MS-PPTP 1, 1. Abstract( )
|
|
- Franklin Stewart
- 5 years ago
- Views:
Transcription
1 FS-TR00-06 Aug. 02, 2000 (26 pages) Technical Report MS-PPTP 1, ( ) {logic, chlim}@future.co.kr Abstract( ) PPTP(Point-to-Point Protocol) PPP encapsulation tunneling VPN. PPP. PPP PPTP RFC כ. MS-PPTP microsoft PPTP Window95/98/NT. MS-PPTP 1 2. ( ) Cryptography & Network Security Center, Future Systems, Inc. (
2 MS-PPTP 1, ( ), PPTP(Point-to-Point Protocol) PPP encapsulation tunneling VPN. PPP. PPP PPTP RFC כ. MS-PPTP microsoft PPTP Window95/98/NT. MS-PPTP PPP(Point-to-Point Protocol) Encapsulation LinkOperation LCP LCPConfigurationOption NCP(NetworkControlProtocol) IPCP PPTP(Point-to-Point Tunneling Protocol) ControlConnection Tunneling L2TP MS-PPTP v MS-CHAPv MS-CHAP v MPPE CCP MPPEPacket MPPEKeyDrivation MPPE v OtherAttack logic@future.co.kr i
3 5 PPTP v MS-CHAPv MS-CHAP v MPPEv MPPE v OtherAttack ii
4 1 PPTP(Point-to-Point Tunneling Protocol) PPP(Point-to-Point Protocol)frame IP datagram encapsulation VPN(Virtual Private Network). PPTP tunnel,, control connection TCP. TCP port Client PPTP. 1. PSTN/ISDN ISP network access server 2. LAN PPTP client PPP ISP PPP ISP PPTP PPTP כ. PPTP client PPTP. client LAN ISP כ PPTP PPTP. Client Internet Client PPTP server ISP client PPTP tunneling PPP. Micorsoft כ MS-PPTP Window 95/98/NT. protocol standard CHAP(Challenge Handshake Authentication Protocol) MS-CHAP RC4 stream cipher MPPE(Micorsoft Point-to-Point Encryption Protocol). PPP encapsulation GRE IP datagram encapsulation. GRE protocol encapsulation IP protocol 47. GRE GRE[18] enhanced GRE protocol [8].. PPP Header IP Header GRE Header PPP Header PPP Payload (IP /IPX / NetBEUI Frame) PPP Trailer MS-PPTP v1 [13] MS-PPTP v2. v1 v2. 1. MS-CHAP v1 v2 response dictionary attack. v1 Lan manager dictionary attack. 2. Control connection monitering. 1
5 3. MPPE key password random key כ. 4. rollback attack. PPTP MS-PPTP. 2 PPP(Point-to-Point Protocol) PPP PPP link multi-protocol datagram protocol Encapsulation, LCP(Link Control Protocol), NCP(Network Control Protocol).LCP PPP link protocol NCP network layer protocol protocol.ncp IP protocol IPCP(IP Control Protocol). 2.1 Encapsulation PPP [3] Protocol Information Padding 8/16 bits * * Protocol field Infomation data כ 1 2octet infomation field protocol. [1] Internet Protocol(IP) 002d Van Jacobson Compressed TCP/IP 002f Van Jacobson Uncompressed TCP/IP 8021 Internet Protocol Control Protocol(IPCP) c021 Link Control Protocol(LCP) c023 Password Authentication Protocol c025 Link Quality Report c223 Challenge Handshake Authentication Protocol(CHAP) Information protocol field Maximum Receive Unit(MRU) כ 1500 octets כ LCP. Padding. 2
6 PPP ISO HDLC [22] Flag Address Control Protocol Information Padding 8/16 bits * * FCS Flag Inter-frame Fill 16/32 bits or next Address Link Operation PPP link (configuration), (maintain) (terminate) (phase) כ [3]. Dead UP Establish OPENED Authenticate SUCCESS /NONE FAIL FAIL DOWN Terminate CLOSING Network Dead. physical layer Establish Link Control Protocol(LCP) configure LCP. Configure Option כ. option default. Authentication. authentication protocol Establish LCP authentication terminate. Network NCP(Network Control Protocol) network layer protocol (IP,IPX,Appletalk). PPP network layer. Terminate ( ) Terminate PPP. 3
7 2.2.1 LCP Configure-Request, Configure-Ack, Configure-Nak, Configure- Reject Terminate-Request, Terminate-Ack Code-Reject, Protocol-Reject, Echo-Request, Echo-Reply, Discard-Request [3] Code Identifier Length Data Code LCP 1 11 (e.g, Configure-Request : 1, Configure-Ack : 2, etc). Identifier request reply matching.length Code MRU. Datafield Code field LCP Configuration Option LCP Data כ כ Configure Option.Data Type Length Data Type 0 : reserved, 1 : Maximum-Receive-Unit, 3 : Authentication-Protocol, 4 : Quality-Protocol, 5 : Magic-Number, 7 : Protocol-Field-Compression, 8 : Address-and-Control-Field-Comprssion Length Type. Data Type length כ. Type כ Authentication-Protocol MS-CHAP Type Length Authentication-Protocol Data Type 3, Length>=4, Authentication-Protocol field 0xc023 : Password Authentication Protocol, 0xc027 : Shiva Password Authentication Protocol, 0xc223 : Challenge Handshake Authentication Protocol, 0xc281 : Proprietary Authentication Protocol, 0xc481 : Proprietary Node ID Authentication Protocol [1]. 4
8 2.3 NCP(Network Control Protocol) PPP link LCP network layer protocol NCP. network layer. IP(Internet Protocol) NCP IPCP (IP Control Protocol) [2] IPCP IPCP LCP. IPCP PPP encapsulation Protocol field 0x8021. Code field 1 7(Configure-Request, Configure-Act, Configure-Nak, Configure-Reject, Termanate- Ack, Code-Reject). LCP network layer phase IPCP. IPCP LCP Configuration Option. Type כ [2]. 1 IP-Addresses : 2 IP-Compression-Protocol : compression protocol (e.g, Van Jacobson Compressed TCP/IP) 3 IP-Address : end link IP Address IPCP opened state IP PPP encapsulation. PPP Protocol field IP 0x PPTP(Point-to-Point Tunneling Protocol) PPP כ PPP IP network tunneling protocol PPTP [8]. NAS(Network Access Server). 1. PSTN ISDN interfacing /terminal adapter 2. PPP LCP 3. PPP authentication protocol 4. PPP multilink Protocol 5. PPP NCP 6. NAS interface multiprotocol routing bridging 1 2(3), (3)4 6 PAC(PPTP Access Concentrator), PNS(PPTP Network Server)., 3 PAC, PNS. Tunneling PAC PNS tunneling protocol GRE(Generic Routing Encapsulation)[18, 19] enhanced GRE protocol[8]. PPTP 1) PNS-PAC control connection 2) PNS-PAC tunneling 5
9 PPTP tunneling PNS internet USER ppp PAC PPTP tunneling PNS 3.1 Control Connection Control Connection message tunneling PAC-PNS PPTP,, TCP. destination port 1723 source port port. Control Connection PNS,PAC.. [8] Length PPTP Message Type Magic Cookie Control Message Type Reserved0 Length, Type 1(Control Message) 2(Management Message), Magic כCode Cookie 0x1A2B3C4D. Control Message Type Message. Control Message Message Code (Control Connection Management) Start-Control-Connection-Request 1 Start-Control-Connection-Reply 2 Stop-Control-Connection-Request 3 Stop-Control-Connection-Reply 4 Echo-Request 5 Echo-Reply 6 (Call Management) Outgoing-Call-Request 7 6
