A Proof-of-Concept Implementation of EAP-TLS with TPM Support

Many people who have tried to configure their IEEE 802.11 enabled mobile phones to connect to a public wireless hotspot know one of the major differences between IEEE 802.11 networks and 2G: the missing standardized login process. While the 2G standard covers all aspects of the communication process, first IEEE 802.11 standards only targeted the data transmission. Due to this lack of standards for authentication, the login process and the missing secure subscriber identification, a number of different, mostly incompatible, login procedures have been established that are all far away from being as usable, comfortable and secure as 2G methods. This is why the authors of this paper propose to use EAP-TLS, which is a well established, secure and scalable authentication protocol, in combination with identities provided by a Trusted Platform Module (TPM) in order to archieve a high comfort for the user This paper describes the concept, presents a Linux based implementation, and evaluates the approach in a testbed.