Use OpenStack CDCI template to start a new VM. To access the VM, login to cloud.grid.pub.ro using your UPB credentials, and from there ssh into the private IP from OpenStack using “ubuntu” as a username and your ssh key.
root@cdci:/$ ssh mihai.chiroiu@fep.grid.pub.ro [mihai.chiroiu@fep8 ~]$ ssh -vv ubuntu@<IP>
First, make sure that your virtual machine is updated (run the provided update.sh script, or create one).
root@cdci:/# cat update.sh #!/bin/bash # (c) Mihai Chiroiu - CDCI git clone https://github.com/mihai-chiroiu/cdci.git
Next, in one terminal start the provided Mininet topology.
root@cdci:/# cd cdci/lab05 root@cdci:/# /usr/bin/python3 topology.py
If there are any problems with starting the topology (if all is good you should see the Mininet prompt ”>”) use the given cleanup script and try to restart the topology.
Before you begin, make sure that you have Internet connectivity on all two nodes. R1 should be the gateway for the all of them. Write down the IP addresses of all the nodes (including the gateway). Use the provided scripts to access the nodes.
Download the following archive and extract it both nodes (Hint: wget is installed). https://ocw.cs.pub.ro/courses/_media/cdci/labs/upb-vs-harvard.zip . Download the archive also on your local computer and inspect the images.
root@ip-172-30-0-165:/# ./h1.sh root@attacker:/# root@ip-172-30-0-165:/# ./h2.sh root@victim:/#
The openssl tool provides different mechanisms to encrypt data using symmetric cyphers. List all the available cyphers and modes of operation. Encrypt the ‘This is a cool lab’ text using aes-256-cbc mode and the password ‘thisisasupersecretpassword’. The output of the previous command is a not human-readable and cannot be easily used, add the ‘-base64’ parameter and verify the output.
In this exercise we will show how using a wrong encryption mode can break the encryption scheme. Let us try to encrypt the upb.bmp image using the AES-256-ECB mode.
Symmetric encryption is typically used for encrypting data, hashing is used for data integrity and asymmetric encryption is used for authentication. We can use ‘openssl dgst’ tool for signing files using DSA.
Asymmetric encryption schemes are used in certificates to authenticate and encrypt data in transit. In this exercise we are going to create a CSR (Certificate Signing Request), which includes the public key of your server. Note that this CSR must be signed by a Certificate Authority before being used.
In this exercise you will be required to analyze an already signed certificate from the www.google.com website.