talking about RADIUS protocol2013-12-03 16:06 5791 People read comments (0) favorite reports Classification:RADIUS Protocol Analysis (6)
RADIUS protocol development for a while, the younger brother is not afraid of Caishuxueqian, show off, from the radius of the protocol to talk about identity authentication, but also summed up their own.
A RADIUS protocol principle
The RADIUS (Remote authentication Dial in User Service) user remotely dials in to the authentication service, which mainly targets telnet types such as SLIP, PPP, Telnet, and rlogin. RADIUS protocol has a wide range of applications, including ordinary telephone, Internet service billing, VPN support can make different dial-in Server users have different permissions.
The RADIUS typical application environment is as follows:
A RADIUS packet is divided into 5 parts:
(1) code:1 bytes, used to differentiate the types of RADIUS packets: Common types are:
Access Request (Access-request), code=1, Access Permit (access-accept), code=2, Access reject (Access-reject), code=3, billing request (Accounting-request), Code=4 and so on.
(2) Identifier: A byte that is used to match the request and reply packets.
(3) Length: Two bytes representing the length of the RADIUS data area (including code, Identifier, Length, Authenticator, Attributes) in bytes, minimum 20, and maximum 4096.
(4) authenticator:16 bytes, used to verify the server-side response, and also for user password encryption. The shared secret of the RADIUS server and the NAS (GKFX Secret) and the Request authentication Code (AUTHENTICATOR) and the Answer authentication code (Response Authenticator) together support the integrity and authentication of the outgoing and the ticker. In addition, the user password cannot be transmitted in clear text between the NAS and the RADIUS server, and the shared secret key (Gkfx Secret) and authentication Code (AUTHENTICATOR) are generally used to encrypt and hide through the MD5 encryption algorithm.
(5) Attributes: indefinite length, the minimum can be 0 bytes, describes the properties of the RADIUS protocol, such as user name, password, IP address and other information is stored in this data section.
Detailed coding information for each attribute, as well as data formats, are limited to space, are not specifically described here, are interested, can refer to the RFC, or communicate with me.
Two RADIUS protocol Implementation
At present, the open source package Freeradius, Tinyradius, can be downloaded to its implementation of the source code. Freeradius is currently the most powerful open-source RADIUS server software, the use of C language implementation, the use of multi-process, process pool processing method, has a good throughput processing capacity, at the same time, to provide a connection to a variety of database application interface, user-friendly according to their own needs for appropriate expansion. It is worth mentioning that it uses modular processing, the user can be customized to suit their own authentication billing processing module.
Freeradius's powerful, also caused by its large module, difficult to maintain, there are some requirements for the installation environment. Tinyradius uses Java development, short, can receive a variety of standard protocols in the packet, can quickly complete the encapsulation and unpacking of the RADIUS packet, we can own the need to do some processing, has a great degree of freedom, the only flaw is single-threaded, no database interface.
Three Security considerations for the RADIUS protocol
The use of the UDP protocol for RADIUS is based on several reasons:
1. Nas and RADIUS servers are mostly on the same LAN, and using UDP is faster and more convenient.
2. simplifies the implementation of the service side.
It turns out that using UDP protocol is feasible, and RADIUS has its own mechanism to solve the UDP packet loss feature.
If the NAS submits a request to a RADIUS server without receiving return information, the backup RADIUS server can be requested to retransmit. Because there are multiple backup RADIUS servers, the method of polling can be used when the NAS is re-transmitted. If the backup RADIUS server's key differs from the previous RADIUS server's key, it needs to be re-authenticated.
The following focus is on how it ensures secure authentication in identity authentication from the RADIUS protocol.
1. Authenticator: Identification code, divided into request identification Code, response to the identification code.
In the "Access-request" packet, Authenticator is a 16-byte random number called "Request Authenticator". This value should be unpredictable and unique for the entire lifetime of the secret, such as the Radiuas server and client-shared secret, because duplicate request values with the same password give the hacker the opportunity to reply to the user with the intercepted response. Because the same secret can be used for authentication of servers in different geographic regions, the request authentication domain should have global and temporary uniqueness.
To prevent tampering with the data in the packet, the response identification code is generated as follows:
Responseauth = MD5 (code+id+length+requestauth+ attributes+secret);
The response discriminator is a 16-byte index that generates a MD5 calculus for the entire packet, preventing a fake server from responding.
2. Encryption method. Pap,cahp,eap and UNIX login authentication three kinds of encryption authentication method. The most commonly used are the first two, as described below:
pap encryption , when this encryption method is used, the password is stored in the User-password attribute.
