WARD.NU - DynChap: Dynamic Chap authentication

Preliminary version. Use at your own risk. For more information, see download.

DynChap: Dynamic Chap authentication
DynChap provides an additional pseudo hardware token based authentication layer for virtual private networks.
Version 0.30 (20060924)
Written by Ward van Wanrooij (ward@ward.nu, http://www.ward.nu)

Most recent version available at http://www.ward.nu/computer/dynchap.

Contents

Back to WWW.WARD.NU
Introduction
Screenshots
Features
Statement on security
Installation and usage
Download
Links
History

Introduction

DynChap authentication consists of three modules:

Plug-in for PPPD, in C

Dialer for Windows (98-XP), in Delphi

Dialer for OS X as plugin to PPPD, in Objective C

Hash generator for mobile phones, in J2ME

Together these modules can extend your VPN authentication with a new layer using a pseudo hardware token.
Typical usage scenario: You have the need to implement VPN access for your network users. Of couse, you want to implement this in a secure way on your already existent Linux firewall. So you compile the PoPToP PPTPD, upgrade your PPPD, install DKMS and the MPPE kernel module, tweak your configuration files and firewall rules. Because you enabled only the MSCHAP-V2 authentication protocol and MPPE stateless encryption, technically your network is unbreakable. However, you are still vulnerable because of your users. Examples:

User choosing a weak, already used or even compromised password.
User saving his password in the Windows connection dialog.
User scribbling his password on his desk/post-it-note/phone.
Theft of laptop with saved password.
Third party usage of the saved or scribbled password.

Clearly the user security vulnerability can never be completely resolved, however it can be minimized. DynChap authentication uses the user's mobile phone to generate a hash that needs to be entered along with the user's password in a custom connection dialogue. Upon connecting, the VPN verifies the authenticity of the hash. The hash is generated from a serial (by default 32 printable characters) stored in the J2ME based mobile phone and the current time; the VPN server compares this hash against the serial and current time, minus or plus a small deviation (by default 2 minutes). If the username, password and hash match, access is granted and the custom dialer is closed, the connection can now be controlled like an ordinary VPN connection.
By implementing DynChap you have raised the security from "something-you-know-or-have-saved" to "something-you-know" and "something-you-have", without expensive investments in proprietary software and hardware tokens.

Screenshots

Contents

Statement on security

No cryptographic analysis has been performed on the implementation of DynChap. I am not a cryptographer or mathematician. The hash is calculated from the MD5 of the serial (default 32 characters) and current date/time (12 characters). Four bytes are extracted from the hash (3rd, 7th, 11th and 15th byte) and converted to hexadecimal digits. The resulting string is the hash. The serial is stored once in the J2ME mobile phone and is inaccessible to other J2ME applications or end-user applications. Even if the serial is extracted from the hardware using e.g. a flash reader, the default password authentication still applies. Use with caution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Contents

Features

Easy to install shared object plugin for PPPD. No source patches necessary.

Easy to use dialer for Windows. The dialer uses standard RAS API calls to control the connection and as such requires no additional DLLs.

Easy to use dialer for OS X. The dialer integrates into Internet Connect.

Compatible J2ME hash generator (pseudo hardware token), conforming to MIDP 1.0/CDLC 1.0 specification: basically it runs on any phone having some Java implementation.

Free. Dialer Windows: BSD; Token: BSD; PPPD Plugins: GPL

Coexists with regular CHAP authentication.

Contents

Installation and usage

First, make sure you have a working PPTPD/PoPToP configuration and you can connect from a Windows machine to this configuration successfully. In your Windows VPN connection, set "Security options" to "Advanced (custom settings)" and "Data encryption" to "Maximum strength encryption (disconnect if server declines)" and only allow the protocol "Microsoft CHAP Version 2 (MS-CHAP v2)". Create a user (e.g. tester) in /etc/ppp/chap-secrets and connects using this connection. If it does not work, fix this first before going further.
Server

Compile dynchap.so from source or use the compiled version and copy the resulting shared object to your pppd lib directory (e.g. copy to /usr/lib/pppd/2.4.3/dynchap.so).

