We have looked at an overview of two approaches: symmetric (secret) key and asymmetric (public) key. In practice the two methods are often combined. In particular, it is common for systems to use PKI to establish a security context and then exchange key values and use symmetric keys for encryption. The reason for this is that asymmetric key encryption takes more processing power than symmetric key encryption does.
However, the distinction is useful because the two major upper-level authentication methods we cover fall into both camps. Kerberos is more often based on the secret key approach, while TLS is based on a certificate approach. The following sections look at each of these methods in detail and show how they can be incorporated into the RSN model. We also consider three other methods, each of interest for a different reason:
Cisco LEAP is important because it has already been deployed using WEP and was the first adopted method to use IEEE 802.1X and EAP.
Protected EAP (PEAP) is a new approach that allows complete privacy in the authentication. Even the identity of the supplicant can be hidden from outside observers.
EAP-SIM is an approach that allows cellular phone type devices to incorporate IEEE 802.11 interfaces and authenticate using IEEE 802.1X.