Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave

Packet numbers and encryption algorithms used in grading web application

For this question you must use virtnet (as used in the workshops) to perform a cookie stealing attack. This assumes you have already setup and are familiar with virtnet. See Moodle and workshop instructions for information on setting up and using virtnet, deploying the website, and performing the attack. The tasks and sub-questions are grouped into multiple phases. You must complete all phases, in order. Phase 1: Setup 1. Create topology 7 in virtnet. 2. Add a new normal student user to the MyUni grading system. The user must have: a. Username: [StudentID] b. Password:

Add a new malicious student user to the MyUni grading system. The user must have: a. Username: 12345678 b. Password: [StudentID] 4. Add a grade for the normal student user for unit/course ‘coit20262’ with a grade of what you expect to receive this term, e.g. HD, D, C, P or F. 5. Change the title of the MyUni website by editing header_footer.php and changing theline to:6. Change the domain of the MyUni website to  Test that the existing users and new student can access the grading website. The roles of nodes in topology 7 are: • node1: Web browser (lynx) of normal student user.

node2: Web browser (lynx) of malicious student user. • node3: Capture of packets with tcpdump. • node4: MyUni grading website. • node5: not used in this question. Phase 2: Capture Cookies 8. Start capturing on node3 using tcpdump. 9. The normal student user must do the following on node1: a. Visit the MyUni grading website, e.g. as below or with any options: lynx b. Follow the “Login” link and login c. Follow the “View grades” link and enter their username and ‘coit20262’ to view the course/unit grade, and submit. d. Follow the “Logout” link. e. Exit lynx by pressing q for quit. COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 3 of 8 10. Stop capturing on node3. Note that it is important that the start of the TCP connection (i.e. 3 way handshake), as well as all HTTP requests/responses are included in the capture. 

Masquerade Attack Using information from the capture in part 2, the malicious student user must now perform a cookie stealing attack to masquerade as the normal student user. Although the capture may have recorded the normal student users’ password, you MUST NOT use it in the cookie stealing attack (e.g. assume the password was encrypted). Your cookie stealing attack must only use the cookie information (not the password). 11. Setup for the cookie stealing attack on node2. 12. Start capturing on node 3 using tcpdump. 13. The malicious student user must do the following on node2: a. Visit the MyUni grading website Follow the “View grades” link and enter the username of the normal user, leaving the course/unit field empty (see you see all grades), and submit. c. Follow the “Logout” link. d. Exit lynx by pressing q for quit.

Concerns regarding id_hash encryption and decryption

14. Stop capturing on node3. Note that it is important that the start of the TCP connection (i.e. 3 way handshake), as well as all HTTP requests/responses are included in the capture. Save the capture file as malicious-student.pcap. Phase 4: Analysis Answer the following sub-questions regarding the previous phases and cookie stealing attack. (a) Submit normal-student.pcap. (b) Submit malicious-student.pcap. (c) Draw a message sequence diagram that illustrates all the HTTP messages for the normal student user viewing the grades (i.e. the HTTP messages from normal-student.pcap from step 7 above). Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw TCP connection setup or ACKS. Only draw HTTP messages. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down).

Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 4 of 8 workshops. Note that you do not need to show the packet times, and the diagram does not have to be to scale. (d) Based on your captures only, identify the following information. If the information is found in multiple packets, give the first packet from the capture. For example, if the information is found in packet numbers 3, 5 and 7, you would give the packet number as 3.

a. Packet number from normal-student.pcap that contains the normal students’ password b. Packet number from normal-student.pcap in which the server originally sends the cookie to the browser c. Last 4 HEX digits of the id_hash in the cookie (give the value of the last 4 digits, not the packet number) d. Packet number from malicious-student.pcap that contains the normal students grade for coit20262. e. Packet number from malicious-student.pcap in which the client originally sends the stolen cookie (e) Explain how the id_hash is calculated, giving both the equation/algorithm for calculating it, as well as a description of the values used in calculating it (for example, where do the values come from? How are they set?). (f) Explain how the id_hash provides security on the context that it is used in the grading web application. (g) Explain a weakness or vulnerability of how the id_hash is calculated or used.

Overview of Ransomware and its technical details

For example, how could the security it provides be broken? (h) In this question, the username and password of the normal student user are sent as plaintext from browser to server. This is an obvious weakness, as an attacker that intercepts the packets between browser and server immediately learns the password. A possible solution is for the client browser to calculate a hash of the password using JavaScript, and sending the hash of the password to the server, instead of the actual password. Discuss the strengths or weaknesses of such a scheme with respect to preventing an attacker from logging in using the normal student users’ password.