Modify your pptpd-pppd options file (e.g. /etc/ppp/options.pptpd) to load the plugin and set default options:

plugin dynchap.so
dynchap_deviation 2
dynchap_debug 0

The deviation parameter specifies the maximum allowed clock deviation between PPPD server and mobile phone, the default value is plus or minus 2 minutes. To debug dynchap, set the dynchap_debug parameter to 1.

Modify your chap-secrets file (e.g. /etc/ppp/chap-secrets) to have the user (e.g. tester) authenticate using dynchap by appending an underscore (configurable, see source) to the username and appending an underscore and the 32 character serial to the chap secret. E.g.

# Secrets for authentication using CHAP
# client        server  secret                                            IP addresses
tester_         pptpd   changeme_abcdefghijklmnopqrstuvwxyz123456         *

In this example username=tester, password=changeme, serial=abcdefghijklmnopqrstuvwxyz123456. Usernames containing an underscore are authenticated using DynChap authentication; other usernames using regular CHAP authentication.

Publish the J2ME application at a webserver for easy retrieval by the mobile phones. Do not forget to update the URL in the JAD descriptor file, and use correct mime-types in your webserver configuration (text/vnd.sun.j2me.app-descriptor jad, application/java jar) otherwise no J2ME application will load.

Mobile phone

Preferably, modify the DynChap.key byte[] variable. This variable is used to XOR the serial before storing it on the device. DynChap.key does not need to match any variable in any other source file. XOR'ing the serial before storing it, stops people from overwritin the DynChap token with a dummy applet that reads out the serial.
Download and install the J2ME application (usually by navigating to the JAD file in the WAP browser).
Start the DynChap Token midlet. The first run it will ask you for the serial of the user. Enter that serial twice for verification (e.g. enter abcdefghijklmnopqrstuvwxyz123456abcdefghijklmnopqrstuvwxyz123456 for tester).
DynChap Token now displays the current hash. Ignore any trailing colons, observed on some Nokias.

Client for Windows PC

Download and copy the DynChap Dialer (executable and inifile) to a directory, and modify the connectionname to point to your actual VPN connection and the username to your default user. Optionally, you can add additional sections to enable multiple DynChap authenticated connections. Example dynchapd.ini (comments in italic):
```
[Your-Connection]		(displayed name)
connection=your-connection-name	(literal name of existing VPN connection)
separator=_			(must match dynchap_separator in dynchap.c)
username=tester			(default username)
hashlength=8			(must match dynchap_hashlength in dynchap.c)
		
```

Client for Apple OS X

Create a regular PPTP connection in Internet Connect and note the configuration name. Make sure to leave the password empty.
Download and copy the DynChap Dialer PPP plugin to /usr/local/dynchap
Create a file name /etc/ppp/peers/[configurationname] and add the following two lines:
```
plugin /usr/local/dynchap/DynChap.ppp
noaskpassword
		
```

You can now start your DynChap authenticated VPN connection by starting DynChap Dialer, entering your username, password and the hash generated by DynChap Token.

Contents

Download

Warning:

 drwxr-xr-x ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward -rwxr-xr-x ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward -rwxr-xr-x ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/wheel -rw-r--r-- ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/wheel -rw-r--r-- ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward -rw-r--r-- ward/ward drwxr-xr-x ward/ward drwxr-xr-x ward/ward

