Published: March 30, 2009
Author(s)
T. Clancy, Katrin Hoeper
Conference
Name: IEEE Sarnoff Symposium, 2009 (SARNOFF '09)
Dates: March 30 - April 1, 2009
Location: Princeton, New Jersey, United States
Citation: 2009 IEEE Sarnoff Symposium Conference Proceedings, pp. 1-5
Announcement
In current networks that use EAP and AAA for authenticated admission control, such as WiFi, WiMAX, and various 3G internetworking protocols, a malicious base station can advertise false information to prospective users in an effort to manipulate network access in some way. This can result a number of attacks ranging from traffic herding to manipulation of roaming agreements between operators. To address this problem, ``EAP Channel Bindings'' can be used to validate information advertised during the network discovery phase after keying material has been derived. The back-end authentication service can ensure the consistency of the advertised information with its configured policy. Using protected communications channels already specified within many existing EAP methods will allow for the authenticated transport of the channel binding data. Standardization activities currently exist within the IETF to implement this technique.
In current networks that use EAP and AAA for authenticated admission control, such as WiFi, WiMAX, and various 3G internetworking protocols, a malicious base station can advertise false information to prospective users in an effort to manipulate network access in some way. This can result a number...
See full abstract
In current networks that use EAP and AAA for authenticated admission control, such as WiFi, WiMAX, and various 3G internetworking protocols, a malicious base station can advertise false information to prospective users in an effort to manipulate network access in some way. This can result a number of attacks ranging from traffic herding to manipulation of roaming agreements between operators. To address this problem, ``EAP Channel Bindings'' can be used to validate information advertised during the network discovery phase after keying material has been derived. The back-end authentication service can ensure the consistency of the advertised information with its configured policy. Using protected communications channels already specified within many existing EAP methods will allow for the authenticated transport of the channel binding data. Standardization activities currently exist within the IETF to implement this technique.
Hide full abstract
Keywords
AAA; EAP; lying NAs threat; lying provider threat; network access authentication
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