(i) In this question, the malicious student performing the cookie stealing attack uses lynx as a web browser. Explore how to edit or create cookies in common graphical web browsers (Firefox, Chrome, IE, Edge or Safari). Give a brief explanation of what you need to do to modify/create cookies (e.g. which options of the browser, or what software needs to be installed) and take a screenshot of a cookie you modified or created. The cookie in the screenshot MUST include your [StudentID] (e.g. put your [StudentID] in any field of the cookie). COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 5 of 8 Question 2. Cryptography For this question you must use openssl to perform a set of cryptographic operations. When performing cryptographic operations you must be very careful, as a small mistake (such as a typo) may mean the result is an insecure system.

Read the instructions carefully, understand the examples, and where possible, test your approach (e.g. if you encrypt a file, test it by decrypting it and comparing the original to the decrypted). It is recommended you use virtnet to perform the operations. The tasks and sub-questions are grouped into multiple phases. You must complete all phases. Phase 1: Download Normally in public key cryptography you generate your own public/private key pair. However in this assignment to simplify the tasks, the Unit Coordinator has generated a key pair for you.

Your key pair will be available to you on Moodle to download, with filename: • [StudentID]-keypair.pem In addition to your key pair, a number of files will be available to all students on Moodle to download. Each file starting with [StudentID] must be downloaded by you. You may also need to download files with other student’s IDs (see the next phase). The download URL will be published on Moodle.

Recommendations for Ransomware mitigation

Phase 2: Read the Messages The files for download have been created by another student, denoted as the sender: 1. Sender student created a message to you [StudentID]-message[N].txt, where [N] is an integer, e.g. 1, 2, 3, … 2. The sender signed the message to produce [StudentID]-message[N].sgn. 3. The sender wrote their student ID into a text file [StudentID]-sender[N].txt. 4. The sender signed the sender file to produce [StudentID]-sender[N].sgn.

5. The sender used openssl to generate a random 256-bit secret key, in Hex, and saved it in [StudentID]-key[N].txt. 6. The sender generated a random Initialisation Value (IV), in Hex, and saved it in [StudentID]-iv[N].txt. 7. The sender encrypted the message using symmetric key encryption, the random secret key, and the random IV, producing [StudentID]-message[N].enc. 8. The sender encrypted the random secret key file using public key encryption, producing [StudentID]-key[N].enc.

The sender then sends to you the necessary files from above. Note that the files were actually created by the Unit Coordinator, but in this assignment you can assume they were created by a student. The “sending” of files to you is performed by the sender (Unit Coordinator) uploading them to Moodle, and you downloading them from Moodle. COIT20262 Assignment 1 Questions Term 2, 2018 Advanced Network Security Page 6 of 8 Your task is, for every message, decrypt and verify the files. Be careful: there may have been attacks on some messages! The algorithms used in this question are: • Public key: RSA, 2048 bit • Symmetric key: AES-256-CBC • Hash: SHA256 Phase 3: Report Your Results After downloading, decrypting and verifying all messages, you need to create a summary of the results for each message.

The summary must be in a text file called [StudentID]- summary[N].txt. The summary must contain exactly two lines, of the format: ResultType Message where ResultType is one of the following strings: • Success – means all files successfully decrypted and successfully verified. • FailDecryptKey – means the decryption of secret key was unsuccessful. • FailDecryptMessage – means the decryption of message was unsuccessful. • FailVerifySender – means the verification of sender file was unsuccessful.

• FailVerifyMessage – means the verification of message was unsuccessful. If ResultType is Success, then include the contents of the message on the next line. If ResultType is another value, then include “NoMessage” on the next line. Examples of possible summary files are: Example 1: Success 12345678-3-hello Example 2: FailDecryptMessage NoMessage Example 3: FailVerifySender NoMessage You must sign each summary file, producing [StudentID]-summary[N].sgn. 

Phase 4: Analysis (a) Submit all summary text files, e.g. [StudentID]-summary1.txt, [StudentID]- summary2.txt, [StudentID]-summary3.txt, ... . (b) Submit all summary signature files, e.g. [StudentID]-summary1.sgn, [StudentID]- summary2.sgn, [StudentID]-summary3.sgn, … . (c) The sender generated a random 256-bit secret key to be used for encryption. Consider if the sender instead used the following approach: generate a random password of 12 uppercase or lowercase English letters (the password only contains letters; no numbers or other characters), and then apply SHA256 on that password, using the hash value as the encryption key. Discussion the security issues with such an approach of generating a secret key for AES-256-CBC encryption. (d) The sender encrypted the random secret key, but not the IV. Discuss the security issues with not encrypting the IV.

