Full Paper - International Conference on Information

advertisement

Dynamic Password Authentication :

Design, Implementation and Comparison with CHAP

Detchasit Pansa

Abstract-Authentication is an important method for securing the networks. Many schemes aim to the highest security, and bring the system to be complex, high cost, and slow speed.

In this paper, we have introduced the Dynamic

Password Authentication which can operate more secure compare to other models such as CHAP model. This model also requires a lower cost compared to HTTPS. Moreover the proposed model can be applied to many purposes. We introduced the design of this model, and discussed its

II.

BACKGROUND

The CHAP (Challenge-Handshake Authentication Protocol) is an authentication protocol that has been developed for preventing a password capturing/sniffing [9]. Rather than sending a password in a plain text form, the CHAP will hash

(digest) the password in order to send it across networks. The

Figure 1. present the CHAP mechanism which is used in Cisco operational steps and its security. We also implemented the proposed model in both LAN and Internet environments using C#, PHP and Java Script. The cost on implementation for this model is very low because this model does not need to pay for certificate. We compared this model with the

CHAP model in both functional speed and security issues.

The highlight of the proposed model is that its mechanism is not complicate but secure.

Index Terms--Dynamic Password, Authentication,

CHAP, Network Security. routers [10].

I.

INTRODUCTION

The HTTPS [1][2] is widely used to protect a sensitive data especially passwords. In HTTPS' authentication step, password will be sent securely using SSL [3] mechanism. To install

HTTPS for web servers, we have to pay for real certificates.

Although self-signed certificates can be applied without any cost, they still be unsecure [4][5]. An uncomplicated model such as CHAP [6] is easy to implement with a low cost. However, it has big security holes [7], and unsuitable for open networks.

A purpose of this paper is to create an uncomplicated authentication model which can provide a high security level.

We have created the 'Dynamic Password Authentication' that have only eight operational steps. Each step has been design carefully because we want to emphasize in security issue. The design [8] and discussion of this model will be presented in

Section III. We have implemented and experimented it on

Windows environment. The experimental results were shown in

Section IV. We also compared the proposed model with the

CHAP model in Section V, and concluded it in Section VI.

Detchasit Pansa is a Lecturer in the Department of Information Technology,

Faculty of Informatics, Mahasarakham University, Mahasarakham, Thailand

(e-mail: detchasit@msu.ac.th).

ISBN: 978-0-9803267-6-5

Fig. 1.

CHAP model [10]

Process of CHAP is start with; the client (the R1 of Figure 1.) initiate a call to the server. The server will then generate a random number called 'challenge', and send it back to the client.

The 'challenge' sent from the server will be concatenated with client's password (the word 'cisco' of Step-4 in Figure 1.), and the result string will be pushed to MD5 hashing function. The hashing result, 'Hash value', will be sent to the server. In this point, the client can send its identity through the 'Hash value' instead of sending its password in clear text. In the server side, the server can verify whether client's password is correct or not by using the same algorithm as shown in Step-7. Hash values will be compare in Step-8. If the 'Hash value' generated by client is match with 'Hash value' generated by the server, the authentication will be success. In the next section, we will recall the design [8] of our model which contains easy steps but provides more secure compared to the CHAP model.

III.

DESIGN

We have developed the model by assigning the client to initiate and send a username (U1) to the server as you can see in

Step-1 of Fig. 2. Then, the sever will generate a random string

(S1) in Step-2 and send it to the client securely in Step-3. The random string, S1, residing in the Cipher can be sent securely because it was encoded using user's password as a key which is known by the server and by the client, but not by attackers.

Consequently, the client can obtain the random string by decoding the Cipher and store it into the S2 in Step-4. A dynamic password will be generated by concatenate the user's password (P1) and the random string (S2) altogether, and pass them into a hashing function. We define the processes from

Step-1 through Step-8 as a one authenticating session. In each authenticating session, a dynamic password will be different from dynamic passwords of other sessions because dynamic passwords depend on the random strings generated randomly in

Step-2 which cannot be repetitive.

Fig. 2.

The proposed model (Dynamic Password

Authentication)

The dynamic password (H1) will be sent to the server in

Step-5. After receiving client's dynamic password (H1), In

Step-6, the server will verify the dynamic password whether it was generated from the correct password or not by using the same algorithm as the algorithm used in the last line of Step-4.

The result called the expected dynamic password (H2). The server will then compare the result (H2) with the client's dynamic password (H1) in Step-7. If client's dynamic password match with expected dynamic password generated by the server, it is mean that the password is correct and the authentication is successful.

