Project(s)
There will be five small projects and five short tests in this course. The projects are mandatory and the tests are voluntary.
Reports:
You should submit the reports electronically in pdf or word format and use the subject "EITN50" in the email that contains the report. Send it to ben.smeets.lu@analys.urkund.se
In agreement with course evaluation there will no longer be a grading of the projects in "G" and VG. Grading of the project reports is done from two perspectives. One is "Sufficiency" and the other is "Presentation". Sufficiency refers to a sufficient correct answer on the assignments. One extreme is that you only write the bare essensence without much explanation. You are then at risk that your report from a "Presentation" point of view lacks the information that a report should contain. The presentation should be detailed enough for others to repeat(read verify) what you did. If these criteria are met you get a "P(ass)" mark. Sloppy reports are not accepted.
If your report needs corrections you are given a "U" mark. You can always improve a "U" mark to a "P" mark until the final deadline currently set to 20/10. You mast have a pass mark for all the five projects before you can pass this course. Exceptionally well-done reports will be rewarded by 0.1 points per report that will be added to your exam quiz results from which the final course grading will be determined..
Finally, the reports will be screened using "Urkund" for plagiarism (se:http://www.urkund.se/SE/om_urkund.asp).
Deadlines for the projects will be set as the course proceeds: consult Project assignments
IMPORTANT: Required additions/updates to the (any!) reports should be handed in latest 20/10.
On the first lecture the group list (group list.xls)will be passed around. Each group should enter their names on this list or send an email to Ben stating which people are in the group. A group should be two persons.
Username to login is group number, e.g adsec01, password communicated on first lecture.
Labspace is available according to the schedule in TimeEdit and will use the rooms E:4116, E:4118 at the 4th floor of the E-building. Access via students access cards (requires that you are registered to the course so we can give you access).
There will be 5 shorts tests available via moodle.eit.lth.se. You need to signup in the moodle system to take these tests. From the results of these tests your final grading for this course will be computed (you can here benefit from extra points received from your project reports). You will be given a limited number of attempts in each test but are free to do the test between it is opened and the closing date of 20/10.
Required additions/updates to the reports (thus for all projects) should be handed in latest Oct 21. Submit reports (pdf or word .doc format) to ben.smeets.lu@analys.urkund.se
Name the report in the following way "Project# - adsec##"
NOTE: this year we had to reschedule the order of the projects but some assignment texts still use the old project numbers which leads that there are two projects 3.
Project |
Release date |
Planned ContentProject3 | link to the assignment |
Deadline (at 23.59) |
Last update date |
1 | 3/9 | Data forensics: finding data on a disc image | Project1 | 14/9 | |
2 | 15/9 |
Wireless Offloading |
Project2 |
28/9 | |
3 | 18/9 | Introduction to Reverse-Engineering | Project3 | 5/10 | |
4 | 2/10 | IPSec experiments | Project4 | 12/10 | 07/10 |
5 | 9/10 | Denial Of Service Attack | Project5 | 20/10 |
Christopher Jämthagen answers any questions regarding the projects during the following hours. Outside of these hours, he is available by e-mail. Note that the times may change.
Wednesdays: 09.30 -11.30 and 12.30-13.30.
Fridays: 09.30 - 11.30
2013-10-24: Christopher became father yesterday. For any further assistance contact Ben.
Project 1: Data Forensics
The Project1 assignment that you can download from the following link project1. Below you find someadditional information and last minute info. On the lab machines there is a c:\adsec directory where you find copies of the image larger files you need.
WARNING: Be carefull when using the dd command on Unix machine when you create a flash drive from an image so that the target to write to is indeed the flash drive device and not your system or other disk. The dd will overwrite what it finds. On the lab machines you can use a virtual image of the deft live-cd.
Submission Instructions
Report of project 1 can be sent electronically (in pdf, word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 14/9, h 23.59
Objective
The objective of this project is to get an insight how to analyse data obtained from an image data file. The problem includes learning to reconstruct from scratch the file structure, correct errors, and to extract data.You also meet different tools to extract data.
Things you need
Part 1: Evidence File
Latex Table for your report: latex_table.txt
Part 2: Image files: flash0.E01 (7.3MB) and flash1.E01 (39,7 MB)
For part 2, use the VM image in deft7.2.zip. You can copy the xxx.E01 files into the running deft virtual image by ordinary copy and past. In case you want to boot a live CD (USB), you might have to hit F12 (repeatedly) in the early stages of the boot process to get into the boot menu, where you are able to choose to boot from CD (USB). See the details in the project assignment.
- VMware image in deft7.2.zip (recommended and is also found on the LAB machine server)
- USB (before you download the original pendrive image please read these instructions)
- LiveCD
extra image for those without usb stick.
Information Links
- FAT
- General information (Wikipedia)
- Fat12 description
- Skinny on Fat
- FATFS
- Fat Whitepaper ( very detailed/not easy to understand)
- DEFT 7 manual or most recent from http://www.deftlinux.net/deft-manual/
Tools
WARNING: These are 32-bit executables that may require XP compatible mode to run properly.
Hex editors:
There are many hex editors that are good enough. Below you find one powerfull (but not free) and a simple one (free). Others will likely do the job as well.There are good hex editors on unix/Linux systems too.
