PEAP (Protected Extensible Authentication Protocol)

What is PEAP? PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.

PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves. Each station gets an individual encryption key. When used in conjunction with Temporal Key Integrity Protocol (TKIP), each key has a finite lifetime.

Cisco Systems, Microsoft and RSA Security are promoting PEAP as an Internet standard. Currently in draft status, the protocol is gaining support and is expected to displace Cisco's proprietary Lightweight Extensible Authentication Protocol (LEAP).

PEAP addresses the shortcomings of 802.11 security, shared key authentication being chief among these. Weaknesses in 802.11 Wired Equivalent Privacy (WEP) allow an attacker to capture encrypted frames and analyze them to determine the encryption key. (In this system, the same shared key is used for both authentication and encryption.) With the shared key, the attacker can decrypt frames or pose as a legitimate user.

This was last updated in July 2008

Next Steps

If you’re ready to evaluate multifactor authentication tools, read this product comparison to learn the features, pros and cons and pricing models of the MFA vendors in the space. Drill deeper with our product overviews of top products like EMC RSA Authentication Manager, which is part of its SecurID technology, Symantec Verisign VIPCA Strong Authentication and Vasco Identikey Digipass.

Continue Reading About PEAP (Protected Extensible Authentication Protocol)

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing