2023年11月25日

网络安全代写|Security and Networks: Exercise 3

这是一个网络安全相关的Exercise代写

1 Protocol Analysis

You have learnt that someone is using their own cryptographic protocols to send messages.

You need to analyse the protocols, and find flaws in them that will let you read the messages
without the client key. You can log into the Alice account: aliceblack:aliceGHdj%*3,
and here you will find the source code for the protocols servers.

These protocols are running on port 11337 and port 11338 on the VM. You must
implement your attacks against the VM and find the secret messages, which include tokens.

2 Protocol 1

In this protocol, a client C and server S share a symmetric key Kcs, this key is only known
to the server and client. This long term key is used to set up a session key, and this session
key is then used by the server to send a secret value to the client:

1: C ! S : \Connect Protocol 1″
2: S ! C : fNsgKcs
3: C ! S : fNcgKcs
4: S ! C : fNc; Nsg(Ns⊕Nc)
5: C ! S : fNs; Ncg(Ns⊕Nc)
6: S ! C : fSecret Valueg(Ns⊕Nc)

The client starts a run of the protocol by sending the bytes of the ASCII for \Connect
Protocol 1″ to the server. The server then generates a nonce and sends it to the client
encrypted with the key Kcs. The client must reply with a challenge of its own for the
server: the nonce Nc encrypted with the key Kcs. The session key is the xor of the two
nonces. The encryption used is 128-bit AES in ECB mode with PKCS5 padding and the
nonces are 128 bits.

The idea of this protocol is that only the server and the client know the key Kcs, so
only they know the nonces, which in turn should mean that only the client and server can
know the session key. Step 4 and 5 let the client and the server prove to each other that
they know the key, with the aim of providing mutual belief in the session key (Ns ⊕ Nc).

Unfortunately this protocol has a security flaw and does not achieve these aims.

2.1 The Exercise, Part 1

Analyse this protocol and find an attack that will let you learn the secret value from the
server without having to know the key Kcs. Implement your attack and run it against
the server running on the VM. The message will include a token, submit this token to the
token submission site.

Write your attack code in Java. You may use the server code as a model.
[4 marks]

3 Protocol 2

In this protocol, as above, a client C and a server S share a symmetric key Kcs, this key
is only known to the server and client. This long term key is used to set up a session key,
this session key is then used by the server to send a secret value to the client:

1: C ! S : gx
2: S ! C : gy
3: C ! S : fNcggxy
4: S ! C : ffNc + 1gKcs; Nsggxy
5: C ! S : ffNs + 1gKcsggxy
6: S ! C : fSecret Valueggxy

In this protocol, the client and the server use Diffie-Hellman to set up a key based on
gxy. They check who is on the other end of this channel by exchanging nonce challenges.
The idea here is that, given that only the server and the client know the key Kcs, then,
given the challenge Nc, only the server can produce fNc+1gKcs and given the challenge Ns,
only the client can produce fNs + 1gKcs. However the protocol is flawed and an attacker
can learn the secret value without knowing the key Kcs.

The encryption used is 128-bit AES in ECB mode with PKCS5 padding and the nonces
are ints. gx and gy are sent as public key certificates; as these get vary in length, the length
of the certificates are sent as an int before the certificates. Only the first 128-bits of gxy
are used to make the AES key. You can find the code for the server (minus the key and the
secretValue) in the Alice account. The values of p and g for Diffie-Hellman can be found
in the server code.

The idea here is that only the server and the client know the key Kcs so only they know
the nonces which in turn should mean that only the client and server can know the session
key. Step 4 and 5 let the client and the server prove to each other that they know the
key, with the aim of providing mutual belief in the key. Unfortunately this protocol has a
security flaw and does not achieve these aims.