• Hashing data to provide integrity
• Use openssl for symmetric and asymmetric encryption
• Convert to base64 an encrypted message

First, make sure that your virtual machine is updated (run the provided update.sh script, or create one).

root@cdci:/# cat update.sh
#!/bin/bash
# (c) Mihai Chiroiu - CDCI

git clone -b labs --single-branch https://github.com/mihai-chiroiu/cdci.git
git config user.email "student@upb.ro"

Next, in one terminal start the provided Mininet topology.

root@cdci:/# cd cdci/lab05
root@cdci:/# /usr/bin/python3 topology.py

If there are any problems with starting the topology (if all is good you should see the Mininet prompt ”>”) use the given cleanup script and try to restart the topology.

Before you begin, make sure that you have Internet connectivity on all two nodes. R1 should be the gateway for the all of them. Write down the IP addresses of all the nodes (including the gateway). Use the provided scripts to access the nodes.

Download the following archive and extract it both nodes (Hint: wget is installed). https://ocw.cs.pub.ro/courses/_media/cdci/labs/upb-vs-harvard.zip . Download the archive also on your local computer and inspect the images.

root@ip-172-30-0-165:/# ./h1.sh 
root@attacker:/# 

root@ip-172-30-0-165:/# ./h2.sh 
root@victim:/# 

1. Use the MD5 hashing function and compare the files from the archive extracted previously. How do the hashes differ? What about the files, are they the same? Now, use other hashing functions and compare the result.
2. Download the latest version of the Firefox browser for Windows and compare the hash value to the official one.
   1. http://releases.mozilla.org/pub/firefox/releases/65.0b9/win64/en-US/
   2. http://releases.mozilla.org/pub/firefox/releases/65.0b9/SHA256SUMS

The openssl tool provides different mechanisms to encrypt data using symmetric cyphers. List all the available cyphers and modes of operation. Encrypt the ‘This is a cool lab’ text using aes-256-cbc mode and the password ‘thisisasupersecretpassword’. The output of the previous command is a not human-readable and cannot be easily used, add the ‘-base64’ parameter and verify the output.

• Copy and decrypt the message on the other node.

In this exercise we will show how using a wrong encryption mode can break the encryption scheme. Let us try to encrypt the upb.bmp image using the AES-256-ECB mode.

• Encrypt the image file using AES-256-ECB.
• Recover the image-related metadata / header . This is required if we want the picture to be displayed properly. Note that the header is 54 bytes (http://www.onicos.com/staff/iz/formats/bmp.html. You can use the “dd” tool for this purpose.
• Last, transfer the encrypted image to your file (from the node to the virtual machine, and from the virtual machine to your computer).

6. Symmetric encryption is typically used for encrypting data, hashing is used for data integrity and asymmetric encryption is used for authentication. We can use ‘openssl dgst’ tool for signing files. a. Create a DSA key pair and use it to sign the image file encrypted before. Use SHA256 for hashing the file. b. Send the signed data to your colleague and ask him to verify the signature. How could you distribute the public part of the DSA key?