Point-to-Point Protocol is the successor to SLIP (Serial Line Internet Protocol) in this article we will explain PPP and explore it's two most popular authentication methods PAP, and CHAP.
First of all, what does PPP do? Well basically PPP is responsible for connecting a computer to the Internet.
When transmitting data over any network, first a path for the data must be established, and procedures for flow control must be implemented to ensure successful transmission. This is done through the Link Control Protocol, and the Network Control Protocols.
Phases of Transmission Sessions
There are 4 distinctive phases in the transmission of data over the WAN.
1. An LCP (Link Control Protocol) frame is sent to establish a means of data tranmission, in this phase compression and maximum transmission units are decided. Even the authentication type is decided at this phase (discussed in more detail later).
2. Link Quality. This phase is optional, but is usually used. This phase determines the quality of the link, it is decided at this phase whether to bring up the network-layer protocols.
3. At this phase the NCP (Network Control Protocols) are brought into play, NCP packets are used to determine network-layer protocols (IP/IPX etc) to be used. Once these have beeen decided upon, datagram transmission can begin.
4. Termination of the link by an LCP frame, this is usually requested but can happen at any time due to network problems such as media problems, or other common interruptions.
PPP Authentication
The two most well-known methods of authentication with PPP are PAP (Password Authentication Protocol) and (Challenge Handshalke Authentication Protocol).
PAP
PAP provides a very basic method for authentication, using a two way handshake procedure, and transmitting the username and password by plaintext accross the network, PAP has proven to be very insecure, and is not often used with modern network. Because authentication is done by hammering the username and password accross the network until it has been accepted, the PAP authentication method is also prone to brute force attacks.
CHAP
CHAP uses a three-way handshake to verify the remote node, the implementation of CHAP allows for periodic verification challenges which boost it's security. It uses a special method of verifaction, the server sends the client a special ID, which is hashed using MD5 and is (theoretically) impossible to reverse-engineer. By using this initial hash, the client and the server keep a secure connection, and periodic verification provides a more secure environment against reply attacks.
Becuase of these reasons, CHAP is the preferred method for PPP authentication. Any questions can be posted in the forum.
____
synackall |
Copyright Open Source Institute, 2006 
