Show page

Differences

This shows you the differences between two versions of the page.

--- isc:labs:041-bonus [2024/10/19 19:10]
florin.stancu removed
+++ — (current)
@@ Line 1: / Line 1: @@
-/* ~~SHOWSOLUTION~~ */
-===== Lab 04 - Authentication (bonus) =====
-===== Objectives =====
-  * Authentication protocols
-  * Diffie Hellman
-  * Man in the Middle attacks
-===== Preparation =====
-You may use the UPB's [[https://cloud.grid.pub.ro|OpenStack cloud to instantiate a Virtual Machine]] to be used for this lab!
-[[:isc:info:virtualmachine|Read these instructions if you wanna know how!]].
-===== Overview =====
-In the last lecture ({{:isc:lectures:isc_05_auth.pdf | Lecture 05 - Authentication and Key Establishment}}), we studied various authentication protocols and how their behavior and security may be analyzed.
-In the current lab, we test a MitM attack on a simple, but broken Diffie-Hellman based protocol.
-===== Tasks =====
-==== 00. Setup ====
-  * First, download the {{isc:labs:auth-dh-mitm.zip|lab code from here}} (inside the VM).
-  * Again, we use Docker for its remote provisioning features:
-<code bash>
-docker pull ropubisc/auth-lab  # to update image
-mkdir ~/auth-lab  # to store your MitM solution persistenly
-# you may use the --debug or --mitm argument at the end of the docker command
-# when ran with no arguments, it runs a direct Client-Server simulation (no MitM)
-docker run --rm --name auth-lab -v $(pwd)/auth-lab/:/home/hacker/auth-lab -it ropubisc/auth-lab
-</code>
-  * Note: the ''~/auth-lab/'' folder is used as persistent volume so you won't lose + sync your work inside the container!
-==== 01. Man in the Middle ====
-  * This one should be clear: code a MitM attack to get the flag (it's only one :D)!
-  * You must create (hint: start from ''server.py'') / modify the ''~/auth-lab/mitm.py'' file and run it inside the container (with ''%%--mitm%%'' argument for the real case);
-    * The middle-man should listen on UDP on port ''1337'';
-    * You may also use a **debug mode** by supplying the ''%%--debug%%'' as first argument to the Docker image; find the logs inside ''/var/log/auth-lab.log'';
-  * //Start from the sample client & server sources and code your way to it!//
-    * //**Hint**: First, you should make sure that the MitM script routes messages correctly!//
-<solution -hidden>
-This is a starter implementation of a NO-OP MitM (note: all you'll see is encrypted messages!):
-<code python>
-# skeleton from server.py, replace server_port to 1337 + the following function:
-def receive_func(sock):
-    while True:
-        data, from_addr = sock.recvfrom(PACKET_LENGTH)
-        packet_time = struct.unpack(">L", data[-4:])[0]
-        if not verify_time(packet_time):
-            send_func(sock, assemble_packet('MSG', 'ERROR'.encode(), False), from_addr)
-        packet_type = data[:3]  # first 3 bytes
-        packet_data = data[3:-4]  # the content
-        packet_type = packet_type.decode()
-        print("MITM: got packet", packet_type, packet_data)
-        if from_addr[1] == 1336:
-            send_func(sock, data, (host, 1338))
-        elif from_addr[1] == 1338:
-            send_func(sock, data, (host, 1336))
-</code>
-TODO: implement client + server branches in MitM to negociate separate D-H keys.
-</solution>
-==== 02. Bonus: implement authentication ====
-  * Start from the client & server samples and implement authentication to both peers (either symmetric or asymmetric -- RSA recommended);
-  * Since you cannot easily modify the container, use your own virtual environment (install ''py-diffie-hellman'' and ''pycryptodome'' using ''pip'');

isc/labs/041-bonus.1729354231.txt.gz · Last modified: 2024/10/19 19:10 by florin.stancu

Show page Old revisions

Media Manager Back to top

Differences

Lectures

Labs

Support