In addition to running the authentication protocols within such tunnel it should also be possible to use them in legacy mode without any tunnelling so as to leverage the legacy advantages such as widespread use. In this paper we show that in practical situations, such a mixed mode usage opens up the possibility to run a man-in-the-middle attack for impersonating the legitimate client. For those well-designed client authentication protocols that already have a sufficient level of security, the use of tunnelling in the proposed form is a step backwards because they introduce a new vulnerability.
The problem is due to the fact that the legacy client authentication protocol is not aware if it is run in protected or unprotected mode. We propose to solve the discovered problem by using a cryptographic binding between the client authentication protocol and the protection protocol.
Category / Keywords: authentication protocols, man-in-the-middle attacks, Internet applications Date: received 24 Oct 2002, last revised 13 Nov 2002 Contact author: kaisa nyberg at nokia com Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Note: Draft updated. PS version provided. Version: 20021113:100034 (All versions of this report) Short URL: ia.cr/2002/163 Discussion forum: Show discussion | Start new discussion