RubNoobs/Systemsicherheit
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Assignment 4] 2.3 & 2.4 Code und Protokoll

Browse source
This commit is contained in:
chronal 2024-05-25 20:43:07 +02:00
parent 1ba808b0d3
commit cb918028cf
Signed by: chronal
GPG key ID: 25400F3DAABF602F
5 changed files with 139 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
Assignment 4 - Protokollsicherheit (Praxis)/abgabe.pdf Normal file
View file

Binary file not shown.

BIN
Assignment 4 - Protokollsicherheit (Praxis)/abgabe.synctex.gz Normal file
View file

Binary file not shown.

75
Assignment 4 - Protokollsicherheit (Praxis)/abgabe.tex
View file

@ -69,7 +69,7 @@
\author{Benjamin Haschka\\Sascha Tommasone\\Paul Zinselmeyer} \author{Benjamin Haschka\\Sascha Tommasone\\Paul Zinselmeyer}
\sheetnr{4} \sheetnr{4}
% <-- Anpassen % % <-- Anpassen %
\begin{document}
\begin{exercise}[Warm Up]{2.1.} \begin{exercise}[Warm Up]{2.1.}
\protocolflow{1.5}{0.75}{ \protocolflow{1.5}{0.75}{
\node[] (A) at (0,0) {\textbf{Alice}}; \node[] (A) at (0,0) {\textbf{Alice}};
@ -119,9 +119,9 @@
\package{5,-6}{0,-6}{\textcolor{red}{$N'_B$}} \package{5,-6}{0,-6}{\textcolor{red}{$N'_B$}}
} }
\textbf{Assumptions} \textbf{Assumptions}
\begin{itemize} \begin{enumerate}[(1)]
\item[(1)] Eve unterliegt dem Angreifermodell \textit{aktiver MitM}. \item Eve unterliegt dem Angreifermodell \textit{aktiver MitM}.
\end{itemize} \end{enumerate}
\noindent \noindent
\textbf{Attack} \textbf{Attack}
@ -142,11 +142,78 @@
\newpage \newpage
\begin{exercise}[Authentication without Trusted Party]{2.3.} \begin{exercise}[Authentication without Trusted Party]{2.3.}
\protocolflow{1.5}{0.75}{
\node[] (A) at (0,0) {\textbf{Alice}};
\node[] (E) at (5,0) {\textbf{Eve}};
\node[] (B) at (10,0) {\textbf{Bob}};
% Bob starts Protocol
\package{10, -2}{5, -2}{\(N_B\)}
% Eve sends own Nonce (not necessary, but possible)
\package{5, -3}{0, -3}{\(N_E\)}
% Alice answers
\package{0, -4}{5, -4}{\(N_A, N_E, ID_B, \text{Sig}_A(N_A, N_E, ID_B)\)}
% Eve uses Bob as oracle - starts a new connection with Bob to obtain the Signature
\package{5, -5}{10, -5}{\(N_A\)}
% Bob answers with the needed signature
\package{10, -6}{5, -6}{\(N_B', N_A, ID_A, \text{Sig}_B(N_B', N_A, ID_A)\)}
% Eve forwards this to Alice who now approves the signature and thinks Eve is Bob.
\package{5, -6}{0, -6}{\(N_B', N_A, ID_A, \text{Sig}_B(N_B', N_A, ID_A)\)}
}
\textbf{Assumptions}
\begin{enumerate}[(1)]
\item Eve unterliegt dem Angreifermodell \textit{aktiver MitM}.
\end{enumerate}
\noindent
\textbf{Attack}
\begin{enumerate}
\item Bob startet das Protokoll, indem er eine Nonce $N_B$ an Alice schickt. Bevor Alice diese Nachricht erhält, ersetzt Eve diese Nonce mit ihrer eigenen.
\item Alice sendet in ihrer Antwort an Bob eine eigene Nonce $N_B$, die manipulierte Nonce $N_E$, die ID von Bob $ID_B$ und eine Signatur über diese Daten mit ihrem eigenen Schlüssel.
Sie erwartet nun in ihrer Antwort eine neue Nonce von Bob, ihre eigene Nonce und ihre ID mit einer Signatur über diese Daten von Bob. Schickt Eve, getarnt als Alice, Alices Nonce an Bob.
\item Bob antwortet dann gemäß des Protokolls mit einer Nonce von ihm $N_B'$, Alices Nonce (die Eve ihm geschickt hat), Alices ID, da er meint, dass die Nachricht von Alice kam, und die Signatur über die Nachricht.
\item Da diese Daten von Alice erwartet werden, kann Eve diese Nachricht einfach an Alice weiterleiten.
\item Alice prüft die Signatur, die valide ist, sofern Bob keine falsche Signatur erstellt hat, und meint, dass Eve nun Bob ist.
\end{enumerate}
\noindent
\textbf{Evaluation}
\begin{itemize}
\item
\end{itemize}
\end{exercise} \end{exercise}
\newpage \newpage
\begin{exercise}[Authentication with Trusted Party]{2.4.} \begin{exercise}[Authentication with Trusted Party]{2.4.}
\protocolflow{1.5}{0.75}{
\node[] (A) at (0,0) {\textbf{A}};
\node[] (E) at (3,0) {\textbf{T}};
\node[] (S) at (6,0) {\textbf{Eve}};
\node[] (S) at (9,0) {\textbf{S}};
\package{0, -2}{9, -2}{Alice}
\package{9, -3}{6, -3}{\(N_S\)}
\package{6, -4}{9, -4}{\(N_S\)}
\package{9, -5}{6, -5}{\(\{Alice, N_S\}_{K_{ST}}\)}
\package{6, -6}{9, -6}{\(\{Alice, N_S\}_{K_{ST}}\)}
}
\textbf{Assumptions}
\begin{enumerate}[(1)]
\item Eve unterliegt dem Angreifermodell \textit{aktiver MitM}.
\end{enumerate}
\noindent
\textbf{Attack}
\begin{enumerate}
\item A baut eine Kommunikation mit S auf, indem sie die Nachricht Alice an S schickt.
\item S antwortet mit einer Nonce. Eve fängt diese ab und sendet sie einfach an S zurück.
\item S erwartet hier die Nonce verschlüsselt von Alice. Daher sendet S einfach die beiden Nachrichten, mit dem gemeinsamen Schlüssel mit T verschlüsselt, an T.
\item Eve fängt diese Nachricht ab. Da der Trent sich nicht authentifizieren muss, kann Eve einfach die Nachricht an S zurück schicken.
\end{enumerate}
\noindent
\textbf{Evaluation}
\begin{itemize}
\item
\end{itemize}
\end{exercise} \end{exercise}
\end{document} \end{document}