10 Outgoing-Call-Reply 8 Incoming-Call-Request 9 Incoming-Call-Reply 10 Incoming-Call-Connected 11 Call-Clear-Request 12 Call-Disconnect-Notify 13 (Error Reporting) WAN-Error-Notify 14 (PPP Session Control) Set-Link-Info Tunneling End link user PPP PNS PAC PNS כ tunneling. PPP GRE (enhanced GRE header) encapsulation IP PAC-PNS [18, 15]. Media Header IP Header GRE Header PPP packet enhanced GRE [8] C R K S s Recur A Flags Ver Protocol Type Key (HW) Payload Length Key (LW) Call ID Sequence Number (Optional) Acknowledgment Number (Optional) 0 15 bit : [8]. Protocol Type : 0x880B(PPP) Payload Length : GRE payload. Call ID : session peer Call ID. Sequence Number : Payload sequence number S bit setting. Acknowledgment Number : GRE sequence number A bit setting. PPTP remote access LAN [15]. 7
11 Client Client Application GRE TCP 1 2 output packet PPTP encapsulation IP PPP 3 to remote network or to local area network PPTP Communication Device Ethernet Internet PPTP Server PPTP Server 3.3 L2TP PPTP L2TP(Layer Two Tunneling Protocol[20]) [21].. 1. L2TP LAC(PAC ) LNS(PNS ) LCP authentication L2F(Layer Two Forwarding Protocol). PPTP PNS PAC tunnel PPP. 2. PPTP tunnel start request start response L2TP three-way handshake. PPTP tunnel 2 L2TP reliable delivery. PPTP control reliable delivery TCP. 3. L2TP, L2F, PPTP GRE. PPTP control channel TCP/IP GRE/IP encapsulation channel L2TP channel flag control. 4. L2TP IP IPsec PPTP control message data IPsec., IPsec transport PPTP control message IPsec tunneled data control message authentication, data authentication encryption. 4 MS-PPTP v1 PPP PPTP Microsoft MS-PPTP 8
12 . 4.1 MS-CHAP v1 PPP Establishment phase LCP Network phase Authenticate phase Configuration Option. CHAP(Challenge-Handshake Authentication Protocol), MS כ MS-CHAP. MS-CHAP standard CHAP. standard CHAP. LCP Configuration Option standard CHAP [5]. Type Length Authentication-Protocol Algorithm Type Authentication-Protocol 3, Length 0x05, Authentication-protocol 0xc223(CHAP), Algorithm MD5 CHAP 0x05. MS-CAHP Algorithm field 0x05 0x80. CHAP. CHAP PPP encapsulation protocol field 0xc223 [7]. Code Identifier Length Data Code 1:Challenge, 2:Response, 3:Success, 4:Failure, Identifier challenges/responses/replies matching, Length Code, Data Code field. MS MS-CHAP [7, 12]. MS-CHAP DES Lan Manager hash MD4 Window NT hash. DesEncrypt(IN 8-octet Clear, IN 7-octet Key, OUT 8-octet Cipher ) // DES block cipher DesHash(IN 7-octet Clear, OUT 8-octet Cipher ){ DesEncrypt( StdText, Clear, giving Cipher ) } // StdText={KGS!@#$%} LmPasswordHash(IN 0-to-14-oem-char Password, OUT 16-octet PasswordHash ){ DesHash( 1st 7-octets of UcasePassword, giving 1st 8-octets of PasswordHash ) DesHash( 2nd 7-octets of UcasePassword, 9
13 } giving 2nd 8-octets of PasswordHash ) NtPasswordHash(IN 0-to-256-unicode-char Password, OUT 16-octet PasswordHash ) // MD4. Lan Manager hash 1. password padding 14 byte string byte 7byte DES key constant 8byte byte כ. window NT hash 14 byte password MD4 16 byte כ. MS-CHAP. 4 client. 1. client login challenge. כ 2. 8byte challenge client. 3. client password Lan Manager hash NT hash 16 byte כ כ 5byte 0 padding 21 byte. 7byte 3 DES key 8 byte challenge. 24 byte (response). flag window NT response flag 1, LanManage 0 setting. 4. client כ DES client כ. MS-CHAP PPP LCP [12]. Client -> Server c c [extra negotiation 10 bytes removed] 0xc021 - LCP packet 0x01 - configure Request 0x00 - ID 0 0x length 19 bytes 0x03 - Authentication 0x05 - CHAP option length 5 bytes 0xc223 - CHAP 0x80 - MS-CHAP 10
14 - Server->Client c d 08 cf 4f 0e b 0c 0xc223 - CHAP packet 0x01 - challenge 0x00 - ID 0 0x000d - length 13 bytes 0x08 - value size of the challenge 0xcf4f0e b0c - challenge value - Client response C b d1 d fd d3 8e 4d 68 aa 24 6f 0c d b 8c 9a c a0 d0 4a 47 7a 36 a1 8a 57 8e 76 c a f d 69 6e f 72 0xc223 - CHAP 0x02 - response 0x00 - ID 0x length 53 bytes [The ascii string has been changed to protect the innocent] 0x31 - Value length of challenge response 0x bd1d86068fdd38e4d68aa246f0cd695347b8c9a31 - LANMAN response 0x196c a0d04a477a36a18a578e76c63678a114790f - NT response 0x01- use Windows NT compatible challenge response flag "Administrator" - account name Change Password Packet Change Password Packet standard CHAP MS-CHAP v1 כ כ [7]. Change Password Packet authenticator( ) ERROR PASSWORD EXPIRED CHAP failure.. 1 octet : Code (=5) 1 octet : Identifier 2 octets: Length (=72) 16 octets: Encrypted LAN Manager Old password Hash 16 octets: Encrypted LAN Manager New Password Hash 16 octets: Encrypted Windows NT Old Password Hash 16 octets: Encrypted Windows NT New Password Hash 2 octets: Password Length 2 octets: Flags 11
15 - 16 octets field password password Lan Manager hash Window NT hash כ 8 challenge key DES encryption כ. - passive monitering challenge password כ.. Window NT 3.51/4.0 ( [7] ) Windows octet : Code 1 octet : Identifier 2 octets : Length 516 octets : Password Encrypted with Old NT Hash 16 octets : Old NT Hash Encrypted with New NT Hash 516 octets : Password Encrypted with Old LM Hash 16 octets : Old LM Hash Encrypted With New NT Hash 24 octets : LAN Manager compatible challenge response 24 octets : Windows NT compatible challenge response 2 octets : Flags - PasswordEncryptedwithOldNTHash password NT hash כ key password window NT כ RC4. - Old NT Hash Encrypted with New NT Hash כ password NT hash כ key password NT כ RC4. - PasswordEncryptedwithOldLMHashOld LM Hash Encrypted With New NT Hash field 0., Flags 1 field. - password כ RC4 password כ password כ decrypt כ. - Mallory DNS hijacking RIP spoofing PPTP client password כ. Mallory client ERROR PASSWD EXPIRE. password כ PPTP client [14]. 4.2 MS-CHAP v1 MS-CHAP 24byte response client Lan Manager hash NT hash כ. כ flag. כ. Lan Manager hash. L0phtcrack automatic password cracker Lan Manager hash password NT hash. Lan Manager hash 14 byte password 7byte key 12
