IntroductionThe following document will review the Extensible Authentication Protocol (EAP) as a widely accepted standard. A brief description will be provided with visual aids to aid understanding. A current implementation of EAP with Transport Layer Security (TLS) will be described. The common security measures implemented will also be discontinued. Following the security measures I will provide research on common attack vectors and ways to mitigate these attacks to protect secure data transmissions. A full discussion of EAP and TLS is beyond the scope of this document. The research contained herein is provided as a high-level understanding of the EAP protocol and a possible implementation with known risks. Protocol Description EAP was built on the Point to Point Protocol (PPP) because of the need for a way to establish a connection before a client (peer/supplicant) had the ability to negotiate the authentication method. PPP originally negotiated how it would provide authentication between two entities before the two were actually connected, called the Connection Establishment Phase (RFC 1661, 1994). Today's technology must first allow peers to connect to the authenticator and then establish the authentication, authorization and accounting (AAA) method that will be used. Authentication had to move from the link establishment phase to a new standard. Therefore EAP was developed as a new authentication negotiation method (Sotillo, 2007). A very common example of EAP is wireless communications, the peer needs to connect to the authenticator to establish a connection, then EAP negotiation is initiated. The main components of EAP are the peer/client, the authenticator and the authentication server which are... .... half of the document ...... Eering Task Force: http://tools.ietf. org/html/rfc5216RFC 5246. (2008, August 2008). The TLS (Transport Layer Security) protocol. Retrieved November 15, 2013, from The Internet Engineering Task Force: http://tools.ietf.org/html/rfc5246RFC 5247. (2008, August). Extensible Authentication Protocol (EAP) key management framework. Retrieved November 14, 2013, from The Internet Engineering Task Force: http://tools.ietf.org/html/rfc5247Sotillo, S. (2007, November 27). Extensible Authentication Protocol (EAP). Retrieved November 16, 2013, from Infosec Writers: http://www.infosecwriters.com/text_resources/pdf/SSotillo_EAP.pdfTurner, B. (2008, December 3). Securing a wireless network with EAP-TLS: perception and reality of its implementation. Retrieved November 15, 2013, from Edith Cowan University: http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1055&context=ism