Date Added: Oct 2009
Users of public Wi-Fi networks risk being tricked into connecting to 'Evil twin' access points set up by attackers to launch man-in-the-middle attacks. The authors present a system which employs post hoc validation of an anonymous Diffie-Hellman key exchange undertaken as part of an 802.1X / EAP-TTLS network association process. Their system utilises an additional secure auxilliary channel to run a modified version of the Interlock protocol based on physical evidence in the network location. By using keying information generated during the network joining process, they allow spontaneous network users to detect man-in the-middle attacks as well as avoiding the need for pre-shared keys.