{"id":"https://openalex.org/W3212981206","doi":"https://doi.org/10.1145/3460120.3484569","title":"All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations","display_name":"All your Credentials are Belong to Us: On Insecure WPA2-Enterprise Configurations","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3212981206","doi":"https://doi.org/10.1145/3460120.3484569","mag":"3212981206"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3484569","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484569","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084136941","display_name":"Man Hong Hue","orcid":"https://orcid.org/0009-0008-1953-7007"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":true,"raw_author_name":"Man Hong Hue","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076448159","display_name":"Joyanta Debnath","orcid":"https://orcid.org/0000-0001-5817-2786"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joyanta Debnath","raw_affiliation_strings":["The University of Iowa, Iowa City, IA, USA"],"affiliations":[{"raw_affiliation_string":"The University of Iowa, Iowa City, IA, USA","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075112946","display_name":"Kin Man Leung","orcid":null},"institutions":[{"id":"https://openalex.org/I141945490","display_name":"University of British Columbia","ror":"https://ror.org/03rmrcq20","country_code":"CA","type":"education","lineage":["https://openalex.org/I141945490"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Kin Man Leung","raw_affiliation_strings":["The University of British Columbia, Vancouver, BC, Canada"],"affiliations":[{"raw_affiliation_string":"The University of British Columbia, Vancouver, BC, Canada","institution_ids":["https://openalex.org/I141945490"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100361421","display_name":"Li Li","orcid":"https://orcid.org/0009-0000-0437-6193"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Li Li","raw_affiliation_strings":["Syracuse University, Syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse University, Syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044008734","display_name":"Mohsen Minaei","orcid":"https://orcid.org/0009-0001-3899-697X"},"institutions":[{"id":"https://openalex.org/I4210148469","display_name":"Visa (United States)","ror":"https://ror.org/05t1y0b59","country_code":"US","type":"company","lineage":["https://openalex.org/I4210148469"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mohsen Minaei","raw_affiliation_strings":["Visa Research, Palo Alto, CA, USA"],"affiliations":[{"raw_affiliation_string":"Visa Research, Palo Alto, CA, USA","institution_ids":["https://openalex.org/I4210148469"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046708053","display_name":"M. Hammad Mazhar","orcid":"https://orcid.org/0000-0001-8663-4343"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"M. Hammad Mazhar","raw_affiliation_strings":["The University of Iowa, Iowa City, IA, USA"],"affiliations":[{"raw_affiliation_string":"The University of Iowa, Iowa City, IA, USA","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026036633","display_name":"Kailiang Xian","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Kailiang Xian","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081564551","display_name":"Endadul Hoque","orcid":"https://orcid.org/0000-0002-6682-9618"},"institutions":[{"id":"https://openalex.org/I70983195","display_name":"Syracuse University","ror":"https://ror.org/025r5qe02","country_code":"US","type":"education","lineage":["https://openalex.org/I70983195"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Endadul Hoque","raw_affiliation_strings":["Syracuse University, Syracuse, NY, USA"],"affiliations":[{"raw_affiliation_string":"Syracuse University, Syracuse, NY, USA","institution_ids":["https://openalex.org/I70983195"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070136662","display_name":"Omar Chowdhury","orcid":"https://orcid.org/0000-0002-1356-6279"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Omar Chowdhury","raw_affiliation_strings":["The University of Iowa, Iowa City, IA, USA"],"affiliations":[{"raw_affiliation_string":"The University of Iowa, Iowa City, IA, USA","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062969921","display_name":"Sze Yiu Chau","orcid":"https://orcid.org/0000-0001-9300-0808"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Sze Yiu Chau","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5084136941"],"corresponding_institution_ids":["https://openalex.org/I177725633"],"apc_list":null,"apc_paid":null,"fwci":1.5236,"has_fulltext":false,"cited_by_count":14,"citation_normalized_percentile":{"value":0.83488844,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1100","last_page":"1117"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.9375042915344238},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.715726375579834},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6922144293785095},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5890287756919861},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.5572677254676819},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.5459999442100525},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4252856373786926},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.4116297662258148},{"id":"https://openalex.org/keywords/certificate","display_name":"Certificate","score":0.4100217819213867},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3309630751609802},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.19044476747512817},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.18862676620483398}],"concepts":[{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.9375042915344238},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.715726375579834},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6922144