聯系方式

您當前位置:首頁 >> Java編程Java編程

日期:2019-06-08 07:34

第五組

part 1 Arp Spoofing

Last week, we have seen that ARP spoofing can be used to attack the

confidentiality of a network. In this week, we will use a simplified version of an

ARP packet to illustrate this behavior and try to defend against it.

A spoofed ARP packet is basically an unsollicited ARP reply for an IP address

that is already in the network. The goal is to let the network believe that the

attacker is the one that has the IP address specified in the packet. This can

create a man in the middle attack.

Step 1

The first goal of this assignment is to create an ARP spoofing packet in the

simplified format. You can implement this in the function spoofArp(spoofIP).

The argument passed to this function is the IP address that you want to

impersonate.

Step 2

The second goal of this assignment is to implement an ARP table for your

router and detect attacks going on. An attack occurs when you observe a

packet that tries to connect your MAC address to another IP or tries to claim

an IP address that we know is already in use.

Do not save for requests, only for replies.

You have to implement the function that receives ARP

packets: receiveArp(message). This function receives an ARP packet and

returns one of three status codes:

OK - If the packet was handled by the system.

IGNORE - If the packet was not meant for this system.

ATTACK - If an attack has been detected.

Additionally, when the function receives a request of its own IP address, it

returns not a status code, but the ARP reply instead.

The simplified packet looks as follows:

Opcode - 1 byte, 1 for request and 2 for reply.

Rest of the fields are self explanatory.

All fields are hexadecimal

Part 2 Message Modification

With your implementation of the ARP spoof attack, you have entered your

favorite bank. Luckily for your attack, they do not have any detection methods

for the ARP spoof. But what they do have, is encryption in their messages.

As it so happens, you conduct a targeted attack on one of the employees of

the bank, right at the moment that money is transfered. During this attack,

you have peeked at their screen and you have seen to which account the

money is being transfered. Additionally, a secret source has provided you with

the format of the packet, and the method of encryption. From this you have

learned that the bank uses a XOR stream encryption.

The packet format is as follows (all fields are transfered in hexadecimal):

In your attack, you are interested in replacing the target account number with

your own account number.

Task

Implement the

function modifyMessage(message,targetAccount,yourAccount), in which

you modify the message in such a way that it correctly decrypts with your

account number in it.

Part 3 Message authentication code

Due to your insane hacking skills, the bank has decided to hire you to solve

all of their problems.

Your task is to implement a message authentication code (MAC) for the bank,

which can be used to verify messages. To help you do this, there is a library

function available: Hash.hash(message). This function returns a hash for the

message you put into it.

Your MAC should be built using a key, and should be resistant to replay

attacks. This means that every time a MAC is generated for a message, the

MAC should be different.

Task 1

You should implement the function addMac(message,key, messageLength).

This function should return the message with a MAC added.

Task 2

The second function to implement is checkMac(message,key,

messageLength). This function takes a message with your generated MAC

and checks if the MAC is correct. When a message is replayed against your

system, this function should label it as not correct and therefore return false.

(Hint: You can use a counter to make MACs unique for the same input.)

Challenge task for 100/100

With the other two tasks, you can receive a score of 90/100.

If you want 100/100, you will have to implement the

function forgeMac(message). To do this, you have access to the library

function that checks your answer: MacLib.checkMac(message, mac). This

function is vulnerable to a timing attack. The length of the MAC is 16

Hexadecimal characters (make sure to pad your guess to this length).

Note that due to our implementation of the checkMac function, running this

attack might take some time.


版權所有:留學生編程輔導網 2018 All Rights Reserved 聯系方式:QQ:99515681 電子信箱:[email protected]
免責聲明:本站部分內容從網絡整理而來,只供參考!如有版權問題可聯系本站刪除。

体彩22选5开奖走势图百度