PEAP (Protected Extensible Authentication Protocol)

PEAP authenticates the server with a public key certificate and carries the authentication in a secure Transport Layer Security (TLS) session, over which the WLAN user, WLAN stations and the authentication server can authenticate themselves. Each station gets an individual encryption key. When used in conjunction with Temporal Key Integrity Protocol (TKIP), each key has a finite lifetime.

Cisco Systems, Microsoft and RSA Security are promoting PEAP as an Internet standard. Currently in draft status, the protocol is gaining support and is expected to displace Cisco's proprietary Lightweight Extensible Authentication Protocol (LEAP).

PEAP addresses the shortcomings of 802.11 security, shared key authentication being chief among these. Weaknesses in 802.11 Wired Equivalent Privacy (WEP) allow an attacker to capture encrypted frames and analyze them to determine the encryption key. (In this system, the same shared key is used for both authentication and encryption.) With the shared key, the attacker can decrypt frames or pose as a legitimate user.

Learn more about Mobile Security Software and Tools

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Wikipedia has more information about PEAP and related protocols in its entry. - Lisa Phifer discusses PEAP and LEAP. - George Ou explains LEAP weaknesses and discusses PEAP's potential to replace it.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Sybase offers enterprise-ready iPhone solution on the App Store iAnywhere Mobile Office provides iPhone users with an enterprise solution supporting email, calendar, tasks and contacts with corporate directory... Fingerprint recognition and mobile security Fingerprint recognition technology for mobile devices is posed to become the preferred user authentication solution mobile device security. Traditional security threats coming soon to mobile device near you Browser exploits, botnets and more will soon be coming to mobile devices, according to a report from the Georgia Tech Information Security Center.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary screaming cell phone  (SearchMobileComputing.com) A screaming cell phone is a cellular telephone that is programmed to emit a noise like human screaming. (Continued) Shared Key Authentication (SKA)  (SearchMobileComputing.com) Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP)...