SECURE INSTANT MESSENGER

HUSKY HACKERS –GROUP 7ABDULLA AL ALIDEEPAK KALRA

RAGURAM KRISHNAMACHARISHINN CHYANG

IMPLEMENTATION•Finite State Machine•3 Event –

•Transport Event•GUI Event•Timeout Event

•Swing GUI •Threads•Transport Layer - UDP

•Listener•Sender

•Business Logic - Requests

SOFTWARE ENGINEERING• Waterfall Approach•Use Cases•State Diagrams•Coding Guidelines• Implementation•Code Review•Testing•Java Docs•Other Documents•Deployment

CHALLENGES• RSA encryption •Client State Machine – One Client •Chat with one user at a time

• IM state transition when A talks to B

•Timeline when A is talking to B, C wants to talk to A

CHALLENGES (State Machine)LOGIN

P2P authentication

P2P Message exchange

RID 250 RID 520 RID 530

Time 1 2 3A→B RID 250 RID 520 RID 530C→A RID 250 RID 520

PROTECTION (Linux server)• Setup snort + log traffic

• Setup AIDE

• Disabling Extraneous services (cupsd, exim)

• Configure Firewall (iptables)

PROTECTION (IM)•Cookie challenge to prevent DOS attack•Timestamp•Strong encryption and hash algorithm•Event logs on IM server

REQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_210 A -> S LOGIN PLAINTEXT

RID_220 S -> A C PLAINTEXT

RID_230 A -> S C, {T1, UA, PKA, h(pwd)}PKS RSA

RID_240 S -> A {UA, T1, T2, KA}PKA RSA

RID_250 A -> S KA {T2} RSA

ATTACKS ON OTHER TEAMS• Lack of documentation

• Lack of code clarity

• Server uptime

TEAM 1 – KADS• Design does not match implementation

•Client did not run in LINUX•Client & Server have to run in the same machine •Could not log in two users simultaneously

TEAM 1 – KADS (Contd …)• No timeouts, client stuck in while loop.•

•No weak password protection

•AES in ECB mode

TEAM 3 – TORMENTORS

• DoS ATTACK• Number of Client threads limited to 5000

TEAM 3 – TORMENTORS (cont.) Couldn’t run the

program(unhandled exceptions)

Second DoS

TEAM 5 – NSN•No end point hiding

TEAM 2 – ENIGMA•No end point hiding

ATTACKS SUFFERED• TEAM 3 - Trudy’s attempt to logout Bob

REQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_310 A -> S LIST, UA, KA{UA, T1} AES

RID_320 S -> A KA {T1, [usernames]} AES

REQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_710 A -> S LOGOUT, UA, KA {UA, T1} AES

RID_720 S -> A K A {T1} AES

• ARP POISONING• LIST -> LOGOUT

WHY THE ATTACK FAILED• Originating IP address did not match Bob’s// Retreive the user from the Hash Map UserInfo currentUser = (UserInfo) users.get(ipAddress);

Successful logout

Received a datagram pkt...requestID: 710 from: 10.0.7.1 RID: 710710 LOGOUTThe user Deepak was removed.

Unsuccessful logout

Received a datagram pkt...requestID: 710 from: 10.0.0.3 RID: 710Received a datagram pkt...requestID: 210 from: 10.0.0.3 RID: 210

How to prevent it

REQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_310 A -> S KA{LIST, UA, T1} AES

RID_320 S -> A KA {T1, [usernames]} AES

REQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_710 A -> S KA {LOGOUT, UA, T1} AES

RID_720 S -> A K A {T1} AES

Modify the protocols as following:

ATTACKS SUFFERED (cont.)DoS attack from 10.0.5.2Server survivedTo Prevent: Block 10.0.5.2 using the firewall

Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2Received a datagram pk from 10.0.5.2

LESSONS LEARNED• Error Messages

LESSONS LEARNED (cont.)• Similar encrypted protocols• Message integrity• End point hidingREQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_310 A -> S LIST, UA, KA{UA, T1} AES

REQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_710 A -> S LOGOUT, UA, KA {UA, T1} AES

REQUEST ID FLOW DETAILS ENCRYPTION TYPE

RID_610 A -> B UA, KAB {T1, message1}, h(message1) AES + SHA1

RID_620 B -> A KAB {T1} AES