Download - SECURE INSTANT MESSENGER
SECURE INSTANT MESSENGER
HUSKY HACKERS –GROUP 7ABDULLA AL ALIDEEPAK KALRA
RAGURAM KRISHNAMACHARISHINN CHYANG
IMPLEMENTATION•Finite State Machine•3 Event –
•Transport Event•GUI Event•Timeout Event
•Swing GUI •Threads•Transport Layer - UDP
•Listener•Sender
•Business Logic - Requests
SOFTWARE ENGINEERING• Waterfall Approach•Use Cases•State Diagrams•Coding Guidelines• Implementation•Code Review•Testing•Java Docs•Other Documents•Deployment
CHALLENGES• RSA encryption •Client State Machine – One Client •Chat with one user at a time
• IM state transition when A talks to B
•Timeline when A is talking to B, C wants to talk to A
CHALLENGES (State Machine)LOGIN
P2P authentication
P2P Message exchange
RID 250 RID 520 RID 530
Time 1 2 3A→B RID 250 RID 520 RID 530C→A RID 250 RID 520
PROTECTION (Linux server)• Setup snort + log traffic
• Setup AIDE
• Disabling Extraneous services (cupsd, exim)
• Configure Firewall (iptables)
PROTECTION (IM)•Cookie challenge to prevent DOS attack•Timestamp•Strong encryption and hash algorithm•Event logs on IM server
REQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_210 A -> S LOGIN PLAINTEXT
RID_220 S -> A C PLAINTEXT
RID_230 A -> S C, {T1, UA, PKA, h(pwd)}PKS RSA
RID_240 S -> A {UA, T1, T2, KA}PKA RSA
RID_250 A -> S KA {T2} RSA
ATTACKS ON OTHER TEAMS• Lack of documentation
• Lack of code clarity
• Server uptime
TEAM 1 – KADS• Design does not match implementation
•Client did not run in LINUX•Client & Server have to run in the same machine •Could not log in two users simultaneously
TEAM 1 – KADS (Contd …)• No timeouts, client stuck in while loop.•
•No weak password protection
•AES in ECB mode
TEAM 3 – TORMENTORS
• DoS ATTACK• Number of Client threads limited to 5000
TEAM 3 – TORMENTORS (cont.) Couldn’t run the
program(unhandled exceptions)
Second DoS
TEAM 5 – NSN•No end point hiding
TEAM 2 – ENIGMA•No end point hiding
ATTACKS SUFFERED• TEAM 3 - Trudy’s attempt to logout Bob
REQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_310 A -> S LIST, UA, KA{UA, T1} AES
RID_320 S -> A KA {T1, [usernames]} AES
REQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_710 A -> S LOGOUT, UA, KA {UA, T1} AES
RID_720 S -> A K A {T1} AES
• ARP POISONING• LIST -> LOGOUT
WHY THE ATTACK FAILED• Originating IP address did not match Bob’s// Retreive the user from the Hash Map UserInfo currentUser = (UserInfo) users.get(ipAddress);
Successful logout
Received a datagram pkt...requestID: 710 from: 10.0.7.1 RID: 710710 LOGOUTThe user Deepak was removed.
Unsuccessful logout
Received a datagram pkt...requestID: 710 from: 10.0.0.3 RID: 710Received a datagram pkt...requestID: 210 from: 10.0.0.3 RID: 210
How to prevent it
REQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_310 A -> S KA{LIST, UA, T1} AES
RID_320 S -> A KA {T1, [usernames]} AES
REQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_710 A -> S KA {LOGOUT, UA, T1} AES
RID_720 S -> A K A {T1} AES
Modify the protocols as following:
ATTACKS SUFFERED (cont.)DoS attack from 10.0.5.2Server survivedTo Prevent: Block 10.0.5.2 using the firewall
Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2
LESSONS LEARNED• Error Messages
LESSONS LEARNED (cont.)• Similar encrypted protocols• Message integrity• End point hidingREQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_310 A -> S LIST, UA, KA{UA, T1} AES
REQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_710 A -> S LOGOUT, UA, KA {UA, T1} AES
REQUEST ID FLOW DETAILS ENCRYPTION TYPE
RID_610 A -> B UA, KAB {T1, message1}, h(message1) AES + SHA1
RID_620 B -> A KAB {T1} AES