Password Reset MitM Attack Analysis - Security Principles Assignment
VerifiedAdded on 2023/06/11
|12
|5138
|367
Report
AI Summary
This report provides an in-depth analysis of the Password Reset MitM attack, detailing how attackers exploit website vulnerabilities to compromise user accounts, particularly email accounts, and launch cross-site attacks like scripting, clickjacking, and request forgery. It contrasts the MitM attack with phishing, emphasizing the exploitation of password reset process bugs versus user manipulation. The report also explores the DigiNotar CA hack, where a breach led to the issuance of rogue certificates, targeting internet users. Furthermore, it discusses the threat model for these attacks, highlighting the conditions and techniques attackers employ, and proposes solutions such as using robust security questions, secure password reset methods via SMS or phone calls, and implementing notifications for password reset requests and changes. This document is available on Desklib, a platform offering a wide range of study resources including past papers and solved assignments for students.
The Password Reset MitM Attack
Attacks
Websites are exposed to the dangers of attacks from the attackers who invade the
privacy of the users who are not suspicious about it. As explained in the paper on “The
Password Reset MitM Attack”, as the name suggests, the password reset MitM attack is one
of the attacks exploited by the attackers over the websites. The attack is quite easy to
implement, however, that’s not an indication that, the attack itself is not hazardous. In this
attack, the user is enticed in signing up for an account in order to get or subscribe to a certain
service that is being controlled by the attacker (such as, the attacker can display a download
that is free which can be used to entice the user), whereby, as the user keys in values for
signing up, the attacker manipulates the flow of the registration in a manner which enables the
attacker to reset the password for the account of the user in other accounts of the user. A
target that can be easily exploited by the attacker is the email account of the user. Through the
details obtained, the attacker is able to take control of the accounts of the user in other
websites.
Other attacks that the account of the user is vulnerable to are the cross-site attacks
which include the cross-site scripting, cross-site script inclusion, clickjacking and cross-site
request forgery. These kinds of attacks are only possible as a result the vulnerability of the
website. Clickjacking for example, the page that has been click jacked tricks the victim into
carrying out unintended actions through clicking a link that has been concealed. The attacker
then loads a similar page over the actual page in a layer that is transparent on the page that has
been click jacked. The user then carries out actions on the page that is invisible unknowingly
and then through that, the attacker obtains the credentials of the user. This is unlike password
reset MitM where the user needs to carry out an action in the page that is attacking and give
out at least one detail that is correct about them.
Another attack is the phishing. In this kind of attack, the page that is attacking
impersonates a website that is legitimate and then entices or uses tricks to entice the user that
is the victim to key in credentials such as the password and the username. This kind of attack
differs slightly with the Password Reset MitM attack since the user is just needed to provide
information that is personal such as the mobile number which the victims concur with in
giving out for them to receive the services offered. However, attacks of phishing that are
sophisticated may also to an extent align with the MitM level of application approach of
Attacks
Websites are exposed to the dangers of attacks from the attackers who invade the
privacy of the users who are not suspicious about it. As explained in the paper on “The
Password Reset MitM Attack”, as the name suggests, the password reset MitM attack is one
of the attacks exploited by the attackers over the websites. The attack is quite easy to
implement, however, that’s not an indication that, the attack itself is not hazardous. In this
attack, the user is enticed in signing up for an account in order to get or subscribe to a certain
service that is being controlled by the attacker (such as, the attacker can display a download
that is free which can be used to entice the user), whereby, as the user keys in values for
signing up, the attacker manipulates the flow of the registration in a manner which enables the
attacker to reset the password for the account of the user in other accounts of the user. A
target that can be easily exploited by the attacker is the email account of the user. Through the
details obtained, the attacker is able to take control of the accounts of the user in other
websites.
Other attacks that the account of the user is vulnerable to are the cross-site attacks
which include the cross-site scripting, cross-site script inclusion, clickjacking and cross-site
request forgery. These kinds of attacks are only possible as a result the vulnerability of the
website. Clickjacking for example, the page that has been click jacked tricks the victim into
carrying out unintended actions through clicking a link that has been concealed. The attacker
then loads a similar page over the actual page in a layer that is transparent on the page that has
been click jacked. The user then carries out actions on the page that is invisible unknowingly
and then through that, the attacker obtains the credentials of the user. This is unlike password
reset MitM where the user needs to carry out an action in the page that is attacking and give
out at least one detail that is correct about them.
Another attack is the phishing. In this kind of attack, the page that is attacking
impersonates a website that is legitimate and then entices or uses tricks to entice the user that
is the victim to key in credentials such as the password and the username. This kind of attack
differs slightly with the Password Reset MitM attack since the user is just needed to provide
information that is personal such as the mobile number which the victims concur with in
giving out for them to receive the services offered. However, attacks of phishing that are
sophisticated may also to an extent align with the MitM level of application approach of
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
copying websites that are legitimate or during the whole process of login. Phishing attack
applying the approach of MitM may overcome as well the scheme of authentication of two
factors, since the user keys in passwords and codes into the website of phishing. As a result,
one may not be able to differentiate between the attacks of password reset MitM and phishing
which is the weakness itself. The difference between phishing and password reset MitM
attack is that, for the case of password reset MitM attack, the bugs found in the design of the
process of resetting the password are exploited while, when it comes to phishing, the users are
exploited. The design of the website attacked by the attacker does not contain any bug hence,
in this case, the attacker attacks the users that are unsuspecting who are just ignorant of the
instructions provided by the browsers to them.
