Consider the following threats to Web security and describe how each is countere
ID: 3677737 • Letter: C
Question
Consider the following threats to Web security and describe how each is countered by a particular feature of SSL. a.Brute-Force Cryptanalytic Attack: An exhaustive search of the key space for a conventional encryption algorithm.. b.Known Plaintext Dictionary Attack: Many messages will contain predictable plaintext, such as the HTTP GET command. An attacker constructs a dictionary containing every possible encryption of the known-plaintext message. When an encrypted message is intercepted, the attacker takes the portion containing the encrypted known plaintext and looks up the ciphertext in the dictionary. The ciphertext should match against an entry that was encrypted with the same secret key. If there are several matches, each of these can be tried against the full ciphertext to determine the right one. This attack is especially effective against small key sizes (e.g., 40-bit keys).. c.Replay Attack: Earlier SSL handshake messages are replayed.. d.Man-in-the-Middle Attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client.. e.Password Sniffing: Passwords in HTTP or other application traffic are eavesdropped.. f.IP Spoofing: Uses forged IP addresses to fool a host into accepting bogus data.. g.IP Hijacking: An active, authenticated connection between two hosts is disrupted and the attacker takes the place of one of the hosts.. h.SYN Flooding:An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the “half-open connection” around for a few minutes. Repeated SYN messages can clog the TCP module.
Explanation / Answer
1. Brute-force cryptanalytic attack:
SSL implementations support a variety of public and secret key crypto algorithms. The secret key algorithms use key lengths ranging from 40 bits to 168 bits. The most common SSL software is limited to 40-bit secret keys and 521-bit RSA keys because of export restrictions. While there has been no public demonstration of cracking a 512-bit public key, there have been several demonstrations of cracking 40-bit secret keys.
2. Known-plaintext dictionary attack:
SSL protects against dictionary attacks by not really using a 40-bit key. The key is really 128 bits long with only 40 bits of the key kept secret. The rest of the key is constructed from data that is disclosed in the Hello messages. However, this arrangement means that the dictionary cannot be simply 40 bits long. Since the 40-bit secret key is combined with 88-bit “disclosed” key, the resulting encryption does in fact use all 128 keys bits. Thus, the dictionary must also have separate entries for all of the 128-bit keys. This makes the attack impractical.
3. Replay attack:
The random numbers used in each session has the rst 4 bytes as the time stamp, so they are dierent for each session.Both client and server use nonces(number used once) when they send session keys. Before the message is signed the content of the message is hashed along with the nonces and they are attached to the message. The Handshake Protocol makes sure messages are sent and received with a signature hash.
4. Man-in-the-middle attack:
Certificate validation process is done. That is checking if the domain name in server’s certificate matches the domain name of the server itself. This step makes sure that the server is in the same network address specified by domain name in the certificate. This step alone protects from this attack although it is not part of SSL.
5. Password sniffing:
Passwords are encrypted to prevent password sniffing .
6.IP spoofing:
This will still work if application authenticates based on IP address. In this case SSL may not authenticate the client. IP address is not part of SSL authentication scheme.
7. IP hijacking:
If the attacker hijacks the connection after authentication, he has no way of knowing the encryption key. Even if the attacker hijacks it during handshaking, the attacker does not know the password and hence cannot succeed during the password authentication phase.
The two original hosts have agreed on a temporary secret key, so the host trying to hijack the connection would need knowledge of the key to stand in for one of the hosts. Otherwise it cannot send any message that will be seen as valid by the other side.
8. SYN flooding:
SSL does not protect SYN flooding. This attack occurs at the TCP. SSL is in on top of TCP.