Editing Extensible Authentication Protocol (section)

===EAP Flexible Authentication via Secure Tunneling (EAP-FAST)===
Flexible Authentication via Secure Tunneling (EAP-FAST; {{IETF RFC|4851}}) is a protocol proposal by [[Cisco Systems]] as a replacement for [[Lightweight Extensible Authentication Protocol|LEAP]].<ref>{{cite web|title=Ultimate wireless security guide: A primer on Cisco EAP-FAST authentication|url=http://articles.techrepublic.com.com/5100-1035-6148557.html|archive-url=https://web.archive.org/web/20080324094115/http://articles.techrepublic.com.com/5100-1035-6148557.html|url-status=dead|archive-date=2008-03-24|publisher=techrepublic.com|access-date=2008-02-17}}</ref> The protocol was designed to address the weaknesses of LEAP while preserving the "lightweight" implementation. Use of server certificates is optional in EAP-FAST. EAP-FAST uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified.

EAP-FAST has three phases:<ref>{{cite web|url=http://www.ciscopress.com/articles/article.asp?p=369223&seqNum=5 |title=EAP-FAST > EAP Authentication Protocols for WLANs |publisher=Ciscopress.com |access-date=2014-04-17}}</ref>

{| class="wikitable"
|-
! Phase !! Function !! Description !! Purpose
|-
| 0 || In-band provisioning—provide the peer with a shared secret to be used in secure phase 1 conversation || Uses Authenticated Diffie-Hellman Protocol (ADHP). This phase is independent of other phases; hence, any other scheme (in-band or out-of-band) can be used in the future. || Eliminate the requirement in the client to establish a master secret every time a client requires network access
|-
| 1 || Tunnel establishment || Authenticates using the PAC and establishes a tunnel key || Key establishment to provide confidentiality and integrity during the authentication process in phase 2
|-
| 2 || Authentication || Authenticates the peer || Multiple tunneled, secure authentication mechanisms (credentials exchanged)
|}

When automatic PAC provisioning is enabled, EAP-FAST has a vulnerability where an attacker can intercept the PAC and use that to compromise user credentials. This vulnerability is mitigated by manual PAC provisioning or by using server certificates for the PAC provisioning phase.

It is worth noting that the PAC file is issued on a per-user basis. This is a requirement in {{IETF RFC|4851}} sec 7.4.4 so if a new user logs on the network from a device, a new PAC file must be provisioned first. This is one reason why it is difficult not to run EAP-FAST in insecure anonymous provisioning mode. The alternative is to use device passwords instead, but then the device is validated on the network not the user.

EAP-FAST can be used without PAC files, falling back to normal TLS.

EAP-FAST is natively supported in Apple OS X 10.4.8 and newer. [[Cisco]] supplies an EAP-FAST module<ref>{{cite web|url=http://www.cisco.com/en/US/docs/wireless/wlan_adapter/eap_types/fast/admin/guide/FAST_admin.html|title=EAP-FAST for Windows Vista Administrator Guide|archive-url=https://web.archive.org/web/20090210002337/http://www.cisco.com/en/US/docs/wireless/wlan_adapter/eap_types/fast/admin/guide/FAST_admin.html|archive-date=February 10, 2009}}</ref> for [[Windows Vista]]<ref>[http://blogs.msdn.com/eapteam/archive/2008/10/17/how-do-i-install-cisco-eap-fast-on-my-computer.aspx How do I install CISCO EAP-FAST on my computer?]</ref> and later operating systems which have an extensible EAPHost architecture for new authentication methods and supplicants.<ref>[http://www.microsoft.com/technet/technetmag/issues/2007/05/CableGuy/default.aspx EAPHost in Windows]</ref>