Threat Model for the Attacks
For the password reset MitM attack to be implemented, the attacker
just requires the control of the website. Capabilities of eavesdropping or
MitM are not needed in this kind of attack. The visitors of the website of
the attacker are attacked by the attacker and then exploits their accounts
in the rest of the websites where they hold an account. The same also
applies to the attacks of the cross-site such as the clickjacking, cross-site
scripting and the cross-site request forgery. For the attacker to begin the
process of resetting the password in the name of the user, he or she
requires the typical set of information such as the email, username or the
number of the phone. The attacker can obtain the information from the
user as the process of registration is going on to the website attacking or
afore processes such as the download of file, when the user is needed to
give his or her identity through the use of their phone. In other websites,
the attacker may exploit attacks of cross-site for example, cross-site script
inclusion, cross-site scripting or other advanced methods in collection of
details regarding the user. The fact that attackers implement the
techniques discussed above means that there are various restrictions such
as for the attack to happen, the victim ought to be logged into the website
attacking. After the victim visits the website of the attacker, the page
attacking needs to entice the user into inputting or registering their
number of phone so that the user can receive the code. In order to achieve
applying the approach of MitM may overcome as well the scheme of authentication of two
factors, since the user keys in passwords and codes into the website of phishing. As a result,
one may not be able to differentiate between the attacks of password reset MitM and phishing
which is the weakness itself. The difference between phishing and password reset MitM
attack is that, for the case of password reset MitM attack, the bugs found in the design of the
process of resetting the password are exploited while, when it comes to phishing, the users are
exploited. The design of the website attacked by the attacker does not contain any bug hence,
in this case, the attacker attacks the users that are unsuspecting who are just ignorant of the
instructions provided by the browsers to them.
Threat Model for the Attacks
For the password reset MitM attack to be implemented, the attacker
just requires the control of the website. Capabilities of eavesdropping or
MitM are not needed in this kind of attack. The visitors of the website of
the attacker are attacked by the attacker and then exploits their accounts
in the rest of the websites where they hold an account. The same also
applies to the attacks of the cross-site such as the clickjacking, cross-site
scripting and the cross-site request forgery. For the attacker to begin the
process of resetting the password in the name of the user, he or she
requires the typical set of information such as the email, username or the
number of the phone. The attacker can obtain the information from the
user as the process of registration is going on to the website attacking or
afore processes such as the download of file, when the user is needed to
give his or her identity through the use of their phone. In other websites,
the attacker may exploit attacks of cross-site for example, cross-site script
inclusion, cross-site scripting or other advanced methods in collection of
details regarding the user. The fact that attackers implement the
techniques discussed above means that there are various restrictions such
as for the attack to happen, the victim ought to be logged into the website
attacking. After the victim visits the website of the attacker, the page
attacking needs to entice the user into inputting or registering their
number of phone so that the user can receive the code. In order to achieve
that, the attacker may use common techniques or even those that are
known. A good example may be an attacker creating a website offering
services that are free such as download of files or streaming. The website
may then need authentication that is just basic afore one can access any
service or for restricting them just for users that are registered.
Users are also tricked into providing personal details into the websites that they don’t
know about. They agree into registering or having a code that is one-time that is sent to their
phones for them to enjoy the online services provided to them. In reality, the website that is
attacking only claim to offer services that are valuable to the users while in the real sense, it
would be a good idea for the website that is attacking to provide those services for it to gain
victims that are potential.
The attacks are likely to be done because a good number of the users are ignorant in
that, they easily provide their credentials to unknown websites when asked which exposes
them to the risk of being attacked. Sometimes, codes sent to the phone are used as a way of
verifying the user. The phones are vulnerable hence making it easy for the attacker to attack
the victim.
Another reason is that, the security questions provided are also a problem. The users
tend to provide honest and common answers to those security questions which can be easily
guessed by the attacker who then utilizes that to gain access to the accounts of the users and
then exploit that knowledge in their other accounts.
Another problem is that, the attackers when they are used attacks such clickjacking,
the website attacking is transparent and over the website the user is performing their action.
Therefore, the user may not even notice that they are performing operations they did not
intend to and hence provide their personal data to the attacker.
Finally, another reason as to why the attacks are successful is that, the attackers use
some exciting and enticing offers which tempt the victim to try out without knowing what it
would lead to. For example, the user is offered free downloads, streaming among other offers
which sometimes they are not able to resist. Through that, the attacker is able to successfully
carry out the attacks.
Proposed solutions
known. A good example may be an attacker creating a website offering
services that are free such as download of files or streaming. The website
may then need authentication that is just basic afore one can access any
service or for restricting them just for users that are registered.
Users are also tricked into providing personal details into the websites that they don’t
know about. They agree into registering or having a code that is one-time that is sent to their
phones for them to enjoy the online services provided to them. In reality, the website that is
attacking only claim to offer services that are valuable to the users while in the real sense, it
would be a good idea for the website that is attacking to provide those services for it to gain
victims that are potential.
The attacks are likely to be done because a good number of the users are ignorant in
that, they easily provide their credentials to unknown websites when asked which exposes
them to the risk of being attacked. Sometimes, codes sent to the phone are used as a way of
verifying the user. The phones are vulnerable hence making it easy for the attacker to attack
the victim.
Another reason is that, the security questions provided are also a problem. The users
tend to provide honest and common answers to those security questions which can be easily
guessed by the attacker who then utilizes that to gain access to the accounts of the users and
then exploit that knowledge in their other accounts.
Another problem is that, the attackers when they are used attacks such clickjacking,
the website attacking is transparent and over the website the user is performing their action.
Therefore, the user may not even notice that they are performing operations they did not
intend to and hence provide their personal data to the attacker.
Finally, another reason as to why the attacks are successful is that, the attackers use
some exciting and enticing offers which tempt the victim to try out without knowing what it
would lead to. For example, the user is offered free downloads, streaming among other offers
which sometimes they are not able to resist. Through that, the attacker is able to successfully
carry out the attacks.
Proposed solutions
There are a number of solutions that can be applied or implemented to deal with the
attacks. They include use of security questions that are good. Use of questions of security
which are not related to the website may not be the best idea as they are vulnerable to the
attacks of password reset MitM. Use of a numerous number of questions that are related
directly to the actions carried out by the user of the site is a good method since the same
questions cannot be used by a user as questions of security that are legitimate for the rest of
the websites. Some good example that has implemented this technique is Google. Google
uses a combination of questions of security together with the other aspects such as the
browser originating and the address of IP. Google additionally also requests questions
regarding contacts that are common, labels that are user defined and use of services of Google
that multiple besides using the general questions of security.
Use of good questions of security is advantageous in that, use of related questions
makes it hard for the attacker to use the same questions to unravel the accounts in other sites
while it can also have its limits as they can be easily bypassed by the attackers especially
those who have a relationship with the victim.
Another solution could be the use of the method that is secure in resetting the
password by use of the SMS. In this case, the code of resetting the password ought to be sent
in a text that is clear through the SMS. The message should be detailed and containing a long
link. The advantage of this method is that, for the attacker to exploit, he or she is needed to
implore the user in copying the link which would make the user suspect it and hence making
it hard for the attacker. Its disadvantage is that; it is possible that the user may not go through
the link first to find out what it entails.
Another method involves securing the process of resetting the password through the
use of a phone call. For the method to be successful, the message received by the user should
contain the sender and the code meaning while the call ought to push the user listening and
understanding its content. Its advantage is that, the chances of the attacker of tricking the user
as minimized as they have to identify themselves to the user. Its disadvantage is that; the users
may fail to strictly follow the instructions provided for them to obtain the code hence making
the technique ineffective.
Use of notifications is another healthy method of preventing attacks. In this method,
the site has to notify the user in case a request is made regarding the password resetting as
well as when the password is changed through an email notification and the SMS. This
attacks. They include use of security questions that are good. Use of questions of security
which are not related to the website may not be the best idea as they are vulnerable to the
attacks of password reset MitM. Use of a numerous number of questions that are related
directly to the actions carried out by the user of the site is a good method since the same
questions cannot be used by a user as questions of security that are legitimate for the rest of
the websites. Some good example that has implemented this technique is Google. Google
uses a combination of questions of security together with the other aspects such as the
browser originating and the address of IP. Google additionally also requests questions
regarding contacts that are common, labels that are user defined and use of services of Google
that multiple besides using the general questions of security.
Use of good questions of security is advantageous in that, use of related questions
makes it hard for the attacker to use the same questions to unravel the accounts in other sites
while it can also have its limits as they can be easily bypassed by the attackers especially
those who have a relationship with the victim.
Another solution could be the use of the method that is secure in resetting the
password by use of the SMS. In this case, the code of resetting the password ought to be sent
in a text that is clear through the SMS. The message should be detailed and containing a long
link. The advantage of this method is that, for the attacker to exploit, he or she is needed to
implore the user in copying the link which would make the user suspect it and hence making
it hard for the attacker. Its disadvantage is that; it is possible that the user may not go through
the link first to find out what it entails.
Another method involves securing the process of resetting the password through the
use of a phone call. For the method to be successful, the message received by the user should
contain the sender and the code meaning while the call ought to push the user listening and
understanding its content. Its advantage is that, the chances of the attacker of tricking the user
as minimized as they have to identify themselves to the user. Its disadvantage is that; the users
may fail to strictly follow the instructions provided for them to obtain the code hence making
the technique ineffective.
Use of notifications is another healthy method of preventing attacks. In this method,
the site has to notify the user in case a request is made regarding the password resetting as
well as when the password is changed through an email notification and the SMS. This
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
method is effective in that, the user cannot fail to see a notification on the SMS indicating the
request and the change but as far as the email is concerned, the attacker can just delete the
notification and the user may never realize about the change. (Nethanel et al, 2017)
DigiNotar CA Hack
The Hack
DigiNotar hack refers to the attack carried out on the DigiNotar Certification
Authority whereby its network was breached by an intruder. The authority offered services of
digital certificates. The certificates are meant to ensure that traffic of the internet is secure,
provide certified signatures that are electronic and also offer encryption of data. In addition to
that, DigiNotar also gave out PKIoverheid certificates that have been accredited by the
government. However, a breach was carried out on the authority and as result it lead to
issuance of certificates that were rogue. As a result, a rogue certificate of Google was highly
abused which targeted users of internet in Iran. The attacker was issuing rogue certificates to
the clients in order to try and perform an attack on those platforms such as the attack on the
email user accounts that was quickly identified by a user who in return notified Google about
the same since his google chrome browser was blocked. The attack led to removing of the
Authorities of Certificates that DigiNotar had hosted from the lists of trusts which lead to the
company becoming bankrupt.
