Security Requirements (cont’d) Protection against man-in-the-middle attacks Per-packet authentication, integrity and replay protection at each leg of the triangle EAP method Uses TEKs to provide security services Typically doesn’t cover EAP header or Identity, Notification, Success/Failure packets AAA protocol Transmission layer security (IPsec, TLS) RFC 2869bis now has IPsec as a SHOULD TSK derivation protocol Example: IEEE 802.11i |