Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei.

Slides:



Advertisements
Similar presentations
Akshat Sharma Samarth Shah
Advertisements

VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.
By Glenn Z.  A network is 2 or more computers connected to each other.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Authentication servers: RADIUS TACACS+
Remote Access Network Management Kelly Given Allison Traina.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.
Georgy Melamed Eran Stiller
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Remote Networking Architectures
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
Fermilab VPN Service What is a VPN ?.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Secure Socket Layer (SSL)
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Prepared by They Yu Shu Lee Ern Yu.  Motivation  Previous Work  Remaining Issues  Improvement.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
Point-to-Point Tunneling Protocol [PPTP] Team: Invincibles Deepak Tripathi Habibeh Deyhim Karthikeyan Gopal Satish Madiraju Tusshar RakeshNLN.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Module 5: Configuring Access for Remote Clients and Networks.
Windows XP Professional Features ©Richard L. Goldman February 5, 2003.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.
Module 10: Providing Secure Access to Remote Offices.
PPP Configuration.
Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :
1 Connecting to a Database Server. 2 We all have accounts, with a single database each, on a Microsoft SQL Server on the USF network: allman.forest.usf.edu.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Joe Knight’s Company VPN Policy. What is VPN? Virtual Private Network (VPN) will allow you all as users to remote into the network from home or anywhere.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Port Based Network Access Control
Virtual Private Networks
Getting Connected to NGS while on the Road…
Virtual Private Network
Microsoft Windows NT 4.0 Authentication Protocols
Virtual Private Networks
Configuring and Troubleshooting Routing and Remote Access
PPP – Point to Point Protocol
File Transfer Protocol
VPN What, where, who, why when?.
Remote Access Services RAS Routing and Remote Access Services RRAS Remote Desktop Terminal Services Virtual Private Networking VPN.
Getting Connected to NGS while on the Road…
An Introduction to Cloud Computing
Chapter 7 Network Applications
Virtual Private Networks (VPN)
Presentation transcript:

Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei

Private Network Restrict from outside access Highly secure if no bad guy has access to the physical LAN But you are also blocked if not locally Even Internet will not help

Virtual Private Network (VPN) Through VPN server Remote user can connect to intranet through public internet

VPN Authentication Password Authentication Protocol (PAP) – Username & password in clear text – Use it only when VPN server only support PAP Challenge Handshake Authentication Protocol (CHAP) – Encrypt password

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) Base on CHAP MS-CHAP version 1 and version 2 MS-CHAP v2 is an improvement over MS-CHAP v1

Request Login Challenge Request login challenge 16-byte random challenge

Generate 8-byte Challenge Client

Generate 24-byte MS-CHAP Reply Client

Retrieve Password From DB 24-byte reply & Peer Authenticator Challenge & client’s username Client username Password

Authenticate VPN Server Match

Authenticator Response 20-byte Authenticator Response -VPN Server will use 16-byte Peer Authenticator Challenge and Client’s hashed password to create 20-byte Authenticator Response -Client computes its own Authenticator Response to compare with Server’s. If match, server is authenticated

Find Out 8-byte Challenge Although 8-byte challenge did not send through in clear text Attack can easily compute 8- byte challenge by listening 16-byte random challenge from server, Peer Authenticator Challenge, and client’s username

Analysis MS-CHAP Reply sanjose askjKeL35h2k49kj (16 byte) NT hash askjKeL35h2k49kj00000 (21 byte) Pad with 0 to 21 byte askjKeL35h2k49 kj00000 Iwe652nWn8mxhUw0xjO82nzx Encrypt challenge n8mxhUw0Iwe652nW xjO82nzx

Attack on MS-CHAP Reply Attackers do not need effort But ≈ 2 57 Iwe652nWn8mxhUw0xjO82nzx askjKeL35h2k49kj (16 byte) NT hash askjKeL35h2k49kj00000 (21 byte) askjKeL35h2k49 kj00000 Encrypt challenge Iwe652nWn8mxhUw0xjO82nzx Iwe652nW n8mxhUw0 xjO82nzx Iwe652nW xjO82nzx n8mxhUw0 xx tries Encrypt challenge xxxxxxx 2 56 tries xxxxxxx 2 56 tries sanjose

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.