Answered step by step
Verified Expert Solution
Question
1 Approved Answer
A website authenticates its users by asking for a login / password , and sends them a cookie C , valid for one minute, to
A website authenticates its users by asking for a loginpassword and sends them a cookie C valid for one minute, to keep track of their authentication status. The cookie C is formed such as C
Encuserusername, tmstmptimestamp" with username "anonymous" for unauthenticated users,
or the name of the user when authenticated; and timestamp is a Unixformated timestamp' representing the time up to which the user is authenticated current time plus one minute Enc: designates the AES encryption in OFBmode using i as a random IV and k as a random key; both k and iv are unknown to us The OFB mode of operation for encryption is described in Figure
In this exercise, we consider cookies delivered on February st at :am UTC. At that time, an unauthenticated user coming to the website will receive a cookie:
Cu AESOFBk, ivuseranonymous, tmstmp
The value corresponds to :am on February st We denote by Pu the plaintext version of the cookie.
Denoted PA that corresponds to the authenticated admin user if he logged in at the same timeYou may rethink about the value of Pa so that Pu and Pa have the same length. Note that the cookie may authenticate the user admin for as long as you want but at least the original one minute duration
A Implement in Python the attack that would turn CU into a valid CA for at least the original duration. Prepare a single Python file named exercisepy that contains a function modifycookie that takes as argument a baseencoded cookie and returns the baseencoded modified cookie. Your attack should work for different timestamps.You will get full marks if given an encrypted cookieissued at any later date than February st this year, you are able to turn this cookie into a valid admin cookie for at least the original duration. Make sure your code uses meaningful variable names, consistent indenting scheme, and comments.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started