ULg Research Unit in Networking RUN

Verification of two versions of the Challenge Handshake Authentication Protocol (CHAP)

G. Leduc1

1 Research unit in Networking, EECS department, University of Liège, Belgium



The Challenge Handshake Authentication Protocol, CHAP, is an authentication protocol intended for use primarily by hosts and routers that connect to a network server via switched circuits or dial-up lines, but might be applied to dedicated links as well. In this paper, we specify two versions of the protocol, using the formal language LOTOS, and apply the EUCALYPTUS model-based verification tools to prove that the first version has a flaw, whereas the second one is robust to passive and active attacks. The paper is written in a tutorial fashion with a strong emphasis on the methodology used. The relative simplicity of the CHAP protocol allows one to include complete LOTOS specifications and definitions of properties, so that the experiment can be reproduced easily.


model-checking, security protocols, verification

[ Home | People | Research Topics | Projects | Publications | IFIP WG 6.1 | Events and Conferences | CSS | How to Reach Us ]

Editor: - G. Leduc -
Webmaster: - C. Soldani -
Still running IPv4 at: RUN | Montefiore | ULg
© 2000-2015.