Information Technology Reference
In-Depth Information
F
IG
. 5. 802.1x authentication process.
the authenticator for information about the identity of the supplicant. The suppli-
cant provides this information and the authenticator forwards it to the authentication
server. The authentication server then processes this information and usually sends
a challenge to the supplicant through the authenticator. This challenge could be a
nonce which needs to be encrypted or it could be some kind of token. The actual
authentication mechanism is flexible and can vary between implementations. This is
also the place where attacks can occur. When the supplicant responds to the chal-
lenge, the authenticator forwards this information on to the authentication server for
processing. The authentication server then determines whether or not the supplicant
should be granted access
[16]
.
Although this process was originally developed for wired networks, it has been
adopted by the 802.11i committee for use in wireless applications. In a wireless
environment, the supplicant is a wireless client wishing to connect to the wireless
network. The authentication server can still be a RADIUS server, but the authenti-
cator is usually a wireless access point. Since one of the problems with WEP is key
management, 802.1x can be very useful in a WEP environment. Any time a single
key is used for an entire network, there will be security and scalability issues. The
central server can provide clients with different keys, and even require a key change
after a preset amount of time or data transmission. In a wireless environment, this
is especially beneficial because it can change the secret key used by WEP and give
different keys to clients
[8]
.
