PAP/CHAP are protocols used to authenticate a terminal during the GPRS
link building process. after having established a phisical GPRS context,
a logical link must be established and when a set of parameters
describing characteristics of such a link is negotiated (eg. header
addressing, compression optiontion, size of the transmitted/received
packets, link control and quality of service, a choice of the upper
layer protocol, network address assigned with the terminal and addresses
of dns servers and others alike if the upper layer protocol happens to
be ip). the point-to-point protocol (PPP) is used to carry out this
function. in some situations there may be a need to authenticate
terminals. in such a case PPP will start either PAP or CHAP (or some
other authentication protocol) as indicated by the server contolling the
access process (there must be a profile associated with a service that
indicates if authentication is needed and if so what is the means (the
protocol) to carry out this job). CHAP (challange access protocol) is by
far more popular authentication protocol since only a challange is
passed into the network but not the password. this significantly limits
possibility to compromise the password. after having received a
challange terminal will calculate MD5 hash of the challange and the
password altogether. such a product will be sent back to the access
server as a challange response. now the access server needs to perform a
similar calculation (it must know the challange and it must know the
password) and compares its own response to the response returned by the
terminal. if both match, terminal is considered to be positively
authenticated. on the other hand, PAP (password access protocol) is much
simpler (and much less secure) authentication protocol since terminal
will need to response with sending out the password in a form of
plain text.
