EAP-FAST

Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) is an authentication protocol used in wireless networks to provide a secure and efficient method for user authentication.

EAP-FAST employs a two-phase authentication process known as "tunnel establishment" and "protected phase." During the tunnel establishment phase, the client and the server establish a secure TLS tunnel, protecting the subsequent authentication process from eavesdropping and other attacks.

The protected phase involves the actual authentication of the client using various methods, including password-based, certificate-based, or token-based authentication. EAP-FAST utilizes a Protected Access Credential (PAC) to perform protected user password exchange without revealing the user's actual password.

The EAP-FAST authentication process typically involves the following steps:

1. Tunnel Establishment: The client and the authentication server establish a secure TLS tunnel.
2. PAC Provisioning: The server issues a PAC to the client, which is used for the subsequent authentication process.
3. Protected Phase: The client and server perform the actual authentication using the PAC. The client sends its identity and the PAC to the server, and the server validates the PAC to authenticate the client.
4. Success/Failure: The authentication server sends an EAP Success message if the authentication is successful or an EAP Failure message if the authentication fails.

EAP-FAST provides a balance between security and efficiency, making it suitable for scenarios where a lightweight yet secure authentication protocol is required.