37
Assignment 4 - Protokollsicherheit (Praxis)/task3.py Normal file
View file

@ -0,0 +1,37 @@
import os.path as path
import json
import socket
class Module:
def __init__(self, incoming=False, verbose=False, options=None):
# extract the file name from __file__. __file__ is proxymodules/name.py
self.name = path.splitext(path.basename(__file__))[0]
self.description = 'Simply print the received data as text'
self.incoming = incoming # incoming means module is on -im chain
self.find = None # if find is not None, this text will be highlighted
def execute(self, data):
print(f"Incoming data: {data}")
data_json = json.loads(data)
if data_json["id"] == 1 and data_json["sender"] == "Bob":
# send own Nonce instead of N_B
data_json["content"] = '0'
elif data_json["id"] == 2 and data_json["sender"] == "Alice":
# start a parallel session with bob using Alice's Nonce N_A
data_json["id"] = 1
data_json["content"] = data_json["content"].split(',')[0]
elif data_json["id"] == 2 and data_json["sender"] == "Bob":
# Use Bob's signed answer to convince Alice, that we are Bob
data_json["id"] = 3
elif data_json["id"] == 3 and data_json["sender"] == "Alice":
# Drop communication with Bob
return bytes()
data = bytes(json.dumps(data_json).replace(" ", "") + "\n", 'utf-8')
print(f"Outgoing data: {data}")
return data
if __name__ == '__main__':
print('This module is not supposed to be executed alone!')

30
Assignment 4 - Protokollsicherheit (Praxis)/task4.py Normal file
View file

@ -0,0 +1,30 @@
import os.path as path
import json
import socket
class Module:
def __init__(self, incoming=False, verbose=False, options=None):
# extract the file name from __file__. __file__ is proxymodules/name.py
self.name = path.splitext(path.basename(__file__))[0]
self.description = 'Simply print the received data as text'
self.incoming = incoming # incoming means module is on -im chain
self.find = None # if find is not None, this text will be highlighted
def execute(self, data):
print(f"Incoming data: {data}")
data_json = json.loads(data)
if data_json["id"] == 2:
data_json["id"] = 3
data_json["sender"], data_json["receiver"] = data_json["receiver"], data_json["sender"]
elif data_json["id"] == 4:
data_json["id"] = 5
data_json["sender"], data_json["receiver"] = data_json["receiver"], data_json["sender"]
data = bytes(json.dumps(data_json).replace(" ", "") + "\n", 'utf-8')
print(f"Outgoing data: {data}")
return data
if __name__ == '__main__':
print('This module is not supposed to be executed alone!')