Due: Feb 27th, 2023 @ 9PM Eastern
Team Size: 2 Students Per Team
This assignment has three main parts: review questions, encrypted email, and the ARP spoofing Lab. You are allowed to work with 1 other student for this work, but you must still each complete each part of the assignment (ie. you must each send me an email). Be sure to put the name of the student you worked with on your submission in gradescope.
In your own words, why does RPKI prevents sub-prefix hijacking? Why doesnt RPKI prevent the one-hop attack?
What attacks are possible when a protocol decides to Encrypt and then Sign messages? What attacks are possible when a protocol decides to Sign and then Encrypt messages?
What makes reflection attacks more powerful than a typical denial of service attack, like ping flooding or syn flooding? What about protocols like DNS and NTP facilitate this increased power?
In this assignment you are going to learn to send encrypted email from your BU email address.
As part of this experience, you are going to keep a diary to track the things you have tried and learned. Be sure to keep track of everything in an orderly fashion, so you can reflect on the process later (and graders can see what you did). You should keep of the following things in your diary:
Any searches that you perform and why you decided to search those terms?
Any websites (including URLS) that you open and a brief description of what you found there
Any tools or software that you installed, and the reason you chose to install it
Anything you tried on the tools or software that you installed. What correct or incorrect commands have you tried? What confusions did you experience when using the tool?
What steps did you take that actually helped to completing the task?
Finally, provide 3-to-4 paragraphs (with multiple sentences per-paragraph!) that is a full narrative, from start to end, in completing this task, as if you were relaying the story to someone in a documentary movie entitled “I sent an encrypted email.”
Send me an encrypted email from your BU email address! Please send
me an encrypted and signed email to
[email protected] with the
cs558 - <your name> and the following
What email client did you use to send this email?
What other clients did you try to use?
How was your experience? Was it difficult or easy? How long did it take you?
A PGP public key for your BU email.
My PGP key is below:
-----BEGIN PGP PUBLIC KEY BLOCK----- xsFNBF/+aAABEADKwKd7U+jk8Knoh7CtWU9pf36v/ldFbzCpT7FKr59nqfwXizaeYE5rOidoE25G sbHy6f86YPVWYZtbfoFYmrezgiQVhIsNI6wyAFdawTyJBSMkH/t2wES+vRhj5heWYjOk52Zwiyd0 L2w798axjOKXBWP+6hGjYHU/3DM6LlWavpjdLETj1zP0Nhld99+fDzoH4Q3BIRwEbrGSxSd2yC2T oNLleQI+dk2fMhi9p5SRGeRUtL9gAuw8/xlNQFjP3JpehrEQgWa1aeqgqzficyZKB9E5BjhlLx3X TMHDGo5thN8n7XErYmB4uvtC86WKnXa4xyC4vl7VwpeMLZ0z5BJH6T1pKVMWBJ+fsjsA5cYZ0MOR vCvI/UQSvnbzVL4eJL5FNKsjHUG5M3CsXWypkck8Pp8QKxbTbSx+Ilxx/bDh+TtmnSQRv/b4+dVc J0J3VcYtYbLfScLT5/jVS+XSFdZ2NPzt7j3KLm9FfGanicA5YI5oUYneVoZXVMlbQEIPVo38wKDi