Implementing Encrypted Wireless Authentication over TLS

A.

EAP by itself is only an authentication framework.

PEAP (Protected Extensible Authentication Protocol) fully encapsulates EAP and is designed to work within a TLS (Transport Layer Security) tunnel that may be encrypted but is authenticated.

The primary motivation behind the creation of PEAP was to help correct the deficiencies discovered within EAP since that protocol assumes that the communications channel is protected.

As a result, when EAP messages are able to be discovered in the clear they do not provide the protection that was assumed when the protocol was originally authored.

PEAP, EAP-TTLS, and EAP-TLS protect inner EAP authentication within SSL/TLS sessions.

The technology that allows for encrypted authentication of wireless clients over TLS is PEAP (Protected Extensible Authentication Protocol).

PEAP is a protocol that encapsulates EAP (Extensible Authentication Protocol) within an encrypted and secure TLS (Transport Layer Security) tunnel. It enables the authentication of wireless clients by providing a protected communication channel between the client and the authentication server.

PEAP can be used with various EAP methods, such as EAP-MSCHAPv2, EAP-GTC, or EAP-TLS. These EAP methods provide various types of authentication, such as password-based authentication, token-based authentication, or certificate-based authentication.

The other answer options listed in the question are as follows:

• EAP (Extensible Authentication Protocol) is a general protocol for authentication that provides various methods for authentication, such as EAP-MD5, EAP-TLS, EAP-FAST, etc. However, EAP alone does not provide encryption of authentication, and hence it cannot be the correct answer.

• WPA2 (Wi-Fi Protected Access II) is a security protocol for wireless networks that provides encryption of data transmitted over the wireless network. However, it does not provide encrypted authentication of wireless clients, and hence it cannot be the correct answer.

• RADIUS (Remote Authentication Dial-In User Service) is a protocol used for remote authentication and accounting. It provides centralized authentication and authorization for remote access, such as for wireless networks. However, it does not provide encrypted authentication of wireless clients, and hence it cannot be the correct answer.

Therefore, the correct answer to the question is A. PEAP.