Coding : Sécurité Programmation Réseaux - PGP : Man in the Middle Attack

Welcome to Coding : Sécurité Programmation Réseaux

Create an Account

Home | Submit News Your Account Content | Topics | Top 10

Accueil

· Home
· Listing des Articles
· Top 10
· Repository des Exploits

Les sujets / parties

· C / C ++
· Visual Basic
· Asm
· Reseaux
· Java
· Securite
· Divers

Utile

· Listing des Articles

· Telecharger
· Le Forum
· Liens
· Proposer un article

Top20 des Downloads

· 1: Etude des reseaux generalites et protocoles
· 2: Cheval de troie en VB avec sources
· 3: Netcat 1.1
· 4: Keylogger
· 5: Etudes des reseaux hauts debits architectures et protocoles
· 6: Ecoute de port
· 7: Etude du Smart Spoofing
· 8: Win Packet Capture Utils
· 9: Tutorial on Traffic Interception on Switched Lan using ARP spoofing
· 10: Cours de C

User Info

PGP : Man in the Middle Attack
Posted on Monday, January 17 @ 00:24:34 CET
Topic: Securité

	There is a fairly major hole in PGP that I have not seen published to date. PGP is based on IDEA and is an asymmetric public algorithm. The problem, as is true with most cryptographic implementations, is the implementation itself, not the algorithm. -- By RSnake (October 04, 2004)

By RSnake (October 04, 2004)






Assume:
Alice = (message sender who has a compromised network)
Bob = (message recipient)
Cathy = (wo/man in the middle)

In a normal environment, under the best circumstances, Cathy is a MITM after the fact, and PGP is not vulnerable to MITM attacks:



     Alice generates a public and a private key
    
 Bob generates a public and a private key
    
  Alice transmits her public key to MIT's PGP server attached to the name alice@company-a.com
    
 Bob transmits his public key to MIT's PGP server attached to the name bob@company-b.com
    
 Alice looks up Bob's public key and encrypts her message with it
    
 Cathy attains MITM status and awaits message transmission
   
 Alice transmit encrypted data
    
 Cathy cannot read the email, and cannot modify it without changing the digital signature
   
 Bob recieves the message, verifies the message against Alice's public key signature and is assured of it's validity. 



However, because MIT's PGP server (and other servers and implimentations as well) does not do any verification this opens the door for MITM attacks.



Let's assume in this scenario that Cathy has access to either Alice's or Bob's network (classic MITM) before either start transmitting keys.



    
Alice generates a public and a private key
    
 Bob generates a public and a private key
   
 Alice transmits her public key to MIT's PGP server attached to the name alice@company-a.com
     
 Bob transmits his public key to MIT's PGP server attached to the name bob@company-b.com
     
Cathy attains MITM status and generates her own keys also called alice@company-a.com and bob@company-b.com
     
 Cathy sends Bob a message from Alice's account 

with a link to the PGP key server (with the fake alice@company-a.com key). MIT does not verify that those keys actually belong to Alice and Bob, and there would be no way to effectively do that without possible interception by Cathy by at least one, if not both of the users. MIT's PGP server (like all others I've seen) also does not use SSL, making additional MITM attacks possible.
   
 Bob looks up the link, verifies that it's accurate, because it does in fact have Alice's email address in it, and then sends an email back to Alice with his real public PGP key
    
Cathy intercepts this message and sends Alice a link to the PGP key server (with the fake bob@company-b.com key)
    
 Alice verifies this key does, in fact, belong to bob@company-b.com, even though it is fake and trusts it is valid
    
 Alice encrypts her message with Cathy's fake bob@company-b.com key and sends it to bob@company-b.com
   
 Cathy intercepts this message, decrypts it with her secret key, reads it, re-encrpyts it with Bob's real public key and sends it on from Alice's account
     
 Bob recieves the email, decrypts it with his secret key and is not aware of message tampering. 



As in all forms of symmetric key exchange, even asymmetric key exchange is fallable when it comes to key servers. You must trust that they key server itself is not compromised to give different keys depending on who sees it, and it must return the correct key in MITM attacks. This is less likely in an intra-corporate communication environment, but is much more likely in cross organizational cases, where a public key server is used.



The foundation of trust is another problem. If Bob looks at the certificate, it is possible that even it is signed by other people he knows (all of whom are being attacked in the same manner). Although this scenario is less likely, it is possible.



The basic issue is that the user must transmit a public key somewhere, and any location can be compromised. Consider another scenario where Bob puts his public key on a webserver that only he controls. When Alice connects to it from her compromised network, Cathy simply displays a different key to Alice. There is no easy way around this form of attack, other than out of band mechanisms, where Cathy has no control.



I have spoken with a few people about this who believe this is may only be a minor issue. However, being that the entire reason PGP was invented is to prevent eavesdropping, and this method allows for a 100% seamless MITM attack, and most importantly considering the widespread use of this application this is the largest issue today in any wide-spread asymmetric cryptographic implementation.

Liens connexes

· Plus à propos de Securité
· Nouvelles transmises par Romain_Le_Guen

L'article le plus lu à propos de Securité:
Tutoriel Aircrack

Article Rating

Average Score: 0
Votes: 0

Options

Format imprimable

PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.44 Seconds