DoMT: An Evaluation Framework for WLAN Mutual Authentication Methods

Authentication is one of the core components of every network security model. In a wireless networking environment, knowing the membership of any user or device becomes more important due to the lack of any physical linkage among the members of the network. IEEE 802.1X is a port-based authentication framework, which uses the extensible authentication protocol (EAP) to accomplish the task of authentication and key derivation in both wired as well as wireless networks. Currently, more than one hundred EAP methods have been adopted as official authentication mechanisms by the wireless security standards. These methods offer different security features by implementing different authentication and key derivation algorithms. To standardize the EAP authentication methods, security requirements, goals, and features have been defined in the various RFC documents. In this work, we have performed the goal-oriented analysis of security requirements specified for the mutual authentication EAP methods with the motive of developing an evaluation model. The motivation of developing this evaluation model is to have some mechanism for the assessment of mutual authentication EAP methods. The evaluation model proposed in this work computes the degree of mutual trust (DoMT), which has four levels, namely, very high, high, moderate, and low for indicating the strength of mutual trust established by an authentication mechanism. This model has been validated by evaluating the five most intensively studied mutual authentication EAP methods EAP-LEAP, EAP-TLS, EAP-TTLS, EAP-PEAP, and EAP-FAST and the results of the proposed model match-up with the conclusions drawn by the other related studies.