Lab 04 - Authentication (bonus)


  • Authentication protocols
  • Diffie Hellman
  • Man in the Middle attacks



In the last lecture ( Lecture 05 - Authentication and Key Establishment), we studied various authentication protocols and how their behavior and security may be analyzed.

In the current lab, we test a MitM attack on a simple, but broken Diffie-Hellman based protocol.


00. Setup

  • Again, we use Docker for its remote provisioning features:
docker pull ropubisc/auth-lab  # to update image
mkdir ~/auth-lab  # to store your MitM solution persistenly
# you may use the --debug or --mitm argument at the end of the docker command
# when ran with no arguments, it runs a direct Client-Server simulation (no MitM)
docker run --rm --name auth-lab -v $(pwd)/auth-lab/:/home/hacker/auth-lab -it ropubisc/auth-lab 
  • Note: the ~/auth-lab/ folder is used as persistent volume so you won't lose + sync your work inside the container!

01. Man in the Middle

  • This one should be clear: code a MitM attack to get the flag (it's only one :D)!
  • You must create (hint: start from / modify the ~/auth-lab/ file and run it inside the container (with --mitm argument for the real case);
    • The middle-man should listen on UDP on port 1337;
    • You may also use a debug mode by supplying the --debug as first argument to the Docker image; find the logs inside /var/log/auth-lab.log;
  • Start from the sample client & server sources and code your way to it!
    • Hint: First, you should make sure that the MitM script routes messages correctly!

02. Bonus: implement authentication

  • Start from the client & server samples and implement authentication to both peers (either symmetric or asymmetric – RSA recommended);
  • Since you cannot easily modify the container, use your own virtual environment (install py-diffie-hellman and pycryptodome using pip);
isc/labs/041-bonus.txt · Last modified: 2024/03/22 15:59 by florin.stancu
CC Attribution-Share Alike 3.0 Unported Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0