MITM attack Implementation
For the MITM attack to occur, the attacker illegally obtained access to the network of
DigiNotar since their network was vulnerable to attack. They were using software that was
outdated which made it possible for the intruder to exploit that weakness. Then he abused the
links to AttIPs by initiating them using the systems located inside. The intruder then was able
to access servers inside the Office-net from DMZ-ext-net through the use of the server of
MSSQL located in the same network. The intruder then utilized customized tools that were
request and the change but as far as the email is concerned, the attacker can just delete the
notification and the user may never realize about the change. (Nethanel et al, 2017)
DigiNotar CA Hack
The Hack
DigiNotar hack refers to the attack carried out on the DigiNotar Certification
Authority whereby its network was breached by an intruder. The authority offered services of
digital certificates. The certificates are meant to ensure that traffic of the internet is secure,
provide certified signatures that are electronic and also offer encryption of data. In addition to
that, DigiNotar also gave out PKIoverheid certificates that have been accredited by the
government. However, a breach was carried out on the authority and as result it lead to
issuance of certificates that were rogue. As a result, a rogue certificate of Google was highly
abused which targeted users of internet in Iran. The attacker was issuing rogue certificates to
the clients in order to try and perform an attack on those platforms such as the attack on the
email user accounts that was quickly identified by a user who in return notified Google about
the same since his google chrome browser was blocked. The attack led to removing of the
Authorities of Certificates that DigiNotar had hosted from the lists of trusts which lead to the
company becoming bankrupt.
MITM attack Implementation
For the MITM attack to occur, the attacker illegally obtained access to the network of
DigiNotar since their network was vulnerable to attack. They were using software that was
outdated which made it possible for the intruder to exploit that weakness. Then he abused the
links to AttIPs by initiating them using the systems located inside. The intruder then was able
to access servers inside the Office-net from DMZ-ext-net through the use of the server of
MSSQL located in the same network. The intruder then utilized customized tools that were
unauthorized to alter the traffic meant for port 3389 through port 443. The alteration enabled
the intruder to link to the Office-net systems and segments of the Secure-net so that he could
operate via the graphical interface of the user where in this case he utilized internet explorer.
He then exploited the used numerous number of IP addresses so that he could hide his
identity. After gaining or accessing the Certificates, the intruder used the rogue certificates to
gain access to the websites so that he could perform the SSL attack.
Implications of DigiNotar attack
The attack on the DigiNotar led to the government of Dutch publicly revoking
DigiNotar trust as well as the certificates that the company had issued to its clients. As a result
of that step, a good number of the manufactures of the browsers as well revoked their
DigiNotar trust on the off chance that they had revoked the trust already. Another implication
that resulted from the attack was that OPTA terminated the registration of the company like
an authority of certificate for signatures that were qualified as according to the law of
telecommunication of Dutch. As a result of all those activities of revoking, the company
became bankrupt and was declared so by the Court of Haarlem. Afterwards all certificates of
PKIoverheid and the qualified ones too were as well revoked and almost all the public
certificates that were active and still remaining were as well revoked.
Findings
After the investigation carried out by the Fox-IT company, they discovered a good
number of facts related to the attack on DigiNotar. First, they discovered that, the intruder
used the webservers located on the outskirts of the network of DigiNotar as the entry points
and that webservers of Docproof2 and the main web were being run on a version of
DotNetNuke that was outdated and was likely to suffer from vulnerabilities of the security
which were later attacked on June 17, 2011. Also scripts located in directory / beurs which
were the up.aspx and settings.aspx were utilized as the file managers and also the server was
used to access the rest of the systems located in the network. A total of 21 external and 12
internal IP addresses that were suspicious and linked to the / beurs directory in the time of
DigiNotar attack together with other 125 file that were unique were recognized to have been
copied.
Attempts to connecting to the server of MSSQL first happened from the DMX-ext-net
to Office-net. Afterwards, the user account of MSSQLusr was used to carry out an activity
the intruder to link to the Office-net systems and segments of the Secure-net so that he could
operate via the graphical interface of the user where in this case he utilized internet explorer.
He then exploited the used numerous number of IP addresses so that he could hide his
identity. After gaining or accessing the Certificates, the intruder used the rogue certificates to
gain access to the websites so that he could perform the SSL attack.
Implications of DigiNotar attack
The attack on the DigiNotar led to the government of Dutch publicly revoking
DigiNotar trust as well as the certificates that the company had issued to its clients. As a result
of that step, a good number of the manufactures of the browsers as well revoked their
DigiNotar trust on the off chance that they had revoked the trust already. Another implication
that resulted from the attack was that OPTA terminated the registration of the company like
an authority of certificate for signatures that were qualified as according to the law of
telecommunication of Dutch. As a result of all those activities of revoking, the company
became bankrupt and was declared so by the Court of Haarlem. Afterwards all certificates of
PKIoverheid and the qualified ones too were as well revoked and almost all the public
certificates that were active and still remaining were as well revoked.
