Category: Network Security Spring 2016

TUTORIAL: Stacking Protocols Part 1

Hopefully, by this point, everyone of you has either written a Playground protocol or is on a team that has written a Playground protocol. But for those that haven’t, here’s a super simple reminder: class MyProtocol(SimpleMessageHandlingProtocol): # in your init, you define which types of messages you will handle.  def __handleMyMessage(self, someMessage): # handle the received message here… # when you’re ready to send, self.transport.writeMessage(responseMessage) Ok, so data comes into…

Playground Address Regulation

  EFFECTIVE 2/25/2016 20161.0 is reserved for the PETF (including myself). 20161.1 is reserved for selling single addresses. For example, you may purchase 20161.1.10.50. 20161.2 is reserved for selling Individual Block addresses. For example, you may purchase 20161.2.10.* 20161.3-99 is reserved for selling Group Block addresses. For example, you may purchase 20161.10.*.* 20161.666 is excluded from use. These addresses should not be used at all. But, if we ever develop firewalls and routers, these could be used as internal addresses (similar…

Running a Mobile Code Server

What you need to do is start a mobile code server. You can be on literally any address, as the code will find you automatically. python -m apps.mobilecodeservice.Server <your playground addr> <chaperone ip> <config file> Your config file needs to have the following sections: =mobilecodeserver= ==bankdata== bank_cert_path: <local file path to bank public cert> account_name: <account name you want bit points dropped into> ==networkdata== connectionType: RELIABLE_STREAM ==servicedata== ===service_ptsp=== name: Parallel…

TUTORIAL: Bank Tutorial 4 (Programmatic Access)

The following is a tutorial on using the Bank Client programmatically (as opposed to interactively as was covered in Part 3, see also Part 2 and Part 1). The Short Version The Bank Client Protocol is around the concepts of firing off a message to the server, then registering a callback to receive the result. Let’s look at a simple example: getBalance def balanceCallback(msgObj): print “Got balance from server:”, msgObj.Balance…

TUTORIAL: Bank Tutorial 3 (Client Access)

In Part 2 of this tutorial, you should have started up a bank server and connected to it with a bank client (see also Part 1). If you were successful, you got a command line shell for interacting with the bank. In case you’re not clear, this is over the (playground) network. Here’s a diagram of the system. [ Bank Server ] [ Bank Client ] <-> User input […

TUTORIAL: Bank Tutorial 2

This is part 2 of the bank tutorial. Part 1 is here. This tutorial walks through setting up the bank. What you’ll need: A Bank private key and cert (you should know how to do this by now) A Mint private key and cert Phase 1 Generate some BitPoints. 100 is enough. The instructions are in the first part of the tutorial @53. Phase 2 Setup the new password file with…

TUTORIAL: Bank Tutorial 1

Every BitPoint has an issuer. In previous years, this was just a hard-coded string. But this year, I’ve altered the Mint to generate BitPoints where the Issuer is the “CommonName” that is in the cert. You can now use the Mint to get info printed on bitpoints or to verify them. YOU DO NOT NEED YOUR OWN MINT. But, if you’re creating one to experiment, this is how it’s done….

TUTORIAL: Playground Testing

This semester, I’ve introduced a test directory in Playground that parallels the main directory. It currently looks like this: /Playground/src/ /Playground/test/ /Playground/test/unittest/ /Playground/test/unittest/tools/ /Playground/test/unittest/cases/apps/samples/EchoTest.py The main part is the stuff under unittest/cases. It will eventually be a mirror of all the files under /Playground/src. Currently, I’ve only created a unit test for the EchoTest sample. But it’s a good template for how you test a protocol. For those of you…

Exploit Challenge: Take Over the Bank [10,000/5,000]

The Bank without the benefit of a secure layer is trivially exploitable. For example, with very little thinking, you should be able to completely control the bank by using eavesdropping+forgery. If anyone or any team at any point before the secure layer is in place can demo (on their own Playground Sandbox) how to do this, I will buy it as an exploit. To be clear, the exploit must show how, using…

TUTORIAL: Writing a Protocol

For this walkthrough, we’re going to create a “time server” (similar to NTP) called PlayTime. So we could create a time server repository and an install script that would put it under the joemamma directory. <homedir>/Playground/src/joemamma/playtime To be clear, the repository is just for the PlayTime code, but you could have it install in this sibling fashion format. Design the Protocol The next step is to figure out how the…