Breaking PPTP VPNs via RADIUS Encryption

نویسندگان

  • Matthias Horst
  • Martin Grothe
  • Tibor Jager
  • Jörg Schwenk
چکیده

We describe an efficient cross-protocol attack, which enables an attacker to learn the VPN session key shared between a victim client and a VPN endpoint. The attack recovers the key which is used to encrypt and authenticate VPN traffic. It leverages a weakness of the RADIUS protocol executed between a VPN endpoint and a RADIUS server, and allows an “insider” attacker to read the VPN traffic of other users or to escalate its own privileges with significantly smaller effort than previously known attacks on MS-CHAPv2.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Breaking PPTP VPNs via RADIUS Encryption

We describe an efficient cross-protocol attack, which enables an attacker to learn the VPN session key shared between a victim client and a VPN endpoint. The attack recovers the key which is used to encrypt and authenticate VPN traffic. It leverages a weakness of the RADIUS protocol executed between VPN endpoint and RADIUS server, and allows an “insider” attacker to read the VPN traffic of othe...

متن کامل

Design Alternatives for Virtual Private Networks

Virtual private networks (VPNs) are becoming more and more important for all kinds of businesses with a wide spectrum of applications and configurations. This paper presents the basic concepts related to VPNs. These include the different types of VPN services, namely Intranet, Extranet and Remote Access VPNs. The concept of tunneling, which is fundamental in VPNs, is discussed in great detail. ...

متن کامل

Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6

A Virtual Private Network (VPN) can be defined as a way to provide secure communication between members of a group through use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. This work examines and empirically evaluates the remote access VPNs, namely Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling P...

متن کامل

Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)

The Point-to-Point Tunneling Protocol (PPTP) is used to secure PPP connections over TCP/IP link. In response to [SM98], Microsoft released extensions to the PPTP authentication mechanism (MSCHAP), called MS-CHAPv2. We present an overview of the changes in the authentication and encryption-key generation portions of MSCHAPv2, and assess the improvements and remaining weaknesses in Microsoft’s PP...

متن کامل

Exploiting known security holes in Microsoft’s PPTP Authentication Extensions (MS-CHAPv2)

The implementation of the Point to Point Tunneling Protocol (PPTP) from Microsoft using MS-CHAPv2 and Microsoft Point to Point Encryption (mppe) is widely used to secure and control access to wireless networks. We show why the MS-CHAPv2 protocol is not suitable for user authentication in a heterogenous Unix network context.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2016