DocumentCode :
2784774
Title :
An inconvenient truth about tunneled authentications
Author :
Hoeper, Katrin ; Chen, Lidong
Author_Institution :
Motorola Inc., Schaumburg, IL, USA
fYear :
2010
fDate :
10-14 Oct. 2010
Firstpage :
416
Lastpage :
423
Abstract :
In recent years, it has been a common practice to execute client authentications for network access inside a protective tunnel. Man-in-the-middle (MitM) attacks on such tunneled authentications have been discovered early on and cryptographic bindings are widely adopted to mitigate these attacks. In this paper, we shake the false sense of security given by these so-called protective tunnels by demonstrating that most tunneled authentications are still susceptible to MitM attacks despite the use of cryptographic bindings and other proposed countermeasures. Our results affect widely deployed protocols, such as EAP-FAST and PEAP.
Keywords :
computer network security; cryptographic protocols; message authentication; EAP-FAST; MitM attack; PEAP; client authentication; cryptographic binding; man-in-the-middle attack; network access; tunneled authentication; Authentication; Compounds; Protocols; Public key; Servers; Protective tunnel; authentication; cryptographic binding; man-in-the-middle attack; tunnel-based EAP method;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Local Computer Networks (LCN), 2010 IEEE 35th Conference on
Conference_Location :
Denver, CO
ISSN :
0742-1303
Print_ISBN :
978-1-4244-8387-7
Type :
conf
DOI :
10.1109/LCN.2010.5735754
Filename :
5735754
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2784774
بازگشت