Extensible Authentication Protocol (EAP) Security Issues

The Extensible Authentication Protocol (EAP) is an Internet standard that provides an infrastructure for network access clients and authentication servers. It is described in the RFC 3748.

EAP is not and does not specify any specific authentication mechanism. Instead, EAP procures a framework that provides some common functions and a negotiation of the desired authentication mechanism.

Originally, EAP was created as an extension to PPP that allows for the development of arbitrary plug-in modules for current and future authentication methods and technologies. Today, EAP is most often used in wireless LANs. Particularly, two wireless standards, WPA and WPA2, which have officially adopted several EAP methods as their main authentication mechanisms.