openssh unix dev - Oct 2010 - Metropolis: Implementation of Interlock Protocol using Linux Shell Programming, OpenSSH, and GPG

I have wrote a small Linux Shell command for implementing Interlock Protocol
which is known as a cryptographic protocol that resistant to
man-in-the-middle attack. Here is the steps of interlock protocol:

*(1)* Alice send her public key to Bob

*(2)* Bob send his public key to Alice.

*(3)* Alice encrypts her message using Bob's public key. Then she sends half
of that encrypted message to Bob.

*(4)* After receiving Alice's half of encrypted message, Bob encrypts his
message using Alice's public key. Then she sends half of that encrypted
message to Alice.

*(5)* After receiving Bob's half of encrypted message, Then she sends half
rest of encrypted message to Bob.

*(6)* Bob combines the two parts of Alice's encrypted message and decrypts
it with his Private key. Then Bob sends half rest of encrypted message
to Alice.


*(7)* Alice combines the two parts of Bob's encrypted message and decrypts
it with her Private key.
Here is the Code (running well in my Slackware Linux). I named this program
as Metropolis, consist of two parties, the Miracle and the Sleeper. It's
assumed that you have exchange your public key to your partner in secure
way:

SOURCE CODE METROPOLIS (Also attached)



####################################################################

#     Implementation of Interlock Protocol in Shell Script        #

#     Writen by Arief Karfianto, karfi.nci at gmail.com              #

#     September 2010                                              #

#     GNU Public Licensed                                         #

######################## THE MIRACLE AND THE SLEEPER  ##############

clear

      echo " ++++++++++++++++++++  INTERLOCK PROTOCOL VERSION 1.0
++++++++++++++++++++++"

#Validate Number of Arguments

if [ "$#" -ne 4 ]

then

        echo ""

      echo "Incorrect number of arguments."

        echo "Usage : ./metropolis [infile] [active home directory]
[recipient] [mode : m | s]"

      echo ""

exit 1

fi



if [ -e "$1" ]

then

#Encryption Process

      echo ""

      echo "Program will send this file : "

du -b $1





else





      echo ""

      echo "The file doesn't exist !!"

      echo "Program exit now."

      echo ""

      exit 1

fi



if    test "$4" = m

then  echo "mode : miracle"

elif test "$4" = s

then echo "mode : sleeper"

else echo "invalid mode argument : $4"

      echo ""

      exit 1

fi



echo "Encrypting infile with Public Key"

gpg -o sent.gpg --recipient $3 -e $1



if [ -e "sent.gpg" ]

then

#Splitting file

      echo "Splitting infile into two files"

line=10

csplit -f sent $line

rm sent.gpg





else echo "Encryption failed !!"

      echo "Program exit now."

      echo ""

      exit 1

fi



###################  THE MIRACLE  ############################





#Sending 1-st File

      echo "send 1-st file to recipient "

      trap "echo send 1-st file to recipient " 1 2

scp sent00 $3:received00

rm sent00





echo "Waiting for 1-st file from recipient"

until ls | grep "^received00" > /dev/null

do

sleep 5

done



#Sending 2-nd File

      echo "send 2-nd file to recipient"

      trap "echo send 2-nd file to recipient " 1 2

      scp sent01 $3:received01

      rm sent01



echo "Waiting for 2-nd file from recipient"

until ls | grep "^received01" > /dev/null

do

sleep 5

done





#########################  THE SLEEPER  #############################



echo "Waiting for 1-st file from recipient"

until ls | grep "^received00" > /dev/null

do

sleep 5

done



#Sending 1-st File

      echo "send 1-st file to recipient "

      trap "echo send 1-st file to recipient " 1 2

scp sent00 $3:received00

rm sent00



echo "Waiting for 2-nd file from recipient"

until ls | grep "^received01" > /dev/null

do

sleep 5

done



#Sending 2-nd File

      echo "send 2-nd file to recipient"

      trap "echo send 2-nd file to recipient " 1 2

      scp sent01 $3:received01

      rm sent01





######################## THE MIRACLE AND THE SLEEPER  ##############



#Merging Received files

#     echo "Press Enter to Process Received Files.. "

      echo "Merging two files into one"

      cat $2/received00 $2/received01 >> ./received.gpg

      rm $2/received00 $2/received01



#Decrypting file

      echo "Decrypting outfile with Private Key"

gpg -o Received_file -d received.gpg

trap "gpg -o Received_file -d received.gpg " 1 2

rm received.gpg



if [ -e "Received_file" ]

then  echo "Process Complete..Now you have Received_file"

else echo "Decryption failed !!"

      echo "Program exit now."

      echo ""

      exit 1

fi



echo "++++++++++++++++++++++++++++++++++  FINISH
+++++++++++++++++++++++++++++++++++"

echo



And here is the command to run:

1. From Blackbox as Miracle


root at blackbox:~# metropolis  snapshot1.png /root/ root at whitebox m


2. From Whitebox as Sleeper


root at whitebox:~# metropolis  snapshot2.png /root/ root at blackbox s
-------------- next part --------------
A non-text attachment was scrubbed...
Name: metropolis.sh
Type: application/x-sh
Size: 3245 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20101004/28437f39/attachment.sh>

Don't use things like ls | grep ^received00
That will fail if there's a file listed before (eg. "foo
received00"),
ls -l | grep received00 may work (with false positives) but
it's much easier to do it right: test -f received00


Arief Karfianto wrote:
> I have wrote a small Linux Shell command 
I don't think that bash programming is an appropiate language for security
protocols (other than as proof of concept).
For instance, I think your code will be subject to some race conditions
which
would have been trivial were all of this transmitted on one tcp connection.

> for implementing Interlock Protocol
> which is known as a cryptographic protocol that resistant to
> man-in-the-middle attack. Here is the steps of interlock protocol:
Take that resistant with a grain of salt.
Simply splitting the files in two pieces doesn't assure you won't be
MITMed.
In your implementation seem that Alice discards Bob message. That allows
a full MITM attack (impersonate Bob, then Alice).
If Alice was somehow able to determine that the received file was not from
the Real Bob, it would still have transferred to the attacker (but at
least would be
aware of it).
If you had strict timeouts on the process, only began the transactions at a
specified time and would be able to detect bogus messages (how?). Then you
could at least detect after the fact the attack.

In fact, the scp and gpg utilities that you use as mere transport, have
their own
trust mechanisms.

I find this off topic for this mailing list, btw.