In this project, you are asked to perform various attacks on variations of the Needham-Schroeder handshake protocol. Instead of running the handshake over the network, we simulate it using java classes. This is to simplify the assignment.
There are three java classes Client, Server, and KDC simulating the functions of three different machines on the network. These classes communicate using the methods provided by the Router class. Normally, this class simply forwards all messages to the requested parties.
However, you have taken control of this router and plan to exploit the weaknesses of the handshake protocols to find out a secret which is available only to the client or the server. This secret message is stored as a private variable in that class.
You are given source code for four implementations of Needham-Schroeder handshake protocol which are named from handshake1 to handshake4. They differ in terms of messages sending back and forth, and the number of messages. For each handshake, there are 5 java classes:
- KDC: Simulating Key Distribution Center. It accepts request from Client(Alice), then generate session key for following communication between Client(Alice) and Server(Bob).
- Client: Simulating Alice who wants to communicate with Bob. She first sends request to KDC asking for session key and a ticket which is used to authenticate herself to Bob. Later, she communicates with Bob using the session key shared between them.
- Server: Simulating Bob. When receiving request from Alice, he will authenticate Alice using the ticket provided by Alice and obtain the session key.
- Router: Simulating the man in the middle who eavesdrops messages transmitted between Alice and KDC, and between Alice and Bob. Currently, it simply forwards all messages to the requested parties.
- Common: Defining shared methods which are used by other class. They are all public static methods and can be called directly.
The source code will be provided:
Note: You do have to read the source code in order to solve the problems, but not for all the different handshakes. Use thediffcommand and only look at the differences. For example,handshake3andhandshake4are completely identical except for their package names.
All simulations are performed on the GRACE linux servers (e.g. linux.grace.umd.edu). The following command should be used for all the tasks:/:/class/fall2007/cmsc/414/0101/public/p2tester <command>Run the script to get a list of valid commands along with their meanings. Here is a more detailed description of each command and their syntax:command :
- status: Shows you which tasks have been completed. To get full score, you need to complete all of them. These tasks have equal points. This command also displays a list of job requests by you that are not finished yet.
- info <task>: Displays all the task specific information (<task> replaced by 1, 2, 3 or 4):
- Objective: The objective is always finding the secret message held by some user.
- Password Change: In some tasks, you can request a user's password to be changed. The new value will remain unknown to you, but you will receive the old password this user was using. This also changes all the secret messages to new unknown values.
- Extra Usernames and Passwords: You have two extra usernames and their passwords. They can be used, for example, to communication with the KDC.
- run <task> <sourcefile> [outputfile]: Provide your source file Router.java to be used in the simulation in place of the trivial router. You will receive everything printed to standard output or the provided outputfile and error after the simulation. The time limit is 60 seconds for each run.
- chpass <task> <username>: Change the password as described above. Only allowed for certain users in certain tasks. You can get the lists of usernames allowed a password change from the info command.
- submit <task> <answer>: Submit the final answer of a task. The answer is the secret message asked by info command for that task. This secrete message is held either by client or server depending on the task. This is a case-sensitive string. Verification of the answer will be returned. There is no penalty for wrong answers.
Your job is to modify the given Router class and try to figure out the secret held by one party. Since all messages go through Router, you can obtain all of them. Of course, they are encrypted. You need to exploit the weakness of the protocol to obtain the secret.
This project is "self-graded". Consider task 1, for example. When you execute "p2tester run 1 path-to-your-Router.java" for task 1 without making any changes to the Router class, the following happens: a Router instance is created; the Router instance creates Client, Server, and KDC instances, and starts the Client instance running; the Client instance does a handshake with the KDC and then a handshake with the Server.Solving task 1 involves the following kinds of steps:
- Download and read the source code
- Modify the Router class so that it eavesdrops on the handshakes and outputs the eavesdropped messages to the screen.
- Execute p2tester to run the modified Router, thereby obtaining the eavesdropped messages on screen.
- Execute p2tester to change password and get the old password on screen.
- Modify the Router class so that it does an attack (e.g., replays eavesdropped messages) and exposes the desired secret on the screen.
- Execute p2tester to run the modified Router, thereby obtaining the secret on the screen.
- Execute p2tester to submit the secret. If the answer indicates success, you are done with task 1 (and the grading for task 1 is also done).
No, your Router class is only allowed to interact with the other classes using their public methods and variables. In reality, these are on different machines on the network and you only have remote access to them.
They both refer to the same thing in this project. Task 1 is performed on the source code available as handshake1, task 2 on handshake2, and so on.
Depending on the length of the original message, between one to eight bytes are added to the end of the message to make the length a multiple of 8. The contents of the padding bytes will be the same as the number of bytes being added. For example, to pad a 16 byte message, 8 bytes containing the number 8 will be used.
Do not use the array's toString method. That method only outputs the object's memory address. To print the array contents, the
java.util.Arrays.toString method can be used.
tap java150
java handshakeX.RouterYou can run this on your own machine to check whether your Router can successfully steal the secret. Here are examples of party name, password and secret message you can use to replace the "$PASS_x" and "$MSG_x".
Party Name Password Secret alice jc5-lArHN91Qrvtz leucemias-chloritization-mercuriammonium bob qHpprUaVMFBBlPCM expressway-nightclubber-bombycids trudy 48MiYkQFjUiP9iTG mangelwurzel-supersignificantly-aground mallory qouOXgrZblbPbZWw Chavante-fie-nonenactment
The project is "self-graded" (see What You Need to Do). The clock on linux.grace.umd.edu is the one used to determine your submission time. You receive full credit for the tasks of the project completed before the deadline.