bh-us-03-ornaghi-valleri

Diffie hellman exchange 1 authenticated by pre shared

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: llman exchange 1 – Authenticated by pre-shared secret Client Diffie-Hellman exchange 2 – Authenticated by pre-shared secret MiM De-Crypt Packet Server Re-Crypt Packet Blackhat Conference - USA 2003 Blackhat 10 Key Manipulation HTTPS We can create a fake certificate (eg: We issued by VerySign) relying on browser misconfiguration or user dumbness. Client Fake cert. MiM Real Connection to the server Blackhat Conference - USA 2003 Blackhat Server 11 HTTPS Attack DEMO Blackhat Conference - USA 2003 Blackhat 12 Filtering The attacker can modify the payload of the The packets by recalculating the checksum He/she can create filters on the fly He/she The length of the payload can also be The changed but only in full-duplex (in this case the seq has to be adjusted) Blackhat Conference - USA 2003 Blackhat 13 Filtering Code Filtering / Injection Insertion of malicious code into web Insertion pages or mail (javascript, trojans, virus, ecc) Modification on the fly of binary files Modification binary files during the download phase (virus, backdoor, ecc) Blackhat Conference - USA 2003 Blackhat 14 Binary Modification DEMO Blackhat Conference - USA 2003 Blackhat 15 Filtering HTTPS redirection Let’s see an example Change form destination to http://attacker Http post (login\password) Client Http main page with https login form MiM Auto-submitting hidden form with right authentication data login password Server Real https authentication post Authenticated connection Blackhat Conference - USA 2003 Blackhat 16 HTTPS Redirection Attack DEMO Blackhat Conference - USA 2003 Blackhat 17 Downgrade Attacks SSH v2 SSH IPSEC IPSEC PPTP PPTP Blackhat Conference - USA 2003 Blackhat 18 Downgrade Attacks SSH v2 v1 v1 Parameters exchanged by server and client can be Parameters substituted in the beginning of a connection. (algorithms to be used later) The attacker...
View Full Document

This document was uploaded on 03/17/2014 for the course CS 393 at NYU Poly.

Ask a homework question - tutors are online