Man-in-the-middle attacks in tunneled authentication protocols

In September 2002, we discovered a rather obvious flaw that shows up when a remote authentication protocol is tunneled within a server-authenticated channel. Surprisingly this approach is used in many existing or proposed protocols. Here is the paper:

This is the initial draft version from October 24, 2002 [pdf].
Research report version is in the IACR e-Print archive.
A revised, extended abstract was presented at the 2003 Security protocols workshop at Cambridge in April 2003
- Pre-proceedings version [pdf] (April, 2003)
- Final version, June 2003

Here are some slides to go with it:

version from October 2, 2002 [ppt]
version from October 26, 2002[ppt]
version from November [ppt]
Slides presented in Cambridge [pdf] [ppt]

asokan AT acm.org

Last modified: Mon Sep 29 18:46:54 EEST 2003