Lecture 3.1: Handling Remote Access: RADIUS Motivation

More documents

Recommendations

Info

Attacking the password of a user FIRST STEP: as previous case, but with valid user ID: RADIUS server Victim User-ID NAS Access-Request XOR (password) Arbitrary Password (< 16 bytes) Giuseppe Bianchi User-Password attribute (16 bytes) MD5(secret, RequestAuth) SECOND STEP: Attacker now able to “encrypt” the user password!! May exploit: 1) lack of upper limit on authentication rate at server-side (limits imposed on clients are by-passed) 2) RADIUS servers typically do not check for authenticator reuse Works only with 16 or less byte passwords (most cases) Giuseppe Bianchi Spoofed Access-Request, with: New-passwords XOR MD5(secret, RequestAuth) poor PRNG implementations Replay Attacks Security of radius depends on the uniqueness and non-predictable generation of the Request Authenticator Some implementations exploit poor Pseudo-Random Number Generators (PRNGs) Short cycles, predictable Immediate exploitation: replay attack: authenticate/authorize an illegal user with no valid password Valid users NAS Access-Request (Request authenticator) Access-Accept (Response authenticator) Dictionary of ReqAuth/RespAuth Access-Request (ReqAuth in dictionary) Access-Accept (corresponding RespAuth) 18
poor PRNG implementations Attack to Customer passwords /1 Passively monitor the network traffic allows to build a dictionary of Request Authenticators and the associated (protected) User-Password attributes Valid users NAS Access-Request (Request authenticator) Dictionary of ReqAuth/User-Password Repeated Request Authenticator observed XOR previous user-password with new user-password From different users Result: since ReqAuth is the same (user-password #1) XOR (user-Password #2) = = [pw_user1 XOR MD5(secret,ReqAuth)] XOR [ps_user2 XOR MD5(secret,ReqAuth)] = = pw_user1 XOR pw_user2 BUT passwords from different users differ in length: last characters of longer password are put in clear!! Password sizes are known!! Now intelligent dictionary attack (guided by improper habits to select passwords with low entropy) may clear passwords Giuseppe Bianchi poor PRNG implementations Attack to Customer passwords /2 ACTIVELY submit known passwords to add known passwords to the dictionary of Request Authenticators and the associated (protected) User-Password attributes Arbitrary pw NAS Giuseppe Bianchi Access-Request (Request authenticator) Dictionary of ReqAuth/User-Password If customer Access-Request uses a Request Authenticator already in the dictionary linked to a KNOWN password, customer password gets known! Since ReqAuth is the same (User-password from customer) XOR (user-Password from attacker) = = [pw_user XOR MD5(secret,ReqAuth)] XOR [known_pw XOR MD5(secret,ReqAuth)] = = pw_user XOR known_pw pw_user in clear 19
Page 1 and 2: Giuseppe Bianchi Lecture 3.1: Handl
Page 3 and 4: RADIUS Security features Per-packet
Page 5 and 6: packet format Code: type of radius
Page 7 and 8: Native User-Password Step 1: paddin
Page 9 and 10: PPP CHAP support with RADIUS CHAP
Page 11 and 12: Properties of a good hash function
Page 13 and 14: Message digest size Must be conside
Page 15 and 16: RADIUS Security Weaknesses Recommen
Page 17: Attack to shared secret based on Us
Page 21 and 22: Giuseppe Bianchi Giuseppe Bianchi A
Page 23 and 24: Why “duplicating duplicating”
Page 25: Diameter improvements at a glance /

Lecture 3.1: Handling Remote Access: RADIUS Motivation

Create successful ePaper yourself

Delete template?

Save as template?