293785095},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5890287756919861},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.5572677254676819},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.5459999442100525},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4252856373786926},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.4116297662258148},{"id":"https://openalex.org/C96865113","wikidata":"https://www.wikidata.org/wiki/Q2946816","display_name":"Certificate","level":2,"score":0.4100217819213867},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3309630751609802},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.19044476747512817},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.18862676620483398}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3460120.3484569","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484569","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W656613303","https://openalex.org/W1481826112","https://openalex.org/W1495444061","https://openalex.org/W1517949462","https://openalex.org/W1557321694","https://openalex.org/W1587731328","https://openalex.org/W1656731780","https://openalex.org/W1769343819","https://openalex.org/W1976919795","https://openalex.org/W2002443910","https://openalex.org/W2054426341","https://openalex.org/W2075288390","https://openalex.org/W2103370348","https://openalex.org/W2115478312","https://openalex.org/W2121895731","https://openalex.org/W2145994642","https://openalex.org/W2189482598","https://openalex.org/W2274779708","https://openalex.org/W2276785727","https://openalex.org/W2279278072","https://openalex.org/W2340863662","https://openalex.org/W2398528487","https://openalex.org/W2404356415","https://openalex.org/W2532335977","https://openalex.org/W2561521908","https://openalex.org/W2604745103","https://openalex.org/W2612070316","https://openalex.org/W2612544399","https://openalex.org/W2640092413","https://openalex.org/W2650293344","https://openalex.org/W2672575173","https://openalex.org/W2742827529","https://openalex.org/W2767098552","https://openalex.org/W2782130228","https://openalex.org/W2794584163","https://openalex.org/W2805984568","https://openalex.org/W2892310063","https://openalex.org/W2946274834","https://openalex.org/W2963121010","https://openalex.org/W2980273018","https://openalex.org/W3128889451","https://openalex.org/W3137106894","https://openalex.org/W4211072556","https://openalex.org/W4233819588","https://openalex.org/W4298051233"],"related_works":["https://openalex.org/W2389256677","https://openalex.org/W2353766896","https://openalex.org/W2013502867","https://openalex.org/W1859642347","https://openalex.org/W1806141658","https://openalex.org/W2123415650","https://openalex.org/W4387081478","https://openalex.org/W1986630940","https://openalex.org/W2071043234","https://openalex.org/W4285327239"],"abstract_inverted_index":{"In":[0],"this":[1,112],"paper,":[2],"we":[3,87,200],"perform":[4],"the":[5,12,23,41,45,49,53,83,116,120,202,219,250],"first":[6,110],"multifaceted":[7],"measurement":[8],"study":[9],"to":[10,63,69,97,114,159,249],"investigate":[11],"widespread":[13],"insecure":[14,160],"practices":[15],"employed":[16],"by":[17,119,206],"tertiary":[18],"education":[19],"institutes":[20],"(TEIs)":[21],"around":[22],"globe":[24],"when":[25],"offering":[26],"WPA2-Enterprise":[27],"Wi-Fi":[28],"services.":[29],"The":[30],"security":[31,84,100],"of":[32,85,124,155,165,184,209,211,221,226,234,243,254],"such":[33,217],"services":[34],"critically":[35],"hinges":[36],"on":[37,44,52,173],"two":[38],"aspects:":[39],"(1)":[40],"connection":[42],"configuration":[43,94,145],"client-side;":[46],"and":[47,129,142,162,189,213,231],"(2)":[48],"TLS":[50,203],"setup":[51],"authentication":[54,207],"servers.":[55],"Weaknesses":[56],"in":[57,91,139],"either":[58,72],"can":[59,168,195],"leave":[60],"users":[61,71],"susceptible":[62],"credential":[64,171],"theft.":[65],"Typically,":[66],"TEIs":[67,138,167,212],"prescribe":[68],"their":[70],"manual":[73],"instructions":[74,146,157],"or":[75],"pre-configured":[76,185],"profiles":[77,188],"(e.g.,":[78],"eduroam":[79,186],"CAT).":[80],"For":[81],"studying":[82],"configurations,":[86,161],"present":[88],"a":[89,104,181],"framework":[90,113],"which":[92,255],"each":[93],"is":[95],"mapped":[96],"an":[98],"abstract":[99],"label":[101],"drawn":[102],"from":[103,147,170],"strict":[105],"partially":[106],"ordered":[107],"set.":[108],"We":[109,134,178],"used":[111,205],"evaluate":[115],"configurations":[117],"supported":[118],"user":[121],"interfaces":[122],"(UIs)":[123],"mainstream":[125],"operating":[126],"systems":[127],"(OSs),":[128],"discovered":[130,190,214],"many":[131,253],"design":[132],"weaknesses.":[133],"then":[135],"considered":[136],"7045":[137],"54":[140],"countries/regions,":[141],"collected":[143],"7275":[144],"2061":[148],"TEIs.":[149,239],"Our":[150,240],"analysis":[151],"showed":[152],"that":[153,194],"majority":[154],"these":[156],"lead":[158],"nearly":[163],"86%":[164],"those":[166],"suffer":[169],"thefts":[172],"at":[174],"least":[175],"one":[176],"OS.":[177],"also":[179],"analyzed":[180],"large":[182],"corpus":[183],"CAT":[187],"several":[191],"misconfiguration":[192],"issues":[193],"negatively":[196],"impact":[197],"security.":[198],"Finally,":[199],"evaluated":[201],"parameters":[204],"servers":[208],"thousands":[210],"perilous":[215],"practices,":[216],"as":[218],"use":[220],"expired":[222],"certificates,":[223],"deprecated":[224],"versions":[225],"TLS,":[227],"weak":[228],"signature":[229],"algorithms,":[230],"suspected":[232],"cases":[233],"private":[235],"key":[236],"reuse":[237],"among":[238],"long":[241],"list":[242],"findings":[244],"have":[245,256],"been":[246,258],"responsibly":[247],"disclosed":[248],"relevant":[251],"stakeholders,":[252],"already":[257],"positively":[259],"acknowledged.":[260]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}