Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
Fuzzy Fingerprints
Attacking Vulnerabilities in the Human Brain
Konrad Rieck (kr@roqe
...
thehackerschoice
...
1 Key exchange using public-key cryptography
...
2 Cryptographic fingerprints for key verification
2
...
2
...
2
...
1 Tweaking RSA key generation
...
4
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
2
2
2
3
4
4
5
3 Implementation details
3
...
3
...
3
...
3
...
1 Investigating the victim host
...
3
...
3
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
6
6
7
8
8
8
10
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
4 Thanks and greetings
11
References
12
1
1
Introduction
Welcome to the world of Fuzzy Fingerprinting, a new technique to attack cryptographic key authentication protocols that rely on human verification of key fingerprints
...
This document covers the theoretical background and the generation of fuzzy fingerprints and also
details on the implementation ffp [FFP] and its usage
...
2
2
...
In order to cover the background of fuzzy
fingerprinting, this document focuses on the hybrid cryptosystems and their key exchange protocols
...
Let’s introduce the classical problem of communicating using a symmetric cypher
...
This problem is not easy to solve, meeting in real life or exchanging
the session key via telephone are solutions, but often impossible to realize
...
Both continue communicating using the session key
...
While public-key cryptography looks like a really good solution to the problem, it introduces a new
problem into the scenario
...
Both parties would exchange keys,
but in fact each would receive the public key of the attacker
...
He’s now able to read the session key in cleartext and can also read the following secure
communication that uses this session key
...
2
...
g
...
Other protocols rely on digital signatures or trusted
key distribution centers to verify the integrity of the public keys
...
2
Cryptographic fingerprints (also called messages digests) are short blocks generated by cryptographic
one-way hash functions (also called collision-free hash functions)
...
In order to verify the integrity of a public key the sender and receiver both generate a
cryptographic fingerprint from the key and compare these fingerprints, e
...
by phone
...
It has been observed that most
people tend to compare only a sequence at the start and at the end of the fingerprint instead of
checking every single digit
...
This observation led to the idea
of fuzzy fingerprints
...
3
Fuzzy fingerprint quality
The intention of fuzzy fingerprinting is no to collide against a target fingerprint, but to find a fuzzy
fingerprint that would pass lazy human comparison
...
There are some methods for the generation of fuzzy fingerprints
...
Each digit of a cryptographic fingerprint is weighted according to a map of importance
...
If a digit of the fuzzy fingerprint and the target fingerprint match
the weight is added to the quality of the fuzzy fingerprint
...
The following example shows an inverse gaussian distribution for a small 2 byte fingerprint
...
At the first glance a gaussian distribution might be an overkill
for such a simple map, but it allows the generation of variable-length maps that can be generated for
several one-way hash functions, e
...
MD5 [MD5] with 16 bytes fingerprints or SHA1 [DSS] with 20
bytes fingerpints
...
This can be
achieved if the map is generated within the interval from −2π to 2π
...
An extension for finding fuzzy fingerprints has been proposed by Heinrich Langos eventhough he probably can’t remember that
...
Digits like 6 and 9 or 1 and 7 are often mixed up depending on the format of the
digits, e
...
down written or graphic fonts
...
The following example shows just a few confusions
...
It is important to note that such a key mapping is not necessary symmetric and also that such a
confusion key map has not been implemented in this release but may be added later
...
4
Finding fuzzy fingerprints
With the fuzzy quality as an instrument to order fuzzy fingerprints, an attacker is able to search for
fingerprints with the best fuzzy quality
...
Cryptographic one-way hash functions are collision-resistant (or try to be), therefore changing just one
bit of the input data should result in a complete different fingerprint (50issues into account, it should
be very hard to predict the output of a hash function so that there would be any other way than
bruteforcing to receive good fuzzy fingerprints
...
For this document the RSA [RSA] and the DSA [DSS] key generation have been reviewed
...
2
...
1
Tweaking RSA key generation
The RSA algorithm uses the following interesting variables
• p, q and n = pq, two strong prime numbers
• φ(n) = (p − 1)(q − 1)
• e with gcd(e, φ(n)) = 1, the public key
There are two possible approaches to the generation of an RSA key pair
• The first step is to randomly choose the public key e and continue to search for two prime
numbers p and q so that p and q meet gcd(e, φ(n)) = 1 or in other words e and φ(n) are relative
prime
...
• The other approach is to first calculate the two prime numbers p and q and then search for an e
so that e meets gcd(e, φ(n)) = 1
...
While both approaches create the same result the second one better fits into the needs of bruteforcing,
because the expensive prime number generations are only performed once
...
4
In order to improve the performance even the check for e being relative prime can be skipped, this
is called sloppy key generation
...
