Definition

PEAP (Protected Extensible Authentication Protocol)

What is PEAP? PEAP (Protected Extensible Authentication Protocol) is a version of EAP, the authentication protocol used in wireless networks and Point-to-Point connections. PEAP is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks) that support 802.1X port access control.

PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves. Each station gets an individual encryption key. When used in conjunction with Temporal Key Integrity Protocol (TKIP), each key has a finite lifetime.

Cisco Systems, Microsoft and RSA Security are promoting PEAP as an Internet standard. Currently in draft status, the protocol is gaining support and is expected to displace Cisco's proprietary Lightweight Extensible Authentication Protocol (LEAP).

PEAP addresses the shortcomings of 802.11 security, shared key authentication being chief among these. Weaknesses in 802.11 Wired Equivalent Privacy (WEP) allow an attacker to capture encrypted frames and analyze them to determine the encryption key. (In this system, the same shared key is used for both authentication and encryption.) With the shared key, the attacker can decrypt frames or pose as a legitimate user.

This was last updated in July 2008
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchMobileComputing.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

  • On-device defenses for mobile malware

    As workforces grow increasingly dependent on smartphones, mobile threats warrant serious consideration. As discussed last month, mobile malware barriers are falling fast, at precisely the time when mobile users are becoming a bigger, juicier target. When the mobile malware "tipping point" is reached, will your organization be ready? Conventional Win32 malware defenses are commonly deployed on the assets they protect: PCs. Antivirus scanners, host intrusion detection programs, personal firewalls, and email spam filters are all designed to stop viruses, worms, trojans and spyware that prey upon desktops and laptops. These "on device" defenses are generally accepted security best practices, widely used by both businesses and individuals.

  • Symbian: Protect your data, not just your device

    As handheld devices become more common, protecting the data stored on them becomes a primary concern. Fortunately, mobile operating systems now include security features that enterprises can use to enforce corporate policies. In this series, we explore data protection on today's most popular handheld devices, starting with Symbian.<

  • TrueCrypt reviewed: Free utility for mobile encryption

    In the mobile world the only sure way to secure sensitive data is with encryption. But any such encryption utility has to be easy to use on Windows machines. Contributor Serdar Yegulalp takes an extensive look at a free partition- and disk-level encryption utility called TrueCrypt that is both effective and easy to use.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: