Client Smart Card authentication with 802.1X and PEAP on Windows XP Media Center

[Tamas]

I am trying to utilize a smartcard to substantiate a person on a Wi-Fi 802.1X substantiation using PEAP. The smartcard is the Portuguese Identity Card that was residential for sustaining SSL client side authentication. On the other hand, when I utilize the Intel ProSet Wi-Fi tool, it does not be familiar with the existence of appropriate smartcard for client side authentication. The roots CAs make available by the RADIUS server contain the root CA of the smartcard's certificates, which is GTE CyberTrust Global Root. What dangerous characteristic is Intel PROSet looking in the smartcard, or in the individual CAPI CSP (if using it), that it does not locate or, rephrasing my question, how does ProSet looks for credentials in the smartcard.

[Sabastiaan]

Extensible Authentication Protocol, or EAP, is a verification framework regularly used in wireless networks and Point-to-Point associations. It is distinct in RFC 3748, which complete RFC 2284 obsolete, and was reorganized by RFC 5247. EAP is an verification framework providing for the transport and procedure of keying material and parameters engender by EAP methods. There are numerous methods defined by RFCs and a number of vendor unambiguous methods and innovative proposals exist. EAP is not a wire protocol; as an alternative it merely defines message formats. Every protocol that uses EAP defines a method to encapsulate EAP messages within that protocol's messages.

[Visala28]

LEAP uses a customized version or description of MS-CHAP, an substantiation protocol in which user credentials are not powerfully protected and are consequently easily compromised. By the side of these lines, an exploit tool called ASLEAP was unconstrained. Cisco suggests that customers that completely must utilize LEAP do so merely by means of adequately complex passwords, although complex passwords are complicated to administer and enforce. Cisco's current general suggestion is to utilize newer and stronger EAP protocols such as EAP-FAST, PEAP, or EAP-TLS.

[teenQ]

The EAP-Transport Layer Security (EAP-TLS), distinctive in RFC 5216, is an IETF open customary, and is well sustained or maintained among wireless vendors. The sanctuary of the TLS protocol is strong, make available the user understands potential warnings regarding false credentials. It uses PKI to protected communication to a RADIUS verification server or an additional type of authentication server. So even although EAP-TLS provides tremendous sanctuary, the overhead of client-side certificates might be its Achilles' heel.

[Techno01]

EAP-TLS is the innovative, customary wireless LAN EAP authentication protocol. Even though it is infrequently deployed, it is tranquil considered one of the most protected EAP standards obtainable and is universally sustained or maintained by the entire manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, on the other hand unpopular it might be, is what gives EAP-TLS its substantiation strength and illustrates the classic convenience vs. security trade-off. A conciliation password is not sufficient to break into EAP-TLS facilitated systems for the reason that the intruder tranquil requirements to have the client-side private key.

[Reegan]

The highest sanctuary obtainable is when client-side keys are housed in smart cards. This is for the reason that there is no method to steal a certificate's equivalent private key from a smart card without stealing the card itself. It is considerably additional probable that the physical theft of a smart card would be noticed (and the smart card instantaneously revoked) than a (representative) password theft would be noticed. There are client and server accomplishments of EAP-TLS in Microsoft, Cisco, Apple, and open source operating systems. EAP-TLS is natively sustained or maintained in Mac OS X 10.3.

[Isaac1]

The IEEE and wireless industry in progress developing innovative protocols and standards. They came up by means of the 802.11i, a standard to in conclusion put into practice a fully secure encryption mechanism for wireless LANs. Previous to it was accomplished; the Wi-Fi Alliance released the Wi-Fi Protected Access (WPA) encryption customary, loosely based on 802.11i using TKIP for the underlying encryption. Afterward they released WPA2, which contains full hold up for 802.11i using AES/CCMP encryption.