Can you still trust your network card? - Agence nationale de la ...
Can you still trust your network card? - Agence nationale de la ...
Can you still trust your network card? - Agence nationale de la ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Protocol analysis Protocol security<br />
Protocol security (1/2)<br />
Potential issues<br />
◮ protocol uses 160bit pre-shared keys, which means all clients<br />
might have the same keys;<br />
◮ messages are integrity protected but the integrity pattern does<br />
not inclu<strong>de</strong> message ID;<br />
◮ in or<strong>de</strong>r to act as the console, an attacker just has to send a<br />
RAKP3 with a valid HMAC.<br />
Exploitation<br />
◮ is it possible to forge the HMAC?<br />
◮ can the client act as a integrity oracle?<br />
SGDSN/ANSSI – http://www.ssi.gouv.fr/<strong>trust</strong><strong>network</strong><strong>card</strong> 23/51