User Account

All Pages

Demonstrate the use of hash tools to test integrity

Assignment Help Computer Network Security
Reference no: EM131120212

Assignment is to give you hands­on experience in generating and using symmetric and public/private keys. Additionally, you will configure a web server to use SSL/TLS, and, using tcpdump, verify its effect in encrypting traffic.

The tasks you should perform are

- Either use the same VM you used in Lab Assignment #01, or import a new one.
- In the VM
• generate symmetric keys and demonstrate their use in the encryption and decryption of messages
• generate public/private keys and demonstrate their use in the encryption and decryption of messages
• demonstrate the use of hash tools to test integrity of messages
• use tcpdump to monitor traffic on webserver
• configure the webserver to use SSL
• use tcpdump again to monitor SSL traffic on the webserver

In the description of this lab, I have annotated areas where I expect something from you by highlighting requirements in Red Bold. To complete this assignment, you will (this is repeated at the bottom of the assignment)
- provide thorough explanations of the command line options and other areas that I request

- provide images of the scenarios that I request
If you run into problems that you cannot resolve, you should first utilize the Blackboard Discussion forum for this class and seek help. If you are still unable to resolve the problem, you should provide a very clear explanation of what you have tried, and what has gone wrong.

preparing the Virtual Machine

You may use the same VM that you used in Lab Assignment #01. If you do, it has the advantage that the terminal prompt is already set up with your name in it.

If you choose to download a new one (it's exactly the same as the one you've downloaded before), refer to the Quick Notes on Installation of VirtualBox, and Import/Usage of the Virtual Machine document from Lab Assignment #01 to import it and to set up the terminal command line prompt so that it has your name in it (recall the source .profile method you used before). It is important that your name is visible in at least some of your screen shots ­ your goal should be to show me that this is YOUR work, and not copied from somebody else.

Generation and use of symmetric keys

You should generate a symmetric key and then use it for the encryption and decryption of a file.

You may generate a random, symmetric key, symmkey, as follows

openssl rand -base64 16 > symmkey

You should generate the key, view it (with cat, or an editor. If you use an editor, make sure that you don't modify the key), and provide a complete explanation of this command.

Then, create a simple text file with your name in it to be used as a plaintext file in this lab. Assuming you name it plain.txt, you can use the symmetric key to encrypt it into a file, cipher.txt, as follows

openssl enc -des3 -e -in plain.txt -out cipher.txt -pass file:symmkey

Execute the command, view the encrypted file, and provide a complete explanation of this command.

Then, decryption can be performed as follows. In this example we save the decryption to plainnew.txt (note that this is a single command ­ not two separate ones):

openssl enc -des3 -d -in cipher.txt -out plainnew.txt -pass file:symmkey

Execute the command, verify the decryption, and provide a complete explanation of this command.

Recall that in the real world, two parties would be involved in this transaction, and both would have copies of this symmetric key (and it would need to be transmitted securely, perhaps via public key infrastructure)

Generation and use of Public Key Infrastructure (PKI)

Next, you will generate a public/private key pair, then use the public key to encrypt a file, and the private key to decrypt it. Recall that in the real world, you would provide somebody with your public key, which they would use to encrypt the file, which can only be decrypted with the private key. Since you are the only person in the universe with the private key, you would receive the encrypted message and use your private key to decrypt it.

You may generate the private (e.g. myprivkey1.pem) and public (e.g. mypubkey1.pem) keys with the following commands:

(this is a single command, not two)
openssl genpkey -algorithm RSA -out myprivkey1.pem -pkeyopt rsa_keygen_bits:2048

openssl rsa -pubout -in myprivkey1.pem -out mypubkey1.pem

Execute these commands, view the two keys, and provide a complete explanation of these commands. Also, explain why the public key is much shorter than the private key.

Then, encrypt your plaintext as follows (this is a single command)

cat plain.txt | openssl rsautl -encrypt -pubin -inkey mypubkey1.pem > cipher.txt

Execute this command, view the resulting ciphertext, and provide a complete explanation of this command.

Then, you may decrypt the ciphertext with the private key as follows

cat cipher.txt | openssl rsautl -decrypt -inkey myprivkey1.pem

Execute the command, verify expected output, and provide a complete explanation of this command.

Then, try to decrypt the ciphertext with the public key rather than the private key and explain what happens.

Use of Hashing to Verify Message Integrity

So far, you have experimented with some basic encryption schemes. You know how to do simple symmetric key encryption and decryption and, with the PKI you could encrypt the symmetric key so that both parties would have it, and it would be confidential. However, an imposter might have intercepted the message (the symmetric key that is being transmitted) and, just to be mean, changed a bit in it. Therefore, you also need to worry about integrity of the message and have some assurance that both parties have the same key.

Use the program md5sum, available in your VM, to create a hash of your encrypted data from the previous example.

md5sum cipher.txt

Then, create a copy of your ciphertext file, and edit that so exactly one character is altered, and then create another hash from that new file.

Create a screenshot of the window that shows the hash from both files. Explain how hashing could be used to verify integrity of the message.

