1 |
Campus Network Design and Man-In-The-Middle AttackNazari, Mahmood, Zhou, Kun January 2014 (has links)
Security is at the front line of most networks, and most companies apply an exclusive security policy enclosing many of the Open Systems Interconnection (OSI) layers, from application layer all the way down to Internet Protocol (IP) security. On the other hand, an area that is often not protected with high level of security is the second layer of OSI model and this can compromise the entire network to a diversity of attacks.This report presents an experimental performance analysis within the real environment. It focuses on understanding and preventing the Man-In-The-Middle (MITM) also known as Address Resolution Protocol (ARP) Poisoning on the Cisco Catalyst 3560 series switches with Cisco IOS Software. The Linux Command Line (CLI) tools and Ettercap tool were used to launch the Layer 2 attacks that you might come up against. Mitigation methods to stop this attack are evaluated and concluded. Finally we will answer if Secure Socket Layer (SSL) is enough to protect the users’ data against MITM in the network.A HP laptop and two DELL PCs were utilized for these tests and acted as the attacker, the Server and the victim. Victim PC runs Windows 7, attacker’s Laptop and server run Linux.Finally, three different case studies were analyzed and compared with each other and different solutions that might help to solve or detect the issue of MITM attack are concluded.
|
2 |
Detection of Man-in-the-middle Attacks Using Physical Layer Wireless Security TechniquesWang, Le 27 August 2013 (has links)
"In a wireless network environment, all the users are able to access the wireless channel. Thus, if malicious users exploit this feature by mimicking the characteristics of a normal user or even the central wireless access point (AP), they can intercept almost all the information through the network. This scenario is referred as a Man-in-the-middle (MITM) attack. In the MITM attack, the attackers usually set up a rogue AP to spoof the clients. In this thesis, we focus on the detection of MITM attacks in Wi-Fi networks. The thesis introduces the entire process of performing and detecting the MITM attack in two separate sections. The first section starts from creating a rogue AP by imitating the characteristics of the legitimate AP. Then a multi-point jamming attack is conducted to kidnap the clients and force them to connect to the rogue AP. Furthermore, the sniffer software is used to intercept the private information passing through the rogue AP. The second section focuses on the detection of MITM attacks from two aspects: jamming attacks detection and rogue AP detection. In order to enable the network to perform defensive strategies more effectively, distinguishing different types of jamming attacks is necessary. We begin by using signal strength consistency mechanism in order to detect jamming attacks. Then, based on the statistical data of packets send ratio (PSR) and packets delivery ratio (PDR) in different jamming situations, a model is built to further differentiate the jamming attacks. At the same time, we gather the received signal strength indication (RSSI) values from three monitor nodes which process the random RSSI values employing a sliding window algorithm. According to the mean and standard deviation curve of RSSI, we can detect if a rogue AP is present within the vicinity. All these proposed approaches, either attack or detection, have been validated via computer simulations and experimental hardware implementations including Backtrack 5 Tools and MATLAB software suite. "
|
3 |
Důvěryhodná proxy v SSL/TLS spojení / Trusted proxy in SSL/TLS connectionSmolík, Jiří January 2017 (has links)
The problem of SSL/TLS interception ("trusted proxy in SSL/TLS connection") has been known for years and many implementations exist. However, all of them share a single technical solution which is based solely on the PKI authentication mechanism and suffers from multiple serious disadvantages. Most importantly, it is not compatible with several aspects or future trends of SSL/TLS and PKI, there's almost no space for improvement and its real use may spawn legal issues. After we analyze technical background and the current solution, we will propose another one, based not only on PKI but SSL/TLS too. Both solutions will be compared and general superiority of the new one will be shown. Basic implementation and analysis will follow, along with deployment requirements and ideas for future development. Powered by TCPDF (www.tcpdf.org)
|
4 |
Implementace komunikačního scénáře využívajícího Data distribution service a hodnocení bezpečnosti / Communication model using Data distribution service and communication security assessmentFrollo, Martin January 2019 (has links)
The diploma thesis is focusing on middleware layer in distributed systems. It introduces typically used communication protocols and standards operating on this layer. In theoretical part it brings closer look at OMG DDS specification. This part contains fundamental functionalities of this specification along with its architecture blocks. Thesis also describes the RTPS protocol functionality. Existing implementations of OMG DDS standard are described at the end of theoretical part. OpenDDS 3.13 implementation is used in practical part of thesis. It is deployed and tested on various platforms. Next part verifies option of securing RTPS data stream using beta version of OMG DDS Security, which OpenDDS 3.13 implementation contains. Secured and unsecured data flows are being compared. Latency of data stream is also important, especially in distributed systems. DDS system, which measures latency of RTPS stream is created in practical part. Latency of this DDS system can be measured in various configurations. Difference of devices’ performance used in measurements can be clearly seen in latency results where the size of data samples is increasing. Differences of measured latency are also recognizable between reliable and unreliable and secure and unsecure RTPS stream. Part of measurements is made between 2 physical devices with and without an attacker. Type of attack is MITM and it captures RTPS flow, which does not belong to attacking machine.
