Paper 2002/163

Man-in-the-Middle in Tunnelled Authentication Protocols

N. Asokan, Valtteri Niemi, and Kaisa Nyberg


Recently new protocols have been proposed in IETF for protecting remote client authentication protocols by running them within a secure tunnel. Examples of such protocols are PIC, PEAP and EAP-TTLS. One goal of these new protocols is to enable the migration from legacy client authentication protocols to more secure protocols, e.g., from plain EAP type to, say, PEAP. In the new drafts, the security of the subsequent session credentials are based only on keys derived during the unilateral authentication where the network server is authenticated to the client. Client authentication is mentioned as an option in PEAP and EAP-TTLS, but is not mandated. Naturally, the PIC protocol does not even offer this option, because the goal of PIC is to obtain credentials that can be used for client authentication. In addition to running the authentication protocols within such tunnel it should also be possible to use them in legacy mode without any tunnelling so as to leverage the legacy advantages such as widespread use. In this paper we show that in practical situations, such a mixed mode usage opens up the possibility to run a man-in-the-middle attack for impersonating the legitimate client. For those well-designed client authentication protocols that already have a sufficient level of security, the use of tunnelling in the proposed form is a step backwards because they introduce a new vulnerability. The problem is due to the fact that the legacy client authentication protocol is not aware if it is run in protected or unprotected mode. We propose to solve the discovered problem by using a cryptographic binding between the client authentication protocol and the protection protocol.

Note: Draft updated. PS version provided.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
authentication protocolsman-in-the-middle attacksInternet applications
Contact author(s)
kaisa nyberg @ nokia com
2002-11-13: last of 2 revisions
2002-11-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {N.  Asokan and Valtteri Niemi and Kaisa Nyberg},
      title = {Man-in-the-Middle in Tunnelled Authentication Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2002/163},
      year = {2002},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.