Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: An Inconvenient Truth About Tunneled Authentications

NIST Authors in Bold

Author(s): Katrin Hoeper; Lidong Chen;
Title: An Inconvenient Truth About Tunneled Authentications
Published: October 10, 2010
Abstract: In recent years, it has been a common practice to execute client authentications for network access inside a protective tunnel. Man-in-the-middle (MitM) attacks on such tunneled authentications have been discovered early on and cryptographic bindings are widely adopted to mitigate these attacks. In this paper, we shake the false sense of security given by these so-called protective tunnels by demonstrating that most tunneled authentications are still susceptible to MitM attacks despite the use of cryptographic bindings and other proposed countermeasures. Our results affect widely deployed protocols, such as EAP-FAST and PEAP.
Conference: 35th IEEE Conference on Local Computer Networks (LCN)
Pages: pp. 416 - 423
Location: Denver, CO
Dates: October 10-14, 2010
Keywords: Protective tunnel, authentication, tunnel-based EAP method, man-in-the-middle attack, cryptographic binding
Research Areas: Cybersecurity
DOI: http://dx.doi.org/10.1109/LCN.2010.5735754  (Note: May link to a non-U.S. Government webpage)
PDF version: PDF Document Click here to retrieve PDF version of paper (310KB)