{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T12:55:21Z","timestamp":1763643321433,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":64,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"US Department of Defense (DARPA)","award":["D19AP00039"],"award-info":[{"award-number":["D19AP00039"]}]},{"name":"US National Science Foundation (NSF)","award":["CNS-2006556,CNS-2007512"],"award-info":[{"award-number":["CNS-2006556,CNS-2007512"]}]},{"name":"Chinese University of Hong Kong (CUHK)","award":["NEW\/SYC,GRF\/20\/SYC,3133292C"],"award-info":[{"award-number":["NEW\/SYC,GRF\/20\/SYC,3133292C"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484569","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:27Z","timestamp":1636805127000},"page":"1100-1117","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations"],"prefix":"10.1145","author":[{"given":"Man Hong","family":"Hue","sequence":"first","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}]},{"given":"Joyanta","family":"Debnath","sequence":"additional","affiliation":[{"name":"The University of Iowa, Iowa City, IA, USA"}]},{"given":"Kin Man","family":"Leung","sequence":"additional","affiliation":[{"name":"The University of British Columbia, Vancouver, BC, Canada"}]},{"given":"Li","family":"Li","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Mohsen","family":"Minaei","sequence":"additional","affiliation":[{"name":"Visa Research, Palo Alto, CA, USA"}]},{"given":"M. Hammad","family":"Mazhar","sequence":"additional","affiliation":[{"name":"The University of Iowa, Iowa City, IA, USA"}]},{"given":"Kailiang","family":"Xian","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}]},{"given":"Endadul","family":"Hoque","sequence":"additional","affiliation":[{"name":"Syracuse University, Syracuse, NY, USA"}]},{"given":"Omar","family":"Chowdhury","sequence":"additional","affiliation":[{"name":"The University of Iowa, Iowa City, IA, USA"}]},{"given":"Sze Yiu","family":"Chau","sequence":"additional","affiliation":[{"name":"The Chinese University of Hong Kong, Hong Kong, Hong Kong"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n. d.]. A Configuration File Format for Extensible Authentication Protocol (EAP) Deployments. https:\/\/tools.ietf.org\/id\/draft-winter-opsawg-eap-metadata-00.html."},{"key":"e_1_3_2_2_2_1","unstructured":"[n. d.]. CWE-297: Improper Validation of Certificate with Host Mismatch. https:\/\/cwe.mitre.org\/data\/definitions\/297.html."},{"key":"e_1_3_2_2_3_1","unstructured":"[n. d.]. Linux WPA\/WPA2\/IEEE 802.1X Supplicant. https:\/\/w1.fi\/wpa_supplicant\/."},{"key":"e_1_3_2_2_4_1","unstructured":"[n. d.]. Open Network Configuration. https:\/\/chromium.googlesource.com\/chromium\/src\/+\/main\/components\/onc\/docs\/onc_spec.md#EAP-configurations."},{"key":"e_1_3_2_2_5_1","unstructured":"[n. d.]. WiFi CSP - Windows Client Management | Microsoft Docs. https:\/\/docs.microsoft.com\/en-us\/windows\/client-management\/mdm\/wifi-csp."},{"key":"e_1_3_2_2_6_1","unstructured":"[n. d.]. WiFi.EAPClientConfiguration | Apple Developer Documentation. https:\/\/developer.apple.com\/documentation\/devicemanagement\/wifi\/eapclientconfiguration."},{"key":"e_1_3_2_2_7_1","unstructured":"2012. Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate. https:\/\/web.archive.org\/web\/20160316174007\/https:\/\/www.cloudcracker.com\/blog\/2012\/07\/29\/cracking-ms-chap-v2\/."},{"key":"e_1_3_2_2_8_1","unstructured":"2020. Evil Twins Eavesdropping and Password Cracking: How the Office of Inspector General Successfully Attacked the U.S. Department of the Interior's Wireless Networks. https:\/\/www.doioig.gov\/sites\/doioig.gov\/files\/FinalAudit_WirelessNetworkSecurity_Public.pdf."},{"key":"e_1_3_2_2_9_1","unstructured":"Brad Antoniewicz. 2015. 802.11 Attacks."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-131Ar2"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"crossref","unstructured":"R. Barnes M. Thomson A. Pironti and A. Langley. 2015. Deprecating Secure Sockets Layer Version 3.0. https:\/\/tools.ietf.org\/html\/rfc7568.","DOI":"10.17487\/RFC7568"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3230833.3230838"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.12.011"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"crossref","unstructured":"Karthikeyan Bhargavan and Ga\u00ebtan Leurent. 2016. Transcript Collision Attacks: Breaking Authentication in TLS IKE and SSH. In NDSS.","DOI":"10.14722\/ndss.2016.23418"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766512"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_2_18_1","unstructured":"Aldo Cassola William K Robertson Engin Kirda and Guevara Noubir. 2013. A Practical Targeted and Stealthy Attack Against WPA Enterprise Authentication. In NDSS."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786835"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"crossref","unstructured":"D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. https:\/\/tools.ietf.org\/html\/rfc5280.","DOI":"10.17487\/rfc5280"},{"key":"e_1_3_2_2_22_1","unstructured":"Aldo Cortesi Maximilian Hils Thomas Kriechbaumer and contributors. 2010--. mitmproxy: A free and open source interactive HTTPS proxy. https:\/\/mitmproxy.org\/ [Version 6.0]."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2005.1495975"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"crossref","unstructured":"X de Carn\u00e9 de Carnavalet and Mohammad Mannan. 2016. Killed by proxy: Analyzing client-end TLS interception software. In NDSS.","DOI":"10.14722\/ndss.2016.23374"},{"key":"e_1_3_2_2_25_1","unstructured":"Joeri de Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In USENIX Security."},{"key":"e_1_3_2_2_26_1","volume-title":"When TLS Meets Proxy on Mobile. In International Conference on Applied Cryptography and Network Security. Springer, 387--407","author":"Debnath Joyanta","year":"2020","unstructured":"Joyanta Debnath, Sze Yiu Chau, and Omar Chowdhury. 2020. When TLS Meets Proxy on Mobile. In International Conference on Applied Cryptography and Network Security. Springer, 387--407."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.58"},{"key":"e_1_3_2_2_28_1","unstructured":"Thai Duong and Juliano Rizzo. 