- Planet WAN Router User's Manual

Ø PPP has a method for encapsulating multi-protocol datagrams

Ø Link Control Protocol (LCP) establishes, configures, authenticates and testing the

data-link connection.

Ø Network Control Protocol (NCP) establish and configure different network-layer protocol.

PPP provides two authentications which is:

Ø Password Authentication protocol (PAP)

Ø Challenge Handshake Authentication protocol (CHAP)

PPP authentication using PAP

PAP is using two-way handshake to establish its identity. After PPP link establishment is

complete, the authenticator repeatedly sends username and password until the authentication

is acknowledged or the connection is terminated.

PAP is not an authentication protocol because password is sends cross the link by clear text

and it’s not protection from playback.

PPP authentication using CHAP

CHAP is using three way handshakes to establish it identify. After the PPP link is

establishment is complete, the server sends challenge to the remote node. The remote note

responds with a value calculated by using a one-way hash function (typically MD5). The server

checks the response against its own calculation of expected hash value. If the values match,

the authentication is acknowledged. CHAP is more secured then PAP because it is supports

protection against playback attack through the use of a variable challenge value that is unique

and unpredictable. The use of repeated challenges is intended to limit the time of exposure to

any single attack. The access server is in control of the frequency and timing of the challenges.

The following is showing a typical PPP session.