Protected Extensible Authentication Protocol

Last updated October 02, 2023

PEAP is also an acronym for Personal Egress Air Packs.

TheProtected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel.^[1]^[2]^[3]^[4] The purpose was to correct deficiencies in EAP; EAP assumed a protected communication channel, such as that provided by physical security, so facilities for protection of the EAP conversation were not provided.^[5]

PEAP was jointly developed by Cisco Systems, Microsoft, and RSA Security. PEAPv0 was the version included with Microsoft Windows XP and was nominally defined in draft-kamath-pppext-peapv0-00. PEAPv1 and PEAPv2 were defined in different versions of draft-josefsson-pppext-eap-tls-eap. PEAPv1 was defined in draft-josefsson-pppext-eap-tls-eap-00 through draft-josefsson-pppext-eap-tls-eap-05,^[6] and PEAPv2 was defined in versions beginning with draft-josefsson-pppext-eap-tls-eap-06.^[7]

The protocol only specifies chaining multiple EAP mechanisms and not any specific method.^[3]^[8] However, use of the EAP-MSCHAPv2 and EAP-GTC methods are the most commonly supported.^{[ citation needed ]}

Overview

PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

As of May 2005, there were two PEAP sub-types certified for the updated WPA and WPA2 standard. They are:

PEAPv0/EAP-MSCHAPv2
PEAPv1/EAP-GTC

PEAPv0 and PEAPv1 both refer to the outer authentication method and are the mechanisms that create the secure TLS tunnel to protect subsequent authentication transactions. EAP-MSCHAPv2 and EAP-GTC refer to the inner authentication methods which provide user or device authentication. A third authentication method commonly used with PEAP is EAP-SIM.

Within Cisco products, PEAPv0 supports inner EAP methods EAP-MSCHAPv2 and EAP-SIM while PEAPv1 supports inner EAP methods EAP-GTC and EAP-SIM. Since Microsoft only supports PEAPv0 and doesn't support PEAPv1, Microsoft simply calls it "PEAP" without the v0 or v1 designator. Another difference between Microsoft and Cisco is that Microsoft only supports the EAP-MSCHAPv2 method and not the EAP-SIM method.

However, Microsoft supports another form of PEAPv0 (which Microsoft calls PEAP-EAP-TLS) that many Cisco and other third-party server and client software don't support. PEAP-EAP-TLS requires client installation of a client-side digital certificate or a more secure smartcard. PEAP-EAP-TLS is very similar in operation to the original EAP-TLS but provides slightly more protection because portions of the client certificate that are unencrypted in EAP-TLS are encrypted in PEAP-EAP-TLS. Ultimately, PEAPv0/EAP-MSCHAPv2 is by far the most prevalent implementation of PEAP, due to the integration of PEAPv0 into Microsoft Windows products. Cisco's CSSC client (discontinued in 2008 ^[9]) now supports PEAP-EAP-TLS.

PEAP has been so successful in the market place that even Funk Software (acquired by Juniper Networks in 2005), the inventor and backer of EAP-TTLS, added support for PEAP in their server and client software for wireless networks.

PEAPv0 with EAP-MSCHAPv2

MS-CHAPv2 is an old authentication protocol which Microsoft introduced with NT4.0 SP4 and Windows 98.

PEAPv0/EAP-MSCHAPv2 is the most common form of PEAP in use, and what is usually referred to as PEAP. The inner authentication protocol is Microsoft's Challenge Handshake Authentication Protocol, meaning it allows authentication to databases that support the MS-CHAPv2 format, including Microsoft NT and Microsoft Active Directory.

Behind EAP-TLS, PEAPv0/EAP-MSCHAPv2 is the second most widely supported EAP standard in the world. There are client and server implementations of it from various vendors, including support in all recent releases from Microsoft, Apple Computer and Cisco. Other implementations exist, such as the xsupplicant from the Open1x.org project, and wpa_supplicant.

As with other 802.1X and EAP types, dynamic encryption can be used with PEAP.

A CA certificate must be used at each client to authenticate the server to each client before the client submits authentication credentials. If the CA certificate is not validated, in general it is trivial to introduce a fake Wireless Access Point which then allows gathering of MS-CHAPv2 handshakes.^[10]

Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.^[11]

PEAPv1 with EAP-GTC

PEAPv1/EAP-GTC was created by Cisco to provide interoperability with existing token card and directory based authentication systems via a protected channel. Even though Microsoft co-invented the PEAP standard, Microsoft never added support for PEAPv1 in general, which means PEAPv1/EAP-GTC has no native Windows OS support. Since Cisco has typically recommended lightweight EAP protocols such as LEAP and EAP-FAST protocols instead of PEAP, the latter has not been as widely adopted as some had hoped.

With no interest from Microsoft to support PEAPv1 and no promotion from Cisco, PEAPv1 authentication is rarely used.^{[ when? ]} Even in Windows 7, released in late 2009, Microsoft has not added support for any other authentication system other than MSCHAPv2.

Nokia E66 and later mobile phones ship with a version of Symbian which includes EAP-GTC support.

LDAP (Lightweight Directory Access Protocol) only supports EAP-GTC.^{[ citation needed ]}

Related Research Articles

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

IEEE 802.1X is an IEEE Standard for port-based network access control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity as well as authenticate itself to the connecting entity by declaring the type of information needed for authentication as well as syntax. It is the most important layer of protection needed for secure communication within computer networks.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, (CHAP).

