FIT5037: Network Security Assignment 1 : Securing Netcat Semester S2B/T3 2023
Submission Guidelines
• Deadline: Assignment report and all code files are due on Friday 4th August, 11:55 PM (GMT+8). • Submission Files:
1. AreportinPDFfileformatofmaximum6pages.Theappendices(forfullcodelistingsandanyadditional screenshots) are not included in the page count.
Copyright By PowCoder代写 加微信 powcoder
2. Pythoncodefile(s)foryourenhancedclient-serverprogram,writtenorrefactoredtomeetspecificsecurity requirements, as described below.
3. Anyassociatedsecurityparameterfiles,wiresharkpcapfilesandcorenetworkemulator(imn)files.
4. All python code that you use should also be inside the relevant containers (submitted via a separate form
on Moodle.)
Submission Requirements. Significant penalties will apply (or you assignment will not be marked at all) if any of these conditions are not met!
1. Do not submit a compression of multiple files. All original work must be included in th PDF report.
2. A handwritten document is not acceptable and will not be marked even if scanned, converted and
submitted electronically!
3. It is a requirement that full code listings of your orignal Python code are included in the appendix section of your report.
4. Individual author attributions (i.e.: student names or uniquely identifiable tags) must be included as comments within the source code itself, to clarify individual contributions and verify authenticity.
5. Copyright notices for code used as a basis for the assignment (including the MIT license) must be retained to acknowledge original authors and for associated legal purposes.
Submission Platform: Electronic submission via Moodle and Turnitin for the report. FilenameFormat:Nameyourfilesfordifferentassignmenttasksasfollows.Submissionviamoodle:FIT5037 Assignment1 Report Group NN.pdf, where NN is the number of your project group (01 to 25)
Late Submission Policy: You need to submit a special consideration form (available on Moodle) for a formal request for late submission. Alternatively, you may raise particular concerns with your tutor/lecturer in class or via email.
Late Submission Penalty: According to Monash policy, late submitted assignment without prior approval will receive a late penalty of 10% deduction per day (including Saturday and Sunday) or part thereof, after the due date and time.
Plagiarism and Collusion: It is an academic requirement that your submitted work be original. If there is any evidence of unapproved collaboration, pasting from websites or copying from textbooks without proper acknowledgement, then zero marks will likely be awarded for the whole submission. The plagiarism and collusion policy applies to all assessments and suspected breaches of Monash University academic integrity rules will be referred to the Faculty of IT for determination of consequences.
IT Use Policy: Your submission must comply with Monash University’s IT Use Policy.
• This assignment is worth 30% of the total unit marks. • The assignment is marked out of 30 nominal marks.
—-PAGE—-
FIT5037: Network Security Assignment 1 : Securing Netcat Semester S2B/T3 2023 (Suzhou)
—-PAGE—-
FIT5037: Network Security Assignment 1 : Securing Netcat Semester S2B/T3 2023 (Suzhou) 1. [5+10+10+5=30Marks]
“Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities. Its list of features includes port scanning, transferring files, and port listening: as with any server, it can be used as a backdoor.”
Source: Wikipedia (https://en.wikipedia.org/wiki/Netcat)
(a) Conduct a short analysis of the netcat utility and the underlying communications protocol(s) that this
i. Report on the status of netcat in terms of fundamental security principles and risks, and
ii. briefly outline some approaches that could be used to address these.
In your analysis you may wish to consider typical use cases of netcat, which can either be found by entering man netcat in the Linux terminal or through useful resources such as https://linuxhandbook.com/nc-command/. Note that marks for this section will be based on quality and originality of your analysis.
(b) To avoid some of the risks identified in your security analysis, you need to provide some enhancements to increase the security of netcat. Design, implement and document enhancements to increase the security of netcat. These must enforce security principles of
i. Data confidentiality ii. Data integrity, and
iii. Device authentication
Hints: To achieve these goals you need to implement in python, a simple protocol that will be able to support the above principles by specifying the following:
• An appropriate key agreement scheme to decide a session key between the netcat instances operating as Server and Client. The session key extraction mechanism should include the use of a salt value.
• The message integrity and encryption/decryption scheme or schemes that will be used in order to secure the communication channel. (You will need to specify the appropriate security mechanisms and generate the correct keys/credentials for them.)
(c) Demonstrate your secure version of netcat using two Linux containers communicating through a virtual bridge (use IP addresses from same range.) Alternatively, you can use a core network emulation with one router with two interfaces each connected to one of the defined virtual bridges. See also Note 5(e) below for an intermediate step you could try. Your demonstration should show how your enhanced netcat works in some or all of the following modes (it is up to you to investigate how to perform these):
i. Perform a port scan to find an open port to connect to
ii. Establish a connection between two systems
iii. Send a file from one system to another (this is similar in operation to File Transfer Protocol or FTP)
iv. Use the secure netcat channel as a simple instant messaging application!
v. Show and/or describe how the netcat application could potentially be used for nefarious means or to escalate privilege level
(d) Provide a Wireshark capture pcap file to demonstrate the functionality of your secure netcat protocol. Describe and analyse thepcap file entries in your report and during the interview to justify the correct function of each part of the protocol.
Additional Notes:
1. For all the cryptographic primitives use the cryptography module of python, pyca (https://cryptography.io). If a cryptographic primitive is not supported by the installed openssl version on the VM you can use an alternative primitive that achieves the same goal.
2. Your choices of authentication method, key exchange, and symmetric encryption methods will affect your grade in this task. Choose algorithms that would be considered secure with respect to the core security principles.
3. To simplify the task, any authentication method used does not need to rely on external services, such as a trusted third-party (TTP) certifcate authority.
—-PAGE—-
FIT5037: Network Security Assignment 1 : Securing Netcat Semester S2B/T3 2023 (Suzhou)
4. You can use the example code for the netcat client-server program available on Moodle as a starting point.
This supports typical modes of operation such as connecting, listening and forwarding.
Reminder: Although this open source program may be used for educational purposes, it is protected by the general terms of the MIT license (https://mit-license.org/). Please ensure that this license is retained and that any contributions which you have made are clearly identified via comments and individual author attributions within your program. Significant penalities will apply if this is ignored. It is your responsibility to use the software for legal purposes only.
5. You can use configuration le’s for hosts running the client-server application to feed any required information to the other enhanced netcat instance such as security parameters etc. Python provides easy to use and powerful functions for reading and parsing le’s or strings. Few examples are:
(a) YAML where the content can be read directly to python data structures.
(b) A simplified INI le where options are specified as keyword = value (one per line) for which you can use the split() function to separate the keyword from the value. Similarly you can use keyword value with one option per line (space as separator as well as any other character that will not appear as part of the keywords or values).
(c) For simplicity you can use the os.urandom() function directly for random values whenever needed in your protocol. You can also use the python random library.
(d) You can mimic a simplified version of protocols you learn in the subject regarding negotiation, authentication, key exchange, key derivation, and encryption used in your protocol.
(e) To start you can use the VM as both client and server and once you completed the protocol test and demonstrate working it in two separate containers.
—-PAGE—-
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com