Authentication servers: RADIUS TACACS

1
Authentication servers RADIUSTACACS

• CS772
• Fall 2007

2

• User, through a initiates PPP authentication to
  the NAS.
• NAS prompts for username and password (if
  Password Authentication Protocol PAP) or
  challenge (if Challenge Handshake Authentication
  Protocol CHAP).
• User replies.
• RADIUS client sends username and encrypted
  password to the RADIUS server.
• RADIUS server responds with Accept, Reject, or
  Challenge.
• The RADIUS client acts upon services and services
  parameters bundled with Accept or Reject.

3

• User, through a initiates PPP authentication to
  the NAS.
• NAS prompts for username and password (if
  Password Authentication Protocol PAP) or
  challenge (if Challenge Handshake Authentication
  Protocol CHAP).
• User replies.
• RADIUS client sends username and encrypted
  password to the RADIUS server.
• RADIUS server responds with Accept, Reject, or
  Challenge.
• The RADIUS client acts upon services and services
  parameters bundled with Accept or Reject.

4
Radius Introduction

• RADIUS (Remote Authentication Dial In User
  Service)
• A server for remote user authentication and
  accounting. Its primary use is for Internet
  Service Providers, though it may as well be used
  on any network that needs a centralized
  authentication and/or accounting service for its
  workstations.
• http//www.gnu.org/software/radius/introduction
• Authentication Schemes
• user supplies his authentication data to the
  server either directly by answering the terminal
  server's login/password prompts
• server obtains the user's personal data from one
  of the following places
• System Database
• The user's login and password are stored in
  /etc/passwd on the server
• Internal Database
• The user's login ID, password etc. are stored in
  the internal radius database. The user's password
  is stored in encrypted form using either MD5 or
  DES hash, whichever is appropriate
• SQL authentication
• User's details are stored in an SQL database. The
  database structure is fully determined by the
  system administrator, Radius does not restrict it
  in any way.
• PAM authentication
• User is authenticated via PAM (Pluggable
  Authentication Service) framework.

5
RADIUS Introduction ( contd.)

• Radius has three built-in accounting schemes
• Unix accounting
• Accounting data are stored in radutmp/radwtmp
  files and can be viewed using radwho and radlast
  commands. Both commands are upward compatible
  with their Unix counterparts who and last.
• Detailed accounting
• The detailed accounting information is stored in
  plain text format. The resulting files can easily
  be parsed using standard text processing tools
  (grep, awk, etc.)
• SQL accounting
• Upon receiving accounting information Radius
  stores it in an SQL database. This can then be
  processed using standard SQL queries.
• Radius is extensible and new accounting methods
  can be added using the extension language.

6
RADIUS Protocol

• http//www.untruth.org/josh/security/radius/radiu
  s-auth.html (Analysis)
• http//www.ietf.org/rfc/rfc2865.txt
  (specification)

7
Why use RADIUS?

• It is commonly used for embedded network devices
  such as routers, modem servers, switches, etc. It
  is used for several reasons
• The embedded systems generally cannot deal with a
  large number of users with distinct
  authentication information.
• RADIUS facilitates centralized user
  administration, which is important for several of
  these applications. Many ISPs have tens of
  thousands, hundreds of thousands, or even
  millions of users.
• RADIUS consistently provides some level of
  protection against a sniffing, active attacker.
  Other remote authentication protocols provide
  either intermittent protection, inadequate
  protection or non-existent protection. RADIUS's
  primary competition for remote authentication is
  TACACS and LDAP. LDAP natively provides no
  protection against sniffing or active attackers.
  TACACS is subtly flawed.

8
RADIUS Issues

• The User-Password protection scheme is a
  stream-cipher, where an MD5 hash is used as an ad
  hoc pseudorandom number generator (PRNG). The
  security of the cipher rests on the strength of
  MD5 for this type of use and the selection of the
  shared secret.

9
(No Transcript)
10
Side issue Stream Ciphers

• A stream cipher is a type of symmetric encryption
  algorithm. Stream ciphers can be designed to be
  exceptionally fast, much faster than any block
  cipher .
• While block ciphers operate on large blocks of
  data, stream ciphers typically operate on smaller
  units of plaintext, usually bits. With a stream
  cipher, the transformation of these smaller
  plaintext units will vary, depending on when they
  are encountered during the encryption process.
• A stream cipher generates what is called a
  keystream (a sequence of bits used as a key).
  Encryption is accomplished by combining the
  keystream with the plaintext, usually with the
  bitwise XOR operation.
• Current interest in stream ciphers is most
  commonly attributed to the appealing theoretical
  properties of the one-time pad. A one-time pad
  uses a string of bits that is generated
  completely at random. The keystream is the same
  length as the plaintext message and the random
  string is combined using bitwise XOR with the
  plaintext to produce the ciphertext. Since the
  entire keystream is random, even an opponent with
  infinite computational resources can only guess
  the plaintext if he or she sees the ciphertext.
• Stream ciphers were developed as an approximation
  to the action of the one-time pad. While
  contemporary stream ciphers are unable to provide
  the satisfying theoretical security of the
  one-time pad, they are at least practical.
• As of now there is no stream cipher that has
  emerged as a de facto standard. The most widely
  used stream cipher is RC4. Interestingly, certain
  modes of operation of a block cipher effectively
  transform it into a keystream generator and in
  this way, any block cipher can be used as a
  stream cipher as in DES in CFB or OFB modes
  However, stream ciphers with a dedicated design
  are typically much faster.

