Response Time Improvement on One Time Password (OTP) Technique to Prevent Replay Attack in a Radius Environment

摘要

This research is aimed at the modification of the Remote Access Dial in User Server (RADIUS) protocol with the one-time password (OTP) technique for the authentication environment with a captive portal to prevent replay attacks. One of the important network security measures on a campus network is the use of authentication for identification of legitimate users and one of the most widely used solution in network authentication is the RADIUS protocol. However, there are potential security vulnerabilities in the RADIUS network especially for networks using captive portal, such as the replay attack. The Ahmadu Bello University (ABU) network is simulated using the GNS3 software on a virtualized environment using Virtualbox, which comprises of the core, distribution and access levels of the network and network devices (routers and switches). An OTP generator was developed using PhP programming language for the three variants of the OTP: Time One Time Password (TOTP), Challenge Response One Time Password (CROTP) and Hash One Time Password (HOTP). Before improvement on the OTP technique using a PhP developed script, the result obtained shows the average response time for TOTP, CROTP and HOTP as 2.5s, 5.2s and 5.7s respectively, this result showed no improvement in the TOTP, CROPT and HOTP response time respectively when compared with the recommended response time of a RADIUS server in a captive portal environment which is 1000 ms [1]. After improving the OTP technique by integrating all the variants of OTP with the RADIUS server on a single server using the simulated ABU campus network using GNS3, the result shows a significant improvement over the above results. The results obtained shows the average response time for TOTP, CROTP and HOTP as 1.3s, 2s and 1.9s. The validation, based on the developed and simulated configuration was carried out using live servers, routers and switches and the results showed improvement over the above results the average response time for TOTP, CROTP and HOTP were obtained as 0.4s, 0.9s and 0.9s respectively. This shows significant improvement in the TOTP, CROPT and HOTP respectively. The result shows the average response time is less than the recommended 1000ms for RADIUS server response time in a captive portal environment.