|
5 |
Įvesties duomenų analizė tapatybės vagysčių prevencijai / Keystroke analysis for identity theft preventionRuškys, Vaidas 17 June 2010 (has links)
Šiame darbe aptariamos vartotojų internete tykančios grėsmės, susijusios su tapatybės vagystėmis. Aptariamos slaptažodžių žvejybos bei MITM atakos ir jų veikimo principai. Problemos sprendimui siūloma naudoti vieną iš biometrijos dalių - klavišų paspaudimo analizę. Pagrindinis darbo tikslas - atlikus tyrimą nustatyti, ar galima naudojant klavišų paspaudimo analizės metodą sėkmingai sumažinti tapatybės vagystės tikimybę. Pateikiami tyrimo rezultatai naudojant skirtingai veikiančias programas, naudojančias klavišų paspaudimo analizės metodą. Analizuojama, kaip klavišų paspaudimo analizės panaudojimo galimybė kinta keičiant tam tikras analizės sudedamąsias dalis. / This paper analyzes vulnerabilities that internet users face on the internet, which are related to identity theft. Phishing and MITM attacks and their principals are described. For solving this problem is suggested one part of biometrics-Keystroke analysis. Goal of this paper is to analyze possibility to reduce probability of these attacks by using Keystroke analysis. The results of using different types of programs using Keystroke analysis are presented. Analysis off how possibility of usability to use Keystroke analysis differs by changing different parts of Keystroke analysis.
|
6 |
DNSSEC en säkerhetsförbättring av DNS : en studie om Svenska kommuners syn på DNSSECTelling, Henric, Gunnarsson, Anders January 2010 (has links)
Syftet med uppsatsen är att undersöka varför få svenska kommunerna valt att installera DNSSEC på sina domäner. DNS är en av de viktigaste protokollen på Internet och behövs för att sammanlänka IP-adresser med mer lättförståeliga adresser för oss människor. DNS skapades utan att tänka på säkerheten, för att kunna göra DNS säkrare utvecklades ett säkerhetstillägg till DNS detta fick namnet DNSSEC.Vi har använt oss av litteraturstudie, experiment och intervjuer för att skapa en djupare kunskap och förståelse om hur DNS och DNSSEC fungerar samt besvara varför få kommuner har valt att installera DNSSEC.Under vår litteraturstudie läste vi om flera sårbarheter i DNS och hur dessa kan utnyttjas för att utsätta en organisation för attacker såsom cacheförgiftning och MITM. Vi testade dessa sårbarheter och bekräftade det. Efter installationen av DNSSEC kunde inte angreppen längre genomföras i vår testmiljö.Under intervjuerna kom vi fram till att den vanligaste orsaken att kommuner inte väljer att installera DNSSEC är okunskap om tillvägagångsättet för en installation och att de tycker deras nuvarande DNS fungerar bra, det blir då ingen prioriterad fråga. Kommunerna som installerat DNSSEC är nöjda med sin installation och bara en kommun har upplevt problem vid införandet.För att vi ska kunna fortsätta utveckla Internet är en kontroll av säkerheten en nödvändighet och då är DNSSEC en vägvisare. Kommunerna borde föregå med gott exempel och vara bland de första som inför DNSSEC så besökarna till deras hemsidor kan känna sig säkra att informationen på deras sidor är korrekt. / The purpose of this paper is to investigate why few Swedish municipalities have chosen to install DNSSEC on their domains. DNS is one of the most important protocols on the Internet and used to link IP-addresses to understandable addresses for users. DNS was created without thinking about security, to make DNS more secure a security extension was developed to DNS, named DNSSEC.We have used literature review, experiments and interviews to create a deeper knowledge and understanding about DNS and DNSSEC, how it works and why few municipalities have chosen to install DNSSEC.In the literature we read about several vulnerabilities in DNS and it can easily be exposed to attacks such as cache poisoning and MITM. We tested these vulnerabilities and confirmed them. After installation of DNSSEC we could not expose our implemented DNS anymore in our test environment.During the interviews, we concluded that the most common reason why municipalities do not choose to install DNSSEC is ignorance of an installation and they think that their current DNS works well and it does not become a priority. The municipalities that have installed DNSSEC are satisfied with its installation and only one municipality has experienced difficulties during the implementation.In order for us to continue developing the Internet a control of security is a necessity and DNSSEC is a good example. Local authorities should lead by good example and be among the first to implement DNSSEC, so users of their websites can be assured that the information on their pages is accurate.
