On the security of PPPoE network

Liu, Fanbao; Xie, Tao; Feng, Yunhe; Feng, Dan

doi:10.1002/sec.512

Cited by 6 publications

(3 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CHAP. The Challenge-Handshake Authentication Protocol (CHAP) [3], [8], [9] is an authentication scheme used by a PPP server to validate the identity of a remote peer, who wants to access the resource of the server. The server sends an id and a challenge C to the peer.…”

Section: Preliminariesmentioning

confidence: 99%

A General Way to Break Hash-based Challenge-and-Response

Liu

Chen

Dong³

2012

2012 International Conference on Industrial Control and Electronics Engineering

Self Cite

View full text Add to dashboard Cite

Hash-based challenge-and-response protocols are widely used as an authentication scheme in network applications. The authenticator sends a random string as a challenge to the peer, the peer generates a response with a hash function on a pre-shared password combined the received challenge. In this paper, we propose a general and efficient way to break some prevalent hash-based challengeand-response protocols in use. These protocols are vulnerable to the chosen challenge attack launched by a malicious user, who impersonates the server. We first generate a rainbow table containing hash values of all possible passwords, which is produced by hashing a pre-chosen challenge concatenated with all possible password candidates. Second, we impersonate the authenticator and send the pre-chosen challenge to the peer. Finally, we look up in the rainbow table for the received response from the peer to crack the password. With this tactic, we can do the cost consuming pre-computation once, and then we can always use it to recover all of the peer's passwords with only one additional on-line query.

show abstract

Section: Preliminariesmentioning

confidence: 99%

A General Way to Break Hash-based Challenge-and-Response

Liu

Chen

Dong³

2012

2012 International Conference on Industrial Control and Electronics Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…Ping Ding considered that the 802.1x misses its goals in access control denial of service (DoS) attacks and propose a Central Manager (CM) not only to take the responsibility of an authentication server, but also to add functionality to prevent denial of service attacks [1]; Pascal Urien and Guy Pujolle introduced smart cards ensuring strong authentication in IP networks, according to the extensible authentication protocol (EAP) [2]; Fanbao Liu and Yumeng Feng have a study on the security problem of PPPoE network [3]; Gaurav Sharma made use of currency like hash chain tokens in order to identify an efficient authentication and billing mechanism for faster handoffs in WLANs based on the IEEE 802.1x specification [4]. This paper not only compares the advantages and disadvantages between different internet protocols but also propose a solution integrate both of International Symposium on Computers & Informatics (ISCI 2015) the advantage of 802.1x and radius in order to the network protocol overhead and improve the network performance.…”

Section: Introductionmentioning

confidence: 99%

Design in the Authentication and Billing System Based on Radius and 802.1x Protocol

Chen¹,

Zhang²

2015

Proceedings of the 2015 International Symposium on Computers &Amp; Informatics

View full text Add to dashboard Cite

Abstract.With the rapid development of internet, the efficiency and security of authentication and billing system is attracting more and more attention. This paper proposed an advanced authentication and billing solution by integrating the advantages of radius and 802.1x protocol for the consideration of internet performance and management request after comparing the feature of PPPoE, Radius and 802.1x protocols. In the practical application, the solution this paper put forward reduces the network overhead and improves the network performance so that can prove it has an outstanding actual effect.

show abstract

“…The authenticator is a network device, such as a Wireless Access Point (WAP), and the authentication server is typically a host running software supporting the Remote Authentication Dial In User Service (RADIUS) and EAP protocols. EAP-MD5 [4], first used as Challenge-Handshake Authentication Protocol (CHAP) [13] in Point-to-Point Protocol (PPP) [12,9] network for peer authentication, is a hash-based challenge and response protocol. EAP-MD5 applies the secret prefix approach of hashing [14] to generate response R = MD5(P ||C), where P is the shared password and C is the challenge.…”

Section: Introductionmentioning

confidence: 99%

How to Break EAP-MD5

Liu

Xie

2012

Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems

Self Cite

View full text Add to dashboard Cite

Abstract. We propose an efficient attack to recover the passwords, used to authenticate the peer by EAP-MD5, in the IEEE 802.1X network. First, we recover the length of the used password through a method called length recovery attack by on-line queries. Second, we crack the known length password using a rainbow table pre-computed with a fixed challenge, which can be done efficiently with great probability through off-line computations. This kind of attack can also be implemented successfully even if the underlying hash function MD5 is replaced with SHA-1 or even SHA-512.

show abstract

On the security of PPPoE network

Cited by 6 publications

References 23 publications

A General Way to Break Hash-based Challenge-and-Response

A General Way to Break Hash-based Challenge-and-Response

Design in the Authentication and Billing System Based on Radius and 802.1x Protocol

How to Break EAP-MD5

Contact Info

Product

Resources

About