|
|
Performing a Relay Attack on Mifare Smart Cards
Činčala, Martin ; Henzl, Martin (referee) ; Malčík, Dominik (advisor)
This thesis deals with performing a relay attack on MIFARE smartcards while using off-the-shelf readers only. These readers are not designed for such attacks therefore implementation of the attack that would succeed against every smartcard was not possible. Since various attacks on smartcards have already been implemented, I have focused on the latest and still insufficiently explored card MIFARE Ultralight C. Relay attack has been implemented with simplified emulation of 4-bytes long UID and successfully tested on MIFARE Ultralight C. With the use of other readers it should be possible to perform attack also on other cards like MIFARE Plus, Desfire and SmartMX. For the purpose of cloning MIFARE Classic open-source tools are introduced.
|
|
|
Detection of Dictionary Attacks on Network Services Using IP Flow Analysis
Činčala, Martin ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
Existing research suggests that it is possible to detect dictionary attacks using IP flows. This type of detection was successfully implemented for SSH, LDAP and RDP protocols. To determine whether it is possible to use the same methods of detection for e-mail protocols virtual test environment was created. I deduced the characteristics of attacks in flows from the data, which I gained from this virtual environment. Than I chose the statistical value that separates the attacks from legitimate traffic. Variance of specific flow parameters was chosen as main characteristic of attacks. IP addresses with flows that have small variance of chosen parameters and high frequency of packet arrival are considered untrustworthy. Variance is calculated from IP history to rule out false positives. The IP history of legitimate user contains variation of flows which prevents marking this IP address as dangerous. On the basis of this principal the script, which detects the attacks from the nfdump output, was created. The success of detection of the attacks was tested on classificated data from the real environment. The results of tests showed, that with good configuration of marginal values the percentage of detected attacks is high and there are no false positives. Detection is not limited only on mail protocols. With regard to universal design, the script is able to detect dictionary attacks on SSH, LDAP, SIP, RDP, SQL, telnet and some other attacks.
|
|
|
Performing a Relay Attack on Mifare Smart Cards
Činčala, Martin ; Henzl, Martin (referee) ; Malčík, Dominik (advisor)
This thesis deals with performing a relay attack on MIFARE smartcards while using off-the-shelf readers only. These readers are not designed for such attacks therefore implementation of the attack that would succeed against every smartcard was not possible. Since various attacks on smartcards have already been implemented, I have focused on the latest and still insufficiently explored card MIFARE Ultralight C. Relay attack has been implemented with simplified emulation of 4-bytes long UID and successfully tested on MIFARE Ultralight C. With the use of other readers it should be possible to perform attack also on other cards like MIFARE Plus, Desfire and SmartMX. For the purpose of cloning MIFARE Classic open-source tools are introduced.
|
|
|
Detection of Dictionary Attacks on Network Services Using IP Flow Analysis
Činčala, Martin ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
Existing research suggests that it is possible to detect dictionary attacks using IP flows. This type of detection was successfully implemented for SSH, LDAP and RDP protocols. To determine whether it is possible to use the same methods of detection for e-mail protocols virtual test environment was created. I deduced the characteristics of attacks in flows from the data, which I gained from this virtual environment. Than I chose the statistical value that separates the attacks from legitimate traffic. Variance of specific flow parameters was chosen as main characteristic of attacks. IP addresses with flows that have small variance of chosen parameters and high frequency of packet arrival are considered untrustworthy. Variance is calculated from IP history to rule out false positives. The IP history of legitimate user contains variation of flows which prevents marking this IP address as dangerous. On the basis of this principal the script, which detects the attacks from the nfdump output, was created. The success of detection of the attacks was tested on classificated data from the real environment. The results of tests showed, that with good configuration of marginal values the percentage of detected attacks is high and there are no false positives. Detection is not limited only on mail protocols. With regard to universal design, the script is able to detect dictionary attacks on SSH, LDAP, SIP, RDP, SQL, telnet and some other attacks.
|
guest ::
