VARIANT:
Protected with MS-CHAP authentication

PURPOSE:
Mutual authentication, key establishment

Similar to EAP-TTLS, PEAP performs two phases of authentication. The first phase is to create the TLS secure channel. The server is authenticated by certificate in this phase and optionally the client can be authenticated also based on a client certificate. In the second phase, within the TLS secured tunnel, a complete EAP conversation is carried out. The user, which is not authenticated in the first phase, will be authenticated securely inside a TLS channel by EAP method. If the user is already authenticated in the first phase, PEAP does not run EAP method to authenticate the user. In PEAP, it runs only EAP methods, e.g. EAP-MD5, EAP-SIM, to authenticate the client inside the secure tunnel but does not supports non-EAP methods like PAP, CHAP. In case the authentication is held through the access point, it does not need to have any knowledge of the TLS master secret derived between the client and back-end authentication server. The access point simply then acts as the pass-through device and cannot decrypt the PEAP conversation. However, the access point obtains the master session keys, derived from the TLS master secret.

 

REFERENCE:

 

MODELER:

 

ALICE_BOB:

 PEAP Phase 1:
 S -> P: id_request
 P -> S: P
 S -> P: start_peap
 P -> S: client_hello
 S -> P: server_hello, certificate
 P -> S: certificate_verify, change_cipher_spec
 S -> P: change_cipher_spec, finished

PEAP Phase 2: P -> S: {P}_ClientK S -> P: {Rand_S}_ServerK P -> S: {Rand_P,Hash(k(P,S),(Rand_P,Rand_S,P)}_ClientK S -> P: {Hash(k(P,S),Rand_P)}_ServerK P -> S: {Ack}_ClientK S -> P: {Eap_Success}_ServerK

client_hello = {TlsVNo, SessionID, NonceC, CSu} server_hello = {TlsVNo, SessionID, NonceS, CSu} CSu: a set of eap-tls ciphersuites supplied by the client or a eap-tls ciphersuite selected by the server certificate = {S.Ks}_inv(Kca) SessionID+Rand_S is the MS challenge packet

 

PROBLEMS:
3