make sure they'll play nice together—is expanding its security testing to include four more Extensible Authentication Protocols , also known at EAP types.

The EAP types are used when Wi-Fi based hardware communicates using 802.1X authentication and a RADIUS server to make sure the hardware is valid. Not all networks use the same EAP types—they must be set by the IT people—and not all hardware supports all EAP types.

Frank Hanzlik, the managing director of the Alliance's day-to-day operations, says the group is "excited, because this expands the certification program to better replicate solutions that are out there."

The Alliance had, in fact, already been testing for one type, Transport Layer Security (EAP-TLS). Added to that will be the following:

  • EAP-TTLS/MSCHAPv2
  • PEAPv0/EAP-MSCHAPv2
  • PEAPv1/EAP-GTC
  • EAP-SIM

The Alliance chose these particular EAP types because they "are among the non-proprietary EAP types commonly used by multiple vendors," according to the group's frequently asked questions (FAQ) on the subject.

Other popular EAP types exist—in particular, the Cisco-created Lightweight EAP (or LEAP), and the more recent Cisco-backed Flexible Authentication via Secure Tunneling (EAP-FAST). Hanzlik says the program could expand to these EAP types in the future "as it makes sense." Anything that takes off is a candidate for inclusion.

The new testing builds on the testing the Alliance began for Wi-Fi Protected Access (WPA) in 2003, as well as last year's upgrade of that to WPA2 (which came after the 802.11i security standard was finalized). WPA is currently required of all vendors.

The testbed used for certifying EAP types will include RADIUS server software and supplicants (client software) from companies like Microsoft, Funk Software, Meetinghouse Software, and Devicescape Software.

The addition of new features means another change to the Wi-Fi Certified seal of approval that appears on packaging. In this case, the certificates will be available for viewing on the Alliance Web site or the shipping documents of a product.

The certification for EAP types is only for hardware products such as client cards and access points. The Alliance will not be testing 802.1X/RADIUS solutions, whether on the server, locally, or hosted. Certification will also be limited to enterprise class products—it won't be needed on consumer products for home networks.

Vendors of Wi-Fi equipment that belong to the Alliance can start to sign up for the queue of EAP testing as of Friday, April 15. The Alliance has published a white paper on deploying WPA2 in the enterprise, which covers use of EAP in 802.1X deployments. It is available for free on the Alliance's Web site.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.