Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei.

Published byRebecca Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei."— Presentation transcript:

1 Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei

2 Private Network Restrict from outside access Highly secure if no bad guy has access to the physical LAN But you are also blocked if not locally Even Internet will not help

3 Virtual Private Network (VPN) Through VPN server Remote user can connect to intranet through public internet

4 VPN Authentication Password Authentication Protocol (PAP) – Username & password in clear text – Use it only when VPN server only support PAP Challenge Handshake Authentication Protocol (CHAP) – Encrypt password

5 Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Base on CHAP MS-CHAP version 1 and version 2 MS-CHAP v2 is an improvement over MS-CHAP v1

6 Request Login Challenge Request login challenge 16-byte random challenge

7 Generate 8-byte Challenge Client

8 Generate 24-byte MS-CHAP Reply Client

9 Retrieve Password From DB 24-byte reply & Peer Authenticator Challenge & client’s username Client username Password

10 Authenticate VPN Server Match

11 Authenticator Response 20-byte Authenticator Response -VPN Server will use 16-byte Peer Authenticator Challenge and Client’s hashed password to create 20-byte Authenticator Response -Client computes its own Authenticator Response to compare with Server’s. If match, server is authenticated

12 Find Out 8-byte Challenge Although 8-byte challenge did not send through in clear text Attack can easily compute 8- byte challenge by listening 16-byte random challenge from server, Peer Authenticator Challenge, and client’s username

13 Analysis MS-CHAP Reply sanjose askjKeL35h2k49kj (16 byte) NT hash askjKeL35h2k49kj00000 (21 byte) Pad with 0 to 21 byte askjKeL35h2k49 kj00000 Iwe652nWn8mxhUw0xjO82nzx Encrypt challenge n8mxhUw0Iwe652nW xjO82nzx

14 Attack on MS-CHAP Reply Attackers do not need 2 192 effort But 2 56 + 2 56 + 2 16 ≈ 2 57 Iwe652nWn8mxhUw0xjO82nzx askjKeL35h2k49kj (16 byte) NT hash askjKeL35h2k49kj00000 (21 byte) askjKeL35h2k49 kj00000 Encrypt challenge Iwe652nWn8mxhUw0xjO82nzx Iwe652nW n8mxhUw0 xjO82nzx Iwe652nW xjO82nzx n8mxhUw0 xx00000 2 16 tries Encrypt challenge xxxxxxx 2 56 tries xxxxxxx 2 56 tries sanjose

Download ppt "Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei."

Similar presentations

Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.

VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.
By Glenn Z.  A network is 2 or more computers connected to each other.

By Glenn Z.  A network is 2 or more computers connected to each other.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Authentication servers: RADIUS TACACS+

Authentication servers: RADIUS TACACS+
Remote Access Network Management Kelly Given Allison Traina.

Remote Access Network Management Kelly Given Allison Traina.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar. 2007 Amit Golander.

Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.

Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.
Georgy Melamed Eran Stiller

Georgy Melamed Eran Stiller
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Remote Networking Architectures

Remote Networking Architectures

Similar presentations

Ads by Google