11
Side Issue PAP

• Password Authentication Protocol, sometimes
  abbreviated PAP, is a simple authentication
  protocol used to authenticate a user to a network
  access server used for example by internet
  service providers. PAP is used by Point to Point
  Protocol. Authentication is a process of
  validating a user before accessing the resources.
  Almost all network operating system remote
  servers support PAP.
• PAP transmits unencrypted ASCII passwords over
  the network and is therefore considered insecure.
  It is used as a last resort when the remote
  server does not support a stronger authentication
  protocol, like CHAP or EAP (while the last is
  actually a framework).
• PAP works as follows
• 1. After the link is established, the client
  sends a password and username to the server
  bundled as one LCP packet.
• 2. The server (the modem card in the modem racks)
  recognizes the packet as a PAP authentication
  request, and sends the data to the RADIUS server
  (the database of usernames and passwords).
• 3. RADIUS either validates the request and sends
  back an acknowledgement to the modem card,
  terminates the connection, or offers the client
  another chance. Passwords are sent as plain text.
  
• The difference between PAP authentication and a
  manual or scripted login, is that PAP is not
  interactive. The username and password are
  entered in the client's dialing software and sent
  as one data package as soon as the modems have
  established a connection, rather than the server
  sending a login prompt and waiting for a
  response.

12
Side Issue CHAP

• CHAP (Challenge-Handshake Authentication
  Protocol) is a more secure procedure for
  connecting to a system than the Password
  Authentication Procedure (PAP).
• Here's how CHAP works
• After the link is made, the server sends a
  challenge message to the connection requestor.
  The requestor responds with a value obtained by
  using a one-way hash function.
• The server checks the response by comparing it
  its own calculation of the expected hash value.
• If the values match, the authentication is
  acknowledged otherwise theconnection is usually
  terminated.
• At any time, the server can request the connected
  party to send a new challenge message. Because
  CHAP identifiers are changed frequently and
  because authentication can be requested by the
  server at any time, CHAP provides more security
  than PAP. RFC1334 defines both CHAP and PAP.

13
TACACS

• A major paradigm shift in remote network access
  is the shift from terminal access to LAN access.
  Single users are connecting to the corporate
  network with computers (notebooks or PCs from
  home) that can sustain complete network
  connections. These users no longer connect as
  unfriendly terminals but connect in the same way
  they do at work as a LAN user.
• TACACS (Terminal Access Controller
  Access-Control System Plus) is a protocol which
  provides access control for routers, network
  access servers (NAS) and other networked
  computing devices via one or more centralized
  servers. TACACS provides separate
  authentication, authorization and accounting
  services.
• Whereas RADIUS combines authentication and
  authorization in a user profile, TACACS
  separates the two operations. Another difference
  is that TACACS uses the Transmission Control
  Protocol (TCP) while RADIUS uses the User
  Datagram Protocol (UDP). Most administrators
  recommend using TACACS because TCP is seen as a
  more reliable protocol.
• http//www.cisco.com/warp/public/614/7.html

14
(No Transcript)
15

• Advantages of the TACACS Protocol
• TCP-based for more security
• Provide three separate protocol components, each
  of which can be implemented on separate servers
• Authentication provides complete server control
  of the authentication process, which includes
• login and password query
• Challenge/response
• Messaging support (any)
• Encrypted in MD5
• Replaceable with Kerberos 5
• Authorization allows "remote" access control and
  enhanced granularity. Features include
• One authentication
• Authorization for each service
• Per-user access list and user profile
• Users can belong to groups
• IP and Telnet support (IPX, ARA future)
• Any access or command and permission or
  restrictions

16
Examples of the "AAA" Functionality

• The authorization component in TACACS allows
  greater levels of control over user actions and
  can be used to create separate administrative
  groups that are based on user functionality.
• For example, a network manager might want to
  restrict a user to perform certain functions on
  the access server or router. Within the access
  server, a user might be restricted to PPP or SLIP
  and only be permitted to connect to a specific
  host address.
• Another example of the flexibility of the
  authorization subsystem is forcing a user to
  connect to a particular host if an attempt is
  made to connect to a specific host. In the case
  of the router's command line user interface, a
  restriction might be placed on executing
  particular EXEC commands such as reload.
• The authentication protocol can also generate an
  autocommand. Once a user is authenticated, this
  runs any command within the access server system
  and is very powerful for complete access
  management. Network managers can use the
  accounting component to track user activity for a
  security audit trail or to provide billing
  information. A report might be structured to
  provide user identity, start and stop times,
  executed commands, number of packets, and number
  of bytes.
• Password aging is another example of the
  capabilities that are now available with TACACS.
  A server supporting TACACS can send a message
  back to users, telling them to change their
  passwords as part of the login sequence. They
  will not be allowed access unless they change
  their passwords at that time.

17
Vulnerabilities

• Lack of integrity checking. Almost no integrity
  checking exists in TACACS. The only check
  defined in the RFC draft is to make sure the sum
  of component lengths matches the total size of
  the packet.
• Vulnerability to replay attacks.
• TACACS lacks virtually any protection against
  replay attacks. The only requirement is that
  packets have a correct sequence number.
• Since all TACACS sessions start with a sequence
  number of 1 (not a vulnerability in and of
  itself), the TACACS server will always process a
  packet with seq_no set to 1.
• Especially easy to replay are accounting
  sessions, which consist of only one packet sent
  to the server (with a seq_no of 1). Obviously, it
  is also possible to replay the packets with
  certain bits flipped, such as to get different
  task_id's in case a billing system is smart
  enough to check for duplicate records.
• The fact that TACACS uses TCP provides no
  security against replay, as new TCP connections
  may be opened by an attacker for replaying
  recorded TACACS sessions.