Test allow the assumption that only very few keys are
broken and if an attacker stores a list of best keys, e
...
10 there is more than a fair chance that more
than one key is working
...
4
...
At the first step one would
start the key generation process similar to the improvements done to the sloppy RSA key generation by
first calculating the two prime numbers p and q
...
After two primes have been found, it is possible to bruteforce over the private key x that only needs to
meed x < q which is a simple and fast comparison
...
Tests with the ffp implementation show that DSA is about 1000 times slower than RSA key generation
and therefore will only be available to the bruteforce process for fuzzy fingerprinting in the next centuries
...
This
implementation uses the fuzzy fingerprinting technique in order to attack the key verification protocol used in the client of SSH protocol version 2
...
OpenSSH makes use of the routines from the free crypto and SSL libraries provided by the OpenSSL
Project [SSL]
...
OpenSSH uses a hybrid cryptosystem: public-key cryptography is used to exchange a session key
between the client and the server and the following client-server-communication is encrypted with
a symmetric cipher, but OpenSSH, strictly implementing the SSH protocol, fully relies on the user
verificating of an initially received public key by asking for confirmation if the generated cryptographic
fingerprint is known and matches
...
0
...
2)’ can’t be established
...
Are you sure you want to continue connecting (yes/no)?
Once the fingerprint and the key have been approved the key is stored in a file called known hosts or
known hosts2 and upon further connections the retrieved public key is compared to the stored key an
no user interaction is necessary
...
Using these techniques, a man-in-the-middle tool and ffp form a quite mailicous attack that
can be launched against any SSH connection using the SSH protocol version 2
...
If the attacker sends a public key to the victim that has a fuzzy fingerprint that nearly looks
like the target fingerprint, the victim might easier be fooled to accept the public key and continue the
eavesdropped connection
...
3
...
You will also need a mathematical library which is present in most Unix system and
the OpenSSL libraries available at http://www
...
org
...
/configure
$ make
$ su -c "make install"
If you want to you can use the --prefix option to install this software to a specific direction
...
If you need to you can use the --with-ssl-dir option to specify
the directory of your OpenSSL installation
...
If it turns out that there is really something wrong with the code of ffp drop a mail to
Konrad Rieck kr@roqe
...
Please understand that you are on your own
if you try to fiddle with any Windows release and Cygwin
...
2
Usage of ffp
The current release of Fuzzy Fingerprint is a command line tool called ffp that has the following
command line option
Usage: ffp [Options]
Options:
-f type
Specify type of fingerprint to use [Default: md5]
Available: md5, sha1, ripemd
-t hash
Target fingerprint in byte blocks
...
or as string 01234567
...
3]
-y mean
Mean value to use for fuzzy map generation [Default: 0
...
state]
-e
Extract SSH host key pairs from state file
-d directory Directory to store generated ssh keys to [Default: /tmp]
-p period
Period to save state file and display state [Default: 60]
-V
Display version information
If you have read the theoretical background covered in this paper you should already have an idea how
some of these options work and which parameters they influence
...
Instead
of discussing each detail of the implementation, this document demonstrates a sample session of ffp
and SSHarp
...
3
Sample session using ffp and SSHarp
This part of the documentation demonstrates how to use ffp in conjunction with a man-in-themiddle tool and describes a sample session that finally demonstrates the transmission and display of a
fuzzy fingerprint
...
3
...
1
Investigating the victim host
The first step could be to investigate the victim SSH server in order to find out which version of
SSH is used and which public key algorithms are available
...
Our victim will be the server
skena
...
roqe
...
foo@fluffy:doc> ssh-keyscan -t rsa skena
...
roqe
...
foo
...
org SSH-1
...
4
foo@fluffy:doc> cat /tmp/skena-sshd
skena
...
roqe
...
]
It turns out that skena
...
roqe
...
4 server able to run the SSH v2
protocol and also has an RSA public host key available
...
4
...
The SSH server version is
important to play banner tricks on the server as they have been covered in Sebastian’s paper
...
foo
...
org
...
foo
...
org
Again excellent news, good old skena
...
roqe
...
So using a
2048 or even 4096 host key is not only a good necessary protection against cryptographic attacks but
also a protection against cheap attacks such as fuzzy fingerprinting
...
3
...
In order to do so we launch
ffp with the appropriate options
...
This
process can take several days, the longer you wait the better the fuzzy fingerprint can get
...
8
foo@fluffy:doc>
...
Internally ffp keeps a list of best fuzzy fingerprints, so that you are later
able to choose the best yourself
...
state
Hash Algorithm: Message Digest 5 (MD5)
Digest Size: 16 Bytes / 128 Bits
Message Digest: d1:bc:df:32:a2:45:2e:e0:96:d6:a1:7c:f5:b8:70:8f
Target Digest: d6:b7:df:31:aa:55:d2:56:9b:32:71:61:24:08:44:87
Fuzzy Quality: 47
...