16 security. password 7 כ 8byte password 7. Lan Manager hash MS-CHAP security כ. Lan Manager hash response [12]. P : password, K : key, H : hash value, R : response, C : challenge, S : StdText 1. P0,..., P6, P7,..., P13 2. H0,..., H7, H8,..., H14, H15 <- P 3. K0,..., K7, K8,..., K14, K15,0,0,0,0,0 <- 0 padding 4. K0,..., K6, K7, K8...,K13 K14,K15,0,0,0,0,0 <- 7byte. 5. R0,...,R7, R8,..., R15, R16,...,R23 <- C K PPTP challenge C(8 byte) client response R(24 byte). 1. K14, K15 C R16,...,R23 כ K14,K15. ( 2 15 operation כ.) כkey S כ כ. 2. K14, K15 H14, H15,, table כ 2byte H14, H15 P7,..., P13.. K8,..., K13 כ. K7 כ כ. כ C כ R8,..., R15 P7,...,P13 כ P7,...,P13. P7,..., P13 K7. כ כ, P0,...,P6 byte H7 2. K7 3. כ N N/2 8 P0,...,P6. Lan manager hash MS-CHAP. 4.3 MPPE MPPE(Microsoft Point-To-Point Encryption) PPP [10]. RC4 stream cipher RC4 encryption table 40 bit, 56 bit 128 bit key. key option. MPPE CCP CCP CCP(Compression Control Protocol) PPP link [4]. CCP PPP protocol field 0x80FD כ Network-Layer Protocol phase. LCP. 13
17 CCP option LCP Option Type Length Supported Bits Supported Bits Type MPPE 18, Length 6, Supported Bits H M S L D C Cbit MPPC(Microsoft Point-to-Point Compression), Dbit, L,S,M bit setting 40,128,56bits session key. Hbit setting stateless mode session key. <CCP example> Client->Server 80 fd a x80fd - Compression Control Protocol 0x01 - Configure Request 0x05 - ID 5 0x000a - Length 10 0x12 - Type 18 MPPE 0x06 - Length 6 0x bit session key Server->Client 80 fd a x80fd - Compression Control Protocol 0x02 - Configure Acknowledgement 0x05 - ID 5 0x000a - Length 10 0x12 - Type 18 MPPE 0x06 - Length 6 0x bit session key MPPE Packet MPPE PPP Network-Layer Protocol phase CCP control protocol opened state. MPPE PPP encapsulation PPP protocol field 14
18 0x00FD. PPP protocol field 0x0021 0x00FA encapsulation. MPPE reliable link Coherency Count field. MPPE PPP Protocol A B C D Coherency Count Encrypted Data PPP Protocol:0x00FD, B,C bit, A bit(flushed bit) setting RC4 encryption table כ session key. stateless mode Abit setting. Dbit 1 0. Coherency Count (0x0FFF) 0 reset. Encrypted Data PPP protocol field. IP datagram 0x0021 IP MPPE Key Drivation MPPE, key RC4 stream cipher encryption table session key [11]. 40-bit Session Keys Generation 1. client password Lan manager hash כ SHA 64bit. Get_Key(PasswordHash, SessionKey, 8) // כ // PasswordHash LmPasswordHash(), 8 output string octets length 2. כ 40bit 24 bit 0xD1269E setting. SessionKey[0] = 0xd1 ; SessionKey[1] = 0x26 ; SessionKey[2] = 0x9e ; 56-bit Session Keys Generation 40 bit 56bit. 8bit 0xd1 setting. 128-bit Session Keys Generation 1. client password NT hash 16 byte כ. 2. כ MD4 16 byte כ. 3. כ MS-CHAP 8 byte challenge concatenate SHA 128 bit. 15
19 Get_Start_Key(Challenge, NtPasswordHashHash, InitialSessionKey) Get_Key(InitialSessionKey, CurrentSessionKey, 16) < > SHApad1[40] = {0x00,..., 0x00}; SHApad2[40] = {0xf2,..., 0xf2}; Get_Key( IN InitialSessionKey, IN/OUT CurrentSessionKey IN LengthOfDesiredKey ) { SHAInit(Context) SHAUpdate(Context, InitialSessionKey, LengthOfDesiredKey) SHAUpdate(Context, SHAPad1, 40) SHAUpdate(Context, CurrentSessionKey, LengthOfDesiredKey) SHAUpdate(Context, SHAPad2, 40) SHAFinal(Context, Digest) memcpy(currentsessionkey, Digest, LengthOfDesiredKey) } Get_Start_Key( IN Challenge, IN NtPasswordHashHash, OUT InitialSessionKey) { SHAInit(Context) SHAUpdate(Context, NtPasswordHashHash, 16) SHAUpdate(Context, NtPasswordHashHash, 16) SHAUpdate(Context, Challenge, 8) SHAFinal(Context, Digest) memcpy(initialsessionkey, Digest, 16) } <Example 128-bit Key Derivation> Initial Values Password = "clientpass" Challenge = 10 2d b5 df 08 5d Step 1: NtPasswordHash(Password, PasswordHash) PasswordHash = 44 eb ba 8d b8 d f ae Step 2: PasswordHashHash = MD4(PasswordHash) PasswordHashHash = 41 c0 0c 58 4b d2 d9 1c a2 a1 2f a5 9f 3f Step 3: GetStartKey(Challenge, PasswordHashHash, InitialSessionKey) 16
20 InitialSessionKey = a cf c0 ac ca d1 78 9f b6 2d dc dd b0 Step 4: Copy InitialSessionKey to CurrentSessionKey CurrentSessionKey = a cf c0 ac c1 d1 78 9f b6 2d dc dd b0 Step 5: GetKey(InitialSessionKey, CurrentSessionKey, 16) CurrentSessionKey = 59 d1 59 bc 09 f7 6f 1d a2 a8 6a 28 ff ec 0b 1e 256 key. key, original key concatenate SHA 40 bit, 56 bit 128 bit key. Key 40bit 24 bit 0xD1269E setting. 4.4 MPPE v1 1. key 40 bit 128 bit security 40 bit 128 bit. key כ client password random כ כ security [12] bit salt PPP cipher text bit, PPTP key. 4. RC4 OFB mode stream cipher. cipher text. 5. MPPE coherency count field 1 coherency count CCP Reset-Request resynchronization message RC4 key. 256 key update key כ. key cipher text XOR plain text XOR כ. < example > Alice Bob [15]. RC4 key coherency count 0 setting כ. Alice -> Bob Alice Bob coherency count 0. Alice coherency count 1 setting, Bob decrypt coherency count 1 setting. Mallory(Bob) -> Alice Mallory Alice CCP Reset-Request coherency count 1. Alice -> Bob Alice RC4 key MPPE A bit setting. Mallory 256 key encryption. 17
