The University of Sydney School of Computer Science Dr Suranga Seneviratne Lecturer - Security INFO3616—Principles of Security and Security Engineering S2 2020 Assignment - 3 This is a group assignment. This assignment worths 15% of the final marks of the course. For questions 2, 5, 6, and 7 additional scripts/code templates are provided. Submit your final report as a PDF and codes as a zip file in Canvas. You should explain any details of how to run your code in report. Final Report + Code: Due by Week 11, Friday the 13th of November 11:59 PM 1 One Time Passwords (OTP) (5 marks) We discussed in the lecture that SMS based onetime passwords (SMS OTPs) in many situations improve security. However, there are incidents where attackers were able to compromise systems that were being protected by SMS-based onetime passwords. Discuss at least four possible of ways of attacking SMS-based OTPs. (Hint. Read about successful attacks in the past.) 2 Parsing X.509 (15 marks) • For this task, you are going to need the Python library cryptography, which is documented on https://cryptography.io. We recommend to install it in a Python 3 virtual environment (see tutorial of week 4): pip3 install cryptography. • You are given three certificates: our custom CA’s root certificate, its intermediate certificate, and a student certificate. a) Inspecting a certificate (7.5 marks) Download the skeleton code inspect_cert.py. Write Python code to inspect certificates. Instructions: • Do not make changes to the following: – the screen output of the program, i.e. you must leave the printing functions unchanged – the names and signatures of the functions – the global variables (in capital letters). They are used by the printing function, and the values are assigned in inspect_cert(). • Hint: the necessary imports are already included. • Note that the skeleton code expects both the certificate to inspect and its issuing certificate to be passed in as parameters. • Begin by completing the function open_cert(). 1 • Complete the code for every part of the certificate that we inspect: – Subject - both full subject and Common Name – Issuer (in full) – Expiry date (not valid after). Use https://docs.python.org/3/library/datetime. html#datetime.datetime to convert the date to YYYY-MM-DD. – Public key: algorithm , a SHA256 hash of it, and key length. Note that the skeleton code shows the expected output format for the algorithm. – Serial number If you have done everything right, the output for the root certificate will look similar to the below. Issuer: C=AU,ST=NSW,L=Darlington,O=University of Sydney,OU=School of Computer Science... Subject: C=AU,ST=NSW,L=Darlington,O=School of Computer Science,OU=INFO3616 Management... Subject Common Name: INFO3616 Head Honchos Serial number: 671937183735168210438793113571075403114492127582 Expiry date: 2019-11-11 Public key algorithm: secp256r1 Public key length: 256 Public Key Info hash: 6ef093dc14a0c61208d746e30f12760b3b35b50d7a00c63aced1d29e83ddb894 b) Verifying the certificate (7.5 marks) Verify that the intermediate certificate carries a correct signature. Complete the respective function! You will find helpful information here: https://cryptography.io/en/latest/x509/reference/. • Work first on the verification of the intermediate certificate—this is close to the example given in the API documentation as it is an RSA signature. • Then extend your code to also support the verification of the student’s certificate (which uses an elliptic curve signature). • There is no need to support further signing schemes. Submit your code and explain in the report how it works. 3 Firewalls (15 marks) We will configure firewalls in this task. Figure 1 shows a possible firewall setup. Your goals are: • Outgoing traffic is only allowed to TCP ports 80 (HTTP), 443 (HTTPS), and 22 (SSH); plus UDP port 53 (DNS). • Incoming traffic is always allowed if there is an established connection, i.e. if the connection has been established from a host in the local network. • Host 129.78.1.1 is reachable (incoming connection) from everywhere on port 80. • Host 129.78.1.2 is reachable (incoming connection) on port 22 (SSH) from 129.78.0.0/16. • No other incoming traffic is allowed. 2 Internet Packet Filtering Router 129.78.0.0/16 eth0 eth1 Figure 1: Firewall setup. Rule Incoming Src IP Dst IP Proto Src Port Dst Port State Action Interface A B C D E F Table 1: Template for stateful filtering. a) Configuring a stateful firewall (6 marks) Write stateful rules in table form as shown in the lecture. A template is given in Table 1. b) Converting to stateless filtering (6 marks) Convert your rules to stateless filtering rules. A template is given in Table 2. c) Performance of firewalls (3 marks) Assume you have the (unusual, but real) use case that your firewall must support network scanners that operate from within your network. These typically create many millions of new connections per second to Internet hosts, in an attempt to collect data about them. Should you configure your firewall in stateless mode or stateful mode—or does it not matter? Explain. 3 Rule Iface Src IP Dst IP Proto Src Port Dst Port ACK Action A B C D E F Table 2: Template for stateless filtering. 