The initial Open system authentication and Shared Key authentication provided for user authentication by the 802.11 standard body was seen to be inadequate in providing a strong user authentication method.
To circumvent the issues seen in the 802.11 authentication methods, the decision to use upper layer authentication of user stations was considered. The use of 802.1X in WLAN was adopted to provide strong user level authentication methodology.
The 802.1X authentication consists of three components
- Supplicant – installed on a client device
- Authenticator – The Wireless Access Point
- Authentication server – A server which authenticates the user
An example topology for 802.1X authentication is shown below
Various upper layer authentication mechanisms were introduced in to Wireless LAN. some examples are PEAP, LEAP, PEAP-MSCHAPv2 etc. Some upper layer authentication mechanism also used public/private certificates for user authentication.
By providing an upper layer (above the data link layer) user authentication mechanism, the insecure user authentication mechanisms introduced in the early drafts of the 802.11 standard were addressed.
The 802.11 WLAN standards body also provided Information elements – WPA/RSN Information elements to negotiate which upper layer authentication mechanism will be used (Pre-shared key/802.1X). A four way EAPOL message hand shake to obtain security keys was also introduced as part of the modifications (802.11i standard). The Security algorithms were also upgraded – TKIP and AES.
The following articles discusses the WPA/RSN Information Elements and also discusses the mechanism used for upper layer authentication and as also the security mechanisms