| With a rapid development of Internet technology,people are recognizing the importance of network security.As a low-cost communication method which is easy to deploy and maintain,Virtual Private Network technology is getting more and more popular among many companies.Currently,there are three main types of VPNs to choose,which are PPTP,L2 TP and IPSec.And many communication companies also have developed their own VPN protocols.However,both the VPN protocols which are defined by IETF and which by communication companies are implemented by a same method: creating a secure tunnel to implement a virtual point to point link based on the IP networks.In fact,there is no VPN protocol which is absolutely secure.Today's computing ability is getting much stronger,making network much more vulnerable.Even a small flaw in the whole network will cause a fatal breakdown to the whole communication link.VPN software with protocol vulnerability or a bad design or implementation cannot afford more security than the IP network.So when deploying a VPN network,it is necessary to test all possible factors to make sure the VPN is secure enough,and research on VPN network security is of much benefit.In this thesis,we analyzed the principles of PPTP VPN and discussed the procedure of PPTP VPN link by capturing its packets.In the meantime,we analyzed a cluster of protocols used in PPTP VPN.By analyzing the PPTP VPN software on Linux platform,we found there is a flaw in the PPTP protocol which may be used to implement a downgrade attack.This flaw is at the LCP negotiation procedure,which leaves an attack window with no encryption to the LCP packets,thus hacker can intercept and manipulate the LCP packet to achieve a downgrade attack.Based on this thinking,we discussed the Linux network protocol stack and introduced some basic methods to achieve a man-in-the-middle attack.Then we discussed some problems when implementing the attack program and designed this program on Tilera platform.Besides,we analyzed the process of CHAP protocol and the MD5 encryption alogrithme and designed a cracking program on Tilera.In the end,we discussed the reason of this downgrade attack and propose three methods to protect PPTP VPN from this downgrade attack: by detecting the LCP packets to locate a forced re-negotiation procedure will protect user to use lower authentication protocol.By introduce an acknowledgement mechanism will prevent the mitm to manipulate lcp packets,and protecting LCP packets by IPSec technology will prevent mitm to intercept and manipulate packets,making this downgrade attack not work at all. |
PDF Full Text Request