Specifies security requirements for authentication methods with key establishment supported by the Extensible Authentication Protocol (EAP) for wireless access authentications to federal networks. Contents: 1. Intro.; 2. Scope and Purpose; 3. Definitions, Symbols and Abbreviations; 4. EAP Overview: EAP Communication Links and Involved Parties; EAP Message Flows; EAP Protocol Stacks; Tunnel-based EAP Methods; EAP Key Derivation and Key Hierarchy; EAP Ciphersuite Negotiation; 5. Vulnerabilities of EAP in Wireless Applications; 6. EAP Objectives for Wireless Network Access Authentications; 7. Preconditions for EAP; 8. Security Requirements for Non-tunneled EAP Methods; 9. Requirements for Tunnel-based EAP Methods.

This Recommendation specifies security requirements forauthentication methods with key establishment supported by the Extensible Authentication Protocol (EAP) defined in IETF RFC 3748 for wireless access authentications to federal networks.

As different wireless technologies are launched to enable user mobility and provide pervasive network and service accessibility, security has been a prominent requirement for the U.S. Federal Government in such access environments. Access authentication and the establishment of keys that protect wireless traffic are both core security components in wireless applications.

NIST SP 800-120 September 2009 This Recommendation formalizes a set of core security requirements for EAP methods when employed by the U.S. Federal Government for wireless access authentication and key establishment. The requirements should be considered as generic, in the sense that they are independent of specific wireless technologies. When there are differences between this Recommendation and the referenced IEEE and IETF standards, this Recommendation shall have precedence for U.S. Government applications. This Recommendation addresses the validation of a few selected EAP methods, in order to explain the requirements. Why buy a book you can download for free? First you gotta find it and make sure it's the latest version (not always easy). Then you gotta print it using a network printer you share with 100 other people - and its outta paper - and the toner is low (take out the toner cartridge, shake it, then put it back). If it's just 10 pages, no problem, but if it's a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that's paid $75 an hour has to do this himself (who has assistant's anymore?). If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money. It's much more cost-effective to just order the latest version from Amazon.com This book is published by 4th Watch Books and includes copyright material. We publish compact, tightly-bound, full-size books (8 � by 11 inches), with glossy covers. 4th Watch Books is a Service Disabled Veteran-Owned Small Business (SDVOSB), and is not affiliated with the National Institute of Standards and Technology. For more titles published by 4th Watch Books, please visit: cybah.webplus.net NIST SP 500-299 NIST Cloud Computing Security Reference Architecture NIST SP 500-291 NIST Cloud Computing Standards Roadmap Version 2 NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 1 & 2 NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 3 DRAFT NIST SP 1800-8 Securing Wireless Infusion Pumps NISTIR 7497 Security Architecture Design Process for Health Information Exchanges (HIEs) NIST SP 800-66 Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices NIST SP 800-177 Trustworthy Email NIST SP 800-184 Guide for Cybersecurity Event Recovery NIST SP 800-190 Application Container Security Guide NIST SP 800-193 Platform Firmware Resiliency Guidelines NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices NIST SP 1800-2 Identity and Access Management for Electric Utilities NIST SP 1800-5 IT Asset Management: Financial Services NIST SP 1800-6 Domain Name Systems-Based Electronic Mail Security NIST SP 1800-7 Situational Awareness for Electric Utilities NIST SP 500-288 Specification for WS-Biometric Devices (WS-BD) NIST SP 500-304 Data Format for the Interchange of Fingerprint, Facial & Other Biometric Information NIST SP 800-32 Public Key Technology and the Federal PKI Infrastructure NIST SP 800-63-3 Digital Identity Guidelines NIST SP 800-63a Digital Identity Guidelines - Enrollment and Identity Proofing NIST SP 800-63b Digital Identity Guidelines - Authentication and Lifecycle Management NIST SP 800-63c Digital Identity Guidelines NIST SP 800-178 Comparison of Attribute Based Access Control (ABAC) Standards NISTIR 8112 Attribute Metadata - Draft

Implementing 802.1x Security Solutions for Wired and Wireless Networks Now you can approach 802.1x implementation with confidence You know it’s essential, and you’ve heard that it can be tricky — implementing the 802.1x standard. Here is a road map that will steer you safely around the pitfalls, smooth out the rough patches, and guide you to a successful implementation of 802.1x in both wired and wireless networks. Complete with step-by-step instructions, recommendations to help you choose the best solutions, and troubleshooting tips, it lets you benefit from the experience of others who have met the challenge. Get an overview of port-based authentication and network architecture concepts Examine EAPOL, RADIUS, and EAP-Methods protocols Understand 802.1x protocol packet structure and operation Explore and evaluate complete 802.1x-based security solutions for various needs Learn what parts are necessary to construct a complete network access-control system Configure your system and assure that all aspects of it work together Follow step-by-step instructions and screen shots to successfully set up 802.1x-based security solutions and make them work

The goal of this thesis was to develop a secure and user friendly authentication scheme for public wireless networks (PWLANs). In contrast to private wireless networks, public wireless networks need a proper authentication scheme for several reasons. First of all, the network operator must be able to identify a user in case an incident happens. Furthermore, such networks are usually controlled by a commercial operator who will hardly allow access for free. This leads to the need for a secure and reliable authentication method. However, the authentication method must be userfriendly too in order to be acceptable. The only "wireless networks" users know so far are cellular networks, which are very easy to use. Users do therefore ask for a comparable experience in public wireless networks. This thesis evaluates the Trusted Platform Module (TPM) as an authentication device. The TPM is a small cryptographic module built into almost every new computer. This thesis shows how to use the TPM as an authentication device in EAPTLS. Furthermore, this thesis shows theoretical and real world evaluations of EAPTLS with the TPM. It will be shown that this authentication method provides a good level of security as well as good usability.