21 4.5 Other Attack Passive monitering PPTP session / [13]. PPTP control connection message. monitering. PPTP START SESSION REQUEST [8]. Maximum Channels Firmware Revision + Host Name (64 octets) + + Vendor String (64 octets) + Maximum Channels PAC PPP session, Firmware Revision PAC firmware revision PNS PPTP driver version, Host Name PAC PNS DNS,VendorString PAC type PNS software. - client/server IP, client machine RAS version/netbios name, client/server vendor identification. - PPTP START SESSION REQUEST connection / Spoofing PPP negotiations PPP CCP negotiation,. Potential Client Information Leaks Windows 95 client buffer. PPTP PPTP START SESSION REQUEST Host Name Vendor String 0x00 padding window PPTP v2 [12] MS-PPTP v1 v2. MS-CHAP MS-CHAPv2 MPPE. security. [13]. -MS-CHAP Lan Manager hash כ MS-CHAPv2. - -MS-CHAP change password packet MS-CHAPv2 single change password packet. - MPPE key. 18
22 5.1 MS-CHAP v2 MS-CHAP v2 LCP option 3 CHAP field 0x81. MS-CHAPv2. client 8byte challenge [9, 13]. 1. client login challenge. כ byte random challenge. 3. client Peer Authenticator Challenge 16 byte random number Peer Authenticator Challenge challenge username concatenate כ SHA-1 כ 8byte challenge כ. ChallengeHash( IN 16-octet PeerChallenge, // client challenge IN 16-octet AuthenticatorChallenge, // server challenge IN 0-to-256-char UserName, // client user name OUT 8-octet Challenge // out strings (MS-CHAP 8byte challenge כ MS-CHAPv2 challenge.) 4. password NT hash 16byte NtPasswordHash( IN 0-to-256-unicode-char Password, OUT 16-octet PasswordHash ) 5. 4 כ byte MS-CHAP v1 24byte. 21byte 7byte 3 DES key challenge. ChallengeResponse( IN 8-octet Challenge, IN 16-octet PasswordHash, OUT 24-octet Response ) { DesEncrypt( Challenge, PasswordHash, Response ) DesEncrypt( Challenge, PasswordHash, Response ) DesEncrypt( Challenge, PasswordHash, Response ) } 6. 3 כ client client 24 byte response כ. GenerateNTResponse( IN 16-octet AuthenticatorChallenge, IN 16-octet PeerChallenge, IN 0-to-256-char UserName, 19
23 IN 0-to-256-unicode-char Password, OUT 24-octet Response ) { 8-octet Challenge 16-octet PasswordHash ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName, giving Challenge) } NtPasswordHash( Password, giving PasswordHash ) ChallengeResponse( Challenge, PasswordHash, giving Response ) Server Authentication 1. client password NT כ, client 24byte response, Magic server to client constant concatenate SHA כ 20byte, client 8byte, Pad to make it do more than one iteration concatenate SHA כ client. GenerateAuthenticatorResponse( IN 0-to-256-unicode-char Password, IN 24-octet NT-Response, IN 16-octet PeerChallenge, IN 16-octet AuthenticatorChallenge, IN 0-to-256-char UserName, OUT 42-octet AuthenticatorResponse ) { /* Hash the password with MD4 */ NtPasswordHash( Password, giving PasswordHash ) /* Now hash the hash */ HashNtPasswordHash( PasswordHash, giving PasswordHashHash) SHAInit(Context) SHAUpdate(Context, PasswordHashHash, 16) SHAUpdate(Context, NTResponse, 24) SHAUpdate(Context, Magic1, 39) SHAFinal(Context, Digest) ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName, giving Challenge) SHAInit(Context) SHAUpdate(Context, Digest, 20) SHAUpdate(Context, Challenge, 8) 20
24 } SHAUpdate(Context, Magic2, 41) SHAFinal(Context, Digest) Change Password Packet MS-CHAP v2 change password authenticator( ) ER- ROR PASSWD EXPIRED. ( [9] ) Windows NT 4.0, Windows 95/98. [9]. 1 octet : Code 1 octet : Identifier 2 octets : Length 516 octets : Encrypted-Password 16 octets : Encrypted-Hash 16 octets : Peer-Challenge 8 octets : Reserved 24 octets : NT-Response 2-octet : Flags - Encrypted-Password field password window NT כ key password window NT כ כ. -Encrypted-Hash password window NT כ key password window NT כ כ. - MS-CHAP v1 Lan manager hash rollback כ. 5.2 MS-CHAP v2 Window NT password [13]. MS-CHAP MS-CHAPv2. MS-CHAP client NT כ Lan manager hash כ Lan manager hash. MS-CHAPv2 connection. 16 byte random client random כ user name public. כ concatenate SHA-1 8byte challenge C. client 24 byte response R. R R = <DESX(C), DESY(C), DESZ(C)>. X,Y,Z 14 byte password NT hash כ 0 5 padding 7byte כ. Z 2byte 2 כ 16. ( ). NT כ 2byte Z כ sorting MS-CHAP. standard dictionary attack N N/2 16. attack client response SHA-1(NT(C)) insecure. Server כ SHA כ כ security כ. 21
25 5.3 MPPE v2 MPPE v1 client RC4 key MPPE v2 כ key [11, 13]. master-master key key key. Master-master key password NT כ, 24byte response, 27 byte This is the MPPE Msater key SHA כ 16byte כ master-master key. 40 bit key generation 1. master-master key, 40 byte 0x00, 84 byte constant, 40 byte 0xF2 SHA כ 8byte. Magic constant client כ key כ כ bit 0xD1269E setting 40 bit key. <Example 40-bit Key Derivation> Initial Values UserName = "User" = Password = "clientpass" = C E AuthenticatorChallenge = 5B 5D 7C 7D 7B 3F 2F 3E 3C 2C PeerChallenge = E 26 2A F 2B 3A 33 7C 7E Challenge = D0 2E BC E NT-Response = E CD 8D 70 8B 5E A0 8F AA CD A 3D 85 D6 DF Step 1: NtPasswordHash(Password, PasswordHash) PasswordHash = 44 EB BA 8D B8 D F AE Step 2: PasswordHashHash = MD4(PasswordHash) PasswordHashHash = 41 C0 0C 58 4B D2 D9 1C A2 A1 2F A5 9F 3F Step 3: Derive the master key (GetMasterKey()) MasterKey = FD EC E3 71 7A 8C 83 8C B3 88 E5 27 AE 3C DD 31 Step 4: Derive the master send session key (GetAsymmetricStartKey()) SendStartKey40 = 8B 7C DC 14 9B 99 3A 1B Step 5: Derive the intial send session key (GetNewKeyFromSHA()) SendSessionKey40 = D1 26 9E C4 9F A6 2E 3E 22
26 56-bit Session Keys Generation 40 bit 56bit. 8bit 0xd1 setting. 128 bit key generation 40 bit כ 16 byte. 5.4 MPPE v2 1. MPPE v1 client server key v2 key key security password. key כ key constant כ key. RC4 128 bit entropy. 2. [13] 40bit 0xD1269E setting key stream 1,2 0x09 0x /256= key schedule S[1]=0x09, S[2]=0x /e. 40bit bit 0xD1269E כ security. 5.5 Other Attack Version Rollback Attacks MS negotiation MS-CHAPv2 fail MS-CHAPv1 [13] client MS-CHAPv2 fail MS-CHAPv1 version rollback attack. 6 PPTP MS MS-PPTP. PPTP control connection. MS PPTP v1 v2 כ. CHAP dictionary attack כ, v2 window NT Lan manager. version roll back. MPPE RC4 key password constant security. [1] Reynolds, J. and J. Postel, Assigned Numbers, RFC1700, October [2] G. McGregor, The PPP Internet Protocol Control Protocol (IPCP), RFC1172, May [3] W. Simpson, Editor, The Point-to-Point Protocol (PPP), RFC1661, July [4] D. Rand, The PPP Compression Control Protocol (CCP),,RFC1962, June