There are three tricks that we have added into the model; these are (1) the first line of Step-2, (2) the third line of Step-2, and (3) the Base64 functions appeared in Step-4 and Step-6.

Considering the first trick (the first line of Step-2), if we use

S1 = RandomStringArray() instead of

S1 = RandomByteArray(), each byte of the result (S1) will be in the range of Char(32) to

Char(128). Consequently, hackers which are able to capture/sniff the Cipher of Step-3 will be able to crack for users' real password. For example, hacker will crack Cipher by using the same function shown in the first line of Step-4:

S2 = Decode( Cipher , P1 ).

The hackers can brute force by change P1 increasing from 'a' to 'zzzzzzzzzzzzzzzzz'. With this brute forcing, hacker can include capital characters, numbers, and special character such as !@#$%^&* . During the brute forcing, the hackers will see the output (S2) in an array of bytes if P1 is incorrect, and see the output in an array of string if P1 is correct. We already proved this concept by writing a small script program to crack it, and we found that the real password can be cracked.

Considering the second trick (the third line of Step-2), if we remove the line:

If(U1 not exist) { P2 = RandomByteArray() } out from the processes in Step-2, hackers can bypass authentication by using blank username (U1="") and blank password (P1=""). This is because a function in the second line of Step-2 will store blank ("") to the P2. Consequently, the

Cipher of Step-2 will be generated by the blank key (P2="").

The function in the first line of Step-4 will generate S2 by using blank password (P1="") and Cipher sent from the server. With the same Cipher and the same password, the S2 will be equal to the S1. Consequently, H1 in Step-4 and H2 in Step-6 will contain the same value, and the authentication will be success.

Considering the last trick (the Base64 functions appeared in

Step-4 and Step-6). The S1 of Step-2 was generated from the

RandomByteArray(), thus the S2 of Step-4 will also be an array of bytes instead of a string and cannot concatenate with a P1 string in the last line of Step-4. To resolve this problem, we use the Base64 functions to transform an array of byte to be a string.

With these three tricks, the proposed model can operate correctly and securely.

IV.

IMPLEMANTATION AND EXPERIMENTAL

RESULTS

We have implemented the proposed model using C#

(Microsoft Visual Studio 2008) to simulate server and client, and test them in LAN environments. We have also implemented the proposed model using PHP and Java Script with AJAX style programming for testing in Internet environments. For testing across the internet, we place the server in Mahasarakham

University in Thailand, and run the client (browser) in the

University of Technology Sydney (UTS) in Australia.

Furthermore, we have implemented both software sets (C# on

LAN, and PHP on Internet) based on the CHAP model for comparing their results.

We conduct experiments by using the hardware and network infrastructures below:

- Computer server (CPU = Intel Core i5-3570K Processor

3.40GHz, RAM=32GB, OS=CentOS 6.3 for internet environment, OS=Windows Server 2008 for LAN environment)

- PC client (CPU = Intel Core i5-2300 Processor 3.10 GHz,

RAM=8GB, OS=Windows 7, Browser= Chrome)

- LAN speed = 1 Gbps

- Internet speed = 100 Mbps

We have evaluated their speed performance by taking experimentations for 40 times for each case of four cases. We have taken average on the 40 groups of raw data, and presented the final results in Table 1 and Figure 3.

Table 1.

Response times of authentication

Environments

Response Time (millisecond)

About encryption methods, we have used AES algorithm for encoding and decoding processes, and used SHA1 algorithm for hashing calculation. In our software prototypes based on C#, we can use AES and SHA1 directly because Microsoft Visual

Studio 2008 have provided these functions through its standard library. In contrast, in our software prototype based on web environment (PHP + Java Script), these encrypting and hashing functions (AES and SHA1) is not available on its default library.

We then implement our web applications by including the third party libraries. We have implemented AES function by including source codes and objects of AES function provided by http://www.movable-type.co.uk/scripts/aes-php.html.

Similarly, the SHA1 function can be downloaded from http://www.movable-type.co.uk/scripts/sha1.html, and it has been included with our web applications. With these third party libraries, our web-application prototypes are able to encode, decode, and hash the data.

In the LAN environment (C# application), we can measure response times by adding extra codes in client-side application to record 't1' and 't2'. The t1 will be recorded since client user presses the Enter button (after user fills username and password) before sending U1 of Step-1 (see Fig. 2). The t2 will be recorded after authentication is success and client have already received the message of Step-8 (see Fig. 2). The response time can be calculated from t2-t1, and we record it in millisecond.

