Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il."— Presentation transcript:

1 Ariel Eizenberg arielez@cs.huji.ac.il
PPP Security Features Ariel Eizenberg

2 Contents Introduction Authentication Encryption

3 Introduction PPP provides two means for establishing security
Authentication Encryption Both methods are not mandatory

4 Authentication PPP support several authentication protocols.
The authentication is asymmetric In each authentication “transaction”, one peer is master and the other is the slave To authentication both sides, the authentication algorithm is ran twice, once in each direction. The authentication algorithm may differ between the two directions.

5 Algorithm Selection Each side of the PPP channel has a list of supported authentication protocols, listed by priority The authentication protocol is selected during LCP phase by both sides. If no algorithm is selected, the connection is terminated.

6 Terminology Most RFCs describing PPP authentication protocols define special terms for the authenticating hosts Authenticator – The end of the link requiring the authentication. The authenticator specifies the protocol to be used during LCP. Peer – The other end of the point-to-point link; the end which is authenticated by the authenticator.

7 RFC1334 The first RFC to define PPP authentication algorithms was RFC 1334. The RFC detailed two protocols: PAP – Password Authentication Protocols CHAP – Challenge Handshake Authentication Protocols

8 PAP – Password Authentication Protocol
A simple two-way handshake protocol for establishing peer identity The protocol: At LCP phase, the authenticator requests PAP authentication. At authentication phase, the peer transmits, in plain text, a username and password. The authenticator responds with a configure-ack or configure-nak.

9 PAP Authentication

10 PAP - Security Features
PAP is vulnerable to replay attacks. An attacker can record a PAP authentication and then later replay it. The user’s password is transmitted in plain text If the user uses the same password for other services, they become vulnerable as well.

11 PAP - Extensions The PAP RFC does not state that the password must be fixed or must come from the user: The password can be hashed before being transmitted (does not solve replay) PAP can be used with a token card

12 CHAP – Challenge Handshake Authentication Protocol
A 3-way handshake protocol for establishing peer identity. CHAP was first described in RFC1334, and later amended in RFC1994. CHAP uses a challenge/response scheme for authentication

13 CHAP – The Protocol At LCP phase, the authenticator specifies CHAP as the authentication protocol. At authentication phase, the authenticator sends the peer a string containing its ID and a random value. The peer concatenates the user’s password to this strings, and performs a one way hash of it. The hash is then sent back to the authenticator. The authenticator responds with a configure-ack or configure-nak.

14 CHAP Authentication

15 Challenge/Response The one way hash function can be arbitrary, but both authenticator and peer must agree on it. To be RFC1994 complaint, both sides must at least support MD5. The RFC states that the random challenge value must exhibit global and temporal uniqueness. If the protocol is used twice, to authenticate both sides, the same challenge value must not be used! Otherwise, the second authentication might be a replay of the first!

16 CHAP vs. PAP CHAP solves PAP’s vulnerabilities by not transmit the password in plain text, and using a random challenge to avoid replay attacks. The CHAP RFC allows CHAP to be repeated several times during a sessions, so CHAP is unpractical with token cards.

17 MS-CHAPv1, MS-CHAPv2 Microsoft’s variants of CHAP.
Instead of performing a one way hash, MS-CHAP performs a DES encryption of the challenge value with the user’s password as a key. MS-CHAP provides new PPP messages that change the stores password in authenticator or peer

18 CHAP vs. MS-CHAP Using DES to encrypt the challenge does not increase the algorithm’s safety The keys strength is still the same – most user’s passwords contain much less then 56-bits of entropy The password changing mechanism can allow an intruder with a one-time access windows to change the password to his heart’s desire.

19 EAP – Extensible Authentication Protocol
EAP is a new authentication scheme, not yet widely popular Microsoft provides an EAP implementation with Windows 2000/XP/2003. EAP was developed as a response to an increasing demand for authentication based on other devices then the name/password pair. EAP provides a generic and extensible framework for providing any requested authentication scheme. EAP supports generic token cards, OTPs, RSA, KEA, TLS, as well as a CHAP like protocol and many others.

20 EAP – The Protocol The EAP protocol consists of a series of requests send from the authenticator to the peer. The peer sends a response to each request The authenticator can configure-ack or configure-nak each response.

21 Example: EAP-TLS

22 Encryption PPP provides a data encryption layer, called ECP (described in RFC1968). ECP is negotiated like any NCP, but unlike a standard NCP, all further communication, except the negotiation itself, is passed through the ECP layer. ECP provides only data confidentiality: It does not provide any authentication mechanism It does not provide any key distribution mechanism.

23 ECP Unlike other NCPs, ECP requires the data to be ‘packeted’ on a 64-bit boundary. ECP supports 2 basic encryption algorithms: DES with CBC 3DES with CBC There are two versions of DES encryption, with different data packing guidelines.

24 DES/3DES Each ciphertext packet is prepended with a 16-bit sequence number used to detect packet loss Since in CBC most each packet depends only exactly one packet before, a loss of a packet will result in the loss of only two packets. In both algorithms, both sides must share a common key. DES uses a 56 bit key 3DES uses a 168 bit key (3x56bit keys) Both algorithms start with a random IV packet to prevent replay attacks.

25 MPPE Microsoft implemented its own encryption scheme, MPPE.
MPPE uses RC4 for encryption, with a 40/128 bit key for security. MPPE is closely integrated with MS-CHAP, and obtains a RC4 key from the MS-CHAP key. Since the MS-CHAP key is usually much less stronger then 40/128 bits, encryption security is lessened.

26 Summary PPP provides mechanisms for implementing two security features: Authenticity – using authentication Confidentiality – using encryption PPP does not provide Non-repudiation – can be implemented by using IPSEC over PPP Message Integrity – PPP provides a CRC for each packet, but there is no mechanism for signing packets.

27 The End

28

Download ppt "Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il."

Similar presentations

Authentication.

Authentication.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Point-to-Point Protocol

Point-to-Point Protocol
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
1 Data Communications Point-to-Point Protocol (PPP)

1 Data Communications Point-to-Point Protocol (PPP)
Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar. 2007 Amit Golander.

Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.

Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.

Similar presentations

Ads by Google