4 Denial-of-Service attacks (5 marks) Denial-of-Service (DoS) attacks are a category of network-based attacks where the attacker pursues the goal of overloading a destination server with packets, queries, etc. until it becomes unresponsive. Distributed Denial-of-Service attacks (DDoS) are a variant: here, the attacker sends not from just one source host, but from many (often millions). Answer the following questions. • Can firewalls, configured as in Figure 1 offer some protection against an attacker trying to stage a normal DoS attack? Discuss! (2.5 marks) • In the same scenario as above, can firewalls offer effective protection against DDoS attacks? Explain. (2.5 marks) 5 Creating a TLS server (10 marks) In this task, we want to write a simple TLS server. It reacts to incoming TLS connection attempts on port 4433. If the client sends a PING (in ASCII), it responds with a PONG. Take the provided code pong_server_skel.py. The following questions can be answered with the API reference and will guide you through the task (answer the questions in the report). You must use the correct context and must use the provided server certificate! • What does socket.socket() do? What does a socket represent? • What does socket.bind() do? • What does socket.listen() do? • What is the purpose of the infinite while loop? • What is ssock? • What does sock.accept() do? 4 There is a very good way to test your server. Run the command openssl s_client -connect localhost:4433. If you see the TLS handshake complete, your server is running. You can now type ‘PING’ into the terminal and it is sent to your server. Implement the method to handle it and reply with PONG. (5 marks for the answers and 5 marks for the code) 6 Buffer overflow attacks (10 marks) Note: although we work on x64 architectures, in this exercise we compile for 32 bit. You can do this in a VM. You might need to install the compiler and the right library: sudo apt install gcc build-essentials libc6-dev-i386. a) Compiling (3 marks) • Compile overflow.c using gcc with the flags -g, -m32, -fno-stack-protector and -z execstack. Give the command line to do this. Store the output in a file called overflow. Hint: man gcc. • What do the flags -fno-stack-protector and -z execstack do? • Why might we need to use these flags for this assignment? b) Using gdb to find your way in memory (7 marks) We will exploit the program with the help of the debugger, gdb. If you have never handled gdb before, it’s worth reading the Wikipedia article with its mini-introduction: https://en.wikipedia.org/ wiki/GNU_Debugger. Fire up gdb with gdb overflow. Here are some commands within gdb you may find helpful: • help
e.g. help set args will show you options • set args • run / continue • info frame • break • list • x Now answer: • How do you use set args to pass command line parameters to your program? Give the password ‘bertie4ever’. • Do a list main and add a break point in the code line where getClearance() is called from within main. Give the command. • Run the code; it will stop at the break point. Then use info frame. What is shown here? • What does the command x do? 5 7 Buffer overflow attacks - Smashing the stack (10 marks) The above program provided will spill its secrets if you have the proper clearance. But it seems like you don’t have the proper clearance. . . • Find the place in the program that you are sure you can exploit to take over control of the program. Explain why this is vulnerable! (2 marks) • Give pseudocode that fixes the vulnerability and say where it must be placed. (C code instead of pseudo code is also OK) (3 marks) • Assume you want to overwrite the clearance variable with the overflow attack from the lecture, but the following code piece was replaced unsigned int clearance = getClearance(argv[1]); with unsigned int clearance; clearance = getClearance(argv[1]); Would the attack as described in the lecture work? Why? (3 marks) • How would you go about overwriting clearance with the source code given? Give the principal idea. (2 marks) 8 Additional features of TLS (10 marks) a) Mutual TLS (mTLS) authentication (5 marks) In the lecture we discussed only sever authentication in TLS. However, TLS also supports mutual authentication (mTLS). Using a suitable diagram explain the process of mTLS. Explain what scenarios require mTLS than usual TLS we use in HTTPS. b) 0-RTT TLS (5 marks) Using a suitable diagram, explain what 0-RTT in TLS 1.3. Discuss why do we need such a mechanism and comment on its security implications. 9 Attacks against TLS (10 marks) Older TLS versions are vulnerable to known attacks. Explain two such known attacks (Use diagrams if required). Discuss possible mitigation techniques or the changes made in subsequent TLS versions to address such attacks. (5 marks for each attack) 10 Authentication (10 marks) Answer the following questions about authentication. a) Multiple Factors (4 marks) Give one disadvantage for each of the following second factors for authentication. • Iris scan of the eye • Measuring gait • Sending text messages to a phone • An external device like YubiKey 6 b) Challenge-response (2 marks) Explain why challenge-response is a necessary ingredient in authentication protocols. c) True or false? (4 marks) Say if and why the following are true or false. Explain your anaswer • The use of Two-Factor Authentication must be balanced against psychological acceptability. • If we use Diffie-Hellman, we do not need authentication. • One-time passwords can be a form of Two-Factor Authentication. • AKE with Diffie-Hellman requires a prior key distribution 7 欢迎咨询51作业君