Announcement

Collapse
No announcement yet.

Øwned box keys? Help!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Øwned box keys? Help!

    Okay, so today is the deadline to get stuff for inclusion on the conference CD's and so since the long-suffering Nikita has been very patient with me I don't want to be late.

    As discussed, what constitutes 0wnage will be compromising a defender system and getting hold of a large unique, per-system One Time Pad? Key? Hash? which will decrypt a ciphertext included on the conference CD.

    So, my problem is this:

    Originally I intended to use a bonafide one time pad but the problem I have is that I want it to be something that an attacker who obtains the key can decrypt with tools on hand. There are lots of tools available for generating and using OTP's, but with I-net connections being unpredictable, I want something readily at hand for folks.

    So, rather than a "true" OTP, based on wide availability of GPG, I'm planning to go this route for key and ciphertext distribution.

    In generating the unique ciphertext for each entry that go on the CD's, my current plan is this:
    • Boot (undisclosed) Live CD on non-networked system
    • Generate 30 unique 4096-bit GPG keys (should be enough)
    • Crypt 30 unique files (one per key, large random plaintext)
    • Burn one key each to 30 individual CDROMs
    • Burn all ciphertexts to one CDROM
    • Distribute keys in person by giving a unique CDROM to each entry
    • Send the ciphertexts, via PGP, to the DC folks for inclusion on the CD

    In the printed materials as submitted we tell attackers to consult the scoreboard for targets, and to use the key in /owned to decrypt the corresponding ciphertext on the conference CD. By providing us with the plaintext, you verify you have successfully compromised the machine.

    So the question I have is if the above looks sufficiently sound to everyone? I want to make sure there is no whining or drama, and have a verifiable way to confirm compromise. I had one person question that the contest wasn't sufficiently secured, so I want something as ironclad as possible to confirm compromise, but I also have to deal with realities of something workable for everyone.

    The advantage of GPG versus a "true" OTP is that the tools are common and most (if not all) people will have them handy. My feeling is that a sufficiently large key, and single use, while not being a "true" OTP, is a defensible approach.

    Thoughts? Ridicule? Comments? Questions? Projectiles?
    Last edited by sk00t; July 6, 2007, 13:34. Reason: Moo
    "Raise a toast to ... I think he might have been our only decent ."

  • #2
    Re: Øwned box keys? Help!

    Originally posted by sk00t View Post
    Thoughts? Ridicule? Comments? Questions? Projectiles?
    I suggest to make the 0wning more realistic. Why not put something "to do" into the crypted text that only root could do? For example "Open up the privileged port 12 and make it echo "w00tw00tw00t - /me 2 1337" to anyone who connects".
    This way we could prove that a) an attacker really has the key and b) really has the pwnd the box because otherwise this might still be some kind of crypto-attack. (Or maybe eavesdropping with unsigned PGP-Keys?)

    My two cents
    "You have successfully out-nerded all of Full Disclosure. I commend your total commitment to being an awkward social outcast." Some guy on FD

    Comment


    • #3
      Re: Øwned box keys? Help!

      Originally posted by tatsumori View Post
      I suggest to make the 0wning more realistic. Why not put something "to do" into the crypted text that only root could do? For example "Open up the privileged port 12 and make it echo "w00tw00tw00t - /me 2 1337" to anyone who connects".
      This way we could prove that a) an attacker really has the key and b) really has the pwnd the box because otherwise this might still be some kind of crypto-attack. (Or maybe eavesdropping with unsigned PGP-Keys?)

      My two cents
      I'm assuming defenders will make the directory only readable by root / toor / Admin / etc...

      But yes, a number of people are doing something like that, by making their entries sort of challenges of their own. So, once you get to the directory, they might have 10 other things for you to do.

      But yeah, this relates to the scoreboard. I still don't have an answer there, but I'd like to have a way to update it automatically, and what you're describing would do the trick.
      "Raise a toast to ... I think he might have been our only decent ."

      Comment


      • #4
        Re: Øwned box keys? Help!

        i like the idea, putting the ciphertext in a protected volume to which only admins have access. very nice, works for me.
        "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
        - Trent Reznor

        Comment


        • #5
          Re: Øwned box keys? Help!

          Or how about putting two keys in there?
          Decrypt the cyphertext with one of them and then reencrypt it with the other. Send it to the scoreboard-server afterwards using the pwned machine. Of course you could still perform a crypto-attack and then do some IP-spoofing but this could be more reliable.

          Also - how about letting every attacker publicly show he controls the box?
          "You have successfully out-nerded all of Full Disclosure. I commend your total commitment to being an awkward social outcast." Some guy on FD

          Comment


          • #6
            Re: Øwned box keys? Help!

            Originally posted by tatsumori View Post
            Or how about putting two keys in there?
            Decrypt the cyphertext with one of them and then reencrypt it with the other. Send it to the scoreboard-server afterwards using the pwned machine. Of course you could still perform a crypto-attack and then do some IP-spoofing but this could be more reliable.

            Also - how about letting every attacker publicly show he controls the box?
            I'm planning on the scoreboard being passive sniffing only, based on its appeal as a target, but yeah, I'm thinking maybe spewing out the public key might be a good route to flip the scoreboard.

            Of course another obvious way to indicate ownage would be to halt or call shutdown. I would think once you've got a box you wouldn't want anyone else to hit it until you get the plaintext to us and claim the machine.
            "Raise a toast to ... I think he might have been our only decent ."

            Comment


            • #7
              Re: Øwned box keys? Help!

              Originally posted by sk00t View Post
              I'm planning on the scoreboard being passive sniffing only, based on its appeal as a target, but yeah, I'm thinking maybe spewing out the public key might be a good route to flip the scoreboard.

              Of course another obvious way to indicate ownage would be to halt or call shutdown. I would think once you've got a box you wouldn't want anyone else to hit it until you get the plaintext to us and claim the machine.
              Okay, two updates:
              • I got the keys generated. There are 30 unique 4096 bit public / private keys, and 30 unique ciphertexts based on very large random plaintexts. Lesson learned: GPG has a batch mode that's scriptable to gen keys now. Yay. :) As described I booted a LiveCD and gen'd these without a net connection, then sent the ciphertext via PGP to 'Kita.

                The ciphertexts will be on the con CD's in a directory called (I think) OwnTheBoxContest, along with a text file explaining how to decrypt one if you get a box's key.

                Entrants, remember if you want the key before con I need a PGP key and email addy from you to send it to. You can either mail me at the CFB addy or send a PM.

              • On spewing traffic to identify 0wnage to the scoreboard, I think the best route will be a listener on the scoreboard as described by Tatsumori. I can run a very dumb listener, and watch for an 0wned box's public key fingerprint. When I see the public key I'll flip the scoreboard status to 0wned for the given entry.

                I don't want someone to spew the private key since you still need to mail the plaintext to the email address (to be disclosed on the CD) to give a timestamp and I don't want someone sniffing to get to it first. It means I'll have to make sure the scoreboard is protected but I can manage that. In keeping with a recurring theme the listener will probably be a VM and the scoreboard itself will be a sniffer only.
              "Raise a toast to ... I think he might have been our only decent ."

              Comment

              Working...
              X