Unauthorized Access based on HTTP Redirection and MitM - UARiM
Ortiz, Tiago Viger [UNIFESP]
Lino Kimura, Bruno Yuji [UNIFESP]
Rosset, Valerio [UNIFESP]
TypeTrabalho apresentado em evento
Is part of2017 12th Iberian Conference on Information Systems and Technologies (CISTI)
MetadataShow full item record
HTTP Digest Access Authentication (DAA) is a security protocol widely used in embedded systems. Historically, the DAA has presented vulnerabilities that motivated the revising of its specification, including the use of mutual authentication and the replacing of MD5 hash function by SHA-256-512. Despite these improvements, DAA remains vulnerable to some kinds of attacks such as Man-in-the-Middle (MitM). For this reason, we introduce in this paper a method for testing security of the authentication and the access control schemes based on DAA, called Unauthorized Access based on HTTP Redirection and MitM (UARiM). As an experiment, we applied the method to the remote access system of the Active Management Technology (AMT)-a resource of Intel Core vPro processors. As a result, we present a description of the variations of the proposed method as well as other vulnerable systems. Finally, we discuss about possible security countermeasures.