C39AM0MCaIwa9HKIT3i88jAlEe6a6o1ERyQMivzn8YLJ/Hk1wx8NcnK/eJA3R5BK98EiAvXynqKF qOM1AlqNU8RAkkurLKWmewyNstfQxYfW7MFBeDz+7Ai0WjUi/9e+91CFK38P1tKoArNz8oqonygs HkfCf5TMIHvQyQARAQABzSJHYWJyaWVsIEthcHRjaHVrIDxrYXB0Y2h1a0BidS5lZHU+wsGPBBMB CAA5FiEEwhRkClge7LPEBw9v+LtEbjTNWRAFAl/+aAIFCQWjmoACGwMFCwkIBwIGFQgJCgsCBRYC AwEAAAoJEPi7RG40zVkQLWEQAL80Ulwu9F+DkjHOArdCD33TbDvidpqjbMhogc9l7+Azl7iH6R1Z 8eWLEzjCe6KR9L/21AREYscc0svPaEZ5qyQm23tcUnMt3G3uyaxLqfoLnv8v66bo5ssf6Gfiep6P I1cmbc2xt41DQF+D6UstpM5f5tRuONiiTIZpxdN1fpp1Z4U5BCRTnLxWyiGMjwkpUAyhvOaucjU8 kTV4P2Xrt8sX6equW+tF8QhVn1hRVtfMKk6cePrz8DGZhI5dTrkYr7MvzOinK70WboC4H7gU61nm db9zsUFIWiAekh+OA6STm9KLZcZu/vJoUSayIRm+v4glxyTqLu5n8DPgToxbLuu7IZKhxVQ03frn uLvs2zXjWg5Px1691XcdhQHoAlAboAIfrXnnM1gmOepA/ba9MeG1b91n7EPk9OFtqG59WiSUzy0K USQ57j96S5eIX6rOwgjVozxqLzv0NSieOzq4t5iv+c/+jCxiFDn+hZ/vZVHy9xiuYSfQio9wjTbk vB2z9VSE93bA8nXn8RldY3PGk2w3WQHr2TslGXGzt3j78ZHW37vjSqEM7Gaz+/+TJTBtc11XQk0l IH4pnYwuifg/zREeeV23oiu1AweBzZtz1QPaDKcyvvTXybOKg4nSRwhVuTD/qfvirVJciHYgctdL ZghFn7et53ldXjd8J7yocaBizsFNBF/+aAIBEADXFX5e2WHVuP/D96EsRLEvk4ZYXjKjLdXFiLz1 5HpbhKrMVmfAJMcjLSV5JtdVCLW8gYaU64ZgRyCDeBiECDlhSEe6ss7/7guh1Q4GAac58kz01WhT JJ9qRMFFypZ2yBHzpgvq4fe3u3p71mr90agv+6DubBgBL3mB9jpQ3VBkfx3pSWtz7LSuI2OO6gn2 ostvUwklXuNaxK3+RJrGGOTiSDCHrJ3zDhTayd9Jl/VHI1zvz+5WOU0EiBoT5GLVis82FUgc0xZe 5j3OzPv79vnxlzh+SKiqQrLOPq0iFI+7wbAAj7jyq/Mha/rnG7Bj1XeORgWZAqNHdt32JWBv/fy5 MkuKVoBIgmZj/UWTHiZN+d9CnAtusrB2/FTWkkc74gKkk74SYqr0wrJVy/nwMsgJGId7bThWSi5a h+srKiobWOYUWx7waeLX3J1XbKmBgfTgA+ZG+zD2P8ohXagR5UJblKm1URXBrve+qHGwgS7XOl2p lBNA5DLs1uiFt1Kc/4eJrwqdyBATTEk59c7NsRerh/h32AZIkYaIMTi44423B3ApVeTgN42VHG4E BhrGKHgPK5deUy6OvsSoJwB/0QUOYYBSMdO9IF+RYNSS88lNFi6WDI1tvkWcEOAnbh6Ri1D5I9WW eCAqI9D4jKSszI2kzUtrUNHe3xxcE2faVSIhlwARAQABwsF8BBgBCAAmFiEEwhRkClge7LPEBw9v +LtEbjTNWRAFAl/+aAMFCQWjmoACGwwACgkQ+LtEbjTNWRAZJw/9HyTKQGR8ZECdJI1ZqaDG5A7L xjO6r6miZ+ZwmU2QTmAH9RxBwc9i89VTotdQjoUD+V5f/1U+9hwLTEhE7BUcv1Lm1K+/+ALbtLW1 QtMVIywf1EGcbapCPHCVzjp6D4aIEn3292wV2kWBwCaNn1sa9cQOd/0Ifo3/JYctbEFdNMmjFTVD CbUG9i/JUr0Zb8ZLcQt7xCzZVTW1k2ARZEHi0Rld/5/nt53Lh7D5KhVVSs2oALJv1cuA/h6pE9rG Z5JVHhCNYT0IlQJkdQe9pjz4w2lQ6vQ/XVVKjtmjrBW6dHSJPhfFIpI0jaTXVaHd2vGmOLej+9ef HETzgagmVOyljuibDA3HlaSptcd/wjb+pVz6Tc+u7OKlL3RkL/a2qKriSYU78I9vw9Tel14Wq+d/ zUj+RrswMVJnnNZ9znfp0O7rlLvvWabpq7eWiK+Xvv+TRpvSnge+nP2HgUNFgLu+WU0Os1d5T9cR BwTTkjnjJf5sH83MbdSanhCh2x/0eEVztO9jjBgNbc/SpvN4i2l0nhg9XGL8GIcVJOMK+S+RtUJB 0DAbCc1q2qtZa7Gx77XdocNwsqfWx+5xzesaDDorZ1iO8m9jKsm+yUJVQnXJbA9Cf2mdS+rmCDzo T+c6ZeulIVQglJEK+SrjiW4Jk+QRiTWG69cHUQVn+X280R+O33I= =kOyg -----END PGP PUBLIC KEY BLOCK-----
Once you send me an email, I’ll send you a response, encrypted under the key you provide and sent to the email you provided. It will contain a personalized secret message that you will need to submit through gradescope as part of your assignment. Please give me at least 12 hours to respond to your email before the deadline (Professors are people too).
