法比安·鲍默_陆龟攻击通过序列号操纵破坏SSH通道完整性.pdf

1、#BHUSA BlackHatEventsTerrapin Attack:Breaking SSH Channel Terrapin Attack:Breaking SSH Channel Integrity by Sequence Number ManipulationIntegrity by Sequence Number ManipulationFabian BumerRuhr University Bochum Marcus BrinkmannRuhr University Bochum Jrg SchwenkRuhr University Bochum#BHUSA BlackHatE

2、ventsA Tale Of System Administrationsrv-prod-01ProductionSysadmin Bobbobsrv-prod-01SSHmallorysrv-test-01SSHTrainee Mallorysrv-test-01TestNetwork TAP#BHUSA BlackHatEventsDemo-A Normal Workday For Bob#BHUSA BlackHatEventsIn The Next 30 Minutes You Will Learn how Mallory was able to mess with Bobs user

3、 authentication which other attack variants Mallory can perform the specific requirements for Mallorys attack to work how Bob can protect himself against Mallorys attackBeyond that,how adding modern cryptography to older protocols can go wrong how we handled a protocol-level responsible disclosure#B

4、HUSA BlackHatEventsSSH Connection Protocol(RFC 4254)SSH Authentication Protocol(RFC 4252)SSH Transport Layer Protocol(TLP)(RFC 4253)=Binary Packet Protocol=SSH Key ExchangeTCP/IPUnderstanding SSH Is Key to Understanding Mallorys Attack#BHUSA BlackHatEventsSSH-2.0-PuTTY-Release-0.80SSH-2.0-OpenSSH_9.

5、6p1Step 1:Exchange of Protocol VersionBobServer#BHUSA BlackHatEventsSSH-2.0-PuTTY-Release-0.80SSH-2.0-OpenSSH_9.6p1KEXINIT:,_KEXINIT:,_Step 2:Exchange of Supported AlgorithmsServerBob#BHUSA BlackHatEventsProtocol Version ExchangeKEXINIT:,_KEXINIT:,_KEXDHINIT:KEXDHREPLY:,Step 3:Performing Key Exchang

6、eServerBobImportant:Computedover a fixed subset ofmessage fields#BHUSA BlackHatEventsNEWKEYSKEXINIT:,_KEXINIT:,_KEXDHINIT:KEXDHREPLY:,NEWKEYSProtocol Version ExchangeStep 4:Activating the Secure ChannelServerBob#BHUSA BlackHatEventsKEXINIT:,_KEXINIT:,_KEXDHINIT:Protocol Version ExchangeNEWKEYSNEWKEY