An 1
...
You can interrupt a running session, by pressing the keys CTRL-C, ffp will abort and store the current
environment in a so called state file that is usually stored in /var/tmp/ffp
...
Issuing again
simple command ffp without any options continues the crunching process from the saved state file
...
Extraction of the fingerprints is done using the following command
...
/ffp -e -d /tmp
---[Restoring]-----------------------------------------------------------Reading FFP State File: Done
Restoring environment: Done
Initializing Crunch Hash: Done
-------------------------------------------------------------------------Saving SSH host key pairs: [00] [01] [02] [03] [04] [05] [06] [07]
The generated public and private SSH host keys in the /tmp directory can be investigated using the
following command
...
Eventhough
fuzzy map weighting is a nice measure for the quality of fuzzy fingerprints the human eye may best
choose which fingerprint has the greatest chance to be confused with the original target fingerprint
...
pub ; do ssh-keygen -f $i -l ; done
1024 d6:b7:8f:a6:fa:21:0c:0d:7d:0a:fb:9d:30:90:4a:87 /tmp/ssh-rsa00
...
pub
1024 d6:87:6f:71:9d:2c:5d:fb:57:54:03:a2:2d:09:51:87 /tmp/ssh-rsa02
...
pub
1024 d6:b9:0f:31:85:b3:34:1e:19:f5:d9:60:79:be:f4:85 /tmp/ssh-rsa04
...
pub
1024 d0:b0:df:0e:7c:f6:54:94:46:12:72:94:3a:07:a4:87 /tmp/ssh-rsa06
...
pub
In this sample session the private key /tmp/ssh-rsa00 and the public key /tmp/ssh-rsa00
...
foo
...
org
...
3
...
3
Launching ssharp with the generated keys
The special thing about the SSHarp implementation is the fact that this tool is build upon the OpenSSH
server and therefore the configuration is very similar to the OpenSSH server configuration
...
We launch the ssharpd server on the host
fluffy
...
roqe
...
foo@fluffy:ssharp>
...
This is 7350ssharp, a smart
SSH1 & SSH2 MiM attack implementation
...
(
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2
...
Could not load host key
debug1: Bind to port 10000 on 0
...
0
...
Server listening on 0
...
0
...
While this example looks very simple it might be necessary to study the details of the SSHarp implementation by reading the file README
...
It has
already been noted in the beginning that this session doesn’t demonstrate all necessary steps to setup
a man-in-the-middle attack and only focuses on the parts that are relevant to see ffp in active process
...
foo
...
org at port 10000 and see our faked public key
and its fuzzy fingerprint in action using the normal SSH client
10
foo@fluffy:ssharp> ssharp -l foo fluffy
...
roqe
...
0
...
2 (10
...
0
...
RSA key fingerprint is d6:b7:8f:a6:fa:21:0c:0d:7d:0a:fb:9d:30:90:4a:87
...
If the
user has got a headache, trouble with his/ger girl/boyfriend or is not that concentrated, pressing yes
at this situation might allow an attacker to eavesdrop all following communications with the host
skena
...
roqe
...
In order to complete your man-in-the-middle setup, you need to redirect the traffic to skena
...
roqe
...
foo
...
org, e
...
by using ARP spoofing
...
That’s it
...
• Wilkins and Arrow
For the classical old-fashioned booze-ups
and the obligatoric action
...
Indeed, it is!
• TTEHSCO Fusion
This is the first unofficial release for
TTEHSCO
...
• All that jazz around
References
[FFP] Implementation of Fuzzy Fingerprinting for RSA, DSA, MD5 and SHA1
Konrad Rieck
http://www
...
com/releases
...
Rivest, Adi Shamir, and Leonard M
...
Communications of the ACM 21,2 (Feb
...
http://theory
...
mit
...
[ILP] How to Expose an Eavesdropper
R
...
Rivest, Adi Shamir, Communications of the ACM, v
...
4, February 1978, pp
...
[MD5] The MD5 Message Digest Algorithm
R
...
Rivest, RFC 1321
...
lcs
...
edu/ rivest/Rivest-MD5
...
S
...
http://csrc
...
gov/publications/fips/fips186-2/fips186-2
...
7350
...
[SSH] OpenSSH Suite
Free version of the SSH protocol suite of network connectivity tools
...
openssh
...
http://www
...
org
[DS] DSniff - Tools for network auditing and penetration testing
Dug Song
http://www
...
org/ dugsong/dsniff
[EC] Ettercap Multiprupose Sniffer/Interceptor/Logger
A
...
Valleri
http://ettercap
...
net
12