Architecture for a 3-party-protocol

Damien Leroy damien.leroy
Thu Mar 11 06:38:15 PST 2010

In the context of our research, we have designed a network protocol 
performing authentication between a mobile host, an authenticator and 
third party. Each message is different and contains various payload (id, 
signature, ...) but due to WiFi architecture, we could see the protocol 
as a protocol between the supplicant and the authenticator mixed with a 
protocol between the authenticator and the third party.
We have implemented it, but currently we are using classical EAP between 
the supplicant and the authenticator and the authenticator creates a 
radius client (in the EAP method) that encapsulate another EAP packet to 
the third party. This way of doing is quite ugly in the authenticator 
because we have to make the EAP-SM sleep while waiting for reply from 
the 3rd-party and creating a radius client with all its parameters 
inside our EAP method is not really transparent.

Would you have a better idea of infrastructure to implement this 
mechanism while keeping the code clean and observing standards ?  (of 
course, we will implement it by ourselves)
Maybe it would be smarter to implement it using a, independant UDP 
protocol (i.e., without RADIUS nor EAP) between the authenticator and 
the 3rd party.


Damien Leroy
ICTEAM Research Institute
UCLouvain - Belgium

More information about the Hostap mailing list