2011. Here Come The ?Ninjas. Technical Report."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"crossref","unstructured":"Zakir Durumeric Zane Ma Drew Springall Richard Barnes Nick Sullivan Elie Bursztein Michael Bailey J Alex Halderman and Vern Paxson. 2017. The Security Impact of HTTPS Interception. In NDSS.","DOI":"10.14722\/ndss.2017.23456"},{"key":"e_1_3_2_2_30_1","volume-title":"Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2)","author":"Eisinger Jochen","year":"2008","unstructured":"Jochen Eisinger. 2001. Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2). University of Freiburg,[cit. 2008--27-05] Dostupn\u00e9 (2001)."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_3_2_2_32_1","volume-title":"Analysis of DTLS Implementations Using Protocol State Fuzzing. In 29th USENIX Security Symposium (Security).","author":"Fiterau-Brostean Paul","year":"2020","unstructured":"Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. 2020. Analysis of DTLS Implementations Using Protocol State Fuzzing. In 29th USENIX Security Symposium (Security)."},{"volume-title":"the definitive guide","author":"Gast Matthew","key":"e_1_3_2_2_33_1","unstructured":"Matthew Gast. 2005. 802.11 wireless networks: the definitive guide. O'Reilly Media, Inc."},{"key":"e_1_3_2_2_34_1","unstructured":"Jim Geier. 2008. Implementing 802.1X security solutions for wired and wireless networks. John Wiley & Sons."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"volume-title":"RADIUS: securing public access to private resources","author":"Hassell Jonathan","key":"e_1_3_2_2_36_1","unstructured":"Jonathan Hassell. 2002. RADIUS: securing public access to private resources. O'Reilly Media, Inc."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.38"},{"key":"e_1_3_2_2_38_1","unstructured":"Joshua Hill. 2001. An analysis of the RADIUS authentication protocol. (2001)."},{"volume-title":"24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them","author":"Howard Michael","key":"e_1_3_2_2_39_1","unstructured":"Michael Howard, David LeBlanc, and John Viega. 2010. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. McGraw-Hill."},{"key":"e_1_3_2_2_40_1","unstructured":"Man Hong Hue. 2021. List of URLs used as references. https:\/\/gist.github.com\/hugohue\/66a45b16bd444f73e757b65eba858113"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00015"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"crossref","unstructured":"B. Laurie A. Langley and E. Kasper. 2013. Certificate Transparency. RFC 6962 (Experimental).","DOI":"10.17487\/rfc6962"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506157_23"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17659-4_18"},{"key":"e_1_3_2_2_45_1","volume-title":"International Workshop on Information Security Applications. Springer, 189--209","author":"Meyer Christopher","year":"2013","unstructured":"Christopher Meyer and J\u00f6rg Schwenk. 2013. SoK: Lessons learned from SSL\/TLS attacks. In International Workshop on Information Security Applications. Springer, 189--209."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"crossref","unstructured":"K. Moriarty and S. Farrell. 2021. Deprecating TLSv1.0 and TLSv1.1. https:\/\/tools.ietf.org\/html\/draft-ietf-tls-oldversions-deprecate-12.","DOI":"10.17487\/RFC8996"},{"key":"e_1_3_2_2_47_1","unstructured":"PCI Security Standards Council. 2015. Migrating from SSL and Early TLS. Technical Report."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3092368"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627411"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46701-7_17"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"crossref","unstructured":"Y. Sheffer R. Holz and P. Saint-Andre. 2015. Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (Informational).","DOI":"10.17487\/rfc7457"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.46"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978411"},{"key":"e_1_3_2_2_54_1","volume-title":"Annual Chaos Communication Congress.","author":"Sotirov Alexander","year":"2008","unstructured":"Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen K Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. 2008. MD5 considered harmful today, creating a rogue CA certificate. In Annual Chaos Communication Congress."},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63688-7_19"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49890-3_18"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-72540-4_1"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355048"},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"crossref","unstructured":"S. Turner and T. Polk. 2011. Prohibiting Secure Sockets Layer (SSL) Version 2.0. https:\/\/tools.ietf.org\/html\/rfc6176.","DOI":"10.17487\/rfc6176"},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134027"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243807"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"crossref","unstructured":"Louis Waked Mohammad Mannan and Amr Youssef. 2018. To intercept or not to intercept: Analyzing TLS interception in network appliances. In ACM AsiaCCS.","DOI":"10.1145\/3196494.3196528"},{"key":"e_1_3_2_2_63_1","volume-title":"MD5, HAVAL-128 and RIPEMD. IACR Cryptology ePrint Archive","author":"Wang Xiaoyun","year":"2004","unstructured":"Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu. 2004. Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. IACR Cryptology ePrint Archive (2004)."},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/11535218_2"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Republic of Korea","acronym":"CCS '21"},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484569","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484569","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:44:21Z","timestamp":1763498661000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484569"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":64,"alternative-id":["10.1145\/3460120.3484569","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484569","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}