On the Security of Digest Access Authentication

Xie

Feng

et al. 2012

Security Comm Networks

Self Cite

Point‐to‐Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. It is widely used by commercial Internet service providers to provide Internet surfing for customers who pay bills. In this paper, we analyze the security of PPPoE network. We find that we can easily collect information about both the peers and the PPPoE authentication servers. We can use such information to recover the peer's authentication password by silently impersonating the server, which is undetectable in the network. We impersonate the server in the peers' LAN and get their passwords by hijacking the peers' PPPoE connections and negotiating for using the Password Authentication Protocol (PAP). We further propose an efficient password recovery attack against the Challenge‐Handshake Authentication Protocol (CHAP). We first recover the length of the used password through on‐line queries, based on the weakness of MD5 input pre‐processing. Then, we crack the known‐length password off‐line, using the probabilistic context‐free grammars. We point out that PPPoE cannot be used anymore until all of the weak authentication protocols including PAP, CHAP, and Microsoft CHAP are abolished right now and replaced with more secure Extensible Authentication Protocols. Copyright © 2012 John Wiley & Sons, Ltd.

Section: Introductionmentioning

confidence: 84%

On the security of PPPoE network

Xie

Feng

et al. 2012

Security Comm Networks

Self Cite

“…Authentication Post Office Protocol (APOP) [1], [6], [7] is a popular challenge-and-response authentication protocol, which used by a POP3 mail server to authenticate the peer who tries to access his e-mails stored on the server. The server sends a challenge C with some restrictions to the peer.…”

Section: Preliminariesmentioning

confidence: 99%

A General Way to Break Hash-based Challenge-and-Response

2012 International Conference on Industrial Control and Electronics Engineering

Chen

Dong³

2012

Self Cite

Hash-based challenge-and-response protocols are widely used as an authentication scheme in network applications. The authenticator sends a random string as a challenge to the peer, the peer generates a response with a hash function on a pre-shared password combined the received challenge. In this paper, we propose a general and efficient way to break some prevalent hash-based challengeand-response protocols in use. These protocols are vulnerable to the chosen challenge attack launched by a malicious user, who impersonates the server. We first generate a rainbow table containing hash values of all possible passwords, which is produced by hashing a pre-chosen challenge concatenated with all possible password candidates. Second, we impersonate the authenticator and send the pre-chosen challenge to the peer. Finally, we look up in the rainbow table for the received response from the peer to crack the password. With this tactic, we can do the cost consuming pre-computation once, and then we can always use it to recover all of the peer's passwords with only one additional on-line query.

“…MD5 [11,17,7,8] is a typical Merkle-Damgård structure hash function, which takes a variable-length message M as input and outputs a 128-bit hash value. M is first padded to be multiples of 512 bits, a '1' added at the tail of M , followed by '0's until the bit length becomes 448 on modulo 512, finally, the length of the unpadded message M is inserted to the last 64 bits.…”

Section: Brief Description Of Md5mentioning

confidence: 99%

How to Break EAP-MD5

Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems

Xie

2012

Self Cite

Abstract. We propose an efficient attack to recover the passwords, used to authenticate the peer by EAP-MD5, in the IEEE 802.1X network. First, we recover the length of the used password through a method called length recovery attack by on-line queries. Second, we crack the known length password using a rainbow table pre-computed with a fixed challenge, which can be done efficiently with great probability through off-line computations. This kind of attack can also be implemented successfully even if the underlying hash function MD5 is replaced with SHA-1 or even SHA-512.