In the internet environment (PHP and Java Script application), we cannot add any extra code into client programs because we use the Chrome browser, and we cannot modify it.

However, can measure response time by using the program called 'Wire Shark'. This program is a packet capturing/sniffing program (similar to Ethereal and Sniffer). We run it and let it to capture packets which are sent between browsers and web

Proposed Model CHAP Model

C# on LAN

PHP on Internet

Fig 3.

52.87

284.29

The graph below is a presentation created from information in Table 1.

263.52

Response times of authentications (in a graph presentation)

47.23 servers. The first packet of Step-1 in Fig. 2. can identify t1, and the last packet of Step-8 can identify t2. The time stamps on

Wire Shark can guide us to calculate the response time (t2-t1).

The proposed model is slightly slower than the CHAP model.

However, it can provide more secure obviously (see Section V for more details). Thus, in LAN which network speed is smoother than internet speed, the proposed model give a slightly longer response time compared to CHAP model. This is because the proposed model is more slightly complex, and requires more CPU's processing time compared to CHAP model. Considering internet environment, the result we expected is that our model should present a longer response time than in the CHAP model because it is more complex. We also expected that the response times of both models should be close together because internet delay is very long compared to calculation time of CPU for a one authenticating session. In the experimental results, however, CHAP model take time longer than our model. This phenomenon may resulted from a variance of internet traffics.

Apart from evaluating a functional speed, we also evaluate security level by using capturing the data, and cracking for passwords. For example, we can crack passwords by capturing the 'challenge' in Step-2, and the 'Hash value' in Step-5 of CHAP

model (see Figure 1). We use a powerful server which can calculate SHA1 approximately one million rounds per second.

We start with password length 1 through 8, and each cracking test will be no more than 14 days (2 weeks). Moreover, we do the cracking test with our proposed model as well. The result is shown in Table 2.

Table 2.

Time used for passwords cracking (no more than 14 days)

Password length

(bytes)

1

Time used for cracking

CHAP model

0.0003 second

Our proposed model

Not success for exchanging data messages over networks. Therefore, the two rounds of data encoding/decoding brings our model to operate slightly slower than the CHAP model.

A number of data hashing of the proposed model is two. This number is equal to CHAP model. A number of password searching of our model is one. This number is equal to the number appeared in CHAP model. Our model and CHAP model will generate random data only one time. A number of data comparing of our model is two while CHAP takes only one time.

The numbers we mentioned above will be shown in Table 3.

Table 3.

A number of each process

2 0.07 second Not success

Count

3 17 seconds Not success

Tasks

Dynamic Password CHAP

4 1.2 hours Not success

Message exchanging 4 4

5 13 days Not success

Encoding / Decoding 2 0

6 Not success Not success

Hashing 2 2

7 Not success Not success

Searching for password 1 1

8 Not success Not success

We can crack CHAP's password because its algorithm

Random data generating

Data comparing

1

2

1

1 generate 'Hash value' from the function:

MD5( password + challenge ), which is not strong enough. We can capture the 'challenge' from

Step-2 (see Figure 1.), and can capture 'Hash value' from Step-5.

Thus, we can crack it easily using running the 'password' with brute forcing technique.

B.

Security

In CHAP model, we found that its security hole is that hackers can capture/sniff the 'challenge' in Step-2, and the 'Hash value' in Step-5 of CHAP model (see Figure 1), and then hackers can perform a password cracking. There are many tools which can be use to crack CHAP's password, such as chapcrack

[11] and Cain & abel [12]. Moreover, information from security expert's website, www.securityfocus.com, tell us that this vulnerability is quite well known among hacker groups and network professional society. With this limitation, CHAP model

A.

V.

COMPARISON WITH CHAP

Complexity

The main point we consider are a number of messages exchanging across networks, a number of data encoding and data decoding, a number of data hashing, a number of data searching (e.g., searching for a password), a number of random data generating, and a number of data comparing.

A number of messages exchanging across network is the most cannot be applied to open networks. Nowadays, it only be used with point-to-point networks; e.g., an authentication between

Cisco routers.

Our proposed model has encrypted S1 in Step-2 to be the

Cipher (see Figure 2.) in order to send it across networks. Our proposed model also used SHA1 hashing function which is more stronger than MD5 appeared in the CHAP model. important because if network traffic is intensive, messages C.

