How to Retrieve UCF's Digital Certificate and Use Wireshark to Decrypt Protected Packets

Retrieve UCF's Digital Certificate Information

1. (6 pts.) In this question you are to use a web browser to retrieve and report information about the digital certificate issued to UCF, by using the directions described in the article “How to View SSL Certificate Details in Each Browser and What You Can Learn”, at https://www.globalsign.com/en/blog/how-to-view ssl-certificate-details/. Specifically, use a browser (Chrome, Firefox, Edge, etc.) and go to the secure site https://www.ucf.edu, retrieve UCF’s digital certificate and report the below information:

(a) The “Issued to”, “Issued by”, and “Valid from and to” dates.

(b) The certificate’s Version, Signature algorithm, Issuer, Subject, the Public key, the Thumbprint algorithm used, and the Thumbprint itself.

(c) The certificate’s path and status

Note: Be sure to report the name of the browser and equipment (make, model) used, and briefly describe the procedure you used in your work.

2. (6 pts.) Answer the two below questions about WPA’s TKIP method and WPA2’s AES-CCMP method, respectively:

(a) Describe what features of the TKIP, and how and where they are used, to protect transmitted messages against message tampering (i.e., detecting attacks that attempt to modify the message content).

(b) Describe what features of the AES-CCMP, and how and where they are used, to protect against replaying messages (i.e., detecting attacks that replay/retransmit old messages).

3. (14 pts.) In this question you are to use Wireshark to open a pcap (packet capture) file which contains packets protected by WPA2-PSK, decrypt the packets assuming the password “Induction” (case-sensitive, without the quotation marks) was used in the WPA2-PSK protection, and answer questions about the pcap file. Specifically, follow the below steps and “document” your work including: the procedure, steps taken, results, and explanations as appropriate.

Additionally, use screenshots if they can help to better describe/explain your work, but screenshots by themselves should not be used to replace your descriptions and explanations. Also, be sure the submitted screenshot images are legible, and relevant information in the screenshots highlighted/annotated.

(a) Open the assignment file “wpa-Induction.pcap” in Wireshark. Report the SSID, channel used, and the access point (AP, the device that is sending out beacon signals) identified in the traffic. For the identified AP be sure to report both its MAC address and its more readable device name.

(b) Identify the management frames of authentication subtype and management frames of association subtype, exchanged between the device/STA “Apple_82:36:3a” and the AP device of Part (a). (Hint: Enter a filter string such as “wlan.fc.type_subtype eq 0” (without the quotes) into the filter toolbar (below the main toolbar) then click on the right arrow button at the end, will display (management type) packets with subtype 0, i.e., association request frames. Click on the X button on the right end will cancel the filter. A one-page reference on Wireshark’s 802.11 filters can be found at https://www.semfionetworks.com/uploads/2/9/8/3/29831147/wireshark_802.11_filters_-_reference_sheet.pdf)

(c) Identify the 4-way handshake (4 EAPOL messages) between the device “Apple_82:36:3a” and the AP of Part (a), and report the below information for each of these 4 frames: Frame number, source, destination, all subfields under the “802.1X Authentication” field. In addition, determine which of the 4 frames is/are used by the AP to authenticate itself to the STA, and determine which used by the STA to authenticate itself to the AP.