Lecture Four

Authentication in
(Point to Point Protocol)

By
Eng.Dr. Alaa I. Al-Muttairi
2020/2021
Lecture Outlines

1- LCP extra configuration options.

2- PPP authentication protocols:-
LCP extra configuration options

In the previous lecture, you were introduced to LCP options you

can configure to meet specific WAN connection requirements.
PPP may include the following LCP options :-
LCP extra configuration options
PPP Authentication Protocol

 There are many advantages to using PPP, including

the fact that it is not proprietary. Moreover, it
supports PAP and CHAP authentication.

 PPP define two authentication protocols :-

1- Password Authentication Protocol.
2- Challenge Handshake authentication
protocol.
 PPP Authentication Protocol.

 In general , authentication phase in PPP is optional.

 It carried after link establishment and choose

authentication protocol.

 It carried before NCP configuration Phase.

 Password Authentication Protocol.

 PAP is a basic two-way process.

 There is no encryption because the username and

password are sent in plain text.

 User name and password pair are sent as LCP data

package to the identify remote terminal.

 That is , the initiator node is repeatedly sends

(username and password) until the remote node
acknowledges it or terminates the connection.
 Password Authentication Protocol.

 The receiving node ( router ) checks the username-

password . It either allows or denies the connection.
An accept or reject message is returned to the
requester (initiator).

 Figure 2-36 explain this idea.

 PAP is not a strong authentication protocol because

passwords are sent across the link in clear text. Also,
there is no protection from playback or trial-and-error
attacks.
Password Authentication Protocol.
 Password Authentication Protocol.

 Figure 2-36 explain this idea.

Password Authentication Protocol.
 CHAP Authentication Protocol.

 Challenge Handshake Authentication Protocol

(CHAP) is more secure then PAP.

 It involve a three-way exchange of a shared secret.

 PAP authenticates only once at the starting of session.

This leaves the network vulnerable to attack.

 Whereas , CHAP conducts periodic challenges to

make sure that the remote node still has valid
password value.
 CHAP Authentication Protocol.

 After PPP link establishment phase is complete , the

local router sends a challenge message to the remote
node.

Remote Router Local Router

 CHAP Authentication Protocol.

 The remote router responds with a value calculated

using a one-way hash function (MD5).this algorithm
use both the secret password and challenge message (
random number ) to generate hash value.

Remote Router Local Router

hash value
 CHAP Authentication Protocol.

 Then the local router checks the response against its

own calculation of the expected hash value. If the
values match, the initiating node acknowledges the
authentication. otherwise, it immediately terminates
the connection.
CHAP Authentication Protocol.
 H.W
Solve all the questions of chapter two
pp.122 to pp.126
in the reference book
Thank you