Xsupplicant is a supplicant that allows a workstation to authenticate with a RADIUS server using 802.1X and the Extensible Authentication Protocol (EAP). It can be used for computers with wired or wireless LAN connections to complete a strong authentication before joining the network and supports the dynamic assignment of WEP keys.

strongSwan is a multiplatform IPsec implementation. The focus of the project is on authentication mechanisms using X.509 public key certificates and optional storage of private keys and certificates on smartcards through a PKCS#11 interface and on TPM 2.0.

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Internet Authentication Service (IAS) is a component of Windows Server operating systems that provides centralized user authentication, authorization and accounting.

wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 and Haiku. In addition to being a WPA3 and WPA2 supplicant, it also implements WPA and older wireless LAN security protocols.

Cisco Centralized Key Management (CCKM) is a form of Fast Roaming and a subset of the Cisco Compatible EXtensions (CCX) specification.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

Secure Socket Tunneling Protocol (SSTP) is a form of virtual private network (VPN) tunnel that provides a mechanism to transport PPP traffic through an SSL/TLS channel. SSL/TLS provides transport-level security with key negotiation, encryption and traffic integrity checking. The use of SSL/TLS over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers except for authenticated web proxies.

In computing, Microsoft's Windows Vista and Windows Server 2008 introduced in 2007/2008 a new networking stack named Next Generation TCP/IP stack, to improve on the previous stack in several ways. The stack includes native implementation of IPv6, as well as a complete overhaul of IPv4. The new TCP/IP stack uses a new method to store configuration settings that enables more dynamic control and does not require a computer restart after a change in settings. The new stack, implemented as a dual-stack model, depends on a strong host-model and features an infrastructure to enable more modular components that one can dynamically insert and remove.

A TLS termination proxy is a proxy server that acts as an intermediary point between client and server applications, and is used to terminate and/or establish TLS tunnels by decrypting and/or encrypting communications. This is different to TLS pass-through proxies that forward encrypted (D)TLS traffic between clients and servers without terminating the tunnel.

OpenConnect is a free and open-source cross-platform multi-protocol virtual private network (VPN) client software which implement secure point-to-point connections.

References

↑ "Understanding the updated WPA and WPA2 standards". ZDNet. 2005-06-02. Retrieved 2012-07-17.
↑ Microsoft's PEAP version 0, draft-kamath-pppext-peapv0-00, §1.1
1 2 Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-10, abstract
↑ Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-10, §1
↑ Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-07, §1
↑ Protected EAP Protocol (PEAP), draft-josefsson-pppext-eap-tls-eap-05, §2.3
↑ Protected EAP Protocol (PEAP), draft-josefsson-pppext-eap-tls-eap-06, §2.3
↑ Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-10, §2
↑ "End-of-Sale and End-of-Life Announcement for the Cisco Secure Services Client v4.0". Cisco. Retrieved 2021-05-04.
↑ "Man-in-the-Middle in Tunneled Authentication Protocols" (PDF). Nokia Research Center. Retrieved 14 November 2013.
↑ "Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate". 2016-03-16. Archived from the original on 2016-03-16. Retrieved 2022-10-19.

External links

Kamath, Vivek; Palekar, Ashwin; Wodrich, Mark (25 October 2002). Microsoft's PEAP version 0 (Implementation in Windows XP SP1). IETF. I-D draft-kamath-pppext-peapv0-00.
draft-josefsson-pppext-eap-tls-eap - The EAP-TLS protocol specifications

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Understanding the updated WPA and WPA2 standards". ZDNet. 2005-06-02. Retrieved 2012-07-17.

[2] Microsoft's PEAP version 0, draft-kamath-pppext-peapv0-00, §1.1

[peapv2-10_abstract-3] 1 2 Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-10, abstract

[4] Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-10, §1

[5] Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-07, §1

[6] Protected EAP Protocol (PEAP), draft-josefsson-pppext-eap-tls-eap-05, §2.3

[7] Protected EAP Protocol (PEAP), draft-josefsson-pppext-eap-tls-eap-06, §2.3

[8] Protected EAP Protocol (PEAP) Version 2, draft-josefsson-pppext-eap-tls-eap-10, §2

[9] "End-of-Sale and End-of-Life Announcement for the Cisco Secure Services Client v4.0". Cisco. Retrieved 2021-05-04.

[Man-in-the-Middle_in_Tunneled_Authentication_Protocols-10] "Man-in-the-Middle in Tunneled Authentication Protocols" (PDF). Nokia Research Center. Retrieved 14 November 2013.

[11] "Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate". 2016-03-16. Archived from the original on 2016-03-16. Retrieved 2022-10-19.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

v t e Authentication
Authentication APIs	BSD Authentication (BSD Auth) eAuthentication (eAuth) Generic Security Services API (GSSAPI) Java Authentication and Authorization Service (JAAS) Pluggable Authentication Modules (PAM) Simple Authentication and Security Layer (SASL) Security Support Provider Interface (SSPI) XCert Universal Database API (XUDA)
Authentication protocols	ACF2 Authentication and Key Agreement (AKA) CAVE-based authentication Challenge-Handshake Authentication Protocol (CHAP) MS-CHAP Central Authentication Service (CAS) CRAM-MD5 Diameter Extensible Authentication Protocol (EAP) Host Identity Protocol (HIP) IndieAuth Kerberos LAN Manager NT LAN Manager (NTLM) OAuth OpenID OpenID Connect (OIDC) Password-authenticated key agreement protocols Password Authentication Protocol (PAP) Protected Extensible Authentication Protocol (PEAP) Remote Access Dial In User Service (RADIUS) Resource Access Control Facility (RACF) Secure Remote Password protocol (SRP) TACACS Woo–Lam
Category Commons