Cryptography Reference
In-Depth Information
5.2.2 CHAP Access Control in PPP
Challenge-Handshake Authentication Protocol (CHAP) is an alternative to the simple
User-Password PPP Authentication Protocol (PAP) in RFC 1334 (Ref. [118]).
While initiating a PPP connection, or at any time during the PPP session, authen-
tication with CHAP is required. Then CHAP packets are exchanged, encapsulated in
PPP Data Link Layer frames. A CHAP packet consists of
Code
||
Identifier
||
Length
||
Data
where Code is a byte equal to 1, 2, 3, or 4, Identifier is a byte, and Length is the length
of Data encoded on two bytes, i.e. it lies between 0 and 65535. The Identifier bytes are
used to identify different simultaneous PPP sessions.
First the authenticator (PPP server) sends a CHAP packet with code 1 (challenge).
Then the peer sends back a CHAP packet with code 2 (response). For the challenge
and response, the Data consists of
Data
=
ValueSize
||
Value
||
Name
where Name is used to identify a Name-secret pair in an access control database and
ValueSize is the size of Value encoded on one byte. The correct answer is defined by
Value
2
=
H
(Identifier
||
secret
||
Value
1
)
=
,
where Value
i
is the value field of the packet with code
i
for
i
2. Packets with code
3 and 4 indicate success and failure in the access control, respectively.
1
5.3
One-Time Password
Besides requiring the server to keep the passwords, the challenge-response protocols
still face security problems when a challenge is repeated: if the adversary collected
many challenge-response pairs, she can send multiple parallel service requests until
she gets a challenge for which she knows the answer. We can prevent this by introducing
an artificial delay for each access (this may substantially slow down this kind of attack),
keeping track of aborted access requests, or having large challenges so that it will never
be repeated. Equivalently, the challenge can be a counter value instead of a random
value. In this case we can talk about
one-time passwords
: passwords which are used
only once.
5.3.1 Lamport Scheme
One of the first one-time password cryptographic schemes was designed by Leslie
Lamport at the time the notion of one-wayness was invented (see Ref. [113]). Basically,
the Lamport scheme consists of several parts.
Search WWH ::
Custom Search