802.1X and Certificates

The use of Public Key Infrastructure (PKI) is an important aspect of the overall security in 802.1X.  In EAP TLS, both the client and server certificates are utilized.  In PEAP, certificates are only used in the TLS session.

802.1X and WLAN to GSM Roaming

Two methods of security are utilized for WLAN-to-GSM roaming which are known as EAP-SIM and EAP AKA.  In EAP-SIM, parameters from a SIM at the client device are exchanged with an intermediary Authentication Server as a proxy to the GSM HLR, which ultimately authenticates the SIM and thus enables the client device to have access. In EAP-SIM, there is only one-way authentication.  In contrast, EAP AKA allows mutual authentication, enabling the SIM to authenticate the network elements, eliminating the risk of network element spoofing.

Summary

While today’s methods for securing WLAN access remain arguably inadequate to deal with all issues, many experts say that the most of the current corporate users can get by with VPN.  Many believe that early introduction of 802.1X will instead be in the enterprise environment, where security concerns are even more stringent that PAWLAN venues and the environment is more controlled.