Creating and sharing knowledge for telecommunications

EAP-SH: An EAP Authentication Protocol to Integrate Captive Portals in the 802.1X Security Architecture

Marques, NM ; Barraca, J. P. ; Zúquete, A.

Wireless Personal Communications Vol. 0, Nº 0, pp. 0 - 0, April, 2020.

ISSN (print): 1572-834X
ISSN (online): 0929-6212

Scimago Journal Ranking: 0,30 (in 2020)

Digital Object Identifier: 10.1007/s11277-020-07298-y

Download Full text PDF ( 392 KBs)

Downloaded 2 times

In a scenario where hotspot wireless networks are increasingly being used, and given the amount of sensitive information exchanged on Internet interactions, there is the need to implement security mechanisms that guarantee data confidentiality and integrity in such networks, as well as the authenticity of the hotspot providers. However, many hotspots today use Captive Portals, which rely on authentication through Web pages (thus, an application-level authentication approach) instead of a link-layer approach. The consequence of this is that there is no security in the wireless link to the hotspot (it has to be provided at upper protocol layers), and is cumbersome to manage wireless access profiles (we need special applications or browsers’ add-ons to do that). This work exposes the weaknesses of the Captive Portals’ paradigm, which does not follow a unique nor standard approach, and describes a solution that intends to suppress them, based on the 802.1X architecture. It relies on EAP-SH (extended authentication protocol for secure hotspots), a new EAP-compliant protocol that is able to integrate a Web-based registration or authentication with a Captive Portal within the 802.1X authentication framework. This work describes its design, implementation and prototype evaluation.