WinHex editor trial version. (use this version as newer ones limited the number of saves)
HxD free hex editor (lacks functions of WinHex but free)
ZIP password recovery
Old program. The newer versions have restrictions.
Advanced ZIP Password Recovery (free/trial version)
Fat disc viewer
Fat disc image viewer (simple but usefull for checking that you got an image that works)
Results
Results on Project1 reports are up. Those who need to complement may choose to do this orally. Make sure you fix the problems and contact Christopher if you are interested. Otherwise send in the corrected report by October 21. (Updated October 24, if you need help you should contact Ben)
Project 2: Security in Wireless offloading
The Project2 assignment that you can download from the following link
Submission Instructions
Report of project 2 can be sent electronically (in pdf, word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 28/9, h 23.59
Objective
The objective of this project is to get you a bit familiar with security evalutations. In the project you will study three solutions that can be used to realize an offloading of an operators mobile ntework through the use of Wi-Fi technology. You will meet a set of assignments that guide you through a security analysis of the three solutions.
Things you need
See assignmentInformation Links
See assignmentResults
Preliminary results of Project 2 reports (updated 2013-10-27) are here
Project 3: Introduction to Reverse-Engineering
The Project3 assignment can be downloaded using the following link project 3.
Below
Submission Instructions
Report of project 3 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 5/10, h 23.59
Objective
The objective of this project is to get insight in tools and procedures that can be used to perform a reverse engineering of code.
Things you need
The project assignment document includes everything necessary to get your started. Here is the binary file you will be reverse engineering (Thank you UbiCrypt)
Information Links
Results
results of Project 3 reports are up. (Updated October 14)
IPsec configuration and test
The Project4 assignment that you can download from the following link project4.
Below you find some additional information and last minute info.
Some of you experience problems while working on Question 14 of Project 4(IPsec). It ispossible to generete the public-private key pairs outside the gateway and move them into the virtual machines but this must be done with some care so the existing PKI engine actually accepts them. Just placing them in the correct directory is not sufficient. You can use the existing keys and certificates but they do not work right away so also there you must think how the overcome the PKI engine restrictive policy. On the linux (fedora) machines you can switch keyboard by entering the system-config-keyboard command and follow the instructions (no restart is needed).
Submission Instructions
Report of project 4 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 12/10, h 23.59
Objective
The objective of this project is to demonstrate how to configure a Roadwarrior scenario where a user uses a PC/laptop to connect with IPsec to a corporate network Gateway. You will learn how you can perform traffic analysis and how IPsec can pass a router with NAT (Network Address Translation). We also show how packet fragmentation can occur when securing a connection with IPsec
The VMware images can be downloaded to your home computer, although they constitute a hefty 16GB download.
In case you ruin the images on your C drive or the might become corrupted you can download fresh copies from http://distarchive.eit.lth.se/ssoa/ . Some files are several GB big so you need a rather good internet connection to fetch these files.
Things you need
Basically all is available on the lab computers but since they are shared by many the images in C:\adsec\SSL-IPSec can be come corrupted.
It may be useful to browse for information on traceroute for windows and linux in case you are not familiar with these commands.
Information Links
For more info ipsec demos and examples see ipseclab.eit.lth.se
Results
Preliinary results of Project 4 reports (updated 2013-10-26) are here
DDOS Attacks
The Project5 assignment can be downloaded using the following link project5.
Below you find some additional information and last minute info: Use the Windows TaskManager and/or BitmeterOS to measure the network use.
2013-10-09: If you noticed problems with a crashing zombie.exe make the executable compatible for XP with service pack2 (right click on the file and choose Properties->Compatability)
Submission Instructions
Report of project 5 can be sent electronically (in pdf, or word) or to ben.smeets.lu@analys.urkund.se .
Deadline: Saturday 20/10, h 23.59
Objective
The objective of this project is to get insight in Denial-of-Service attacks. Three experiments have to be performed. This project is a unique apportunity, however the tools are potentially harmfull. Use this opportunity under responsibility. For the same reason, students that do this project are subject to a specific rule of conduct. See the Project assignment.
Things you need
After reading the project assignment your should read the lab manual that you find here: Lab manual
You should run this project in our lab with the reserved computers. You find all the material there in the mounted drive S: (where \\homer\lab\adsec should be mounted).
NOTE 1: Because you may need at least 4 computers for the last experiment the number of groups that can work in parallel is limited. Again you can use the lab computers also outside the reserved slots but then only if no other course is just using them.
NOTE 2: If opening the VMWare images hangs, this might be because you are opening the files in a read-only directory. Copy the files to somewhere local, e.g., the Desktop, and try again.
Do not forget to configure your Apache with the correct port number when installing it. Otherwise you have to change in httpd.config file in C:\Program Files\Apache Software Foundation\Apache2.2\conf and restart Apache. Port number 8080 and 1337 are open in the firewall. we recommend you to use 8080 for the Apache web server.
Information Links
- Lab Manual
- Background Reading (Thanks Franz and Johan!)
- TCPView
Results
Preliinary results of Project 5 reports are (updated 2013-10-26) here