Islamic University of Gaza Deanery of Higher Studies Faculty of Information Technology Information Technology Program Implementing and Comprising of OTP Techniques (TOTP,HOTP,CROTP) to Prevent Replay Attack in RADIUS Protocol Prepared by Amna S.M Abukeshipa Supervised by Dr. Tawfiq SM Barhoom A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master in Information Technology 2014 Dedication To My Loving Parents ,,, To My Dear husband ,,, To My Loving Children ,,, To My Dear Brothers ,,, To My Sincere Sisters,,, To Faithful My Friends ,,, I Acknowledgment Thanks to God, the First and the Last. Many thanks and sincere gratefulness goes to my supervisor Dr Tawfiq SM Barhoom . I am indebted to his support, supervision and guidance. I would like to thank my father, mother, dear husband , brothers and sisters for their support which gave me the strength and enthusiasm during the whole period of this thesis. I am also grateful to Dr. Mayada Mgari , for his help in this thesis , deeply appreciate it. I would like to extend sincere gratitude and appreciation to the people who helped me to accomplish this thesis. I would like to thank all my academic teachers, staff members and colleagues for their support throughout my study in Islamic university . II الملخص أمن الشبكة ىي مسألة في غاية اﻷىمية لممنظمات من أجل حماية البيانات الحساسة الخاصة بيم من المياجمين . عدد من الباحثين وفرت عدد من البروتوكوﻻت اﻻمنية المعتمدة لتعزيز الخصوصية والسرية عبر الشبكات. RADIUS ىي واحدة من البروتوكوﻻت اﻷكثر شعبية المستخدمة في شبكة اﻻتصاﻻت لمصادقة المستخدم . لسوء الحظ، ىناك العديد من نقاط الضعف التي تواجو بروتوكول RADIUS واحدة من نقاط الضعف ىذه ىي مشكمة إعادة اليجوم وىي تحتاج إلى الى تمنع. قدمت البروتوكوﻻت السابقة عدد من التقنيات لمحد من آثار ىجوم اﻻعادة في بروتوكول RADIUS. التقنية OTP ىي واحدة من أىم التقنيات التي تستخدم لتعزيز أمن مصادقة المستخدم في بيئات عديدة ولسد الفجوة المحتممة في أمن الشبكات .مع العديد من التقنيات OTP , مساىمتنا ىي اختيار ثﻻثة تقنيات وىي كممة المرور لمرة واحدة باستخدام الوقت (TOTP)، كممة المرور لمرة واحدة باستخدام التجزئة (HOTP) كممة المرور لمرة واحدة باستخدام التحدي واﻻستجابة (CROTP) ىذا يدفعنا لتقديم ELSBOT نظام التعمم اﻹلكتروني القائم عمى كممة المرور لمرة واحدة لمنع تكرار اليجمات في بروتوكول RADIUS . تقدم ىذه الرسالة مقارنة بين ىذه التقنيات ىذه المقارنة اعتمدت عمى مجموعة من العوامل مثل منع ىجوم اﻻعادة، ، سرعة الخوارزمية، وقت استجابة الخادم .بعد قياس ىذه العوامل من خﻻل ELSBOT لدينا، فقد بينت النتائج أن التقنيات في OTP قد منعت تكرار اليجوم في بيئة RADIUS، وسرعة خوارزمية في تقنية TOTPىو أعمى في حين أن سرعة خوارزمية في تقنية CROTPأعمى من تقنية HOTP، تقنية TOTP ىي اﻷفضل من حيث وقت استجابة الممقم .أخيرا، من منظور أمني، نجد ان TOTP ىو اﻷسموب اﻷكثر أمنا في عممنا ﻷن OTP صالحة لفترة قصيرة، في حين أن CROTP ىو أكثر أمانا من HOTP ﻷن الممقم يتحدانا مع PIN عشوائي في CROTP. ونتوصل الى ان ELSBOT ىو الحل الفعال، حيث يكون أكثر صعوبة لممياجمين الوصول إلى الخادم. III Abstract Network security is a very important issue for organizations in order to protect their sensitive data from attackers. Number of researchers have provided a different security solution supported network protocols to enhance data privacy and confidentiality over networks. RADIUS is one of the most popular protocols used in network communication for user authentication. Unfortunately, there are many vulnerabilities facing the security issue in RADIUS network protocol. One of these vulnerabilities is a replay attack problem which is need to be prevented. The previous protocols have presented number of techniques to reduce the effects of replay attack in RADIUS protocol. One time password (OTP) technique is one of the most important techniques which are used to enhance the security of user authentication in numerous environments and to close the potential gap in network security. With several OTP techniques, our contribution are to chosen three techniques namely Time OTP(TOTP), Hash OTP(HOTP) and Challenge Response OTP (CROTP). This motivates us to present the ELSBOT (E-Learning System Based OTP techniques) for implementing the three OTP techniques to prevent the replay attacks in RADIUS protocol. This thesis presents a comparison between these OTP techniques in the ELSBOT. This comparison considers a set of factors like preventing replay attack, CPU overhead, algorithm speed, server response time and OTP duration. After measuring these factors through our ELSBOT, the results show that the three OTP techniques of ELSBOT prevent the replay attack in RADIUS environment, the CPU overhead at TOTP technique is less than the CPU overhead at HOTP and CROTP techniques, the algorithm speed at TOTP technique is the highest while the algorithm speed at CROTP technique is higher than HOTP technique, the TOTP technique is the best in terms of the server response time. Finally, from security perspective, the authors reach that the TOTP is the most secure technique in our work because its OTP is valid for a short time, while the CROTP is a more