|
7 |
Identifiering och Utnyttjande av Sårbarheter hos en IP-Kamera / Identification and Exploitation of Vulnerabilities in an IP-CameraFjellborg, Joakim January 2021 (has links)
Idag blir det vanligare och vanligare att system såsom kameror eller kylskåp är eller har kapabiliteten att vara anslutna till internet och kommunicera över nätet av sig själva, så kallade IoT-system. Att ett system är anslutet till internet innebär att risken för angrepp på systemet ökar, och att systemet, om infekterat, har potentialen att kommunicera med omvärlden för att exempelvis utföra denial-of-service-attacker. Detta examensarbete undersöker säkerheten hos en internetansluten kamera (IP-kamera). Målet är att identifiera sårbarheter, och om möjligt, utveckla angrepp som utnyttjar sårbarheter hos kameran, för att testa säkerheten hos systemet. Resultatet visar att systemet är sårbart för ett antal olika angrepp, främst man-in-the-middle och cross-site-request-forgery. / Today systems such as cameras or fridges with the capability of being connected to the internet and communicating without human intervention are becoming increasingly common, so called IoT-systems. A system being connected to the internet means that the system’s attack surface is increased, and the system can, if infected, be used by the attacker to communicate with the outside world to perform denial-of-service- or other types of attacks. This thesis examines the security of an internet connected security camera, (IP-camera). The aim is to identify vulnerabilities in the system, and if possible to develop attacks that exploit these vulnerabilities in the goal of evaluating the security of the system. The results show that the system is vulnerable to some attacks, mainly including man-in-the-middle aswell as cross-site-request-forgery based attacks.
|
8 |
The State of Man-in-the-Middle TLS Proxies: Prevalence and User AttitudesONeill, Mark Thomas 01 October 2016 (has links)
We measure the prevalence and uses of Man-in-the-Middle TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 15.2 million certificate tests across two large-scale measurement studies and find that 1 in 250 TLS connections are intercepted by proxies. The majority of these proxies appear to be benevolent, however we identify over 3,600 cases where eight malware products are using this technology nefariously. We also find thousands of instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a need for transparency and user awareness. We also report the results of a survey of 1,976 individuals regarding their opinions of TLS proxies. Responses indicate that participants hold nuanced opinions on security and privacy trade-offs, with most recognizing legitimate uses for the practice, but also concerned about threats from hackers or government surveillance. There is strong support for notification and consent when a system is intercepting their encrypted traffic, although this support varies depending on the situation. A significant concern about malicious uses of TLS inspection is identity theft, and many would react negatively and some would change their behavior if they discovered inspection occurring without their knowledge. We also find that a small but significant number of participants are jaded by the current state of affairs and have lost any expectation of privacy.
