Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Making the Case for EAP Channel Bindings



T. C. Clancy, Katrin Hoeper


In current networks that use EAP and AAA for authenticated admission control, such as WiFi, WiMAX, and various 3G internetworking protocols, a malicious base station can advertise false information to prospective users in an effort to manipulate network access in some way. This can result a number of attacks ranging from traffic herding to manipulation of roaming agreements between operators. To address this problem, "EAP Channel Bindings" can be used to validate information advertised during the network discovery phase after keying material has been derived. The back-end authentication service can ensure the consistency of the advertised information with its configured policy. Using protected communications channels already specified within many existing EAP methods will allow for the authenticated transport of the channel binding data. Standardization activities currently exist within the IETF to implement this technique.
Proceedings Title
2009 IEEE Sarnoff Symposium proceedings, published through IEEEXplore
Conference Dates
March 30-April 1, 2009
Conference Location
Princeton, NJ, US
Conference Title
2009 IEEE Sarnoff Symposium (SARNOFF '09)


AAA, EAP, lying NAs threat, lying provider threat, network access authentication


Clancy, T. and Hoeper, K. (2009), Making the Case for EAP Channel Bindings, 2009 IEEE Sarnoff Symposium proceedings, published through IEEEXplore, Princeton, NJ, US, [online],, (Accessed April 16, 2024)
Created March 29, 2009, Updated October 12, 2021