Now that you have had the wonderful experience of sending and receiving an encrypted email, take some time to reflect on the experience. Using you diary, write approx. 500 words summarizing what you did. Be sure to include both things that you tried that didn’t work and the way in which you were eventually successful. Feel free to answer some of the questions below: What were the most helpful things that you read? What were the most confusing things that you experienced. How did your background in crypto, security, and computer science make things harder or easier? How do you think you would explain encrypted email to someone non-technical in your family?
(Reminder: DO NOT ATTACK SYSTEMS THAT YOU DO NOT MANAGE!)
In this task, you are going to be using a lab created by Professor Wenliang Du at Syracuse University. They have developed a bunch of hands-on labs that allow us to do bad network things without getting in trouble. In other words, I know many of you may not be in the position to manage your own networks, so asking you to ARP spoof on a network can be a problem. The SEED Labs environment produced by Syracuse University makes building a virtual environment within which we can launch attacks easy.
We are going to be doing the ARP spoofing lab that they have created. It is available for download here. You should complete Tasks 1,2, and 3 for full points.
SEED labs has very good, in-depth documentation for setting everything up. For troubleshooting, please refer to their documentation. Below is a quick-start way of setting things up, with some notes of traps that I fell into when setting things up.
Download VirtualBox. There are problems with using older versions of VirtualBox, so if you have version 5.x lying around on your computer, I suggest updating to 6.x. I have tested on 6.1.16.
Download the SEED labs virtual machine image. I got it from
here. Be sure to check the MD5 hash of the file (if you don’t practice
good computer hygine, who will?) The hash should be
Follow the instructions here to create a run a new copy of the VM.
Boot into the VM. The password for the user account is
Open Firefox within the VM, navigate to this website and download the Labsetup files.
Open a terminal window, navigate to the file with the Lab Setup
files and run
dcup which is an alias they have created
docker-compose up. This will prepare the network
and bring up the docker instances you will need for the lab. Note
that when you run
dcup it will block, so you can leave
that running in the background as you work on the rest of the lab.
This should take you up to Task 1 in the task list.
Submit a PDF write-up with your answers to Gradescope. Be sure to mark all of your answers clearly so graders can find your solutions. Be sure your PDF includes (1) answers to the review questions, (2) the narrative of sending an encrypted email and your reflections on the process, and (3) your ARP spoofing lab writeup.