当前位置:首页 > 报告详情

法比安·鲍默_陆龟攻击通过序列号操纵破坏SSH通道完整性.pdf

上传人: 张** 编号:175516 2024-09-13 31页 1.69MB

1、#BHUSA BlackHatEventsTerrapin Attack:Breaking SSH Channel Terrapin Attack:Breaking SSH Channel Integrity by Sequence Number ManipulationIntegrity by Sequence Number ManipulationFabian BumerRuhr University Bochum Marcus BrinkmannRuhr University Bochum Jrg SchwenkRuhr University Bochum#BHUSA BlackHatE

2、ventsA Tale Of System Administrationsrv-prod-01ProductionSysadmin Bobbobsrv-prod-01SSHmallorysrv-test-01SSHTrainee Mallorysrv-test-01TestNetwork TAP#BHUSA BlackHatEventsDemo-A Normal Workday For Bob#BHUSA BlackHatEventsIn The Next 30 Minutes You Will Learn how Mallory was able to mess with Bobs user

3、 authentication which other attack variants Mallory can perform the specific requirements for Mallorys attack to work how Bob can protect himself against Mallorys attackBeyond that,how adding modern cryptography to older protocols can go wrong how we handled a protocol-level responsible disclosure#B

4、HUSA BlackHatEventsSSH Connection Protocol(RFC 4254)SSH Authentication Protocol(RFC 4252)SSH Transport Layer Protocol(TLP)(RFC 4253)=Binary Packet Protocol=SSH Key ExchangeTCP/IPUnderstanding SSH Is Key to Understanding Mallorys Attack#BHUSA BlackHatEventsSSH-2.0-PuTTY-Release-0.80SSH-2.0-OpenSSH_9.

5、6p1Step 1:Exchange of Protocol VersionBobServer#BHUSA BlackHatEventsSSH-2.0-PuTTY-Release-0.80SSH-2.0-OpenSSH_9.6p1KEXINIT:,_KEXINIT:,_Step 2:Exchange of Supported AlgorithmsServerBob#BHUSA BlackHatEventsProtocol Version ExchangeKEXINIT:,_KEXINIT:,_KEXDHINIT:KEXDHREPLY:,Step 3:Performing Key Exchang

6、eServerBobImportant:Computedover a fixed subset ofmessage fields#BHUSA BlackHatEventsNEWKEYSKEXINIT:,_KEXINIT:,_KEXDHINIT:KEXDHREPLY:,NEWKEYSProtocol Version ExchangeStep 4:Activating the Secure ChannelServerBob#BHUSA BlackHatEventsKEXINIT:,_KEXINIT:,_KEXDHINIT:Protocol Version ExchangeNEWKEYSNEWKEY

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文介绍了一种名为Terrapin的针对SSH通道完整性的新型加密攻击,该攻击通过操纵序列号来实现,即使在没有实现漏洞的情况下也可以降低连接的安全性。攻击者Mallory可以通过延迟认证成功的时间来实施攻击,而服务器在认证过程中若接受其他消息,则可能导致更严重的后果。文章指出,SSH协议中的序列号链接和松散的服务器状态机是导致攻击成功的关键因素。为应对这一攻击,作者提出了“严格KEX”(Strict KEX)的协议级对策,建议在密钥安装时重置序列号,并对整个握手过程进行认证,以防止意外消息的注入。已有31家厂商在披露后采取了修复措施。这项研究强调了在实际应用中加密协议的安全性重要性,并提倡了负责任的披露流程。
Terrapin攻击揭秘" "如何防范SSH通道完整性攻击?" 挑战与解决方案"
客服
商务合作
小程序
服务号
折叠