An Inconvenient Truth About Tunneled Authentications

Hoeper, Katrin; Chen, Lily

doi:https://doi.org/10.1109/LCN.2010.5735754

Conference Proceedings

An Inconvenient Truth About Tunneled Authentications

Documentation

Published: October 10, 2010

Author(s)

Katrin Hoeper, Lily Chen

Conference

Name: 35th IEEE Conference on Local Computer Networks (LCN 2010)
Dates: October 10-14, 2010
Location: Denver, Colorado, United States
Citation: 2010 IEEE 35th Conference on Local Computer Networks (LCN 2010), pp. 416-423

Announcement

Abstract

In recent years, it has been a common practice to execute client authentications for network access inside a protective tunnel. Man-in-the-middle (MitM) attacks on such tunneled authentications have been discovered early on and cryptographic bindings are widely adopted to mitigate these attacks. In this paper, we shake the false sense of security given by these so-called protective tunnels by demonstrating that most tunneled authentications are still susceptible to MitM attacks despite the use of cryptographic bindings and other proposed countermeasures. Our results affect widely deployed protocols, such as EAP-FAST and PEAP.

Keywords

authentication; cryptographic binding; man-in-the-middle attack; protective tunnel; tunnel-based EAP method

Control Families

None selected

Documentation

Publication:
Conference Proceedings (DOI)

Supplemental Material:
None available

Document History:
10/10/10: Conference Proceedings (Final)