27 [5] W. Simpson, PPP Challenge Handshake Authentication Protocol (CHAP), RFC1994, August [6] G. Pall, Microsoft Point-To-Point Compression (MPPC) Protocol, RFC2118, March [7] G. Zorn, S. Cobb, Microsoft PPP CHAP Extensions, RFC2433, October [8] K. Hamzeh, G. Pall, W. Verthein, J. Taarud, W. Little, G. Zorn, Point-to-Point Tunneling Protocol (PPTP), RFC2637, July [9] G. Zorn, Microsoft PPP CHAP Extensions, Version 2, RFC2759, January [10] G. S. Pall, G. Zorn Microsoft Point-To-Point Encryption (MPPE) Protocol, <draft-ietf-pppextmppe-04.txt>,october [11] G. Zorn, MPPE Key Derivation <draft-ietf-pppext-mppe-keys-02.txt>, September [12] Bruce Schneier, Mudge Cryptanalysis of Microsoft s Point-to-Point Tunneling Protocol(PPTP), [13] Bruce Schneier, Mudge Cryptanalysis of Microsoft s PPTP Authentication Extensions(MS- CHAPv2) [14] Analysis by Aleph ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip masq vpn.html [15] Understanding Point-to-Point Tunneling Protocol(PPTP) PPTP.htm [16] W. Simpson, PPP in HDLC-like Framing, RFC1662, July [17] G. McGregor, The PPP Internet Protocol Control Protocol (IPCP), RFC1332, May [18] S. Hanks, T. Li, D. Farinacci, P. Traina, Generic Routing Encapsulation(GRE), RFC1701, October [19] S. Hanks, T. Li, D. Farinacci, P. Traina, Generic Routing Encapsulation over IPv4 networks, RFC1702, October [20] W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn, B. Palter, Layer Two Tunneling Protocol(L2TP),RFC2661, August [21] R. Shea, L2TP Implementation and Operation, Addison-Wisley, [22] W. Simpson, PPP in HDLC-like Framing, RFC1662, July
Chapter 10 Security Protocols of the Data Link Layer
Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2005/06 10.1 Scope of Link Layer Security Protocols
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks
CS 393 Network Security Nasir Memon Polytechnic University Module 13 Virtual Private Networks Course Logistics HW due Monday. HW 6 posted. Due in a week. Questions regarding homework are best answered
More informationNetwork Security. Chapter 10 Security Protocols of the Data Link Layer
Network Security Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol () Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Virtual Private Networks
More informationDevelopment of Internet Phone(VoIP) for Voice Security on VPN Environment
International Conference on Convergence and Hybrid Information Technology 2008 Development of Internet Phone(VoIP) for Voice Security on VPN Environment Sang-Jo Youk 1, Seung-Sun Yoo 2, Bong-Keun Lee 3,
More informationNetwork Working Group
Network Working Group Request for Comments: 2637 Category: Informational K. Hamzeh Ascend Communications G. Pall Microsoft Corporation W. Verthein 3Com J. Taarud Copper Mountain Networks W. Little ECI
More informationNetwork Working Group. Category: Informational January 2000
Network Working Group G. Zorn Request for Comments: 2759 Microsoft Corporation Category: Informational January 2000 Microsoft PPP CHAP Extensions, Version 2 Status of this Memo This memo provides information
More informationNetwork Security. Chapter 11 Security Protocols of the Data Link Layer. Scope of Link Layer Security Protocols
Network Security Chapter 11 Security Protocols of the Data Link Layer! IEEE 802.1Q, IEEE 802.1X & IEEE 802.1AE! Point-to-Point Protocol (PPP)! Point-to-Point Tunneling Protocol (PPTP)! Layer 2 Tunneling
More information[MS-PTPT-Diff]: Intellectual Property Rights Notice for Open Specifications Documentation
[MS-PTPT-Diff]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation ( this documentation ) for protocols,
More informationEthereal Exercise 2 (Part A): Link Control Protocol
Course: Semester: ELE437 Ethereal Exercise 2 (Part A): Link Control Protocol Introduction In this exercise some details at the data link layer will be examined. In particular, the Link Control Protocol
More informationNetwork Working Group Request for Comments: October 1998
Network Working Group Request for Comments: 2433 Category: Informational G. Zorn S. Cobb Microsoft Corporation October 1998 Microsoft PPP CHAP Extensions Status of this Memo This memo provides information
More informationVPN. Agenda VPN VPDN. L84 - VPN and VPDN in IP. Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP)
VPN Virtual Private Networks Introduction VPDN Details (L2F, PPTP, L2TP) Agenda VPN Classical Approach Overview IP Based Solutions IP addresses non overlapping IP addresses overlapping MPLS-VPN VPDN RAS
More informationRequest for Comments: 3153 Category: Standards Track C. Fox Cisco Systems August 2001
Network Working Group Request for Comments: 3153 Category: Standards Track R. Pazhyannur I. Ali Motorola C. Fox Cisco Systems August 2001 PPP Multiplexing Status of this Memo This document specifies an
More informationLecture 1.1: Point to Point Protocol (PPP) An introduction
Lecture 1.1: Point to Point Protocol (PPP) An introduction "the watchword for a point-to-point protocol should be simplicity" (RFC 1547, PPP requirements). disattended by 50+ RFCs Recommended reading:
More informationRequest for Comments: 1332 Obsoletes: RFC 1172 May The PPP Internet Protocol Control Protocol (IPCP)
Network Working Group G. McGregor Request for Comments: 1332 Merit Obsoletes: RFC 1172 May 1992 The PPP Internet Protocol Control Protocol (IPCP) Status of this Memo This RFC specifies an IAB standards
More informationNetwork Working Group. Category: Informational February 1997
Network Working Group K. Hamzeh Request for Comments: 2107 Ascend Communications Category: Informational February 1997 Status of this Memo Ascend Tunnel Management Protocol - ATMP This memo provides information
