Personal tools



Jump to: navigation, search


Title EAP‑SH: An EAP Authentication Protocol to Integrate Captive Portals in the 802.1X Security Architecture
Author Nuno Marques, João Paulo Barraca, André Zúquete
Journal Wireless Personal Communications
Pages 25
Month April
Year 2020
DOI 10.1007/s11277-020-07298-y
Group Information Systems and Processing
Group (before 2015) Information Systems and Telematics Laboratory
Indexed by ISI Yes

In a scenario where hotspot wireless networks are increasingly being used, and given the amount of sensitive information exchanged on Internet interactions, there is the need to implement security mechanisms that guarantee data confidentiality and integrity in such networks, as well as the authenticity of the hotspot providers. However, many hotspots today use Captive Portals, which rely on authentication through Web pages (thus, an appli-cation-level authentication approach) instead of a link-layer approach. The consequence of this is that there is no security in the wireless link to the hotspot (it has to be provided at upper protocol layers), and is cumbersome to manage wireless access profiles (we need special applications or browsers’ add-ons to do that). This work exposes the weaknesses of the Captive Portals’ paradigm, which does not follow a unique nor standard approach, and describes a solution that intends to suppress them, based on the 802.1X architecture. It relies on EAP-SH (extended authentication protocol for secure hotspots), a new EAP-compliant protocol that is able to integrate a Web-based registration or authentication with a Captive Portal within the 802.1X authentication framework. This work describes its design, implementation and prototype evaluation