CS 336/536 “Computer Network Security”

 

Summer Term 2008

 

 

Computer Network Security Lab

 

Since these lab exercises require familiarity with the tools in the Linux-based Instructional Network Laboratory, CS 336/536 is open principally to students who have taken CS 334/534 recently.  However, other students could participate if they have experience with command-line unix systems and are willing to participate in a remedial lab session.

 

The labs will be held after class on Tuesdays or Thursdays.

 

Lab instructor:  Michael Jackson

 

 

Lab Session 1 – Pretty Good Privacy (PGP)

 

Two networked machines, LEFT and RIGHT, will be used. On LEFT, students will generate a set of PGP keys, both a key-pair for digital signing and a key-pair for encrypting the session key (see Stallings figure 5.1(c)). To simplify the lab session, these will not be used for E-mail.  First they will be used for storing and retrieving files on the local disk.  Both conventional cryptography and public/private cryptography will be used to encrypt and decrypt files.  Students will produce a clear-signed file, and check its validity; then change the file slightly and see the resulting lack of validity.  An example of base-64 encoding will be seen.  E-mail will be simulated by sending encrypted and signed files from LEFT to RIGHT using FTP, then decrypting/validating the files on RIGHT.

 

 

Lab Session 2 - Virtual Private Networks (IPSec)

 

A “quad” of four PCs will be used to construct an internet of three networks, “left” and “right” subnets and a central network:

 

     left subnet <=> LEFT     <=>     RIGHT <=> right subnet

 

A IPSec “tunnel” will be constructed over the central network between the IPSec “gateways” LEFT and RIGHT.  During this process the gateways authenticate each other using public-key cryptography.  Once the tunnel is enabled, packets sent from the left subnet to the right subnet (or in the reverse direction) travel between LEFT and RIGHT in encrypted form.  Further, the course and destination IP addresses on the packets will be the addresses of the two gateways, concealing the original source and final destination IP addresses.  Thus, a “Virtual Private Network” has been constructed.

 

Since encryption and authentication are computationally intensive, use of IPSec exacts a performance penalty, which students will measure.

 

 

Lab Session 3 – Secure Sockets Layer (SSL)

 

This lab session follows on the exercise in CS 434/534 Lab Session 8, in which the secure HHTP (https) server at amazon.com was accessed.  In the present lab, the objective is to study the sequence of messages exchanged during the handshaking that establishes the secure connection between the browser/client and the https server (see Stallings’ figure 7.6).

 

 

Lab Session 4 – Secure Shell (SSH) and Wired Equivalent Privacy (WEP)

 

Students will again use two networked machines, LEFT and RIGHT. An RSA key pair will be created on LEFT and FTP used to copy the public key to file /home/student/.ssh/authorized_keys on RIGHT. Then, on LEFT, SSH can be used to connect securely to RIGHT, providing user authentication using the public key now in RIGHT’s possession (rather than using a password) without the vulnerability of telnet.  The handshaking performed by SSH to set up the secure tunnel will be studied.  The SSH utility scp (secure file copy) will be used to transfer a file between LEFT and RIGHT without the vulnerability of FTP. The functioning of WEP will be investigated.