Abstract
We describe an efficient cross-protocol attack, which enables an attacker to learn the VPN session key shared between a victim client and a VPN endpoint. The attack recovers the key which is used to encrypt and authenticate VPN traffic. It leverages a weakness of the RADIUS protocol executed between a VPN endpoint and a RADIUS server, and allows an “insider” attacker to read the VPN traffic of other users or to escalate its own privileges with significantly smaller effort than previously known attacks on MS-CHAPv2.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Recall here that in the basic setting we assume that the attacker is an “insider”, which aims at learning the key \(k_\mathsf {MPPE}\) of the victim in order to read the traffic or to escalate its own privileges.
- 2.
“Magic server to client constant”.
- 3.
“Pad to make it do more than one iteration”.
References
The Point-to-Point protocol (PPP). RFC 1661, IETF, July 1994
Aboba, B.D., Calhoun, P.: RADIUS (remote authentication dial in user service) support for extensible authentication protocol (EAP). RFC 3579, IETF, September 2003
Amy, V.: The state of the art in key cracking (2016). https://www.voltage.com/breach/the-state-of-the-art-in-key-cracking/
Eisinger, J.: Exploiting known security holes in microsoft’s PPTP authentication extensions (MS-CHAPv2). University of Freiburg [cit. 27 May 2008], Dostupné (2001)
Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W., Zorn, G.: Point-to-Point tunneling protocol. RFC 2637, IETF, July 1999
Hanks, S., Li, T., Farinacci, D., Traina, P.: Generic routing encapsulation (GRE). RFC 1701, IETF, October 1994
Marlinspike, M.M., Hulton, D., Ray, M.: Defeating PPTP VPNs and WPA2 enterprise with MS-CHAPv2. Defcon, July 2012
Ornaghi, A., Valleri, M.: Man in the middle attacks demos. Blackhat 19 (2003)
Pall, G., Zorn, G.: Microsoft Point-To-Point encryption (MPPE) protocol. RFC 3078, IETF, March 2001
Paterson, K.G., Poettering, B., Schuldt, J.C.N.: Big bias hunting in amazonia: large-scale computation and exploitation of RC4 biases (invited paper). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 398–419. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45611-8_21
Project, F.S.: Freeradius server. http://freeradius.org
Rigney, C., Willens, S., Rubens, A., Simpson, W.: Remote authentication dial in user service (RADIUS). RFC 2865, IETF, June 2000
Schneier, B., Mudge, P.: Cryptanalysis of microsoft’s point-to-point tunneling protocol (PPTP), pp. 132–141. In: CCS (1998)
Site, T.O.P.: Detailed VPN comparison chart. https://thatoneprivacysite.net/vpn-comparison-chart/
Zorn, G.: Microsoft PPP CHAP extensions, version 2. RFC 2759, IETF, January 2000
Zorn, G.: Deriving keys for use with microsoft Point-to-Point encryption (MPPE). RFC 3079, IETF, March 2001
Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M., Goyret, I.: RADIUS attributes for tunnel protocol support. RFC 2868, IETF, June 2000
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Horst, M., Grothe, M., Jager, T., Schwenk, J. (2016). Breaking PPTP VPNs via RADIUS Encryption. In: Foresti, S., Persiano, G. (eds) Cryptology and Network Security. CANS 2016. Lecture Notes in Computer Science(), vol 10052. Springer, Cham. https://doi.org/10.1007/978-3-319-48965-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-48965-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48964-3
Online ISBN: 978-3-319-48965-0
eBook Packages: Computer ScienceComputer Science (R0)