-
Notifications
You must be signed in to change notification settings - Fork 6
Lab3
| Assigned | 12/2/2019 |
| Due | 12/11/2019 |
| Points | 100 |
Your Crap layer should be done and working. You will need it for this lab for many reasons. If you didn't get it (or poop) working, you need to get help from the TA/professor immediately.
This lab has two parts. One part is to be done as a team. The other part requires individual submissions.
As a team, you need to get your escape room up and running over the crap protocol. You need to announce the address and port over slack (if they've changed). The class also needs to be able to let you know if you've done something wrong (i.e., you MUST provide tech support). Don't forget to generate your certificate for your address!
You also need to play other teams' escape rooms. Please play each escape room a couple of times per day. If this is really boring you can automate it. There needs to be network traffic.
TO ENFORCE THIS, EACH TEAM NEEDS TO LOG ALL CONNECTIONS, PAYMENTS, AND SUCCESSFUL EXITS. This should be very easy; simply modify your escape room to extract the playground address of the other side (transport.get_extra_info('peername')). Each team will submit a log recording which other teams successfully connected to them and when. You will determine which teams connected to you by playground address. For example, if the address is 20194.3, you will assume it was team 3 which connected to you.
Your record should be per-day. Something like this:
12/5:
Team 1 - No connections
Team 2 - 5 connecitons
No payments
Team 3 - 3 connections
3 payments
1 exits
Part of your score for this lab is having your team connect to escape rooms each day at least a couple of times.
The Crap layer was tested for grading without checking your certificate validation. For this lab, your team needs to collectively come up with rules for how certificates should be validated. There are many rules but you will be graded by coming up with at least 4.
You can also, as a team, come up with sample certificates that break these rules.
Individually, each person needs to build a scanner of sorts that will connect to some other team's escape room and see if one of the "bad" certificates can be accepted. If the handshake completes, you may assume that they accepted your certificate. If you can confirm that the handshake completed, you need not send any data. You can, however, if you wish to verify that it really did work.
You should record a simple pass/fail for each team and each rule. You could create a 2-d table like this:
| r1 | r2 | r3 | r4 |
t1 | P | F | F | F |
t2 | P | P | P | P |
If you can play an escape room without spending your own bitpoints, record the details of how you hacked the system. This extra credit is worth MORE if you are undetected. In other words, if you can hack the system but the other team correctly records your playground address (e.g., you use your normal certificate), you only get half of the bonus.
Each individual should submit a report in word, text, or PDF format. The report must include the following sections:
- Escape room log of other team connections
- Certificate validation rules
- Chart of vulnerable teams
If you successfully hacked an escape room, that should be included too.
Grading is as follows:
- 25 points for 5 days worth of connecting to each team's escape room. (no lost points for teams that don't successfully setup their escape room)
- 25 points for having the team's escape room available for at least 5 days after 12/4/2019
- 10 points for the cert validation rules
- 40 points for the team vulnerability chart
- 10 points of extra credit for each team hacked
- 10 points of extra credit for each team hacked without revealing your team via playground address
Your reports are due 12/11/2019 by 9PM by email to me and the TA. This cut-off is MANDATED BY JHU. I am not allowed to accept work after the final exam would have ended.