this DynChap package (version 0.30) is currently beta software. Test before using in production environments. Please inform me of any testing and evaluation results.
The DynChap package contains both binary and source versions of all three modules. Recompilation of the pppd might be necessary and is recommended to account for changes in different PPPD versions. Recompilation of the dialer for Windows requires Borland Delphi version 4 or greater. Recompilation of the dialer for OS X requires XCode, OS X SDK and ppp source package from Apple. Recompilation of the midlet requires the Sun J2ME Wireless Toolkit 2.1. The DynChap package contains: 0 2004-12-04 21:42:34 dynchap-0.30/ 0 2006-09-24 21:19:12 dynchap-0.30/bin/ 0 2004-12-04 21:42:33 dynchap-0.30/bin/dialer/ 336384 2004-12-04 21:42:33 dynchap-0.30/bin/dialer/dynchapd.exe 91 2004-12-04 21:42:33 dynchap-0.30/bin/dialer/dynchapd.ini 0 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/ 0 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/DynChap.ppp/ 0 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/DynChap.ppp/Contents/ 0 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/DynChap.ppp/Contents/MacOS/ 38468 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/DynChap.ppp/Contents/MacOS/DynChap 0 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/DynChap.ppp/Contents/Resources/ 11467 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/DynChap.ppp/Contents/Resources/DynChap.icns 833 2006-09-24 21:41:49 dynchap-0.30/bin/dialer-osx/DynChap.ppp/Info.plist 0 2004-12-04 21:42:33 dynchap-0.30/bin/pppd/ 14105 2006-09-24 23:47:40 dynchap-0.30/bin/pppd/dynchap.so 0 2004-12-04 21:42:34 dynchap-0.30/bin/token/ 288 2004-12-04 21:42:34 dynchap-0.30/bin/token/DynChap.jad 12721 2004-12-04 21:42:34 dynchap-0.30/bin/token/DynChap.jar 0 2006-09-24 23:50:30 dynchap-0.30/doc/ 1953 2004-12-04 21:42:34 dynchap-0.30/doc/dynchap.jpg 14181 2004-12-04 21:42:34 dynchap-0.30/doc/dynchapscreenshot1.jpg 4983 2004-12-04 21:42:34 dynchap-0.30/doc/dynchapscreenshot2.jpg 60293 2004-12-04 21:42:34 dynchap-0.30/doc/dynchapscreenshot3.jpg 26747 2006-09-24 23:39:47 dynchap-0.30/doc/dynchapscreenshot4.jpg 17359 2006-09-24 23:44:33 dynchap-0.30/doc/index.html 347 2006-09-24 23:50:30 dynchap-0.30/doc/README.TXT 0 2006-09-23 17:18:38 dynchap-0.30/src/ 0 2004-12-04 21:42:34 dynchap-0.30/src/dialer/ 349 2004-12-04 21:42:34 dynchap-0.30/src/dialer/dynchapd.cfg 1304 2004-12-04 21:42:34 dynchap-0.30/src/dialer/dynchapd.dof 236 2004-12-04 21:42:34 dynchap-0.30/src/dialer/dynchapd.dpr 91 2004-12-04 21:42:34 dynchap-0.30/src/dialer/dynchapd.ini 1220 2004-12-04 21:42:34 dynchap-0.30/src/dialer/dynchapd.res 114 2004-12-04 21:42:34 dynchap-0.30/src/dialer/LanMan.inc 9829 2004-12-04 21:42:34 dynchap-0.30/src/dialer/LmCons.pas 49896 2004-12-04 21:42:34 dynchap-0.30/src/dialer/LmErr.pas 395 2004-12-04 21:42:34 dynchap-0.30/src/dialer/Ras.inc 75489 2004-12-04 21:42:34 dynchap-0.30/src/dialer/Ras.pas 32816 2004-12-04 21:42:34 dynchap-0.30/src/dialer/RasError.pas 1078 2004-12-04 21:42:34 dynchap-0.30/src/dialer/REMTEACC.ICO 2649 2004-12-04 21:42:34 dynchap-0.30/src/dialer/udcd1.dfm 8489 2004-12-04 21:42:34 dynchap-0.30/src/dialer/udcd1.pas 0 2006-09-24 23:49:35 dynchap-0.30/src/dialer-osx/ 4441 2006-09-24 21:24:47 dynchap-0.30/src/dialer-osx/dynchap.c 11467 2006-09-24 15:20:51 dynchap-0.30/src/dialer-osx/DynChap.icns 833 2006-09-24 21:00:55 dynchap-0.30/src/dialer-osx/Info.plist 926 2006-09-24 21:39:24 dynchap-0.30/src/dialer-osx/Makefile 0 2006-09-24 23:48:24 dynchap-0.30/src/pppd/ 5020 2006-09-24 23:29:36 dynchap-0.30/src/pppd/dynchap.c 156 2006-09-24 20:36:42 dynchap-0.30/src/pppd/Makefile 0 2004-12-04 21:42:34 dynchap-0.30/src/token/ 0 2004-12-04 21:49:38 dynchap-0.30/src/token/DynChap/ 0 2004-12-04 21:53:15 dynchap-0.30/src/token/DynChap/bin/ 325 2004-12-04 21:53:09 dynchap-0.30/src/token/DynChap/bin/DynChap.jad 13214 2004-12-04 21:52:16 dynchap-0.30/src/token/DynChap/bin/DynChap.jar 217 2004-12-04 21:52:16 dynchap-0.30/src/token/DynChap/bin/MANIFEST.MF 0 2004-12-04 21:42:34 dynchap-0.30/src/token/DynChap/classes/ 236 2004-10-23 21:29:31 dynchap-0.30/src/token/DynChap/DynChap.pro 0 2004-12-04 21:42:34 dynchap-0.30/src/token/DynChap/lib/ 16 2004-12-04 21:48:31 dynchap-0.30/src/token/DynChap/project.properties 0 2004-12-04 21:42:34 dynchap-0.30/src/token/DynChap/res/ 451 2004-12-04 21:42:34 dynchap-0.30/src/token/DynChap/res/DynChap.png 0 2004-12-04 21:53:32 dynchap-0.30/src/token/DynChap/src/ 12776 2004-12-04 21:48:15 dynchap-0.30/src/token/DynChap/src/DynChap.java 0 2004-12-04 21:42:35 dynchap-0.30/src/token/DynChap/src/fi/ 0 2004-12-04 21:42:35 dynchap-0.30/src/token/DynChap/src/fi/iki/ 0 2004-12-04 21:42:35 dynchap-0.30/src/token/DynChap/src/fi/iki/santtu/ 0 2004-12-04 21:42:35 dynchap-0.30/src/token/DynChap/src/fi/iki/santtu/md5/ 14304 2004-12-04 21:42:35 dynchap-0.30/src/token/DynChap/src/fi/iki/santtu/md5/MD5.java 0 2004-12-04 21:42:35 dynchap-0.30/src/token/DynChap/tmpclasses/ 0 2004-12-04 21:42:35 dynchap-0.30/src/token/DynChap/tmplib/