Findings
After the investigation carried out by the Fox-IT company, they discovered a good
number of facts related to the attack on DigiNotar. First, they discovered that, the intruder
used the webservers located on the outskirts of the network of DigiNotar as the entry points
and that webservers of Docproof2 and the main web were being run on a version of
DotNetNuke that was outdated and was likely to suffer from vulnerabilities of the security
which were later attacked on June 17, 2011. Also scripts located in directory / beurs which
were the up.aspx and settings.aspx were utilized as the file managers and also the server was
used to access the rest of the systems located in the network. A total of 21 external and 12
internal IP addresses that were suspicious and linked to the / beurs directory in the time of
DigiNotar attack together with other 125 file that were unique were recognized to have been
copied.
Attempts to connecting to the server of MSSQL first happened from the DMX-ext-net
to Office-net. Afterwards, the user account of MSSQLusr was used to carry out an activity
that was suspicious on the server. On 18th June of the year 2011, traffic was generated by
servers internally to addresses of IP which obviously were exploited by the intruder. On 29th
June, numerous attempts of scanning were performed to enhance foothold in other segments
of the network. On 1st July, the first activity of scanning happened in the Secure-net. On 2nd
July, the first connection that was successful was carried out from the Secure-net towards
DMZ-ext. on 3rd July, time was modified in the script of XUDA with a message that was
personal to the server of Public-CA from the intruder. On 4th July, tools were automatically
set for transferring files from the server of Public-CA. On 10th July, the first set of certificates
that were rogue were generated successfully on the Relation server of Public-CA, followed by
another set of 85 and 198 certificates that were rogue. The requests were made from a
subscriber of DSL based in Iran. On 18th July, the logs of file indicated 124 certificates of
rogue that were generated the server of Public-CA. On 20th July, the files of log indicated
another 124 certificates that were rogue which were generated in the server of Public-CA
which was the date that was known for the generation of certificates that were rogue. On 22nd
July, the final traffic was generated within the network of DigiNotar to the IP addresses of the
intruder that were known based on the examination carried out on the logs of firewall.
Lessons learnt
Fox-IT addressed a number of lessons that could be learnt from the incident of attack
of the network of DigiNotar Certificates Authority. The lessons included the following:
Businesses and users that are average are at the verge of being attacked through the
attacks which are against Third Parties that are Trusted in the Infrastructure of the Public Key.
The only way of protection for them on networks that are public is by ensuring that their
software is always updated, using a product of antivirus and to be extra careful regarding
content from sources that are not trusted. This kind of countermeasure is advantageous in that
it is simple and can easily be implemented by anyone and use of latest versions of software is
more secure as newer versions contain lesser vulnerabilities. The only disadvantage is that;
continuous update of the software can be expensive on the user.
Another issue is that; users are required to have trust on the security of the members
that form the Public Key Infrastructure so that the entire system can carry out its operations
effectively. Based on the knowledge of the repercussions of breach in the Certificate
Authority’s security on the PKI at large and generally the internet, maintaining the security of
all Certificate Authority is vital regarding the PKI trust in provision of security for a wide
range of internet activities. Having trust in the security provided is advantageous such that in
servers internally to addresses of IP which obviously were exploited by the intruder. On 29th
June, numerous attempts of scanning were performed to enhance foothold in other segments
of the network. On 1st July, the first activity of scanning happened in the Secure-net. On 2nd
July, the first connection that was successful was carried out from the Secure-net towards
DMZ-ext. on 3rd July, time was modified in the script of XUDA with a message that was
personal to the server of Public-CA from the intruder. On 4th July, tools were automatically
set for transferring files from the server of Public-CA. On 10th July, the first set of certificates
that were rogue were generated successfully on the Relation server of Public-CA, followed by
another set of 85 and 198 certificates that were rogue. The requests were made from a
subscriber of DSL based in Iran. On 18th July, the logs of file indicated 124 certificates of
rogue that were generated the server of Public-CA. On 20th July, the files of log indicated
another 124 certificates that were rogue which were generated in the server of Public-CA
which was the date that was known for the generation of certificates that were rogue. On 22nd
July, the final traffic was generated within the network of DigiNotar to the IP addresses of the
intruder that were known based on the examination carried out on the logs of firewall.
Lessons learnt
Fox-IT addressed a number of lessons that could be learnt from the incident of attack
of the network of DigiNotar Certificates Authority. The lessons included the following:
Businesses and users that are average are at the verge of being attacked through the
attacks which are against Third Parties that are Trusted in the Infrastructure of the Public Key.
The only way of protection for them on networks that are public is by ensuring that their
software is always updated, using a product of antivirus and to be extra careful regarding
content from sources that are not trusted. This kind of countermeasure is advantageous in that
it is simple and can easily be implemented by anyone and use of latest versions of software is
more secure as newer versions contain lesser vulnerabilities. The only disadvantage is that;
continuous update of the software can be expensive on the user.
Another issue is that; users are required to have trust on the security of the members
that form the Public Key Infrastructure so that the entire system can carry out its operations
effectively. Based on the knowledge of the repercussions of breach in the Certificate
Authority’s security on the PKI at large and generally the internet, maintaining the security of
all Certificate Authority is vital regarding the PKI trust in provision of security for a wide
range of internet activities. Having trust in the security provided is advantageous such that in
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
case of any suspicious events, the user can easily notify the authority while the disadvantage
may be that, due to the trust, the attacker may exploit that trust and perform attacks on the
user. This approach can easily be implemented as well.