Cost exchanging may take long time and may cause time out to an

Our proposed model require a low cost to implement. This authenticating process. Moreover the system which has many highlight is similar to CHAP model. However, our model can be messages exchanging will give a longer response time; applied for open network, e.g., authentication between web especially, messages exchanging over the internet link. The servers and clients. Thus, in this subsection, we would like to proposed model requires four times of messages exchanging. compare our model with HTTPS as well.

This number is equal to a number of messages exchanging in

In web security today, there is a popular use of HTTPS for an

CHAP model.

A number of data encoding/decoding of our model is two order to implement HTTPS on the servers securely, we have to while CHAP model does not require any data spend money for a certificate. Although we can use self-signed encoding/decoding. However, a CPU can calculate data certificate, it is not secure. Our model can be applied to web encoding/decoding very fast compared to the time which is used authentication between web servers and browsers. However, in

authentications with low cost. This is one of many advantages of our model. Table 4. shows information about cost comparison between our model, CHAP model, and HTTPS.

Table 4.

Cost for each authentication

Authentication Type

Cost Dynamic

Password CHAP HTTPS to build to buy to maintain to develop low low low low low low low low

-

High low

-

D.

Application

We can apply the proposed model to many environments such as authenticating between routers, database servers, web servers, and many servers in the future. However, the CHAP should be used only in a closed network such as point-to-point communication. The comparisons are shown in Tables 5.

Table 5.

Environments that can be applied

Usage

Model

Dynamic Password CHAP

Between Routers

LAN (e.g., DB Server)

Support

Support

Support

Not secure

Internet (e.g., web server) Support Not secure

Future system Can support Not secure

In this section, we have compared the proposed model with

CHAP model in many issues. We found that the proposed model is more secure, low cost, can be applied to many environments, and still maintain functional speed.

REFERENCES

[1] Durumeric, Zakir, James Kasten, Michael Bailey, and J. Alex Halderman.

"Analysis of the HTTPS certificate ecosystem." In Internet Measurement

Conference. 2013.

[2] Dyllan, Shwan, Hichem Dahimene, Phillip Wright, and Perry Xiao.

"Analysis of HTTP and HTTPS Usage on the University Internet

Backbone Links." Journal of Industrial and Intelligent Information Vol 2, no. 1 (2014).

[3] Freier, Alan, Philip Karlton, and Paul Kocher. "The secure sockets layer

(SSL) protocol version 3.0." (2011).

[4] Georgiev, Martin, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan

Boneh, and Vitaly Shmatikov. "The most dangerous code in the world: validating SSL certificates in non-browser software." In Proceedings of the 2012 ACM conference on Computer and communications security, pp. 38-49. ACM, 2012.

[5] Vratonjic, Nevena, Julien Freudiger, Vincent Bindschaedler, and

Jean-Pierre Hubaux. "The inconvenient truth about web certificates." In

Economics of Information Security and Privacy III, pp. 79-117. Springer

New York, 2013.

[6] "Challenge-Handshake Authentication Protocol", http://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Prot ocol, 2014

[7] Youssef, M. W., and Hazem El-Gendy. "Securing Authentication of

TCP/IP Layer Two By Modifying Challenge-Handshake Authentication

Protocol." Advanced Computing 3, no. 2 (2012).

[8] Pansa, D., and Chomsiri, T., "Dynamic Password Authentication:

Designing step and security analysis". 7th International Conference on

Computing and Convergence Technology (ICCCT), pp. 518-523, IEEE,

2012.

[9] Liu, Dongtao. "Enhanced Password Security on Mobile Devices." PhD diss., Duke University, 2013.

[10] "PPP Authentication Using the ppp chap hostname and ppp authentication chap callin Commands", http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol

-ppp/10241-ppp-callin-hostname.html

[11] chapcrack, https://github.com/moxie0/chapcrack

[12] oxid.it - Cain & Abel, http://www.oxid.it/cain.html

VI.

CONCLUSION

In this paper, we have introduced the 'Dynamic Password

Authentication' model which can operate more secure than

CHAP model, and requires lower cost than HTTPS. This model can be applied to many environments and many purposes. We have presented its design, and discussed its operational steps.

We have implemented the proposed model in both LAN and

Internet environments using C# and PHP respectively. The cost for implementing the proposed model as low as CHAP's cost because both models do not need to pay for certificate. We have compared the proposed model with CHAP model in both functional speed and security issues. The proposed model is slightly more complex and take more time computation compared to CHAP model. The highlight of the proposed model is that its mechanism is not complicate but more secure.

Download