User-password Encryption Method:
1. At the end of the password use nulls instead of filling the binary number to form multiple 16 bytes;
2. Divide the password by 16 bytes into a group of P1, p2 and so on;
B1=MD5 (Secret + Authenticator) C (1) = P1 XOR or B1
B2 = MD5 (S + C (1)) C (2) = P2 xor b2
.
.
.
Bi = MD5 (S + C (i-1)) c (i) = Pi xor bi
C (1) +c (2) +...+c (i)
In the reception, this process is reversed, due to the use of different or way through every 16 bytes, the same algorithm is different or once, and then with the MD5 calculus, thus generating the original password, although the encryption method is reversible, hackers intercepted the ciphertext, can through certain means to crack out the password, But if the shared secret is not known, it is difficult to crack, it can only use brute force crack method. The use of shared keys should be the appropriate length to prevent cracking and should not be too short.
The PAP encryption method enables the password to be transmitted in a ciphertext-based manner, allowing the hacker to still have the opportunity to exploit the password, but the CHAP encryption method prevents the transmission of the cipher.
CHAP encryption , when this encryption method is used, the password is stored in the Chap-password attribute.
The principle of this encryption method is not that the password is transmitted over the network, but merely transmits an index value, which increases security, but the cost is that the RADIUS server must know the user's password to reproduce the password index value and the password index value in the authentication request sent.
Chap-password Encryption Method:
MD5 (Chapid+password+chapchallenge);
Chapid: Can be a randomly generated one-byte code;
Chapchallenge:nas generates a random challenge word (16 bytes more appropriate)
This field is sometimes missing and reads the authenticator field as a challenge word.
3. Shared Key (Secret): The shared key is involved in cryptographic encryption and the authentication code portion of the packet, even if the RADIUS packet is intercepted, but the shared key is not known, it is difficult to crack the user's password forgery data. The shared key should be the appropriate length, should not be too short, wide password range can effectively provide the defense of the exhaustive search attack, with the increase in the length of the key, its crack time will be greatly increased.
4. To prevent the replay attacks by illegal users, the server is paralyzed. If a request has the same customer source IP address, source UDP port number, and identifier in a short time fragment, the RADIUS server considers this to be a duplicate request and will be discarded directly without any processing.
Four Summarize
The RADIUS protocol itself is relatively easy to master, in the application, can be combined with its own password, to meet the needs of the enterprise to achieve higher strength of strong certification, such as the combination of various token cards, mobile phone text messages and so on. The development of the Protocol can not be separated from the use of various grasping tools, such as sniffer,tcpdump,ethereal, such as grasping the package tool.
External users to access a local network computer equipment, there are many ways to access, such as the use of VPN dialing, Telnet and so on. If the user Telnet login, generate user name and password information, and NAS server AAA configuration specified in the use of RADIUS as the authentication server, it is encapsulated into a RADIUS request packet sent to the RADIUS server for authentication, The RADIUS server communicates with the user through the NAS to prompt the user for authentication or not, and whether challenge authentication is required.
It works as follows: The user accesses the NAS (Net access Server), the NAS is generally a router and other devices, the NAS uses the Access-request packet to the RADIUS server to submit user information, including the user name, password and other related information, Where the user password is MD5 encrypted, the two sides use a shared secret key, the key is not spread through the network; the RADIUS server verifies the legality of the user name and password and, if necessary, a challenge that requires further user authentication or similar authentication to the NAS If it is legal, return the ACCESS-ACCEPT packet to the NAS, allow the user to do the next step, otherwise return the Access-reject packet, deny the user access, if access is allowed, the NAS makes a request to the RADIUS server Account-require , the RADIUS server responds to Account-accept, starting with the user's billing, while the user can do their own related actions.
RADIUS also supports proxy and roaming capabilities. Simply put, a proxy is a server that can act as a proxy for other RADIUS servers and is responsible for forwarding RADIUS authentication and billing packets. The so-called roaming function is a specific implementation of the agent, which allows the user to authenticate through the original and its unrelated RADIUS server.
RADIUS is capable of implementing its own packet structure that relies on its functionality. RADIUS is the UDP transport protocol, authentication and billing listening ports are generally: 1812,1813.
The package structure of the RADIUS package on the Ethernet is as follows:
Ethernet Frame Head |
IP header |
UDP header |
RADIUS Packets |
Ethernet FCS |
What we are concerned about here is the Red RADIUS packet section.
