Hoeper, K.
and Chen, L.
(2010),
An Inconvenient Truth About Tunneled Authentications, 35th IEEE Conference on Local Computer Networks (LCN)
, Denver, CO, US, [online], https://doi.org/10.1109/LCN.2010.5735754, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906200
(Accessed October 28, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
An Inconvenient Truth About Tunneled Authentications
Published
Author(s)
Katrin Hoeper,
Abstract
In recent years, it has been a common practice to execute client authentications for network access inside a protective tunnel. Man-in-the-middle (MitM) attacks on such tunneled authentications have been discovered early on and cryptographic bindings are widely adopted to mitigate these attacks. In this paper, we shake the false sense of security given by these so-called protective tunnels by demonstrating that most tunneled authentications are still susceptible to MitM attacks despite the use of cryptographic bindings and other proposed countermeasures. Our results affect widely deployed protocols, such as EAP-FAST and PEAP.Conference Dates
October 10-14, 2010
Conference Location
Denver, CO, US
Conference Title
35th IEEE Conference on Local Computer Networks (LCN)
Pub Type
Conferences
Download Paper
Keywords
Protective tunnel, authentication, tunnel-based EAP method, man-in-the-middle attack, cryptographic binding
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created October 9, 2010, Updated October 12, 2021