Selecting a Standard Outer Method for EAP

This paper outlines the problems in currently available authentication methods, such as EAP-TTLS, EAP-PEAP and EAP-FAST, and describes the desirable properties of a standard outer method. We examine the interaction between inner and outer methods and the types of issues that presently exist. We propose a new authentication method, EAP-PSK [PSK] with tunneling support (EAP-TLS-PSK), as an EAP protocol that extends EAP-PSK, one of the authentication protocols based on pre-shared keys. EAPTLS-PSK uses secure tunnel establishment by TLS handshake to exchange authentication-related information between a client and a server, while EAP-PSK simply uses pre-shared keys to mutually authenticate. Authentication not based on certificates, unlike other outer methods, allows a reduced cost of management with fewer message exchanges between client and server.