EAP-SH: An EAP Authentication Protocol to Integrate Captive Portals in the 802.1 X Security Architecture


In a scenario where hotspot networks are increasingly being used, present and obtaining more subscribers, with the amount of sensitive information exchanged on this type of networks and with the variety of their users, which may not be trustworthy, there is a need of implementing security mechanisms that guarantee data confidentiality and integrity, as well as to guarantee that announced networks are genuine, avoiding rogue networks. Captive portals are portals provided by networks of this type where a user logs in; they are a greater risk as they imply the transmission of sensitive data on a nonstandardized way. This work explores the weaknesses of this paradigm and describes a solution that intends to suppress them, based on the 802.1X architecture. This solution consists on creating an EAP-compliant protocol in order to integrate an HTTP-based authentication within the 802.1X authentication framework.

Wireless Personal Communications