eap-10----Page:12
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
|
Thwarting the attack with binding <- Rogue AP/Client -> EAP/Identity Request EAP/Identity Response (anonymous@realm) TLS Session establishment EAP/Identity Request EAP/Identity Response (user id@realm) EAP/ Request / Method Challenge EAP/Response/ Method Response EAP/ Success EAP-Method in TLS Protected Session No Keys Sent Client MitM Home AAA Server Tunnel Server AP Inner EAP Method Keys Binding Request B1 (B1 MAC) Binding Response B2 (B2 MAC) Attack Detected No WLAN Access Crypto Binding Inner EAP Method Keys Tunnel Keys Derived Tunnel Keys Derived Binding Phase Exchange Crypto Binding |