Abstract
Deploying a new security protocol is expensive. This encourages system designers to look for ways of re-using existing infrastructure. When security protocols and components are re-used, it is critical to re-examine the security of the resulting system as a whole. For example, it has become a standard paradigm to run a legacy client authentication protocol within a secure tunnel. The commonest example of such composition is the use of HTTP authentication inside a TLS tunnel.
In this paper, we describe a man-in-the-middle attack on such protocol composition. The vulnerability arises if the legacy client authentication protocol is used both in tunnelled and untunnelled forms. Even when the client authentication protocol and the tunnel protocol are both secure, composing them in the customary manner results in an insecure system.
We propose a solution to this problem by using a cryptographic binding between the client authentication protocol and the tunnel protocol.
An earlier, longer version of this work appeared as a research report [5].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aboba, B.: Review of man-in-the-middle problem statement draft. Message to IETF saag mailing list (January 2003), http://jis.mit.edu/pipermail/saag/2003q1/000684.html
Andersson, H., Josefsson, S., Zorn, G., Simon, D., Palekar, A.: Protected EAP Protocol (PEAP). IETF personal draft (September 2002), draft-josefsson-pppext-eap-tls-eap-05.txt
Arkko, J., Haverinen, H.: EAP AKA Authentication, IETF personal draft (June 2002), draft-arkko-pppext-eap-aka-04.txt
Arkko, J., Haverinen, H.: EAP AKA Authentication, IETF personal draft (January 2003), draft-arkko-pppext-eap-aka-08.txt
Asokan, N., Niemi, V., Nyberg, K.: Man-in-the-middle in tunneled authentication protocols. Technical Report 2002/163, IACR ePrint archive (October 2002), http://eprint.iacr.org/2002/163/
Blunk, L., Vollbrecht, J., Aboba, B.: Extensible Authentication Protocol (EAP). IETF pppext working group draft (October 2002), draft-ietf-pppext-rfc2284bis-07.txt
Buckley, A., Satarasinghe, P., Alperovich, V., Puthenkulam, J., Walker, J., Lortz, V.: EAP SIM GMM Authentication. IETF personal draft (August 2002), draft-buckley-pppext-eap-sim-gmm-00.txt
Calhoun, P.: Diameter Base Protocol. IETF aaa working group draft (December 2002), draft-ietf-aaa-diameter-17.txt
Dierks, T., Allen, C.: The TLS Protocol Version 1.0, IETF RFC 2246 (January 1999)
Kaufman, C. (ed.): Internet Key Exchange (IKEv2) Protocol. IETF ipsec working group draft (February 2003), draft-ietf-ipsec-ikev2-05.txt
Franks, J., et al.: HTTP Authentication: Basic and Digest Access Authentication, IETF RFC 2617 (June 1999)
Funk, P., Blake-Wilson, S.: EAP Tunneled TLS Authentication Protocol (EAP-TTLS). IETF pppext working group draft (February 2002), draft-ietf-pppext-eap-ttls-01.txt (expired)
Harkins, D., Piper, D., Hoffman, P.: Secure Legacy Authentication (SLA) for IKEv2. IETF personal (December 2002), draft-hoffman-sla-00.txt
Haverinen, H., Salowey, J.: EAP SIM Authentication. IETF personal draft (October 2002), draft-haverinen-pppext-eap-sim-06.txt
Josefsson, S., Palekar, A., Simon, D., Zorn, G.: Protected EAP Protocol (PEAP). IETF personal draft (March 2003), draft-josefsson-pppext-eap-tls-eap-06.txt
Kaaranen, H., Naghian, S., Laitinen, L., Ahtiainen, A., Niemi, V.: UMTS Networks: Architecture. In: Mobility and Services, John Wiley & Sons, Chichester (2001)
Vollbrecht, J., Blunk, L.: PPP Extensible Authentication Protocol (EAP). IETF RFC 2284 (March 1998)
Meadows, C.: Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE Journal on Selected Areas in Communications 21(1), 44–54 (2003)
Niemi, A., Arkko, J., Torvinen, V.: Hypertext transfer protocol (http) digest authentication using authentication and key agreement (aka). IETF RFC 3310 (September 2002)
Ohba, Y., Baba, S., Das, S.: PANA over TLS (POTLS). IETF personal draft (September 2002), draft-ohba-pana-potls-00.txt
Puthenkulam, J., Lortz, V., Palekar, A., Simon, D., Aboba, B.: The compound authentication binding problem. IETF personal draft (March 2003), draft-puthenkulam-eap-binding-02.txt
Righney, C., et al.: Remote Authentication Dial In User Service (RADIUS). IETF RFC 2865 (June 2000)
Sheffer, Y., Krawczyk, H., Aboba, B.: PIC, A Pre-IKE Credential Provisioning Protocol. IETF ipsra working group draft (October 2002), draft-ietf-ipsra-pic-06.txt
IETFÂ IPsec working group. Secure legacy authentication for IKEv2. Discussion thread on the IPSec mailing list, http://www.vpnc.org/ietf-ipsec/mail-archive/threads.html#02763
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Asokan, N., Niemi, V., Nyberg, K. (2005). Man-in-the-Middle in Tunnelled Authentication Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_6
Download citation
DOI: https://doi.org/10.1007/11542322_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)