Certificate service providers need to implement methods of detection besides
prevention. It is not possible to assume that the preventive measures will guarantee total
prevention from an attack. When measures of detection on the attempts of intruding an
infrastructure that is secured are implemented together with the measures of prevention, it
results to minimal chances of intrusions that are successful. The advantage of the method is
that, the attacks will be detected even before they can be exploited while its disadvantage is
that, the methods may fail to work at some point and the technicality involved may be
complicated and expensive for some to implement.
Another thing that needs to be considered is enforcement of strict separation in jobs
which contains aims that are competing which are carried out by employees, since the jobs
may pose effects on the organizations’ security or may be on the infrastructure of the
organization. Its advantage is that; every employee will work only to perfect their area of
jurisdiction. This can also be implemented easily by an organization as only an officer is
required to carry out the dividing of allocating the tasks.
Finally, businesses such as the Certificate Service Providers and users may be able to
protect themselves against numerous kinds of threats of security. They can achieve this
through the reading through several books of security as well as the articles, undertaking
standards and courses which may offer information that is detailed regarding appropriate
measures that may be taken. Also, they may also implement a formal system of management
of the security of information like the ISO-27001. (BV, Fox-IT, 2012)
Protocol design and Analysis
Threat model
In the scenario described, it is possible for the man in the middle attack to be
performed by an attacker. Some versions of the OpenSSL contain the Heartbleed bug which is
a crucial vulnerability in the cryptographic software of the OpenSSL. The bug enables a third
party to steal the information guarded by the TLS/SSL encryption which is used to offer
may be that, due to the trust, the attacker may exploit that trust and perform attacks on the
user. This approach can easily be implemented as well.
Certificate service providers need to implement methods of detection besides
prevention. It is not possible to assume that the preventive measures will guarantee total
prevention from an attack. When measures of detection on the attempts of intruding an
infrastructure that is secured are implemented together with the measures of prevention, it
results to minimal chances of intrusions that are successful. The advantage of the method is
that, the attacks will be detected even before they can be exploited while its disadvantage is
that, the methods may fail to work at some point and the technicality involved may be
complicated and expensive for some to implement.
Another thing that needs to be considered is enforcement of strict separation in jobs
which contains aims that are competing which are carried out by employees, since the jobs
may pose effects on the organizations’ security or may be on the infrastructure of the
organization. Its advantage is that; every employee will work only to perfect their area of
jurisdiction. This can also be implemented easily by an organization as only an officer is
required to carry out the dividing of allocating the tasks.
Finally, businesses such as the Certificate Service Providers and users may be able to
protect themselves against numerous kinds of threats of security. They can achieve this
through the reading through several books of security as well as the articles, undertaking
standards and courses which may offer information that is detailed regarding appropriate
measures that may be taken. Also, they may also implement a formal system of management
of the security of information like the ISO-27001. (BV, Fox-IT, 2012)
Protocol design and Analysis
Threat model
In the scenario described, it is possible for the man in the middle attack to be
performed by an attacker. Some versions of the OpenSSL contain the Heartbleed bug which is
a crucial vulnerability in the cryptographic software of the OpenSSL. The bug enables a third
party to steal the information guarded by the TLS/SSL encryption which is used to offer
privacy and security over the applications of the internet such as messaging that is instant and
email which were to be used in the scenario described. The bug would enable an intruder to
access the private key to be used in the communication and use it to decrypt the information
being passed on. The intruder would then be able to eavesdrop the message the whistleblower
is sharing with the reporter, alter it and then impersonate the reporter and the whistleblower
and change the conversation.
Activity in the store
The piece of paper would help in reminding each other of the public and private keys
to be used. Hence, I would scribble the keys and pass them on to the whistleblower just as a
reminder. Then, towards going to the store, we would proceed there are different time
intervals. I can first leave the bench at the park and proceed to the store and start locating a
computer to use just like any other customer. The whistleblower would then join me in the
store sometime later and locate a different independent computer as well some meters away
from me and then each one of use logs in to the email account and start chatting.
For example, I would encrypt a message, m, using the public key kA and then send it to
the whistleblower who then reads it by decrypting it using private key eA, that is; {m} kA. For
the whistleblower to prover that the message came from him, he can encrypt the message
using private key eA, that is, {m}eA. The whistleblower would then encrypt a response to me
and send the message, m, using private key eA and then encrypts it with public key kB so that I
can verify the message came from him, that is, {{m}eA} kB.
Authentication and Data Transfer Protocol
In this scenario, authentication can be performed by the use of the protocol of Station-
to-Station. This protocol supplements the key establishment of Deffie-Hellman by introducing
the signing of exponents by the agents to ensure authentication.
M 1. a → b: gx mod n
M 2. b → a: gy mod n, {{gy mod n, gx mod n}sk(b)}k
M 3. a → b: {{gx mod n, gy mod n}sk(a)}k .
The use of k encryption was meant to indicate to the other agent that they are aware of the key
being used.
email which were to be used in the scenario described. The bug would enable an intruder to
access the private key to be used in the communication and use it to decrypt the information
being passed on. The intruder would then be able to eavesdrop the message the whistleblower
is sharing with the reporter, alter it and then impersonate the reporter and the whistleblower
and change the conversation.
Activity in the store
The piece of paper would help in reminding each other of the public and private keys
to be used. Hence, I would scribble the keys and pass them on to the whistleblower just as a
reminder. Then, towards going to the store, we would proceed there are different time
intervals. I can first leave the bench at the park and proceed to the store and start locating a
computer to use just like any other customer. The whistleblower would then join me in the
store sometime later and locate a different independent computer as well some meters away
from me and then each one of use logs in to the email account and start chatting.
