Student | (visible for staff only) |
Supervisor | Dr. Dominik Schürmann |
Professor | Prof. Dr.-Ing. Lars Wolf |
IBR Group | CM (Prof. Wolf) |
Type | Bachelor Thesis |
Status | finished |
Abstract:In times where communication systems must be designed with powerful nation-state ad- versarys in mind, the need for reliable and tested security standards is higher than ever before. Subject of our investigations is the de-facto standard key exchange protocol for VoIP applications: ZRTP. In this paper, we explore possible attacks to stealthly eavesdrop ZRTP-secured communications, after a Man-in-the-Middle attack has been achieved. Two main contributions are made: We conduct a case study of ZRTP implementations with fo- cus on user interaction by provoking errors in the exchange. Further we analyze the for- gability of Short Authentication Strings (SAS) used to detect Man-in-the-Middle attacks by applying probability theory. We find substantial flaws in the user interaction in some implementations, standard incompliance in others, as well as a devastating vulnerability that allows to completely bypass ZRTP-protection using standard hardware. The proba- bility analysis shows why previous SAS forging techniques have been so applicable. The findings are used to conclude design guidelines for precise security feature expression in implementations, as well as user recommendations that might defy all SAS forge attacks. |
Vacancies of TU Braunschweig
Career Service' Job Exchange
Merchandising
Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard
Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig
P. O. Box: 38092 Braunschweig
GERMANY
Phone: +49 (0) 531 391-0