Question 3. Ransomware Research Ransomware attacks are increasingly publicised. In addition it is estimated there are many more ransomware attacks not being made public, e.g. companies and users paying a ransom but not disclosing the attack. The prevalence of ransomware, and the impact it has on organisations, has led to the discussion of ransomware insurance. Your task is to study what is ransomware, what are the challenges and possible countermeasures, and report on it in an easy-to-understand manner. You must write a short report on ransomware, covering the following sections.

Packet numbers and encryption algorithms used in grading web application

Part (d) Information from Packets

Information

Answer

Packet number from normal-student.pcap that contains the normal students’ password

26

Packet number from normal-student.pcap in which the server originally sends the cookie to the browser

28

Last 4 HEX digits of the id_hash in the cookie (give the value of the last 4 digits, not the packet number)

C8b2

Packet number from malicious-student.pcap that contains the normal students grade for coit20262.

111

Packet number from malicious-student.pcap in which the client originally sends the stolen cookie

109

Part (e)

Id_hash is calculated using different encryption algorithm using different random number such as encoding an integer into hash value. Keys can also be generated for the encryption and decryption of the hash_id. The algorithm that are generally used for the encryption are SHA 256, RSA, AES-256-CBC, etc. It finds its application in the generation of cookies and signature for maintaining the identity of the users.

Part (f)

The application of id_hash in the grading web application helps in encrypting the communication between the server and the user. If any third party user is intercepting the data packets the message cannot be deciphered by him without finding the appropriate algorithm and key used for encryption of the file.

Part (g)

Despite of the advantages id_hash also has several disadvantages that is it is prone to brute force and dictionary attacks. The cookies can be intercepted by the third party and used for controlling the data transmission. The anonymity of the user cannot be maintained and the algorithm used for encryption can be used by the hacker for decrypting the files.

Part (h)

The username and password can be intercepted by a third party hacker if it is sent in plain text. But if the password is encrypted to produce a hash value and sent to the server instead of the plain text it can improve the security but cannot eliminate the risk of cookie stealing attacks. When the password of a login system is sent by using hash the hash value becomes available to the third party and it can be used for maintaining the identity of the user and getting the access of files and information from the server. As a solution this problem is to create a two way verification that can be done with the application of public key/ SSL certificate.

Part (i)

The edit option of cookie is not direly available in chrome for editing a cookie different extensions are available and it should be downloaded from the chrome web store. The below screenshot is used for displaying the editing option used for the link chrome.google.com/webstore. The cookies have different fields such as value, domain, path, expiration, etc. It can be edited according to the needs for intercepting message and setting it according to the needs of the user. The cookie is sent to the web browser via the cookie header and after the expiration date the cookie is updated or gets deleted from the system automatically.

  • Cryptography

Concerns regarding id_hash encryption and decryption

Part (c)

In the case that the sender have utilized an irregular secret word of 12 upper or lowercase letters and encoded with the SHA256 calculation it would have expanded the risk in the security framework on the grounds that the programmer can apply the dictionary or brute force attacks for distinguishing the key and getting the decrypted cipher text from the encrypted message sent to the user. The word dictionary attack and reverse engineering can likewise be utilized for getting recognizable proof of secret key and getting the decrypted record.

Part (d)

The secret key is encrypted by the sender by the iv file was sent as a plain text without encrypting and this can cause security issues because hacker ca intercept the message and perform illegal activity. As a result of third party involvement the send can find error during decryption of the message or the message can be modified by the hacker. The programmer can anticipate the encryption procedure utilized for sending the message and it may be effectively unscrambled by getting the keys decrypted using the decryption program and accessing the public key of the sender.

  • Ransomware Research

Overview of Ransomware

With the growth of the internet different types of network threats have raised and he ransomware is one of the threats. It acts as a malware in the system that threatens the user to deny access or deleting the sensitive data in demand of ransom for restoring or giving access. The ransomware attack can arrive from different sources such as phishing emails that acts as a disguise for the user and appears to them as important update or file that needs to be downloaded into the system. The weak spot in the security are also exploited for getting the access of the system and a mathematical key is used hat is known to the attacker for unlocking the file. It can also occur from the remote device through the open ports and thus it is essential to block the open ports for prevention of the risk.  

Technical Details of Ransomware

The payloads arrives at the targeted computer for the execution of the sophisticated codes and lock the file for causing denial of access. The access of the file is not provided to the user until the specific condition is met and there are different technologies available that confirms that the payload downloaded in the system is not able to run the routines.

