COIT20262 - Advanced Network Security Assignment 1 Submission
Added on 2024-07-12
8 Pages1721 Words330 Views
|
|
|
COIT20262 Assignment 1 Submission Term 2, 2018
COIT20262 - Advanced Network Security, Term 2, 2018
Assignment 1 Submission
Due date: 5 pm Friday 24 August 2018 (Week
6)
ASSESSMENT
Weighting: 40%
1Length: N/A
Student Name: enter your name
Student ID: id
Campus: campus
Tutor: tutor
Advanced Network Security Page 1 of 8
COIT20262 - Advanced Network Security, Term 2, 2018
Assignment 1 Submission
Due date: 5 pm Friday 24 August 2018 (Week
6)
ASSESSMENT
Weighting: 40%
1Length: N/A
Student Name: enter your name
Student ID: id
Campus: campus
Tutor: tutor
Advanced Network Security Page 1 of 8
COIT20262 Assignment 1 Submission Term 2, 2018
Question 1. Cookie Stealing Attack
Part (c) Message Sequence Chart
Advanced Network Security Page 2 of 8
Client Server
192.168.1.11 192.168.2.21
HTTP GET/grades/
HTTP HTTP/1.1 200 OK
HTTP GET/grades/login.php
HTTP HTTP/1.1 200 OK
HTTP POST/grades/login.php
HTTP HTTP/1.1 302 Found
HTTP GET/grades/index.php
HTTP HTTP/1.1 200 OK
HTTP GET/grades/query.php
HTTP HTTP/1.1 200 OK
HTTP GET/grades/view.php
HTTP HTTP/1.1 200 OK
Question 1. Cookie Stealing Attack
Part (c) Message Sequence Chart
Advanced Network Security Page 2 of 8
Client Server
192.168.1.11 192.168.2.21
HTTP GET/grades/
HTTP HTTP/1.1 200 OK
HTTP GET/grades/login.php
HTTP HTTP/1.1 200 OK
HTTP POST/grades/login.php
HTTP HTTP/1.1 302 Found
HTTP GET/grades/index.php
HTTP HTTP/1.1 200 OK
HTTP GET/grades/query.php
HTTP HTTP/1.1 200 OK
HTTP GET/grades/view.php
HTTP HTTP/1.1 200 OK
COIT20262 Assignment 1 Submission Term 2, 2018
Part (d) Information from Packets
Information Answer
Packet number from normal-student.pcap that contains the normal
students’ password
4
Packet number from normal-student.pcap in which the server
originally sends the cookie to the browser
6
Last 4 HEX digits of the id_hash in the cookie (give the value of the
last 4 digits, not the packet number)
36 36 35 31
Packet number from malicious-student.pcap that contains the
normal student's grade for coit20262.
36
Packet number from malicious-student.pcap in which the client
originally sends the stolen cookie
4
Part (e)
For id_hash calculation, we have used the MD5 hash algorithm. The id_hash calculation
which we have used is basically a type of PHP. This hash algorithm sends the hash to the
browser as a cookie. This hash calculation algorithm is applying for password encryption.
The browser automatically saves this cookie generated by hash calculation algorithm.
Part (f)
The id_hash provides security in this assignment. The security is fully encrypted in this
assignment. Only one user at a time can log in in this grading web application. In the grading
web application, the user 12032177 can log in as a single user at a single time. The id_hash
provides single authentication in this web application.
Part (g)
When user login in the grading application first time, at that time the username and password
go into plain text. After login into the system, the PHP server starts and then the username
and password go into the browser and save as a cookie. At that time the login information is
not secure. This login and password can be stolen,
Part (h)
At the security level the login password was going through plaintext but if we provide client-
side encryption then the only hash will be verified. This encryption method is more secure.
This security function will perform in JavaScript. JavaScript is browsing language if the
browser turns off then the encryption method will be interrupted at that time.
Advanced Network Security Page 3 of 8
Part (d) Information from Packets
Information Answer
Packet number from normal-student.pcap that contains the normal
students’ password
4
Packet number from normal-student.pcap in which the server
originally sends the cookie to the browser
6
Last 4 HEX digits of the id_hash in the cookie (give the value of the
last 4 digits, not the packet number)
36 36 35 31
Packet number from malicious-student.pcap that contains the
normal student's grade for coit20262.
36
Packet number from malicious-student.pcap in which the client
originally sends the stolen cookie
4
Part (e)
For id_hash calculation, we have used the MD5 hash algorithm. The id_hash calculation
which we have used is basically a type of PHP. This hash algorithm sends the hash to the
browser as a cookie. This hash calculation algorithm is applying for password encryption.
The browser automatically saves this cookie generated by hash calculation algorithm.
Part (f)
The id_hash provides security in this assignment. The security is fully encrypted in this
assignment. Only one user at a time can log in in this grading web application. In the grading
web application, the user 12032177 can log in as a single user at a single time. The id_hash
provides single authentication in this web application.
Part (g)
When user login in the grading application first time, at that time the username and password
go into plain text. After login into the system, the PHP server starts and then the username
and password go into the browser and save as a cookie. At that time the login information is
not secure. This login and password can be stolen,
Part (h)
At the security level the login password was going through plaintext but if we provide client-
side encryption then the only hash will be verified. This encryption method is more secure.
This security function will perform in JavaScript. JavaScript is browsing language if the
browser turns off then the encryption method will be interrupted at that time.
Advanced Network Security Page 3 of 8
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents