## CS 4740 / CS 6740 - Network Security

### Project 1: Authentication

This project is due at 11:59pm on February 10, 2015.

### Description

In this project, you will execute a multi-stage attack against several network services in order to steal some secret flags. Executing this attack will require cracking user passwords, implementing the Needham-Schroeder key exchange protocol, and avoiding a firewall that is protecting a Database. In the end, you will submit the secret flags you have stolen from the Database (along with the answer to a question given below).

### Network Setup

The server guldendraak.ccs.neu.edu is running three services that you will target in this assignment.

• Database (port 2002): The Database has a single table that links user names to secret flags. Your ultimate goal is to steal the secret flags for three users. However, the only way to access each record in the database is to supply the correct authentication token. Furthermore, access to the Database is restricted by an application-level firewall that drops certain kinds of queries from untrusted hosts.
• Token Server (port 5453): The Token Server returns the authentication token associated with a given user account. You will need these tokens to access the records in the Database. However, the Token Server only communicates with clients over an authenticated, encrypted channel that is mediated by Needham-Schroeder key exchange.
• Needham-Schroeder Server (port 5452): The NS Server implements Needham-Schroeder key exchange, and mediates access to the Token Server. However, accessing the NS Server requires knowing valid username/password combinations.
As you can see, the three services are all linked. You need a username/password to contact the NS Server, the NS Server grants access to the Token Server, and the Token Server returns authentication tokens that are needed to access the Database.

### Protocols

All three of the services on guldendraak.ccs.neu.edu use the same basic network protocol. All ports are TCP, and all servers expect messages in the following format:

XXXXXXXXmsg
where XXXXXXXX is the zero-prefixed string encoding of the 32-bit length of the message, and msg is the message itself. Messages will either be string encoded JSON objects, or base64 encoded, AES encrypted JSON objects. For example, the following is a valid JSON message:
00000017{"x":123,"y":456}
Alternatively, you may see encrypted messages that look like this:
00000025AcF9_/3kRF5sl1_snv-RB/T==

The first step in this assignment is cracking the passwords for three users of the system outlined above. Fortunately, an insider has leaked the password hashes for three users:

aoun $1$HUSKIES!$v/mh7SBLm8/3SBL6w0Z9M1 curry$1$HUSKIES!$xk2VnxpJYAGOxEl0W8uEP0
ryder $1$HUSKIES!$R9bstTQ9eG2Pzql0cq7kd/ Your task is to recover the corresponding passwords for these accounts using the pre-computed table of hash chains in this file. This JSON file contains the start and end values for each chain, the salt known to be used for these three acounts, and the length $$k$$ for each chain. The hash function $$H$$ is MD5 (hint: check man 3 crypt), while the reduction $$R$$ for a hash value of length $$m$$ is $R(x)=r(x_m)|r(x_{m-1})|...|r(x_{m-7})$ where $r(x)=(x\mod26)+\unicode{x201C}a\unicode{x201D}$ and " $$|$$ " means concatenation. In other words, $$R$$ takes the last eight digits of a hash value in reverse, and for each character $$x$$ produces the $$x\mod26$$ lowercase ASCII letter. Once you have recovered the passwords for these three users, you can use these username/password combos to access the NS Server. ### Step 2: Obtaining Authentication Tokens The second step in this assignment is obtaining authentication tokens. These tokens are necessary to access the Database. The Token Server stores a unique token for each user in this system, and it will happily tell you the token for a given user... after you authenticate with the NS Server and perform a Needham-Schroeder key exchange. To begin this process, you will need to send a JSON formatted message to the NS Server with the following information: { "client_id": [a valid username, e.g. "ryder", as a string], "server_id": "token_server", "nonce" : [a random nonce, as an integer] } As specified in the Needham-Schroeder protocol, the NS Server will return an AES encrypted JSON response. The encryption key is the given user's password. The following pseudocode is used to encrypt messages on the server-side: function encrypt(password, msg): hashed_pw = SHA(password).substring(0, 32) iv = [16 random bytes] return base64_encode(iv + AES_encrypt(hashed_pw, AES_MODE_CFB, iv, msg)) To decrypt messages, you will need to reverse these steps. Notice that the data is base64 encoded, the first 16 bytes are the salt, and AES is executed in MODE_CFB. Furthermore, AES requires keys that are a power of two long, so raw passwords (like those recovered in step 1) are first hashed using SHA1, and then the first 32 bytes are used as the encryption key. Once you have decrypted the message from the NS Server, you will be able to complete the Needham-Schroeder key exchange by directly contacting the Token Server. We omit the remaining details of the key echange protocol; you should be able to figure them out ;) If you successfully complete the Needham-Schroeder key exchange with the Token Server, it will respond with an authentication token that corresponds to the client_id given in the initial JSON request to the NS Server. ### Step 3: Stealing the Secret Flags The final step in this assignment is to obtain the secret flags from the Database. The Database expects to receive clear-text JSON messages in the following format: { "command" : "AUTH", "client_id" : [a valid username, e.g. "ryder", as a string], "token" : [the token associated with the given username, as a string] } The Database will respond to these queries with the secret flag for the given user. However, the Database is running behind a firewall that will drop all packets containing "AUTH" commands. To obtain the secret flags, you will need to figure out a way around the firewall... ### What You Need to Turn In To receive credit on this assignment, you will need to turn in all your code, as well as a file named secrets.json that contains the following JSON formatted data: { "aoun_secret": [aoun's secret flag, as a string], "curry_secret": [curry's secret flag, as a string], "ryder_secret": [ryder's secret flag, as a string], "table_efficiency": [float] }  You can use the following Python commands to test whether your file is valid JSON: % python >>> import json >>> json.loads(open('secrets.json').read()) If you see an exception, then your file is not formatted correctly (or your file couldn't be found). ### Question 1: Table Efficiency The provided hash chain table contains a number of collisions that reduces its theoretical maximum coverage of the password space $$c = n \times k$$ where $$n$$ is the number of chains. Compute the table's actual coverage of the password space $$c'$$ and its efficiency $$\frac{c'}{c}$$. Put this number in your secrets.json file. ### Language and Libraries You can write your code in whatever language you choose, as long as your code compiles and runs on unmodified Khoury College Linux machines on the command line. Do not use libraries that are not installed by default on the Khoury College Linux machines. Similarly, your code must compile and run on the command line. You may use IDEs (e.g. Eclipse) during development, but do not turn in your IDE project without a Makefile. Make sure you code has no dependencies on your IDE. You may use whatever libraries you wish in this project, provided they are on the Khoury College Linux machines. This includes libraries for base64 encoding/decoding, any necessary encryption routines, cryptographic hashing, etc. ### Submitting Your Project If you have not done so already, register yourself for our grading system using the following command: $ /course/cs6740sp15/bin/register-student [NUID]
$/course/cs6740sp15/bin/register project1 [team name] This will either report back success or will give you an error message. If you have trouble registering, please contact the course staff. You and your partner(s) must all run this script with the same [team name]. This is how we know you are part of the same group. To turn-in your project, you must submit your code along with a file named secrets.json that contains the secrets obtained from the Database, as well as the answer to Question 1 given above. Your secrets.json file and source code should all be placed in a directory. You submit your project by running the turn-in script as follows: $ /course/cs6740sp15/bin/turnin project1 [project directory]