|
9 |
Web-based prototype for protecting controllers from existing cyber-attacks in an industrial control system / Webbaserad prototyp för att skydda styrsystem från förekommande cyberattacker i ett industriellt kontrollsystemSanyang, Pa January 2020 (has links)
Industrial control system or ICS is a critical part of the infrastructure in society. An example of ICS is the rail networks or energy plants like the nuclear plant. SCADA is an ICS system following a hierarchical structure. Due to the fact that a control system can be very large, monitoring remote through networks is an effective way to do so. But because of digitalization ICS or SCADA systems are vulnerable to cyber attacks that can hijack or intercept network traffic or deny legitimate user services. SCADA protocols (e.g. Modbus, DNP3) that are prone to get attacks due to not being a secure protocol make a SCADA system even more vulnerable to attacks. The paper focuses on how to best protect the network traffic between an HMI as the client and a different controller as the server from attacks. The proposed solution, the prototype, is based on the reverse proxy server setup to protect controllers from the external network traffic. Only the reverse proxy server, or gateway server, can forward a client request to the intended controller. The gateway server, a web-based solution, will be the additional security layer that encrypts the payload in the application layer using TLS version 1.2 by using HTTPS protocol, thereby protect from usual security threats. The prototype went through a penetration testing of MITM (Based on ARP-poisoning), SYN flooding, slow HTTP POST attacks. And the result indicated that the prototype was vulnerable to SYN flooding and the network traffic was intercepted by the MITM. But from the Confidentiality-Integrity-Availability (C.I.A) criteria, the prototype did uphold the integrity and confidentiality due to the TLS security and successful mitigation of certain attacks. The results and suggestions on how to improve the gateway server security were discussed, including that the testing was not comprehensive but that the result is still valuable. In conclusion, more testing in the future would most likely showcase different results, but that will only mean to better the security of the gateway server, the network that the client and gateway server runs in and the physical security of the location where the client and gateway server is located. / Industrial Control System (ICS, sve. Industriella Kontrollsystem) är en kritisk del av infrastrukturen i samhället. Ett exempel på ICS är järnvägsnät eller energianläggningar som kärnkraftverket. SCADA är ett ICS-system som följer en hierarkisk struktur. Eftersom ett kontrollsystem kan täcka stora ytor är fjärrövervakning och fjärrstyrning via nätverk ett effektivt sätt att göra det på. Men på grund av digitalisering är ICS- eller SCADA-system sårbara för cyberattacker som kan kapa nätverkstrafik eller förneka legitima användare från att nå vissa tjänster. SCADA-protokoll (t.ex. Modbus, DNP3) som är benägna att få attacker på grund av att de inte är ett säkert protokoll gör SCADA-system ännu mer sårbart för attacker. Uppsatsen fokuserar huvudsakligen på hur man bäst skyddar nätverkstrafiken mellan en HMI som klient och en annan controller som servern från attacker. Den föreslagna lösningen, prototypen, är baserad på hur en reverse proxy server är uppsatt för att skydda styrenheter från den externa nätverkstrafiken. Endast reverse proxy servern eller gateway-servern kan vidarebefordra en begäran från en klient till den avsedda styrenheten. Gateway-servern, en webbaserad lösning, kommer att vara det extra säkerhetslagret som krypterar nyttolasten (eng. payload) i applikationslagret med TLS version 1.2 med hjä lp av protokollet HTTPS, och därmed skyddar mot de mest förekommande säkerhetshot som vill se och påverka skyddad information. Prototypen genomgick en penetrationstestning av MITM (Baserat på ARP-poisoning), SYN-flooding, slow HTTP POST-attacker. Och resultatet indikerade att prototypen var sårbar för SYN-flooding och nätverkstrafiken avlyssnades genom MITM. Men baserad på kriterierna för C.I.A (sve. Konfidentialitet, Integritet och Tillgänglighet) upprätthöllprototypen integriteten och konfidentialiteten på grund av säkerhetsprotokollen TLSv1.2 och framgångsrika minskningar av vissa attacker. Resultaten och förslag på hur man kan förbättra prototypen diskuterades, inklusive att testningen inte var omfattande men att resultatet fortfarande är värdefullt. Sammanfattningsvis skulle fler tester i framtiden sannolikt visa ett helt annat resultat, men det kommer bara att innebära att förbättra säkerheten för gateway-servern, nätverket som klienten och gateway-servern kör i och den fysiska säkerheten för platsen där klienten och gateway-servern befinner sig inom.
|
10 |
Usability-Driven Security Enhancements in Person-to-Person CommunicationYadav, Tarun Kumar 01 February 2024 (has links) (PDF)
In the contemporary digital landscape, ensuring secure communication amid widespread data exchange is imperative. This dissertation focuses on enhancing the security and privacy of end-to-end encryption (E2EE) applications while maintaining or improving usability. The dissertation first investigates and proposes improvements in two areas of existing E2EE applications: countering man-in-the-middle and impersonation attacks through automated key verification and studying user perceptions of cryptographic deniability. Insights from privacy-conscious users reveal concerns about the lack of E2EE support, app siloing, and data accessibility by client apps. To address these issues, we propose an innovative user-controlled encryption system, enabling encryption before data reaches the client app. Finally, the dissertation evaluates local threats in the FIDO2 protocol and devises defenses against these risks. Additionally, it explores streamlining FIDO2 authentication management across multiple websites for user convenience and security.
|
Page generated in 0.0283 seconds