More informationReview on protocols of Virtual Private Network
Review on protocols of Virtual Private Network Shaikh Shahebaz 1, Sujay Madan 2, Sujata Magare 3 1 Student, Dept. Of MCA [JNEC College] Cidoco N-6, Aurangabad, Maharashtra, India 2 Student Dept. of MCA
More informationPPP Configuration Options
PPP Configuration Options 1 PPP Configuration Options PPP can be configured to support various functions including: Authentication using either PAP or CHAP Compression using either Stacker or Predictor
More informationNetwork Working Group Request for Comments: 1962 Category: Standards Track June 1996
Network Working Group D. Rand Request for Comments: 1962 Novell Category: Standards Track June 1996 Status of this Memo The PPP Compression Control Protocol (CCP) This document specifies an Internet standards
More informationTeldat Router. PPP Interface
Teldat Router PPP Interface Doc. DM710-I Rev. 10.11 December, 2003 INDEX Chapter 1 PPP Interface...1 1. Description...2 2. PPP Frame structure...3 2.1. Asynchronous PPP adaptation...3 3. Link Control Protocol...5
More informationAn Effective Calibration of VOIP Internet Telephony Performance using VPN between PAC and PNS
An Effective Calibration of VOIP Internet Telephony Performance using VPN between PAC and PNS Hyung Moo Kim, and Jae Soo Yoo, Member, IEEE Abstract In this paper, we have created VoIP terminals that use
More informationVPN. Virtual Private Network. Mario Baldi. Synchrodyne Networks, Inc. VPN - 1 M.
VPN Virtual Private Network Mario Baldi Synchrodyne Networks, Inc. http://www.synchrodyne.com/baldi VPN - 1 M. Baldi: see page 2 Nota di Copyright This set of transparencies, hereinafter referred to as
More informationNetwork Working Group. Category: Standards Track June 1996
Network Working Group G. Meyer Request for Comments: 1968 Spider Systems Category: Standards Track June 1996 Status of this Memo The PPP Encryption Control Protocol (ECP) This document specifies an Internet
More informationNetwork Working Group Request for Comments: 1663 Category: Standards Track July 1994
Network Working Group D. Rand Request for Comments: 1663 Novell Category: Standards Track July 1994 Status of this Memo PPP Reliable Transmission This document specifies an Internet standards track protocol
More informationEthereal Exercise 2 (Part B): Link Control Protocol
Course: Semester: ELE437 Introduction Ethereal Exercise 2 (Part B): Link Control Protocol In this half of Exercise 2, you will look through a more complete capture of a dial-up connection being established.
More informationVirtual Private Networks (VPNs)
CHAPTER 19 Virtual Private Networks (VPNs) Virtual private network is defined as customer connectivity deployed on a shared infrastructure with the same policies as a private network. The shared infrastructure
More informationConfiguring Client-Initiated Dial-In VPDN Tunneling
Configuring Client-Initiated Dial-In VPDN Tunneling Client-initiated dial-in virtual private dialup networking (VPDN) tunneling deployments allow remote users to access a private network over a shared
More informationPoint-to-Point Protocol (PPP) Accessing the WAN Chapter 2
Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2 ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the fundamental concepts of point-to-point serial
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationPoint-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP) Accessing the WAN Chapter 2 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Describe the fundamental concepts of point-to-point serial
More informationConfiguring Virtual Private Networks
Configuring Virtual Private Networks This chapter describes how to configure, verify, maintain, and troubleshoot a Virtual Private Network (VPN). It includes the following main sections: VPN Technology
More informationNetwork Working Group
Network Working Group Request for Comments: 2868 Updates: RFC 2865 Category: Informational G. Zorn Cisco Systems, Inc. D. Leifer A. Rubens Ascend Communications J. Shriver Intel Corporation M. Holdrege
More informationRADIUS Attributes Overview and RADIUS IETF Attributes
RADIUS Attributes Overview and RADIUS IETF Attributes Remote Authentication Dial-In User Service (RADIUS) attributes are used to define specific authentication, authorization, and accounting (AAA) elements
More informationA Method for Transmitting PPP Over Ethernet (PPPoE)
Network Working Group Request for Comments: 2516 Category: Informational L. Mamakos K. Lidl J. Evarts UUNET Technologies, Inc. D. Carrel D. Simone RedBack Networks, Inc. R. Wheeler RouterWare, Inc. February
More informationNo Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
[MS-CBCP]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationL2TP Configuration. L2TP Overview. Introduction. Typical L2TP Networking Application
Table of Contents L2TP Configuration 1 L2TP Overview 1 Introduction 1 Typical L2TP Networking Application 1 Basic Concepts of L2TP 2 L2TP Tunneling Modes and Tunnel Establishment Process 4 L2TP Features
More informationNetwork Working Group Requests for Commments: 2716 Category: Experimental October 1999
Network Working Group Requests for Commments: 2716 Category: Experimental B. Aboba D. Simon Microsoft October 1999 Status of this Memo PPP EAP TLS Authentication Protocol This memo defines an Experimental
More informationnetwork Y. The gateway machine receives trac to this internal IP address, and sends it back to the remote machine on network X. There are two primary
Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP) Bruce Schneier schneier@counterpane.com Mudge mudge@l0pht.com Counterpane Systems, L0pht Heavy Industries 101 East Minnehaha Parkway,
More informationA device that bridges the wireless link on one side to the wired network on the other.
