Making the Case for EAP Channel Bindings
Source: University of Maryland
In current networks that use EAP and AAA for authenticated admission control, such as WiFi, WiMAX, and various 3G internetworking protocols, a malicious base station can advertise false information to prospective users in an effort to manipulate network access in some way. This paper identifies and discusses the resulting threats (e.g. the lying NAS problem in enterprise networks and the newly identified lying provider problem in roaming environments) and shows how these threats can be exploited for a number of attacks, including traffic herding, denial of service, cryptographic downgrade attacks, and forced roaming.