The format of the RADIUS packet is as follows:
2013-12-03 16:06 5791 People read comments (0) favorite reports Classification:RADIUS Protocol Analysis (6)
RADIUS protocol development for a while, the younger brother is not afraid of Caishuxueqian, show off, from the radius of the protocol to talk about identity authentication, but also summed up their own.
A RADIUS protocol principle
The RADIUS (Remote authentication Dial in User Service) user remotely dials in to the authentication service, which mainly targets telnet types such as SLIP, PPP, Telnet, and rlogin. RADIUS protocol has a wide range of applications, including ordinary telephone, Internet service billing, VPN support can make different dial-in Server users have different permissions.
The RADIUS typical application environment is as follows:
A RADIUS packet is divided into 5 parts:
(1) code:1 bytes, used to differentiate the types of RADIUS packets: Common types are:
Access Request (Access-request), code=1, Access Permit (access-accept), code=2, Access reject (Access-reject), code=3, billing request (Accounting-request), Code=4 and so on.
(2) Identifier: A byte that is used to match the request and reply packets.
(3) Length: Two bytes representing the length of the RADIUS data area (including code, Identifier, Length, Authenticator, Attributes) in bytes, minimum 20, and maximum 4096.
(4) authenticator:16 bytes, used to verify the server-side response, and also for user password encryption. The shared secret of the RADIUS server and the NAS (GKFX Secret) and the Request authentication Code (AUTHENTICATOR) and the Answer authentication code (Response Authenticator) together support the integrity and authentication of the outgoing and the ticker. In addition, the user password cannot be transmitted in clear text between the NAS and the RADIUS server, and the shared secret key (Gkfx Secret) and authentication Code (AUTHENTICATOR) are generally used to encrypt and hide through the MD5 encryption algorithm.
(5) Attributes: indefinite length, the minimum can be 0 bytes, describes the properties of the RADIUS protocol, such as user name, password, IP address and other information is stored in this data section.
Detailed coding information for each attribute, as well as data formats, are limited to space, are not specifically described here, are interested, can refer to the RFC, or communicate with me.
Two RADIUS protocol Implementation
At present, the open source package Freeradius, Tinyradius, can be downloaded to its implementation of the source code. Freeradius is currently the most powerful open-source RADIUS server software, the use of C language implementation, the use of multi-process, process pool processing method, has a good throughput processing capacity, at the same time, to provide a connection to a variety of database application interface, user-friendly according to their own needs for appropriate expansion. It is worth mentioning that it uses modular processing, the user can be customized to suit their own authentication billing processing module.
Freeradius's powerful, also caused by its large module, difficult to maintain, there are some requirements for the installation environment. Tinyradius uses Java development, short, can receive a variety of standard protocols in the packet, can quickly complete the encapsulation and unpacking of the RADIUS packet, we can own the need to do some processing, has a great degree of freedom, the only flaw is single-threaded, no database interface.
Three Security considerations for the RADIUS protocol
The use of the UDP protocol for RADIUS is based on several reasons:
1. Nas and RADIUS servers are mostly on the same LAN, and using UDP is faster and more convenient.
2. simplifies the implementation of the service side.
It turns out that using UDP protocol is feasible, and RADIUS has its own mechanism to solve the UDP packet loss feature.
If the NAS submits a request to a RADIUS server without receiving return information, the backup RADIUS server can be requested to retransmit. Because there are multiple backup RADIUS servers, the method of polling can be used when the NAS is re-transmitted. If the backup RADIUS server's key differs from the previous RADIUS server's key, it needs to be re-authenticated.
The following focus is on how it ensures secure authentication in identity authentication from the RADIUS protocol.
1. Authenticator: Identification code, divided into request identification Code, response to the identification code.
In the "Access-request" packet, Authenticator is a 16-byte random number called "Request Authenticator". This value should be unpredictable and unique for the entire lifetime of the secret, such as the Radiuas server and client-shared secret, because duplicate request values with the same password give the hacker the opportunity to reply to the user with the intercepted response. Because the same secret can be used for authentication of servers in different geographic regions, the request authentication domain should have global and temporary uniqueness.
To prevent tampering with the data in the packet, the response identification code is generated as follows:
Responseauth = MD5 (code+id+length+requestauth+ attributes+secret);
The response discriminator is a 16-byte index that generates a MD5 calculus for the entire packet, preventing a fake server from responding.
2. Encryption method. Pap,cahp,eap and UNIX login authentication three kinds of encryption authentication method. The most commonly used are the first two, as described below:
pap encryption , when this encryption method is used, the password is stored in the User-password attribute.