Packet Analysis of HTTP Traffic

The VM for this lab has a web server (nginx) running (with PHP­CGI services), as well as a command­line web client, curl, and two web browsers, dillo and Opera. Before continuing, you should verify that services are running on Ports 22 (ssh), 23 (telnet), 80 (http) and 9000 (php­cgi). You can use the command

netstat -tna

for this. If you don't see Ports 80 and 9000, then something is wrong and you should look into getting that resolved first. Later, you will configure and start an SSL server on Port 443, and when you issue the above command you will see the additional Port 443 in the list.

To test functionality, you can use one of the browsers, dillo or opera ­ you can type either in a terminal, and you will see that there are also icons for both at the bottom of the screen.

At URL https://localhost you should see an nginx welcome screen, and at URL https://localhost/secretentry.php you will see a very simple page I created that prompts the user for a "secret" and then echos the secret to the page. This page was created as a way to demonstrate how your secrets are not so secret on a plain HTTP connection, but will be encrypted over an SSL connection. You shouldn't enter a "real" secret in here ­ it's just a demo. Enter your name as the secret.

Once you've verified that you can access both pages, run tcpdump and verify that you are able to see the plaintext from both URLs. In particular, you should find the "secret" that you entered, in plain text.

tcpdump -i lo -A port 80


This should convince you that any passwords used in this scenario are easily "sniffed" from the network. Take a screenshot of the VM showing the tcpdump terminal with your "secret" in it.

If you are interested in looking a little deeper, the HTML and PHP for these simple examples are located in /usr/local/nginx/html/.

Also, if you are interested in accessing this web server from the outside, you should be able to use the ifconfig command to find the IP address associated with eth1, and then point your outside browser (or curl, if you have it!) to the appropriate URL.

I recommend that, before proceeding with the next sections, you go ahead and save all of the work that you have done so far, and save it to another machine. Because you will be doing a little bit of system configuration, there is the possibility that you will mess something up in your VM. Of course, you can always download a new VM and start again, but you would have lost everything that you've done so far.

Configuration of SSL/TLS web server and subsequent packet analysis of HTTP traffic

As you know from previous examples, openssl has been installed on your VM, and it can be used to set up the transport layer security (TLS) for your web server. There are only a few steps necessary to make this happen. The following link may provide some guidance, and it's what I used to figure out how to set it up on this particular configuration. Note that it should not be taken verbatim, but just used to point you in the right direction.

https://www.digitalocean.com/community/tutorials/how­to­create­an­ssl­certificate­on­nginx­for­u buntu­14­04

Nevertheless, I will provide you with specific commands here. You will

- Create a directory that stores the certificate and key
- Create a certificate and key for this web server using SSL
- Edit the web server configuration file to listen on port 443 for SSL, and to point to the certificate and key that you created
- Restart the web server so it reads the new configuration information
- Start using your SSL connection!

To create the directory for storing the certificate and key

cd /usr/local/etc/nginx sudo mkdir ssl
To create the certificate and key, you may do the following (this is a single command, not three
commands):
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/usr/local/etc/nginx/ssl/nginx.key -out
/usr/local/etc/nginx/ssl/nginx.crt

As you are creating the certificate it all ask you to enter several pieces of information. This is information that will be stored in the certificate, and for the most part, it doesn't really matter what you put in it, for this demonstration, but enter your name for the Organization Name. You should create the certificate, and provide a complete explanation of this command.

Once completed, verify that you have the certificate and key in the expected directory.

Next, you will edit the web server configuration file, adding in SSL support ­ this file is owned by root, so you will need to use the sudo command when invoking the editor. In the file
/usr/local/etc/nginx/nginx.conf, find the section that looks something like

server {
listen 80;
.
.
.
location / {
root html;
index index.html index.htm index.php;
}
}


In this block (in the area I've annotated with dots), you should enter the following three lines, which tells nginx to listen on Port 443 for SSL, and specifies where the certificate and the certificate key are.

listen 443 ssl;

ssl_certificate /usr/local/etc/nginx/ssl/nginx.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key;


Make sure you create the lines exactly as specified above, including the semicolons.

The server is now configured, and you need to restart it. Hopefully, you will be able to restart as follows:

sudo /usr/local/etc/init.d/nginx reload

but if this doesn't work, you may need to reboot your VM. You will know if it worked by issuing the netstat -tna command, and seeing that Port 443 has been added to the list of listening ports.

Now, you can test this by opening the Opera web browser (it will also work with the Dillo web browser, but the following interaction will be a little different) and pointing to


(note the https, not http). You will be presented with the opportunity to approve the certificate. Before you do this, click on the Details tab, click on the certificate (there will probably only be one), and look at some of the fields. You should see that the fields correspond to what you entered when you created the certificate, including your name. Click on the Issuer field and take a snapshot of this.

2425_figure.jpg

Once you have approved the certificate, it should show you the nginx welcoming screen.