secure than HOTP because the server challenges us with the random PIN in the CROTP. The ELSBOT is an efficient overall solution and it will be much more difficult for attackers to reach the ELSBOT server. Keywords: RADIUS protocol , replay attacks ,One Time Password IV List of Tables Table 2.1 Major protocols authentication -7- Table 3.1 Advantage and Disadvantage between techniques -20- Table 4.1 Illustrate the steps of TOTP -24- Table 4.2 Illustrate the steps of CROTP -26- Table 4.3 Illustrate the steps of HOTP -28- Table 4.4 Software Requirement -30- Table 4.5 Replay attack components -49- Table 4.6 Steps or replay attack architecture -51- Table 5.1 User login cases -56- Table 5.2 Server response time in many times -58- Table 5.3 Average response time -59- Table 5.4 Synchronization cases for TOTP -61- Table 5.5 CROTP/HOTP cases -63- Table 5.6 Test replay attack -67- Table 5.7 Comparison analytical for OTP techniques -65- V List of Figures Figures Topics Figure Page Figure 2.1 Security Architecture 5 Figure 2.2 Separate session for each client 7 Figure 2.3 RADIUS Architecture 8 Figure 2.4 RADIUS package 9 Figure 2.5 Authentication Flow 10 Figure 2.6 RADIUS Accounting 10 Figure 2.7 OTP generation 13 Figure 4.1 Functional architecture of ELSBOT 23 Figure 4.2 TOTP architecture 24 Figure 4.3 TOTP flowchart 25 Figure 4.4 CROTP architecture 26 Figure 4.5 CROTP flowchart 27 Figure 4.6 HOTP architecture 28 Figure 4.7 HOTP flowchart 29 Figure 4.8 ELSBOT database 32 Figure 4.9 Sequence diagram for sign in 33 Figure 4.10 Sequence diagram for sign up 34 Figure 4.11 Sequence diagram for OTP generation 35 Figure 4.12 Putty configuration 36 Figure 4.13 Execute radius with command radius-x XAMPP module 37 Figure 4.14 Server witting 37 Figure 4.15 Httpd of LAMP 38 Figure 4.16 Mysql of LAMP 38 Figure 4.17 Start service 38 Figure 4.18 Command ll 39 Figure 4.19 Sing up page 39 Figure 4.20 A secret key example 40 Figure 4.21 Sing in page 40 Figure 4.22 OTP page 40 Figure 4.23 Course page 41 Figure 4.24 Admin page 41 Figure 4.25 OTP application 42 Figure 4.26 TOTP steps 43 Figure 4.27 CROTP steps 45 Figure 4.28 HOTP steps 47 Figure 4.29 Attacker database 48 Figure 4.30 Replay attack architecture 50 Figure 4.31-a User logs to system (TOTP) 52 Figure 4.31-b Attacker implement replay attack 52 Figure 4.32-a User logs to system(CROTP) 53 VI Figure 4.32-b Attacker implement replay attack 53 Figure 4.33-a user logs to system(HOTP) 54 Figure 4.33-b Attacker implement replay attack 54 Figure 5.1 Average response time 59 Figure 5.2 Represent the system process for TOTP 60 Figure 5.3 System algorithms for TOTP 61 Figure 5.5 Code for CROTP/HOTP 63 Figure 5.6 The time is takes in hash process 65 Figure 5.7 CROTP/HOTP Synchronization 65 VII Abbreviations and Acronyms AAA Authentication, Authorization and Accounting ELSBOT E-Learning System Based OTP Techniques. NAS Network Access Server AES Advanced Encryption Standard TDES Triple Data Encryption Standard OTP One-Time Password PKI Public Key Infrastructure RADIUS Remote Authentication Dial In User Service SHA Secure Hash Algorithm TCP Transmission Control Protocol UDP User Datagram Protocol VPN virtual private network IPSec IP Security PRNG pseudorandom number generator EAB Extensible Authentication Protocol PAP Password Authentication Protocol CHAP Challenge-Handshake Protocol DOS Denial of service EKE Encrypted Key Exchange EPPKE Efficient Password-Proven Key Exchange RSA Ron Rivest, Adi Shamir and Leonard Adelman S/Key Secret-key algorithms PSK pre-shared key PAKE password-authenticated key exchange TOTP Time one time password HOTP Hash one time password CROTP The OATH Challenge-Response Algorithm SOAP Simple Object Access Protocol JMS The Java Message Service PIN Personal identify number SMS Short Message Service AS authentication server CIA Confidentiality ,Integrity ,Availability MOE The margin of error VIII List of Contents No. Subject Page Dedication …………………………………………………………………………………………. -I- Acknowledgement …………………………………………………………………………… -II- -III- .…………………………………………………………………………………………… الملخص Abstract ……………………………………………………………………………………………. -IV- List of Tables………………………………………………………………………………………. -V- List of Figures………………………………………………………………………………………. -VII- List of Abbreviations………………………………………………………………………….… -VIII- 1. Chapter 1: Introduction ……………………………………………………………………… -1- 1. 1.1 Statement of the problem ……………………………………………………… -2- 2. 1.2 Objectives ……………………………………………………………………. -2- 3. 1.3 Scope of limitation ……………………………………………………........ -3- 4. 1.4 Thesis structure ……………………………………………………………… -3- 2. Chapter Two: Literature Review …………………………………………………..……… -4- 2.1 Computer Security …………………………………………………………………………… -4- 2.1.1 Goal of Security …………………………………………..……………….. - 4 - 2.1.2 Components of Security ……………………………………………..……… -4- 2.1.3 Security architecture …………………………………………………… -5- 2.1.4 Information Security ………………………………………………………… -5- 2.1.5 Type of attacks ………………………………………………………….