GLOSSARY A Access point Analog Channel ARP ATM ATO A device that bridges the wireless link on one side to the wired network on the other. A circuit-switched communication path intended to carry 3.1 KHz
More informationPoint-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP) www.ine.com PPP» Point-to-Point Protocol» Open standard» Operates in the LLC sub-layer of data link layer in OSI» Originally designed for dial-up connections (modems, ISDN,
More informationHP VSR1000 Virtual Services Router
HP VSR1000 Virtual Services Router Layer 2 - WAN Access Configuration Guide Part number: 5998-6023 Software version: VSR1000_HP-CMW710-R0202-X64 Document version: 6W100-20140418 Legal and notice information
More informationGrandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide
Grandstream Networks, Inc. GWN7000 Multi-WAN Gigabit VPN Router VPN Configuration Guide Table of Contents SUPPORTED DEVICES... 5 INTRODUCTION... 6 GWN7000 VPN FEATURE... 7 OPENVPN CONFIGURATION... 8 OpenVPN
More informationA B S T R A C T. Index Terms: MPPE; PPTP; RC4; Cipher; VPN; MSCHAPv2 I. INTRODUCTION
Performance and Strength Comparison Of Various Encryption Protocol of PPTP VPN. Anupriya Shrivastava,M A Rizvi National Institute of Technical Teacher s Training and Research Bhopal, India 1, 2 anushrivastava1989@gmail.com
More informationGlobal Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationDiameter NASREQ Application. Status of this Memo. This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026.
AAA Working Group Pat R. Calhoun Internet-Draft Black Storm Networks Category: Standards Track William Bulley Merit Network, Inc. Allan C. Rubens Tut Systems, Inc.
More informationDebugging a Virtual Access Service Managed Gateway
Debugging a Virtual Access Service Managed Gateway Issue: 1.0 Date: 09 July 2013 Table of Contents 1 About this document... 3 1.1 Scope... 3 2 WAN connectivity... 4 2.1 ADSL... 4 2.1.1 Active data connections...
More informationIP and Network Technologies. IP over WAN. Agenda. Agenda
IP and Network Technologies IP over WAN Address Resolution, Encapsulation, Routing, NBMA PPP, Inverse ARP, Overview IP over ATM for transport of IP datagrams over a network encapsulation and address resolution
More informationSet Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers
Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually
More informationNetwork Working Group Request for Comments: October 1996
Network Working Group Request for Comments: 2023 Category: Standards Track D. Haskin E. Allen Bay Networks, Inc. October 1996 IP Version 6 over PPP Status of this Memo This document specifies an Internet
More informationVirtual Private Networks.
Virtual Private Networks thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Virtual Private Networks VPN Basics Protocols (IPSec, PPTP, L2TP) Objectives of VPNs Earlier Companies
More informationINTERNET-DRAFT IP Version 6 over PPP February Table of Contents. 1. Introduction Specification of Requirements...
HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 03:48:38 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Thu, 15 Feb 1996 23:00:00 GMT ETag: "2f52fa-4e8d-3123baf0" Accept-Ranges: bytes Content-Length: 20109 Connection:
More informationOutline. A Horde of Protocols. An Encouraging Message. Lots of Protocols = Lots of Problems. Implementation Flaws
Outline Windows Protocol Analysis: MSCHAP & Friends Gros, Charles-Henri Haley, David Lisanke, Bob Schaff, Clovis Overview of Windows Security Issues Various Protocols and Problems Introducing MSCHAP MSCHAP
More informationCIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1
Version 1 1. (24 Points) Show the routing tables for routers A, B, C, and D. Make sure you account for traffic to the Internet. Router A Router B Router C Router D Network Next Hop Next Hop Next Hop Next
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationConfiguring L2TP over IPsec
CHAPTER 62 This chapter describes how to configure L2TP over IPsec on the ASA. This chapter includes the following topics: Information About L2TP over IPsec, page 62-1 Licensing Requirements for L2TP over
More informationRequest for Comments: August PPP for Data Compression in Data Circuit-Terminating Equipment (DCE)
Network Working Group Request for Comments: 1976 Category: Informational K. Schneider S. Venters ADTRAN, Inc. August 1996 PPP for Data Compression in Data Circuit-Terminating Equipment (DCE) Status of
More informationCIS-331 Spring 2016 Exam 1 Name: Total of 109 Points Version 1
Version 1 Instructions Write your name on the exam paper. Write your name and version number on the top of the yellow paper. Answer Question 1 on the exam paper. Answer Questions 2-4 on the yellow paper.
More informationNetwork Working Group Request for Comments: 2059 Category: Informational January 1997
Network Working Group C. Rigney Request for Comments: 2059 Livingston Category: Informational January 1997 Status of this Memo RADIUS Accounting This memo provides information for the Internet community.
More informationPPTP Server: This guide will show how an IT administrator can configure the VPN-PPTP server settings.
Chapter 12 VPN To obtain a private and secure network link, the NUS-MH2400G is capable of establishing VPN connections. When used in combination with remote client authentication, it links the business
More informationNetwork Working Group Request for Comments: 2866 Category: Informational June 2000 Obsoletes: 2139
Network Working Group C. Rigney Request for Comments: 2866 Livingston Category: Informational June 2000 Obsoletes: 2139 Status of this Memo RADIUS Accounting This memo provides information for the Internet
More informationHP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)
HP MSR Router Series Layer 2 - WAN Access Configuration Guide(V7) Part number: 5998-6465 Software version: CMW710-R0106 Document version: 6PW101-20140807 Legal and notice information Copyright 2014 Hewlett-Packard
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationTransport Area Working Group
Transport Area Working Group B. Briscoe Internet-Draft Simula Research Laboratory Updates: 6040, 2661, 1701, 2784, 2637, July 8, 2016 3931 (if approved) Intended status: Standards Track Expires: January
More informationTunnel within a network
VPN Tunnels David Morgan Tunnel within a network B C E G H I A D F - Packet stream of protocol X - Packet stream of protocol Y - Packet stream: X over Y or X tunneled in/through Y 1 Packet encapsulation
More informationCSC 6575: Internet Security Fall 2017
CSC 6575: Internet Security Fall 2017 Network Security Devices IP Security Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee Tech University 2 IPSec Agenda Architecture
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationMerit Network, Incorporated Bernard Aboba Microsoft March 1997
Internet Draft Category: Experimental expires in six months Pat R. Calhoun US Robotics Access Corp. Allan Rubens Merit Network, Incorporated Bernard Aboba Microsoft March 1997 DIAMETER Extensible Authentication
More informationCategory: Informational Stac Technology August 1996
Network Working Group Request for Comments: 1967 Category: Informational K. Schneider ADTRAN, Inc. R. Friend Stac Technology August 1996 Status of This Memo PPP LZS-DCP Compression Protocol (LZS-DCP) This
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationNetwork Security. Rev 1.0.
