Show how an attacker can conduct a man-in-the-middle attack when Alice and Bob perform the Diffe-Hellman protocol.
for example suppose eve was listening to alic and bob and agree upon the prime number to use for their key exchange to take place in the near future and the prime number they choose p =11 with a primitive root of alpha = 2 and eve uses the attack algorithm = (p-1)/2 ie (11-1)/2 =5 =q
Next eve runs 5 through primality test and the result is prime and this situation represents the initial case with the prime number being of p = 2q +1 ie p = 2*5 +1 ie p = 11 therefore 11= 2*5+1
Next eve must intercept the number alice attempts to send the bob suppose alice chooses x = 6 and attempts to send ( alpha )x mod p ie
= 2^6 mod 11
=64 mod 11
=9
therefore A -> E : 9
Then eve intercepts the communication then takes x ( 9) and raises it to the q power i.e
= (x)q = (26)5 mod 11
Eve must also intercept the number bob ie attempting to send to alice suppose bob chooses y=8 and attempts to send
4 = 28 mod 11 =
= 256 mod 11
=3
B -> E : 3
eve again intercepts the communication and 4 ( 3) and raises it to the q power ie ( y) q = (28)5mod 11
eve then sends the result to the intended receipients
E -> B : 9qmod 11
E->A : 3qmod 11
Alice and Bob both finishes the key agreement by raising the receieved number to their private keys x and y respectively and arrive the same number the seckret key i.e
(yq)x = (xq)y
as result of the theory discussed above without any knowledge of x and y and eve knows the ony possible keys 1 and 5 and eve must wait for the message to be sent between alice and bob and try both keys and figure out which one is being used and she can then evesdrop and alice and bob secret communication has been compromised.
In this way the attacker can conduct a man in middle attack when alica and bob perform the diffe- hellman protocol as he can knew the secret key
Show how an attacker can conduct a man-in-the-middle attack when Alice and Bob perform the Diffe-Hellman...
Question1: Alice and Bob use the Diffie–Hellman key exchange technique with a common prime q = 1 5 7 and a primitive root a = 5. a. If Alice has a private key XA = 15, find her public key YA. b. If Bob has a private key XB = 27, find his public key YB. c. What is the shared secret key between Alice and Bob? Question2: Alice and Bob use the Diffie-Hellman key exchange technique with a common...
The Diffie-Hellman key exchange is vulnerable to the following type of attack. An opponent Carol intercepts Alice’s public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. Choose all...
30) The man or woman in the middle attack is a hole in authentication where a With no CA, it's difficult to detect b With no CA, the intruder Trudy can get the private key of Alice c With no CA, the intruder Trudy can be found when she sends her public key to Bob d With no CA, the intruder Trudy can get the private key of Bob
The Diffie-Hellman key exchange is vulnerable to the following type of attack. An opponent Carol intercepts Alice’s public value and sends her own public value to Bob. When Bob transmits his public value, Carol substitutes it with her own and sends it to Alice. After this exchange, Carol simply decrypts any messages sent out by Alice or Bob, and then reads and possibly modifies them before re-encrypting with the appropriate key and transmitting them to the other party. Choose all...
Suppose the attacker has been logging the traffic between Alice and Bob. It is assumed that the attacker can reliably distinguish between messages and their signatures (i.e., tags). In the process he found two messages x and y signed by Alice, i.e., he has pairs <x, tag(x)> and <y, tag(y)>. Suppose the signing function is tag(m) = mk mod n where k is the shared key between Alice and Bob.Show how he can fool Bob into believing that the message...
Discuss the particulars of each attack scenario and how Kerberos defends against it. 1. A user gains access to a particular workstation and pretends to be another user from that workstation. 2. An attacker acts as the “man in the middle” between two computers (e.g. client and the server). The attacker spoofs each computer to “think” they have connected to the correct computer, when in fact the attacker is intercepting all transmissions. The attacker can then monitor or change any...
Man-in-the-middle is one of the most popular types of attack. It can be used to sniff victims’ credentials to penetrate their system. Research the following attacks to find methods to prevent this from happening: Please have detailed answers! ? MAC spoofing ? DNS poisoning ? DNS spoofing ? ICMP redirect
Explain how an attacker can use cross-site scripting to attack organizational computing system. What are some of the steps one can take to effectively protect against cross-site scripting?
For the following questions I would like you to discuss the particulars of each attack scenario and how Kerberos defends against it. You will need to consider various elements of the attack scenarios. Some attacks can be implemented between multiple Kerberos components. For example, a MITM attack could occur between various components at various times. State your assumptions about how the attack is occurring, then describe how Kerberos defends against it. Good answers will describe both the particulars of the...
Description: In this assignment, you will be launching a denial of service attack on a web server. We will be using hping3, a command-line oriented network security tool inside Kali Linux (an advanced penetration testing Linux distribution). Setting up the victim machine Download the Windows XP virtual machine with WebGoat server installed, using the following link. We will use this machine as the victim machine and launch a DoS attack on the WebGoat server.https://drive.google.com/open?id=0BwCbaZv8DevUejBPWlNHREFVc2s Open the victim machine and launch...