The Point-to-Point Tunneling Protocol (PPTP) is used to secure PPP connections over TCP/IP links. In this paper we analyze Microsoft’s Windows NT implementation of PPTP. We show how to break both the challenge/response authentication protocol (Microsoft CHAP) and the RC4 encryption protocol (MPPE), as well as how to attack the control channel in Microsoft’s implementation. These attacks do not necessarily break PPTP, but only Microsoft’s implementation of the protocol.

Many organizations and institutions are not centralized. Branch offices, virtual corporations, and traveling employees make the notion of running dedicated network connections to each location logistically impossible. The concept of virtual networking provides a solution to this problem by tunneling cojoined network space over other, transitory and insecure, networks (such as the Internet), thus enabling remote locations to appear to be local. This is done without the expense incurred from running leased lines or dedicated cabling to each location, and is sometimes called a “tunnel.”

While virtual networks solve the problem of de- centralized machines, they create a new problem. They open up traffic that was previously considered internal to the company, to any prying eyes on the networks it traverses. Authentication and encryption are required to keep this virtual network traffic not only tamperproof but private. The result, virtual networking connections combined with cryptographic protections, is a Virtual Private Network (VPN).

The security of a VPN is based on the security of its authentication and encryption protocols. If a VPN’s cryptography is weak, then its security is no better than a non-private virtual network routed over the Internet. Since companies are relying upon VPNs to extend trusted internal perimiters to remote offices, breaking the security around such a tunnel is tantamount to defeating all of the security around the internal perimiter. Breaking into a VPN is often the same as penetrating the firewall.

The Point-to-Point Tunneling Protocol (PPTP) was designed to solve this problem of creating and maintaining a VPN over a public TCP/IP network using the common Point-to-Point Protocol (PPP). Although the protocol leaves room for every type of encryption and authentication imaginable, most commercial products use the Microsoft Windows NT version of the protocol.

Download pdf Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol (PPTP)