For example, I would encrypt a message, m, using the public key kA and then send it to
the whistleblower who then reads it by decrypting it using private key eA, that is; {m} kA. For
the whistleblower to prover that the message came from him, he can encrypt the message
using private key eA, that is, {m}eA. The whistleblower would then encrypt a response to me
and send the message, m, using private key eA and then encrypts it with public key kB so that I
can verify the message came from him, that is, {{m}eA} kB.
Authentication and Data Transfer Protocol
In this scenario, authentication can be performed by the use of the protocol of Station-
to-Station. This protocol supplements the key establishment of Deffie-Hellman by introducing
the signing of exponents by the agents to ensure authentication.
M 1. a → b: gx mod n
M 2. b → a: gy mod n, {{gy mod n, gx mod n}sk(b)}k
M 3. a → b: {{gx mod n, gy mod n}sk(a)}k .
The use of k encryption was meant to indicate to the other agent that they are aware of the key
being used.
However, the station to station protocol can be attacked by an intruder in this manner:
M α.1. D → IE: gx mod n
M β.1. I → E: gx mod n
M β.2. E → I: gy mod n, {{gy mod n, gx mod n}sk(E)}k
M α.2. IE → D: gy mod n, {{gy mod n, gx mod n}sk(E)}k
M α.3. D → IE: {{gx mod n, gy mod n}sk(D)}k .
In the model above, D has the idea that, the protocol run that he was performing with
E has been completed while on the other hand, in the mind of E, he does not think that the
protocol he was running was with D. To prevent this attack, inclusion of identities with the
components that are signed should be considered. (Sean and John, 2007)
The best way to transfer data securely is to use simple mail transfer protocol that is
complemented by the TLS encryption or the SSL encryption although the current version of
TLS is adequate as it incorporates all the functions of the SSL. TLS uses the encryption of the
private and public key and creates a connection of transport that is secure between the servers
of the email and the transfer protocol of simple mail. The content of the encrypted email
cannot be intruded by attackers since they cannot access the required key for the encryption.
Regardless of the source used to send the email such as the browser of the web and the client
of email such as the Outlook, it is almost impossible to snoop the email content. The protocol
of TLS uses the function of pseudo-random which makes it difficult for the intruders to
intercept the data being transmitted. It also uses the standard of digital signature as an
exchange key together with the algorithm of Diffie Hellmann which ensures that it becomes
difficult for the intruder to decode the coded content of the email. Another aspect of security
of TLS is that, it is separated into a number of protocols which must be intercepted
subsequently by an attacker when they want to access the content. This makes is hard for the
attacker to try intruding. Finally, another advantage of the security of TLS is that, its
encryption cannot be easily deciphered. (Barton et al, 2016)
Despite all the advantages of using the TLS in the transfer of email, it has some issues
which includes that, it relies on the DNS which contains some weaknesses that are known
world wide like spoofing. Another issue is that, the encryption of email on TLS fails to
provide auditing that can be easily accessed or fails to provide transmission proof. On the
offchance that a sender sends an email to a server that is not verified or the email is sent in
text that is plain, the protocol does not provide notification of trails for auditing for access for
the administrators of the system.
M α.1. D → IE: gx mod n
M β.1. I → E: gx mod n
M β.2. E → I: gy mod n, {{gy mod n, gx mod n}sk(E)}k
M α.2. IE → D: gy mod n, {{gy mod n, gx mod n}sk(E)}k
M α.3. D → IE: {{gx mod n, gy mod n}sk(D)}k .
In the model above, D has the idea that, the protocol run that he was performing with
E has been completed while on the other hand, in the mind of E, he does not think that the
protocol he was running was with D. To prevent this attack, inclusion of identities with the
components that are signed should be considered. (Sean and John, 2007)
The best way to transfer data securely is to use simple mail transfer protocol that is
complemented by the TLS encryption or the SSL encryption although the current version of
TLS is adequate as it incorporates all the functions of the SSL. TLS uses the encryption of the
private and public key and creates a connection of transport that is secure between the servers
of the email and the transfer protocol of simple mail. The content of the encrypted email
cannot be intruded by attackers since they cannot access the required key for the encryption.
Regardless of the source used to send the email such as the browser of the web and the client
of email such as the Outlook, it is almost impossible to snoop the email content. The protocol
of TLS uses the function of pseudo-random which makes it difficult for the intruders to
intercept the data being transmitted. It also uses the standard of digital signature as an
exchange key together with the algorithm of Diffie Hellmann which ensures that it becomes
difficult for the intruder to decode the coded content of the email. Another aspect of security
of TLS is that, it is separated into a number of protocols which must be intercepted
subsequently by an attacker when they want to access the content. This makes is hard for the
attacker to try intruding. Finally, another advantage of the security of TLS is that, its
encryption cannot be easily deciphered. (Barton et al, 2016)
Despite all the advantages of using the TLS in the transfer of email, it has some issues
which includes that, it relies on the DNS which contains some weaknesses that are known
world wide like spoofing. Another issue is that, the encryption of email on TLS fails to
provide auditing that can be easily accessed or fails to provide transmission proof. On the
offchance that a sender sends an email to a server that is not verified or the email is sent in
text that is plain, the protocol does not provide notification of trails for auditing for access for
the administrators of the system.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Bibliography
Barton, Christopher Andrew, Graham Andrew Clarke, and Simon Crowe. "Transferring data
via a secure network connection." U.S. Patent 7,093,121, issued August 15, 2016.