Download the DynChap 0.30 package in a .tar.gz archive (see history).

Contents

Links

Assorted relevant external links.

RSA SecurID authentication details (local copy)
The most elaborate description of the security and history of the RSA SecurID readily available by one of the consultants of RSA SecurID.

Microsoft Windows 98 VPN Update (MS-CHAP v2, MPPE)

PAM mobile token, pam_mobtok
Same idea, different implementation (no stored serial, but a manually entered secret: significant reduction of key space) and application area (not suitable for CHAP authentication, PAM authentication is not possible or a shared secret).

PoPToP VPN server for Linux

WARD.NU mailinglist

Contents

History

24-09-2006	Release 0.30. Integrated stripdomain patch. Default to newer MD5 functions. Added Apple OS X client plugin. Server PPPD plugin version 0.30, Apple OS X client plugin version 0.30, Java mobile token version 0.22, Windows client dialer version 0.20
16-09-2006	Release a patch for pppd when using a PoPToP/pppd server and an Apple OS X 10.4.6/7/8 client. If your are unable to connect using the OS X client and the dialer keeps hanging at 'Authenticating...' then the relevant CHAP authentication messages are lost and this patch serves as a workaround to triple send all CHAP related state messages. Note that this problem is not limited to pptp VPN's using DynChap, but that this is a general problem in the combination of ppp 2.4.3 and Mac OS X 10.4.6/7/8.
21-03-2006	Released a patch to support stripping the Windows domain name. You should use this if your Windows automatically sends the domainname.
04-12-2004	Release 0.22. Bugfix for Nokia 6XXX running out of storage space, errorhandling improved. Token component is version 0.22, dialer and plugin are version 0.2.
23-11-2004	Release 0.2. Bugfix for Nokia phones without timezone. Textual representation of hash for smaller displays. XOR'ing the serial before writing and after reading.
30-10-2004	Release 0.1
23-10-2004	Source 0.1 ready

Contents