Reference no: EM133504643
Advanced Network Security
Question 1. Packet Capture and Analysis
For this question you must use virtnet (as used in the tutorials) to perform an interception attack. This assumes you have already setup and are familiar with virtnet. See Moodle and tutorial instructions for information on setting up and using virtnet. The tasks and sub- questions are grouped into multiple phases. You must complete all phases, in order.
Phase 1: Setup
1. Create topology 5 in virtnet. node1 will be referred to as the client, node2 the router, and node3 the server.
2. The attacker has access to the router and will run tcpdump to capture packets.
3. Users on the client and server will use applications to communicate. For this task,
netcat will be used to generate the application traffic.
4. Server port numbers must be assigned based on the last three (3) digits of your student ID, xyz, as defined below. Examples are given for a student ID of 12345678.
• For netcat TCP server use port 8xyz. Example port: 8678
Phase 2: Intercept TCP Application Traffic
The attacker should capture traffic on the router (node1) for the following TCP application traffic.
1. Start the netcat TCP server using the assigned port on the server (node3)
2. Start the netcat TCP client on the client (node1)
3. On the client, type the following (use your actual first name):
COIT20262 TCP<press ENTER>
My ID is [studentID] <press ENTER>
My first name is [FirstName]<press ENTER>
<Ctrl-D>
The attacker should then stop the capture, and save the file as:[StudentID]-tcp.pcap
Phase 3: Analysis
Answer the following sub-questions regarding the previous phases.
(a) Submit[StudentID]-tcp.pcap file on moodle. (0.5 marks)
(b) Draw a message sequence diagram that illustrates all the TCP packets generated by using netcat in phase 3. Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw the UDP packets. Only draw TCP packets. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in tutorials. Note that you do not need to show the packet times, and the diagram does not have to be to scale. You
must draw your own diagram; you cannot use the diagram generated by Wireshark.
(c) If the attacker performs a modification attack on the TCP exchange, changing the unit code from COIT20262 to COIT20264, then will the server (node3) know that an attack may have occurred? Explain why or why not. Also explain a technique that could be used so that the server (node3) is certain the message was not modified.
(d) If the attacker performs a replay attack on the TCP exchange, replaying the messages without any modification, then will the server (node3) know that an attack may have occurred? Explain why or why not.
Question 2. Attack Detection from Real Intrusion Dataset
For this question you need to implement three multi-classifiers to identify attack and normal behaviour from the UNSW-NB15 intrusion dataset. You are required to read the data from training set (175,341 records) and test set (82,332 records).
You are required to implement it by using the publicly available machine learning software WEKA.
For this task you will need two files available on Moodle:
• training.arff and test.arff.
You need to perform the following steps:
• Import training data.
• For each classifier:
- Select an appropriate classifier (do not choose any meta classifier)
- Specify test option
- Perform the training
- Supply test data set
- Evaluate the classifier.
You need to repeat for at least 3 classifiers, and eventually select the results from the best 2 classifiers.
You need to include in your report the following:
(a) Screenshot of the performance details for 3 classifiers
(b) Compare the results of the selected best 2 classifiers, evaluating with the metrics: Accuracy, precision, recall, F1-Score and false positive rate.
Reflection:
(c) Which classifier gave the best performance overall? Justify your selection of the ‘best' classifier and given reasons why you think it is the best. Is there any way to improve the performance further?
Question 3. Encryption and Signing
Aim
Your aim is to demonstrate skills and knowledge in cryptographic operations, especially key management. You will do this in pairs (that is, with a partner student).
When performing cryptographic operations you must be very careful, as a small mistake (such as a typo) may mean the result is an insecure system. Read the instructions carefully, understand the examples, and where possible, test your approach (e.g. if you encrypt a file, test it by decrypting it and comparing the original to the decrypted). It is recommended you use virtnet to perform the operations.
Phase 1: Key Generation
1. Generate your own RSA 2048-bit public/private key pair and upload your public key to the Public Key Directory on Moodle. (If you have already done this in the tutorial, you do not need to do it again). Save your keypair as [StudentID]-keypair.pem.
2. Generate a secret key to be used with AES-256-CBC, saving it in the file [StudentID]- key.txt.
3. Generate an IV to be used with AES-256-CBC, saving it in the file [StudentID]- iv.txt.
Phase 2: Message Creation and Signing
1. Create a message file [StudentID]-message.txt that is a plain text file containing your full name and student ID inside.
2. Digitally sign [StudentID]-message.txt using RSA and SHA256, saving the signature in the file [StudentID]-message.sgn.
Phase 3: Encryption
1. Encrypt [StudentID]-message.txt using symmetric key encryption, saving the ciphertext in the file [StudentID]-message.enc.
2. Encrypt [StudentID]-key.txt using public key encryption (RSA), saving the ciphertext in the file [StudentID]-key.enc.
3. Encrypt [StudentID]-iv.txt using public key encryption (RSA), saving the ciphertext in the file [StudentID]-iv.enc.
Phase 4: Upload to your Partner
1. To send files to your partner, you must upload them to the Encrypted Files database onMoodle. Your partner can then download from the database.
Phase 5: Decryption and Verification
1. Download the files from your partner from the Encrypted Files database.
2. Decrypt to obtain the message, saving it in the file [StudentID]-received.txt.
3. Verify the signed message.
Phase 6: File Submission
a) Submit the files on Moodle. As output from these phases, you should have the followingfiles for submission on Moodle:
• [StudentID]-message.txt
• [StudentID]-keypair.pem
• [StudentID]-pubkey.pem
• [StudentID]-key.txt
• [StudentID]-iv.txt
• [StudentID]-message.sgn
• [StudentID]-message.enc
• [StudentID]-key.enc
• [StudentID]-iv.enc
• [StudentID]-received.txt (this will contain the message you received from your partner)
Even though the encrypted files and public keys must be available on the Moodle databases, you should also include a copy of the files in your assessment submission. Ensure the files in the database and your submission are the same - the marker may use either version.
Phase 7: Reflection
Think about the tasks you performed in this question and write a brief reflection. You should:
(a) Submit your files on Moodle as listed above. Also take a screenshot showing the OpenSSL verification command and the message contents. That is, the single screenshot should show the output of two commands:
openssl dgst ...
cat [StudentID]-received.txt
Include the screenshot on your assignment answer template.
b) Write a reflection on which parts were the most challenging or led to mistakes, and why there were mistakes?
c) Find and discuss the potential security vulnerability in the process/the steps you took.
Attachment:- Advanced Network Security.rar