Unauthorized access based on HTTP redirection and MitM — UARiM

HTTP Digest Access Authentication (DAA) is a security protocol widely used in embedded systems. Historically, the DAA has presented vulnerabilities that motivated the revising of its specification, including the use of mutual authentication and the replacing of MD5 hash function by SHA-256-512. Despite these improvements, DAA remains vulnerable to some kinds of attacks such as Man-in-the-Middle (MitM). For this reason, we introduce in this paper a method for testing security of the authentication and the access control schemes based on DAA, called Unauthorized Access based on HTTP Redirection and MitM (UARiM). As an experiment, we applied the method to the remote access system of the Active Management Technology (AMT) — a resource of Intel Core vPro processors. As a result, we present a description of the variations of the proposed method as well as other vulnerable systems. Finally, we discuss about possible security countermeasures.

[1]  Alexey Melnikov Salted Challenge Response HTTP Authentication Mechanism , 2016, RFC.

[2]  Fanbao Liu,et al.  On the Security of Digest Access Authentication , 2011, 2011 14th IEEE International Conference on Computational Science and Engineering.

[3]  John Domingue,et al.  Investigating Web APIs on the World Wide Web , 2010, 2010 Eighth IEEE European Conference on Web Services.

[4]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[5]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[6]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[7]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[8]  Thomas P. von Hoff,et al.  HTTP digest authentication in embedded automation systems , 2003, EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696).

[9]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[10]  Roy Fielding RFC 2068 : Hypertext Transfer Protocol-HTTP/1.1 , 1997 .

[11]  Roy T. Fielding,et al.  Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing , 2014, RFC.

[12]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[13]  Lawrence C. Stewart,et al.  An Extension to HTTP : Digest Access Authentication , 1997, RFC.

[14]  Robert W. Shirey,et al.  Internet Security Glossary, Version 2 , 2007, RFC.