CS 231: Computer Security

Final: due 5:00PM Wednesday, March 14

This is an open-notes, open-Internet, open-book final. You may discuss it with other students, but you must each do your own write-up. We'll talk about the details of acceptable collaboration in class.

Hand in via your CS231 github repository, in final/final.pdf

  1. (20 points) TLS redux

    You did a lab exercise on TLS a few weeks ago, but with no associated homework, so we're going to revisit it now.

    1. Briefly, what's the relationship between SSL and TLS?
    2. The "TL" in "TLS" stands for "Transport Layer". Briefly explain what the transport layer is by listing the responsibilities of transport layer protocols.
    3. In our day-to-day discussion of cryptographic protocols, we have simplified our description of TLS to the point where one of the presentations the other day included a bullet point that said "Diffie-Hellman with certs". This is a valuable shorthand way of thinking of TLS. But suppose our protocol is:
      • Do DH to get a shared symmetric key K
      • Bob sends his certificate to Alice
      • Alice verifies the cert by using the CA public key that came with her browser

      Is this protocol enough to guarantee to Alice that she's talking to the real Bob? (Hint: no.) What's missing?

    4. List as succinctly as you can the sequence of communications between Alice and Bob that make up a typical TLS handshake initiated by Alice. Annotate each item in your list with a reference to the TLS RFC, showing where exactly the contents of your list item are described in the RFC. (Section 7.3 is a good place to get oriented in the spec, but the precise details of the handshake messages are described later.)

      Assume that this is an asymmetric situation analagous to your browser (Alice) visiting a website like github.com (Bob), where Bob isn't expecting Alice to have a certificate. You may also assume that the parties make choices that correspond to stuff we have studied (e.g. RSA, not elliptic curves, and regular DH, not some other key exchange protocol).

      My goal here is for you to illustrate that you understand the steps of the TLS handshake and how they connect to the kinds of ideas we were working with in the cryptographic scenarios assignment. With that in mind, you need to construct your list in terms of things like "Alice generates and stores a random integer X" followed by "Alice sends gX mod p to Bob". Precise, short, minimal discussion.

      Please write your answer as a list rather than as continuous prose. Also, to whatever extent you can, use functional notation like SK(M) or DA(EB(M)). Short list items and mathematical notation make this kind of thing much easier to understand and evaluate, so thanks for making the effort.

    5. After the TLS handshake is complete, what does Alice know?
    6. After the TLS handshake is complete, what does Bob know, and how is that different from what Alice knows?

  2. (20 points) ARP Spoofing

    We have spent a lot of time this term worrying about Mal and how to thwart person-in-the-middle attacks. What we haven't done, however, is discuss practical techniques for becoming a person-in-the-middle. This section of this exam concerns a well-known PITM attack: ARP spoofing.

    In the questions below, I will refer to "network interfaces" and their attributes. An interface in this context is a software object roughly analogous to a physical networking device. For example, when I open a terminal on my Mac and run "ifconfig", I see a list of interfaces and their attributes. There's "en0" which corresponds to my wireless network device. There's also en1, en2, en3, and en4, each of which corresponds to one of my USB-C jacks in the sides of my laptop (they're all capable of connecting me to an Ethernet if I have the right adapter). And there's lo0 (the "loopback interface"), which gives me a way of treating my own laptop as just another computer on the network.

    When I run ifconfig on my Kali virtual machine, I see two interfaces. There's lo, the loopback, and eth0, which is my Kali VM's interface to whatever network my actual hardware is connected to. As I type this, eth0 on the VM is indirectly connected to my laptop's wireless card, but from Kali's point of view, it doesn't matter—eth0 is just another network interface.

    Network interfaces in all the contexts we're working in are associated with 48-bit "MAC addresses" (medium access control). When the interface is associated with a hardware device, the MAC address is actually physically built into the device. When an interface is a software entity (like eth0 on my Kali VM), the MAC address is some sort of randomized 48-bit number. Either way, it generally works to think of this as a "hardware address" that can't be changed. In contrast, an IP address is a more abstract address that can be moved from device to device based on the needs of the owner of the IP address.

