Forum

EAP-TTLS & CWSP Study Guide

1 posts by 1 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: April 9, 2010:

By wifikiwi April 9, 2010

Reply

Again, I think you are referring to TTLSv0 with this, TTLSv1 had that same MiTM attack prevention since TTLSv1.

EAP-TTLSv1 works in the same manner as EAP-TTLSv0 in that a TLS handshake is used to secure a
subsequent AVP exchange. However, version 1 utilizes TLS with the Inner Application extension
(TLS/IA). By having TLS/IA, EAP-TTLSv1 moves the exchange of inner AVPs from the TLS data
phase into the TLS handshake. The new Inner Application extension to TLS (TLS/IA) was defined to
carry inner AVPs within the handshake, thus making the TLS data phase free for other uses.
Another benefit of TLS/IA is the secure exchange of the result of inner authentication. Inner
authentication generates Session keys and the keys are mixed with the TLS master secret to produce an
“inner secret”, exported by TLS/IA. The inner secret is used to generate the master session key (MSK)
exported by EAP-TTLSv1 for protection of subsequent data transmission.

from : http://brave.sr.unh.edu/sav/UNH-CS-TR-06-01.pdf

Page 1 of 1

1

Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.
-Darren

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.
-Ben

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.
-Glenn