Planet Technology ERT-805 PPP authentication using PAP, PPP authentication using CHAP

ØPPP has a method for encapsulating multi-protocol datagrams

ØLink Control Protocol (LCP) establishes, configures, authenticates and testing the data-link connection.

ØNetwork Control Protocol (NCP) establish and configure different network-layer protocol. PPP provides two authentications which is:

ØPassword Authentication protocol (PAP)

ØChallenge Handshake Authentication protocol (CHAP)

PAP is using two-way handshake to establish its identity. After PPP link establishment is complete, the authenticator repeatedly sends username and password until the authentication is acknowledged or the connection is terminated.

PAP is not an authentication protocol because password is sends cross the link by clear text and it’s not protection from playback.

CHAP is using three way handshakes to establish it identify. After the PPP link is establishment is complete, the server sends challenge to the remote node. The remote note responds with a value calculated by using a one-way hash function (typically MD5). The server checks the response against its own calculation of expected hash value. If the values match, the authentication is acknowledged. CHAP is more secured then PAP because it is supports protection against playback attack through the use of a variable challenge value that is unique and unpredictable. The use of repeated challenges is intended to limit the time of exposure to any single attack. The access server is in control of the frequency and timing of the challenges.

The following is showing a typical PPP session.

23