Network Security Rev 1.0 www.huawei.com HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Objectives ACL NAT AAA RADIUS + DIAMETER Tunneling (GRE+IPSec) HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
More informationSetting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall
Setting Up Windows 2K VPN Connection Through The Symantec Raptor Firewall Firewall By: Loc Huynh Date: 24 March 2003 Table of Contents 1.0 Foreword...2 2.0 Setting VPN on VPN Server...2 3.0 Setting Symantec
More informationNetwork Working Group. Category: Informational DayDreamer August 1996
Network Working Group Request for Comments: 1974 Category: Informational R. Friend Stac Electronics W. Simpson DayDreamer August 1996 PPP Stac LZS Compression Protocol Status of this Memo This memo provides
More informationHPE FlexNetwork MSR Router Series
HPE FlexNetwork MSR Router Series Comware 7 Layer 2 - WAN Access Configuration Guides Part number: 5998-8783 Software version: CMW710-E0407 Document version: 6W100-20160526 Copyright 2016 Hewlett Packard
More informationRequest for Comments: August 1996
Network Working Group Request for Comments: 1963 Category: Informational K. Schneider S. Venters ADTRAN, Inc. August 1996 Status of This Memo PPP Serial Data Transport Protocol (SDTP) This memo provides
More informationTable of Contents 1 AAA Overview AAA Configuration 2-1
Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-2 Introduction to RADIUS 1-2
More informationProtocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science
Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science History of computer network protocol development in 20 th century. Development of hierarchical
More informationFunctional Specification (Preliminary) S-7600A
S-7600A TCP/IP NETWORK PROTOCOL STACK LSI Preliminary - Revision 011 Functional Specification (Preliminary) S-7600A TCP/IP Network Protocol LSI Components Marketing Dept Marketing Section 2 Tel +81-43-211-1028
More informationMicrosoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security
Operating System Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security White Paper Abstract The Microsoft Windows operating system includes technology to secure communications
More informationCheating CHAP. Sebastian Krahmer February 2, 2002
Cheating CHAP Sebastian Krahmer krahmer@cs.uni-potsdam.de February 2, 2002 Abstract The Challenge Handshake Authentication Protocol (CHAP) is used to verify the identity of a peer in a 3-way handshake
More informationService Managed Gateway TM. How to Configure and Debug Generic Routing Encapsulation (GRE)
Service Managed Gateway TM How to Configure and Debug Generic Routing Encapsulation (GRE) Issue 1.1 Date 14 August 2007 Table of Contents 1 About this document...3 1.1 Scope...3 1.2 Readership...3 2 Introduction...4
More informationVodafone MachineLink. PPTP Configuration Guide
Vodafone MachineLink PPTP Configuration Guide Document history This guide covers the following products: Vodafone MachineLink 3G (NWL-10) Vodafone MachineLink 3G Plus (NWL-12) Vodafone MachineLink 4G (NWL-22)
More informationVPN Ports and LAN-to-LAN Tunnels
CHAPTER 6 A VPN port is a virtual port which handles tunneled traffic. Tunnels are virtual point-to-point connections through a public network such as the Internet. All packets sent through a VPN tunnel
More informationRADIUS Attributes Overview and RADIUS IETF Attributes
RADIUS Attributes Overview and RADIUS IETF Attributes First Published: March 19, 2001 Last Updated: September 23, 2009 Remote Authentication Dial-In User Service (RADIUS) attributes are used to define
More informationPOINT TO POINT DATALINK PROTOCOLS. ETI 2506 Telecommunication Systems Monday, 7 November 2016
POINT TO POINT DATALINK PROTOCOLS ETI 2506 Telecommunication Systems Monday, 7 November 2016 TELECOMMUNICATION SYLLABUS Principles of Telecom (IP Telephony and IP TV) - Key Issues to remember PPP Frame
More informationRequest for Comments: 2420 Category: Standards Track September The PPP Triple-DES Encryption Protocol (3DESE)
Network Working Group H. Kummert Request for Comments: 2420 Nentec GmbH Category: Standards Track September 1998 Status of this Memo The PPP Triple-DES Encryption Protocol (3DESE) This document specifies
More informationA Proposal for a Remote Access Method using GSCIP and IPsec
A Proposal for a Remote Access Method using GSCIP and IPsec Keisuke Imamura, Hidekazu Suzuki, Akira Watanabe Graduate School of Science and Technology, Meijo University 1-501 Shiogamaguchi, Tempaku-ku,
More informationAdvanced Computer Networks. Rab Nawaz Jadoon DCS. Assistant Professor COMSATS University, Lahore Pakistan. Department of Computer Science
Advanced Computer Networks Rab Nawaz Jadoon Department of Computer Science DCS COMSATS Institute of Information Technology Assistant Professor COMSATS University, Lahore Pakistan Advanced Computer Networks
More informationVirtual Private Networks
Chapter 12 Virtual Private Networks Introduction Business has changed in the last couple of decades. Companies now have to think about having a global presence, global marketing, and logistics. Most of
More information[MS-SSTP]: Secure Socket Tunneling Protocol (SSTP) Intellectual Property Rights Notice for Open Specifications Documentation
[MS-SSTP]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation ( this documentation ) for protocols,
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationVirtual Private Networks
EN-2000 Reference Manual Document 8 Virtual Private Networks O ne of the principal features of routers is their support of virtual private networks (VPNs). This document discusses transmission security,
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationbased computing that takes place over the Internet, basically a step on from Utility Computing.
REVIEW OF LITERATURE Joseph Davies & Elliot Lewis (2003) In this paper Cloud Computing is a general term used to describe a new class of network based computing that takes place over the Internet, basically
More informationData-link. Examples of protocols. Generating polynomials. Example. Error detection in TCP/IP. Multiple Access Links and Protocols
Computer Networking Data-link layer Prof. Andrzej Duda duda@imag.fr http://duda.imag.fr Data Link Layer Our goals: Understand principles behind link layer services: sharing a broadcast channel: multiple
More informationCryptography and Network Security Chapter 16. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,
More informationTechnical Specification. Third Party Control Protocol. AV Revolution
Technical Specification Third Party Control Protocol AV Revolution Document AM-TS-120308 Version 1.0 Page 1 of 31 DOCUMENT DETAILS Document Title: Technical Specification, Third Party Control Protocol,
More informationHP MSR Router Series. Layer 2 - WAN Access Configuration Guide(V7)
HP MSR Router Series Layer 2 - WAN Access Configuration Guide(V7) Part number: 5998-7721b Software version: CMW710-R0304 Document version: 6PW104-20150914 Legal and notice information Copyright 2015 Hewlett-Packard
More informationVendor-Proprietary Attribute
RADIUS s The IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the network access server and the RADIUS server. However, some vendors have extended
More informationSecure channel, VPN and IPsec. stole some slides from Merike Kaeo
Secure channel, VPN and IPsec stole some slides from Merike Kaeo 1 HTTP and Secure Channel HTTP HTTP TLS TCP TCP IP IP 2 SSL and TLS SSL/TLS SSL v3.0 specified
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More information