Tactical Security Inc’s Blog

Entries categorized as ‘Network Protocols’

PPP – Authentication methods PAP and CHAP

April 10, 2009 · Leave a Comment

Once a PPP connection has been established and LCP has negotiated which authentication method(s) are available, an authentication protocol must be agreed upon and utilized.  Those methods include Password Authentication Protocol (PAP), Challenge Handshake Authentication Protocol (CHAP) and Extensible Authentication Protocol (EAP).  Due to the many flavors of EAP, I will not attempt to address those issues here. 

PAP uses a simple two-way handshake only performed during the initiation of the connection.  Once PPP LCP moves into the authentication phase, PAP passes the ID/Password pair in the clear (unencrypted) continuously until the authentication is acknowledged or the connection is terminated.  The handshake may not be repeated during the resulting connection, which does not allow for replay protection.  There is no specification in RFC as to how the password is stored on either end of the connection, but it must be available in plain text for both ends.  Common implementation encrypts the password database for decryption during the authentication process.

CHAP is a much more robust authentication protocol and should be used whenever possible in place of PAP.  Once LCP has negotiated for CHAP authentication, the authenticator (normally considered to be the server or device being connected to) sends a challenge packet consisting of challenge identifier number and a random number often called a “nonce” or just a challenge.  The host device will then respond with a hash value created from the identifier, the password (called a “secret”) and the challenge.  These three items will be concatenated (written end to end one after another) and hashed.  The resultant message digest or hash value, will be returned to the authenticator in a packet that has the same identifier as the challenge.  The reason for the identifier is to associate potential multiple unique challenges with this particular response.  Upon receiving the response packet containing the message digest, the authenticator hashes the sent challenge identifier, the shared secret, and the sent challenge.  The locally created message digest must be identical to the received message digest tin order to authenticate the host. 

The creation of the hash value requires that the password be available in plain text to both ends of the authentication process.  The secret is never sent across the wire in plain text, but must be maintained by both endpoints in a manner where the plaintext can be resolved i.e. plaintext or two way encrypted.

CHAP may be implemented in such a manner that the challenges may be periodically sent during the NCP phase.  These challenges should be responded to by the host device.  The random challenge itself prevents replay attacks while the option to resend the challenge is an aid to preventing session hijacking.  The CHAP challenge may also be sent by the host device to authenticate the “server” side.  This two way authentication could be used to set up a VPN or other communication path requiring mutual authentication, and is the default in many Cisco networking devices.

Cisco routers and other devices have an option to attempt multiple forms of authentication.  This is NOT the recommended security setting.  Each unique username should be allowed only one form of authentication, in our case either PAP or CHAP.  PAP is the weaker and least advised authentication method.  If a username is optioned to provide both PAP and CHAP authentication the secrets should be different.  Remember CHAP send the password hashed and PAP in the clear.  What good is it to use CHAP when other times PAP is used with the same clear text password?  Always select CHAP or better yet EAP over PAP when possible.

Categories: CISSP · Network Protocols · Secure Network Protocols
Tagged: , , ,

PPP – An Overview

February 10, 2009 · Leave a Comment

PPP – An Overview

 

Point to Point links are physical or logical direct connections between two endpoints.  These connections are often dial-up or T-1 /E-1 connections.  These connections allow the exchange of bits between two end devices, but do not manage the flow of data.  Imagine two people sending a file via a dial-up modem.  Now imagine that the file in question is a large 100KB data file.  A file that large on dial up is likely to take forever and the chances of there being no transmission errors during the entire duration of the transmission is very small.  Without a framing protocol the entire file would have to resent every time there was a single bit error on the line.  With framing, the missing bit can be detected and a single frame, or chunk, of the file can be re-transmitted to replace frame containing the errored bit.

 Synchronous Data Link Protocol was developed by IBM in 1975 and was designed to carry SNA (IBM proprietary) protocols.  HDLC was the follow on protocol developed by the International Organization for Standardization (ISO).  HDLC lacked the ability to identify the contained data type and was later modified by Cisco to include a type field used to designate the upper layer protocols within the frame.  Cisco’s HDLC is not compatible with standard HDLC.

Point to Point Protocol (PPP) (RFC 1661) is today’s standardized framing protocol of choice.  PPP includes provisions for carrying numerous upper layer protocols and PPP further included provisions for an OSI Layer 2 authentication.  The lower the layer of the OSI model that authentication takes place, the more secure the system.  As an analogy think about the means used to authenticate a caller on your phone.  You might have caller ID, or you may ask the caller’s identity directly after greetings are exchanged.   Either way, your process (dinner perhaps) was interrupted, your phone rang, and a connection was established between an unknown remote entity and yourself.  Now, imagine requiring people to authenticate before they could ring your phone, thereby eliminating the unwanted evening caller.   Often computer systems authenticate at the Application Layer after a TCP connection has been established.  This can allow an unauthenticated user to disrupt your CPU and potentially gain unwanted access to your PC.  PPP can require authentication prior to establishing any upper layer communications.

The secret to this authentication lies in the fact that PPP is made of two families of protocols, Link Control Protocol (LCP) and Network Core Protocol (NCP).  LCP establishes and defines the Layer 2 connection, while NCP carries the upper layer protocols.

Prior to link establishment, both ends of the PPP link must send LCP packets and may require authentication.  The LCP packets negotiate such things as authentication requirements, encapsulation format, packet size, errors and link termination.  Once the parameters of the link have been established, NCP packets choose and configure at least one network layer protocol.  If PPP has been configured to require authentication – typically thru PAP, CHAP, or EAP – authentication success messages must be passed on the LCP link prior to passing of NCP packets. 

Categories: Network Protocols · Secure Network Protocols · Uncategorized
Tagged: , , ,