User-password Encryption Method:
1. At the end of the password use nulls instead of filling the binary number to form multiple 16 bytes;
2. Divide the password by 16 bytes into a group of P1, p2 and so on;
B1=MD5 (Secret + Authenticator) C (1) = P1 XOR or B1
B2 = MD5 (S + C (1)) C (2) = P2 xor b2
.
.
.
Bi = MD5 (S + C (i-1)) c (i) = Pi xor bi
C (1) +c (2) +...+c (i)
In the reception, this process is reversed, due to the use of different or way through every 16 bytes, the same algorithm is different or once, and then with the MD5 calculus, thus generating the original password, although the encryption method is reversible, hackers intercepted the ciphertext, can through certain means to crack out the password, But if the shared secret is not known, it is difficult to crack, it can only use brute force crack method. The use of shared keys should be the appropriate length to prevent cracking and should not be too short.
The PAP encryption method enables the password to be transmitted in a ciphertext-based manner, allowing the hacker to still have the opportunity to exploit the password, but the CHAP encryption method prevents the transmission of the cipher.
CHAP encryption , when this encryption method is used, the password is stored in the Chap-password attribute.
The principle of this encryption method is not that the password is transmitted over the network, but merely transmits an index value, which increases security, but the cost is that the RADIUS server must know the user's password to reproduce the password index value and the password index value in the authentication request sent.
Chap-password Encryption Method:
MD5 (Chapid+password+chapchallenge);
Chapid: Can be a randomly generated one-byte code;
Chapchallenge:nas generates a random challenge word (16 bytes more appropriate)
This field is sometimes missing and reads the authenticator field as a challenge word.
3. Shared Key (Secret): The shared key is involved in cryptographic encryption and the authentication code portion of the packet, even if the RADIUS packet is intercepted, but the shared key is not known, it is difficult to crack the user's password forgery data. The shared key should be the appropriate length, should not be too short, wide password range can effectively provide the defense of the exhaustive search attack, with the increase in the length of the key, its crack time will be greatly increased.
4. To prevent the replay attacks by illegal users, the server is paralyzed. If a request has the same customer source IP address, source UDP port number, and identifier in a short time fragment, the RADIUS server considers this to be a duplicate request and will be discarded directly without any processing.
Four Summarize
The RADIUS protocol itself is relatively easy to master, in the application, can be combined with its own password, to meet the needs of the enterprise to achieve higher strength of strong certification, such as the combination of various token cards, mobile phone text messages and so on. The development of the Protocol can not be separated from the use of various grasping tools, such as sniffer,tcpdump,ethereal, such as grasping the package tool.
External users to access a local network computer equipment, there are many ways to access, such as the use of VPN dialing, Telnet and so on. If the user Telnet login, generate user name and password information, and NAS server AAA configuration specified in the use of RADIUS as the authentication server, it is encapsulated into a RADIUS request packet sent to the RADIUS server for authentication, The RADIUS server communicates with the user through the NAS to prompt the user for authentication or not, and whether challenge authentication is required.
It works as follows: The user accesses the NAS (Net access Server), the NAS is generally a router and other devices, the NAS uses the Access-request packet to the RADIUS server to submit user information, including the user name, password and other related information, Where the user password is MD5 encrypted, the two sides use a shared secret key, the key is not spread through the network; the RADIUS server verifies the legality of the user name and password and, if necessary, a challenge that requires further user authentication or similar authentication to the NAS If it is legal, return the ACCESS-ACCEPT packet to the NAS, allow the user to do the next step, otherwise return the Access-reject packet, deny the user access, if access is allowed, the NAS makes a request to the RADIUS server Account-require , the RADIUS server responds to Account-accept, starting with the user's billing, while the user can do their own related actions.
RADIUS also supports proxy and roaming capabilities. Simply put, a proxy is a server that can act as a proxy for other RADIUS servers and is responsible for forwarding RADIUS authentication and billing packets. The so-called roaming function is a specific implementation of the agent, which allows the user to authenticate through the original and its unrelated RADIUS server.
RADIUS is capable of implementing its own packet structure that relies on its functionality. RADIUS is the UDP transport protocol, authentication and billing listening ports are generally: 1812,1813.
The package structure of the RADIUS package on the Ethernet is as follows:
Ethernet Frame Head |
IP header |
UDP header |
RADIUS Packets |
Ethernet FCS |
What we are concerned about here is the Red RADIUS packet section.
The format of the RADIUS packet is as follows:
"Turn" on the RADIUS protocol