Note, you can also view your certificate at the command line as follows (if you mess up above and Approve the certificate before you get a chance to display the Details, you can provide a snapshot of the first part of the certificate that you get with the following command).

openssl x509 -in <path-to-certificate> -text -noout

To complete this assignment, you should use tcpdump to monitor the SSL server (remember, it's not running on Port 80, like the plaintext web server, but on Port 443), and use the URL from your browser.

and verify that tcpdump has encrypted your secret so that it is not accessible to someone who has intercepted the traffic ­ you should not see it in plaintext in your tcpdump output.

To complete this assignment, you will

- provide thorough explanations of the command line options and other areas that I request. I have given you almost every command that you need. You should explain EACH flag and argument to demonstrate to me that you understand what I have given you. Many students lose points by not providing enough detail.
- provide images of the scenarios that I request

Please put everything in a single PDF or Word (or OpenOffice) document.

If you run into problems that you cannot resolve, you should first utilize the Blackboard Discussion forum for this class and seek help. If you are still unable to resolve the problem, you should provide a very clear explanation of what you have tried, and what has gone wrong.

Note that if you are trying to get a screenshot of your VM, you can simply use the Host+E command, where "Host" for most of you would be Right CTRL. In other words, Right­CTRL+E should allow you to get a screen shot of your current VM. You may also use the screen dump capability of your host operating system.

Reference no: EM131120212

Questions Cloud

Explain using one of the moral theories discussed : Consider the AIDS and River Blindness cases. Given that Merck is using corporate funds for this program, is Merck's donation of these drugs morally acceptable? Morally required? Explain using one of the moral theories discussed in Module 1.
Differences in lifestyle between then and now : Choosing two legacies, one from the past and the other from the present. Illustrate the differences in lifestyle between then and now. Remember to use APA format in your work.
Understanding laws and policies on a global scale : The idea of understanding laws and policies on a global scale, particularly in business can be daunting, even for the most seasoned professional. Sometimes, putting things on a more macro scale can help sort some of the more minute details.
Identify the situations in which expansionary fiscal policy : Begin by explaining fiscal policy. Describe expansionary and contractionary fiscal policies. Identify the situations in which expansionary fiscal policy and contractionary fiscal policy would be used.
Demonstrate the use of hash tools to test integrity : Assignment is to give you hands­on experience in generating and using symmetric and public/private keys. Additionally, you will configure a web server to use SSL/TLS, and, using tcpdump, verify its effect in encrypting traffic.
Cancer and women''s and men''s health : The American Cancer Society estimates that by the end of 2012, more than 226,000 women will be diagnosed with breast cancer and more than 241,000 men will be diagnosed with prostate cancer (American Cancer Society, 2012a;
Provide an overview of outsourcing : Provide an overview of outsourcing. What does it entail? Many U.S. firms have outsourced jobs to China (primarily for manufacturing) and India (primarily for back office duties). Pinpoint a firm or firms that have undertaken such outsourcing.  What..
What factors led to its decline by the late 1950s : https://www.homeworkmarket.com/content/see-description-pin-it-semester-exam-%E2%80%93-american-cinema-260-n-spring-2016-choose-only-five-5-
Controlling organized crime paper : Write a 1,050- to 1,750-word paper, using definitions, principles, and theories from previous assignments, in which you establish a thesis regarding the control of organized crime.

Reviews

Write a Review

Computer Network Security Questions & Answers

  What is the encrypted message entropy

Consider the following plaintext message: FAIN 460 9043 IS A GRADUATE COURSE.

  Provide security consultant service to a medium veterinary

Assume that you have been hired to provide security consultant service to a medium veterinary practice (300 employees) to help them prepare a Contingency Planning (CP) document.

  How to protect communications by eavesdropper

Assume that evil Charlie eavesdropped on Bob's message to server. How can he with the help of his equally evil buddy Don, extract key K that Alice and Bob are using to protect their communications?

  Identity one specific control in physical security

Identity one specific control in each category and describe the control in details, including the asset that is being protected. Physical Security.

  Determine the value of the symmetric key

Discuss some of the attacks on the Diffie Hellman key exchange protocol we discussed in the lecture. Present your solution for avoiding such attacks.

  How is risk defined in the context of information technology

How is risk defined in the context of information technology.

  Limited management abilities

Originally Linux/UNIX systems had one all-powerful user called root that managed systems and discuss the risks of having a single root user and how more limited management abilities can be given to others users on Linux/UNIX systems.

  Expected time to find user passwords by dictionary attack

Suppose that eight more characters were added to the password and that the DES algorithm was changed so as to use all 16 password characters. What would be the expected time to find all users' passwords using a dictionary attack?

  Problem regarding the digital computer crime

Explain the four (4) major categories of computercrimes, and provide at least one (1) example for each.Explain the most common forms ofdigitalcrime.

  Evaluate software solutions to security problems

Security is a major concern for many mission-critical applications.  The focus of the assignment is specifically on protocols that contain known vulnerabilities.

  Understanding and perspective of current hot topics

Build an understanding and perspective of current hot topics in Information Security - Biometrics for authentication: security and privacy implications.

  Information on the current security state

You selected an organisation, and provided information on the current security state and made suggestions of improvements to their security

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd