Research Of EAP-TTLS Authentication Method's Application To WLAN

In recent years, WLAN (Wireless Local Area Network) has been widely used in the Internet access field, because WLAN offers low costs and quickly furnished. More and more mobile devices (like notebook, PDA, etc.) support IEEE 802.11 standard. And how to offer a secure Internet access environment to users is the most important issue.For saving IEEE802.11 security problems, the standard of IEEE 802.1X standard was defined by an IEEE 802 working group. IEEE 802.1X is a port based access control protocol, which provides a standard authentication and authorization frame for users connected to Ethernet ports. Nevertheless, IEEE 802.1X doesn't provide any actual authentication mechanism. When using IEEE 802.1X, we must choose an EAP(Extensible Authentication Protocol) type,Such as EAP-MD5(Message Digest 5), EAP-TLS(Transport Layer Security) ,EAP-TTLS(Tunnelled transport Layer Security), etc.All the EAP types are designed to offer people a secure network access environment.EAP-TTLS is an EAP protocol that extends EAP-TLS. In EAP-TLS, a TLS handshake is usually mutually authenticate between client and server. EAP-TTLS extends this authentication negotiaton by using the secure connection established by the TLS handshake to exchange additional handshake message. It may be mutual or one-way, in which only the server is authenticated to the client. The authentication method may be EAP, or another authentication protocol such as PAP, CHAP, MS-CHAP or MS-CHAPV2.This thesis chooses EAP-TTLS as the subject to research and implement it. At first, this thesis analyses 8021X and 802.11i, such as the background of its appearance, the thinking of designing,the system architecture and communication protocols adopted by it. Secondly ,the author summarise the characters,advantages and foreground of EAP-TTLS protocol when compared with other access control protocol.Then ,the author build EAP-TTLS authentication environment,and capture the packets to anylyses the authentication process. Finally,the author implement EAP-TTLS Client working in WinXP with the environment of network securitydevelopment toolkit and Visual C++.This thesis chooses EAP-TTLS as the subject to research. Firstly,this thesis analyzes EAP-TTLS protocol briefly ,such as the TLS handshake > TLS tunneh the authentication process and relations with IEEE 802. IX. Secondly ,based on the analyses of EAP-TTLS protocol,the thesis implemented the WLAN authentication environment of EAP-TTLS,and verified the environment in the experiment. The thesis also captured the authentication packets to anylyses the authentication process,and summarise the characters and the application prospects when compared with other access control protocols such as EAP-MD5 and EAP-TLS.Finally,the thesis also designed WLAN Client in WinXP system ,based on EAP-TTLS authentication method,in the environment of network security development toolkit and Visual C++.this thesis also discuss the implement in WLAN testing with changing the supplicant's codes.