Information Technology Reference
In-Depth Information
ing PPTP are Windows networks. Like most other VPN protocols, PPTP employs
authentication and encryption.
Wireless networking has adopted VPN protocols to add encryption and authentica-
tion security to its communications. Since WEP has been completely compromised
and WPA has only recently been released as an upgrade to wireless devices, networks
had to come up with another way to provide security. VPN's helped to fill this gap.
Legitimate clients could be configured to connect to the wired network through a vir-
tual private network which would encrypt the data that was being transferred. In this
manner, wireless sniffers would only be able to capture encrypted data, which would
then need to be decrypted before it became useful. Furthermore, the authentication
process would help to shut out those people wishing to connect with the wireless
network without legitimate access credentials [12] .
Microsoft's original PPTP specified the use of Microsoft Challenge Handshake
Authentication Protocol (MS-CHAP) for authentication. The design allowed some-
one to connect to a server, receive authentication based upon a password and gain
access to the network resources. When a client connects to the network, it asks
the authentication server for a login challenge. The server responds by sending the
requesting client an 8 byte challenge nonce. The client then uses the LAN man-
ager hash of the password that it has stored to derive three DES (Data Encryption
Standard) keys. These keys are used to encrypt the challenge that the server sent.
Each encryption results in an 8 byte encrypted string. All three encrypted strings are
then concatenated to create a 24-bit reply. This same process is repeated with the
Windows NT hash of the password. These two 24-bit blocks are sent to the server
where they are compared. The server uses the stored client's password to decrypt
the replies. If the decrypted blocks match the original challenge, access is granted.
This process was used in the PPTP until vulnerabilities were found that compromise
the authentication process. When these vulnerabilities became widely known, Mi-
crosoft re-worked the process and implemented a new version of MS-CHAP which
was supposed to fix the problems that had been discovered.
MS-CHAP version 2, as it became known, added security to the process in the
following ways: it stopped the use of the LM (LAN Manager) hash, introduced mu-
tual authentication, replaced change password packets, and updated the encryption
keys. To do this, it added a number of steps to the authentication process. When the
client machine asks for a challenge, the server responds with a challenge of 16 bytes.
The client then comes up with a 16-byte challenge itself which is called the “Peer
Authenticator Challenge.” The client then uses SHA-1 to hash the concatenation of
the challenge from the server, the Peer Authenticator Challenge and the client's user-
name. The first 8 bytes of the result then become the 8-byte challenge. Much like
its predecessor, the 8 bytes are encrypted with the Windows NT hashed value of the
password. This generates a 24-byte reply that is sent to the server where it is com-
Search WWH ::




Custom Search