Improving Wireless LAN Authentication: A Description of the Authentication in 802.1x Standard

white paper from RSA

Abstract: This article describes an Extensible Authentication Protocol (EAP) mechanism for mutual authentication and session key generation in a roaming environment. The server authentication and the negotiation of the session key is done using the PPP EAP Transport Layer Security (TLS) authentication protocol. This user authenticates using a PPP EAP mechanism, integrity and privacy protected by TLS. In essence, a wrapping of EAP inside TLS inside EAP is specified. An important application discussed in this document is providing authentication of access points and stations within an IEEE 802.11 Wireless Local Area Network (WLAN), but other applications such as Personal Area Network (PAN) access over Bluetooth might also be considered in the future.