Overview of Ransomware and its technical details

There is no specific cryptography used for the ransomware, mathematical key is used along with malware for targeting the user. There are different ransomware such as wannacry, notpetya, locky, teslacypt and cryptolocker developed for attacking different types of files after exploitation of the vulnerabilities of a system. The ransomware is programmed to have a self-propagation for spreading to more number of computers.

Eternal blue is used for the exploitation of the vulnerability of the windows operating system and spreading to more number of computers. Arbitrary codes can be executed remotely through the remote desktop protocol and special data packets can be sent for performing different activity on the targeted machine. Reverse engineering and asymmetric key encryption is a part for obtaining ransoms.

Since Ransomware utilized distinctive blend of encryption calculation and the cost of decoding is high it is troublesome for an association to break the code and get entrance of the document. It involves a blend of different factors that are hard to be foreseen with a particular true objective to recoup the passageway of the mixed records.

Recommendations

For the mitigation of the risk of ransomware outbreak a multilayered security approach should be adopted by the organisations and it should be ensured that defensive practice is followed for eliminating the single point failure risk. The application of regular patch to the operating system, backing up of the essential data is not sufficient for mitigation of the risk of ransomware. The deployment of the overlapping, supportive defence system for guarding the single point of failure with the application of different technology can help in providing a secure framework against the ransomwares. The technologies include the installation of intrusion detection and intrusion prevention system, analysis of the vulnerability of website and implementation of malware protection, installation of web security gateway solution and regular update of the firewall. 

Alnaser, S.W. and Ochoa, L.F., 2015. Advanced network management systems: A risk-based AC OPF approach. IEEE Transactions on Power Systems, 30(1), pp.409-418.

Atkins, D. and Gunnells, P., 2015, July. Algebraic Eraser: A lightweight, efficient asymmetric key agreement protocol for use in no-power, low-power, and IoT devices. In NIST Lightweight Cryptography Workshop (Vol. 20).

Cabaj, K., Gregorczyk, M. and Mazurczyk, W., 2018. Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Computers & Electrical Engineering, 66, pp.353-368.

Cao, Y. and Bai, J., 2015, October. A passive attack against an asymmetric key Exchange Protocol. In Computer Science and Mechanical Automation (CSMA), 2015 International Conference on (pp. 45-48). IEEE.

Moore, C., 2016, August. Detecting ransomware with honeypot techniques. In Cybersecurity and Cyberforensics Conference (CCC), 2016 (pp. 77-81). IEEE.

Nieuwenhuizen, D., 2017. A behavioural-based approach to ransomware detection. Whitepaper. MWR Labs Whitepaper.

Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.

Sgandurra, D., Muñoz-González, L., Mohsen, R. and Lupu, E.C., 2016. Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020.

Yassein, M.B., Aljawarneh, S., Qawasmeh, E., Mardini, W. and Khamayseh, Y., 2017, August. Comprehensive study of symmetric key and asymmetric key encryption algorithms. In Engineering and Technology (ICET), 2017 International Conference on (pp. 1-7). IEEE.

Zahra, A. and Shah, M.A., 2017, September. IoT based ransomware growth rate evaluation and detection using command and control blacklisting. In Automation and Computing (ICAC), 2017 23rd International Conference on(pp. 1-6). IEEE.

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2021). Essay: Ransomware Mitigation Recommendations And Research Papers - Overview And Technical Details.. Retrieved from https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html.

"Essay: Ransomware Mitigation Recommendations And Research Papers - Overview And Technical Details.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html.

My Assignment Help (2021) Essay: Ransomware Mitigation Recommendations And Research Papers - Overview And Technical Details. [Online]. Available from: https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html
[Accessed 29 March 2024].

My Assignment Help. 'Essay: Ransomware Mitigation Recommendations And Research Papers - Overview And Technical Details.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html> accessed 29 March 2024.

My Assignment Help. Essay: Ransomware Mitigation Recommendations And Research Papers - Overview And Technical Details. [Internet]. My Assignment Help. 2021 [cited 29 March 2024]. Available from: https://myassignmenthelp.com/free-samples/coit20262-advanced-network-security/grading-web-application.html.

Get instant help from 5000+ experts for
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing: Proofread your work by experts and improve grade at Lowest cost

loader
250 words
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Plagiarism checker
Verify originality of an essay
essay
Generate unique essays in a jiffy
Plagiarism checker
Cite sources with ease
support
Whatsapp
callback
sales
sales chat
Whatsapp
callback
sales chat
close