computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, hardware and softw ...

, the Challenge-Handshake Authentication Protocol (CHAP) is an

authentication protocol An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiving entity to authenticate the connecting entity ...

originally used by

Point-to-Point Protocol In computer networking, Point-to-Point Protocol (PPP) is a data link layer (layer 2) communication protocol between two routers directly without any host or any other networking in between. It can provide loop detection, authentication, transmissio ...

(PPP) to validate users. CHAP is also carried in other authentication protocols such as

RADIUS In classical geometry, a radius (: radii or radiuses) of a circle or sphere is any of the line segments from its Centre (geometry), center to its perimeter, and in more modern usage, it is also their length. The radius of a regular polygon is th ...

and

Diameter In geometry, a diameter of a circle is any straight line segment that passes through the centre of the circle and whose endpoints lie on the circle. It can also be defined as the longest Chord (geometry), chord of the circle. Both definitions a ...

. Almost all

network operating system A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall. Historically operating systems with networking capabilities were described as network operating systems, because they ...

s support PPP with CHAP, as do most

network access server A network access server (NAS) is a group of components that provides remote users with a point of access to a network. Overview A NAS concentrates dial-in and dial-out user communications. An access server may have a mixture of analog and digita ...

s. CHAP is also used in

PPPoE The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for Encapsulation (networking), encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It appeared in 1999, in the context of the boom of DSL as the solu ...

, for authenticating DSL users. As the PPP sends data unencrypted and "in the clear", CHAP is vulnerable to any attacker who can observe the PPP session. An attacker can see the user's name, CHAP challenge, CHAP response, and any other information associated with the PPP session. The attacker can then mount an offline

dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or ...

in order to obtain the original password. When used in PPP, CHAP also provides protection against

replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...

s by the peer through the use of a challenge which is generated by the authenticator, which is typically a

. Where CHAP is used in other protocols, it may be sent in the clear, or it may be protected by a security layer such as

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...

(TLS). For example, when CHAP is sent over

using

User Datagram Protocol In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in Network packet, packets) to other hosts on an Internet Protoco ...

(UDP), any attacker who can see the RADIUS packets can mount an offline

, as with PPP. CHAP requires that both the client and server know the clear-text version of the password, although the password itself is never sent over the network. Thus when used in PPP, CHAP provides better security as compared to

Password Authentication Protocol Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point-to-Point Protocol (PPP) to validate users. PAP is specified in . Almost all network operating systems support PPP with PAP, as do most network access s ...

(PAP) which is vulnerable for both these reasons.

Benefits of CHAP

When the peer sends CHAP, the authentication server will receive it, and obtain the "known good" password from a database, and perform the CHAP calculations. If the resulting hashes match, then the user is deemed to be authenticated. If the hashes do not match, then the user's authentication attempt is rejected. Since the authentication server has to store the password in clear-text, it is impossible to use different formats for the stored password. If an attacker were to steal the entire database of passwords, all of those passwords would be visible "in the clear" in the database. As a result, while CHAP can be more secure than PAP when used over a PPP link, it prevents more secure storage "at rest" than with other methods such as PAP.

Variants

MS-CHAP MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, (CHAP). Versions The protocol exists in two versions, MS-CHAPv1 (defined in ) and MS-CHAPv2 (defined in ). MS-CHAPv2 was introduced with pptp3-fix that was in ...

is similar to CHAP but uses a different hash algorithm, and allows for each party to authenticate the other.

Working cycle

CHAP is an authentication scheme originally used by

(PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the

client Client(s) or The Client may refer to: * Client (business) * Client (computing), hardware or software that accesses a remote service on another computer * Customer or client, a recipient of goods or services in return for monetary or other valuable ...

by using a

three-way handshake The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is common ...

. This happens at the time of establishing the initial link (LCP), and may happen again at any time afterwards. The verification is based on a

shared secret In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. This usually refers to the key of a symmetric cryptosystem. The shared secret can be a PIN code, a password, a passphrase, a b ...

(such as the client's password). # After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer. # The peer responds with a value calculated using a

one-way hash function A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptographic application: * the probability of a particula ...

on the challenge and the secret combined. # The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection. # In PPP, the authenticator may send a new challenge at random intervals to the peer and repeats steps 1 through 3. However, when CHAP is used in most situations (e.g.

), this step is not performed.

CHAP packets

The ID chosen for the random challenge is also used in the corresponding response, success, and failure packets. A new challenge with a new ID must be different from the last challenge with another ID. If the success or failure is lost, the same response can be sent again, and it triggers the same success or failure indication. For

MD5 The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as Request for Comments, RFC 1321. MD5 ...

as hash the response value is MD5(ID, , secret, , challenge), the MD5 for the concatenation of ID, secret, and challenge.

References

External links

* PPP Challenge Handshake Authentication Protocol (CHAP) * Remote Authentication Dial In User Service (