Bellovin, Steven M., and Michael Merritt. "Encrypted key exchange: Password-based
protocols secure against dictionary attacks." In Research in Security and Privacy, 2012.
Proceedings., 2012 IEEE Computer Society Symposium on, pp. 72-84. IEEE, 2012.
BV, Fox-IT. "Black Tulip Report of the investigation into the DigiNotar Certificate Authority
breach." Delft, The Netherlands, 2012.
Callegati, Franco, Walter Cerroni, and Marco Ramilli. "Man-in-the-Middle Attack to the
HTTPS Protocol." IEEE Security & Privacy. 2009.
Desmedt, Yvo. "Man-in-the-middle attack." In Encyclopedia of cryptography and security,
pp. 759-759. Springer US, 2011.
Franks, John, Phillip Hallam-Baker, Jeffrey Hostetler, Scott Lawrence, Paul Leach, Ari
Luotonen, and Lawrence Stewart. HTTP authentication: Basic and digest access
authentication. No. RFC 2617. 2009.
Nethanel, Senia, Bar and Hen Porcilan. “The Password Reset MitM Attack” on:
https://www.ieee-security.org/TC/SP2017/papers/207.pdf
Joshi, Yogesh, Debabrata Das, and Subir Saha. "Mitigating man in the middle attack over
secure sockets layer." In Internet Multimedia Services Architecture and Applications
(IMSAA), 2009 IEEE International Conference on, pp. 1-5. IEEE, 2009.
Maynard, Peter, Kieran McLaughlin, and Berthold Haberler. "Towards Understanding Man-
in-the-middle Attacks on IEC 60870-5-104 SCADA Networks." In ICS-CSR. 2014.
Barton, Christopher Andrew, Graham Andrew Clarke, and Simon Crowe. "Transferring data
via a secure network connection." U.S. Patent 7,093,121, issued August 15, 2016.
Bellovin, Steven M., and Michael Merritt. "Encrypted key exchange: Password-based
protocols secure against dictionary attacks." In Research in Security and Privacy, 2012.
Proceedings., 2012 IEEE Computer Society Symposium on, pp. 72-84. IEEE, 2012.
BV, Fox-IT. "Black Tulip Report of the investigation into the DigiNotar Certificate Authority
breach." Delft, The Netherlands, 2012.
Callegati, Franco, Walter Cerroni, and Marco Ramilli. "Man-in-the-Middle Attack to the
HTTPS Protocol." IEEE Security & Privacy. 2009.
Desmedt, Yvo. "Man-in-the-middle attack." In Encyclopedia of cryptography and security,
pp. 759-759. Springer US, 2011.
Franks, John, Phillip Hallam-Baker, Jeffrey Hostetler, Scott Lawrence, Paul Leach, Ari
Luotonen, and Lawrence Stewart. HTTP authentication: Basic and digest access
authentication. No. RFC 2617. 2009.
Nethanel, Senia, Bar and Hen Porcilan. “The Password Reset MitM Attack” on:
https://www.ieee-security.org/TC/SP2017/papers/207.pdf
Joshi, Yogesh, Debabrata Das, and Subir Saha. "Mitigating man in the middle attack over
secure sockets layer." In Internet Multimedia Services Architecture and Applications
(IMSAA), 2009 IEEE International Conference on, pp. 1-5. IEEE, 2009.
Maynard, Peter, Kieran McLaughlin, and Berthold Haberler. "Towards Understanding Man-
in-the-middle Attacks on IEC 60870-5-104 SCADA Networks." In ICS-CSR. 2014.
Meyer, Ulrike, and Susanne Wetzel. "A man-in-the-middle attack on UMTS." In Proceedings
of the 3rd ACM workshop on Wireless security, pp. 90-97. ACM, 2014.
Prins, J. Ronald, and Business Unit Cybercrime. "DigiNotar Certificate Authority
breach’Operation Black Tulip’." Fox-IT, November (2011).
Ramachandran, A., Rupika Chawla, Jyotisha Jośī, and Amit Mukhopadhyay. A.
Ramachandran. Lalit Kala Akademi, 2012.
Sean S. and John M. “Building Blocks for Secure Systems”. In the book of The Craft of
System Security, 2007.
Tsuji, Takasuke, Takashi Kamioka, and Akihiro Shimizu. "Simple and secure password
authentication protocol, ver. 2 (SAS-2)." In ITE Technical Report 26.61, pp. 7-11. The
Institute of Image Information and Television Engineers, 2012.
of the 3rd ACM workshop on Wireless security, pp. 90-97. ACM, 2014.
Prins, J. Ronald, and Business Unit Cybercrime. "DigiNotar Certificate Authority
breach’Operation Black Tulip’." Fox-IT, November (2011).
Ramachandran, A., Rupika Chawla, Jyotisha Jośī, and Amit Mukhopadhyay. A.
Ramachandran. Lalit Kala Akademi, 2012.
Sean S. and John M. “Building Blocks for Secure Systems”. In the book of The Craft of
System Security, 2007.
Tsuji, Takasuke, Takashi Kamioka, and Akihiro Shimizu. "Simple and secure password
authentication protocol, ver. 2 (SAS-2)." In ITE Technical Report 26.61, pp. 7-11. The
Institute of Image Information and Television Engineers, 2012.
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.