The Challenge Handshake Authentication Protocol (CHAP) (defined in RFC 1994 ) provides for a non-replayable, challenge/response mechanism to verify the identify of a remote session. CHAP verifies the identity of the peer by means of a three-way handshake. "CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and a variable challenge value. The use of repeated challenges is intended to limit the time of exposure to any single attack. The authenticator is in control of the frequency and timing of the challenges. This authentication method depends upon a 'secret' known only to the authenticator and that peer. The secret is not sent over the link."

In contrast, Password Authentication Protocol (PAP) is a protocol in which usernames and passwords are transmitted over a network and compared to a table of name-password pairs. Unlike CHAP, the main weakness of PAP is that both the username and password are static and unencrypted, which makes PAP vulnerable to sniffing and replay attacks.

On the other hand, Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. In addition, RADIUS can be integrated with various authentication schemes like PAP, CHAP or EAP.

Lastly, Synchronous Data Link Control (SDLC) and Link Access Procedure-Balanced (LAPB) are WAN-based protocol that have are not involved in authentication of remote hosts.


References: http://www.ietf.org/rfc/rfc1994.txt?number=1994
References: http://www.webopedia.com/TERM/P/PAP.htm