    To give you a little sense of the uses of IP addresses and MAC addresses, consider this common situation. Suppose you type "http://somenewwebsite.org/" in your browser's address bar. Then your computer does something like this:

    • Check the DNS system to determine the IP address of somenewwebsite.org. (This step can get pretty complicated, but let's consider it a one-step operation for now.) Suppose the answer is 123.123.123.123.
    • Check your routing table to determine which IP address on your local network should be the first hop for packets you want sent to 123.123.123.123. Suppose the answer is 10.10.10.10.
    • Check your ARP cache to determine the MAC address of 10.10.10.10. (If 10.10.10.10 isn't in your ARP cache, send out an ARP request to find out the MAC address of 10.10.10.10.) Suppose the MAC address in question is 01:23:45:67:89:ab
    • Assemble your first packet bound for 123.123.123.123 and wrap it in an Ethernet frame with destination hardware address 01:23:45:67:89:ab.
    • Write your frame to your outgoing interface (e.g. eth0).

    The point is that you use an IP address to refer to any computer on the internet. But to actually send any data packet to the first machine along the packet's path to its destination IP address, you have to know the first machine's MAC address.

    With all that as background, please answer the following, using either the VirtualBox setup in Weitz 138 or an equivalent setup on your own computer.

    1. What is Kali's MAC address?
    2. What is Kali's IP address?
    3. What is Metasploitable's MAC address?
    4. What is Metasploitable's IP address?
    5. Show Kali's routing table. (Use "netstat -r" to see it with symbolic names, or "netstat -rn" to see it with numerical addresses.)
    6. Show Kali's ARP cache. (Use "arp" or "arp -n".)
    7. Show Metasploitable's routing table.
    8. Show Metasploitable's ARP cache.
    9. Suppose the user of Metasploitable wants to get the CS department's homepage via the command "curl http://cs.carleton.edu/". To which MAC address should Metasploitable send the TCP SYN packet to get the whole HTTP query started? Explain why.
    10. Fire up Wireshark on Kali. Start capturing packets for "tcp port http". On Metasploitable, execute "curl http://cs.carleton.edu/". On Kali, stop capturing. Do you see an HTTP response on Metasploitable? Do you see any captured packets in Wireshark on Kali?
    11. Now, it's time to be Mal (who will, today, merely eavesdrop). Use Ettercap to do ARP spoofing (also known as ARP Cache Poisoning) with Metasploitable as your target. There are many online tutorials on how to do this (here's one). Find one you like, and start spoofing your target.
    12. Show Metasploitable's ARP cache. How has it changed?
    13. If you execute "curl http://cs.carleton.edu/" on Metasploitable now, to what MAC address will Metasploitable send the TCP SYN packet? Explain why.
    14. Start Wireshark capturing "tcp port http" again.
    15. Execute "curl http://cs.carleton.edu/" on Metasploitable. On Kali, stop capturing. Do you see an HTTP response on Metasploitable? Do you see captured packets in Wireshark? Can you tell from Kali what messages went back and forth between Metasploitable and cs.carleton.edu?
    16. Explain in detail what happened. How did Kali change Metasploitable's ARP cache? (If you want to watch the attack in action, try stopping the MITM attack by selecting "Stop mitm attack(s)" from Ettercap's Mitm menu, starting a Wireshark capture for "arp", and restarting the ARP poisoning attack in Ettercap.)
    17. If you wanted to design an ARP spoofing detector, what would you have your detector do? (As you think about this, consider under what circumstances your detector might generate false positives.)

  3. (15 points) Find me an exploit

    Metasploitable is set up with a ton of vulnerabilities. Your job for this section is to find a Metasploitable vulnerability that you find interesting, and describe it to me. Whatever you choose should work on the Weitz 138 VirtualBox setup, going from the attacking VM (Kali) to the target VM (Metasploitable). Your description of your chosen exploit will consist of two parts.

    1. Simple, step-by-step instructions on how to perform the exploit. This might be a list of command-line commands, or a sequence of screenshots, etc. Shoot for clear, easy-to-follow instructions.
    2. An explanation of how the exploit works. Not "Metasploit's X/Y/Z module does magic, and you get a shell!" Rather, you need to do the research on how the exploit in question takes advantage of some bug or misconfiguration on the target machine, and then share that research with me as clearly as you can.

  4. (3 points) Have a great break