Advanced Security for Systems Engineering VU - WS2022 (183.645) Lab0

Team size: 1

Start and deadline for this lab: see (external link)tuwel

Exercise interview: No exercise interviews. If submissions are unclear students can be invited for exercise interviews.

Exercise Lab0

This lab should enable you to work with encrypted emails and also with X.509 certificates and certificate authorities. Furthermore, it is needed to login to the exercise environment for the following labs.

Specification Lab0a

This part of the exercise deals with simple cryptography which you are obliged to solve for receiving credentials for the lab environment. It is compulsory that you use your student email-address (eMATRICULATION_NUMBER(at)student.tuwien.ac.at, MATRICULATION_NUMBER stands for your own matriculation number and (at) for @). Use a mail client of your choosing and configure your email address.

Install (external link)PGP or (external link)GnuPG. Create a key-pair and assign it to your e-mail address. Then use our Account Mailer.

IMPORTANT: You will receive the login credentials for further exercises via an encrypted e-mail. Therefore, it is mandatory that you manage to receive encrypted e-mails and decrypt them. Of course, you can use the account mailer service more than once for testing purposes. Please also remember your changed password for the further labs ;-)

Specification Lab0b

With the credentials of Lab0a you have to log in at the exercise environment using ssh (tese.inso.tuwien.ac.at, Port 20000. (On Windows you can use, e.g., putty.) After login on tese, you will find a file containing some text that you must include in the submission document (refer to Specification Lab0d).

The following fingerprints can be used for verification of the host key: SHA256:z5nliIMs3Iy5jInoqLzyBvKVrY3BE1p6ZIy4eeypahE (ECDSA), SHA256:EeLR4QpXUs1D7qKHKGQkKJw7HYZUHW3kB/8uwWl1Ris (RSA). You might need to configure your client in order to obtain the desired key type.

You are required to change the initial password of your account obtained via the Lab0a web service on the first login.

Please make sure that SSH multiplexing is not enabled. Otherwise, the password change request happens again on successive logins through the established SSH connection.

Specification Lab0c

In this exercise you will use/learn the basics of how to deal with X.509 certificates. A common library used for handling X.509 is openssl and its command-line tool. In case you have not yet heard about it, you should look up some documentation. For example, HOWTOs at (external link)http://www.openssl.org/docs/).

You first need to generate your own intermediate certificate authority (CA) and have it signed by our root certificate authority for this lab.

Create a certificate authority with the following details:

Create a certificate signing request (CSR) for this intermediate CA and upload it via tuwel at the submission page of Lab0c (external link)tuwel

If you successfully submitted the CSR and all details are correct the submission system will sign it with our root certificate authority (ESSE-Lab0-Root-CA-WS2022) for this lab. Your signed certificate and the certificate of our root certificate authority (ESSE-Lab0-Root-CA-WS2022) can be downloaded at the submission page of Lab0c in tuwel.

The submission of Lab0c is worth 5 points (of total 20 points for Lab0).

Specification Lab0d

Create a key pair for the purpose of signing documents with the following details:

Then sign this key (MATRICULATION_NUMBER-Signee-Entity-WS2022) with your intermediate CA (MATRICULATION_NUMBER-Intermediate-CA-WS2022) with the following details:

Combine the certificates for the following CAs respectively key into the file cert-chain_MATRICULATION_NUMBER.pem:

Create a file cookie_MATRICULATION_NUMBER.txt with the following content:

Sign your file cookie_MATRICULATION_NUMBER.txt with the following details and save the signature in cookie_MATRICULATION_NUMBER.txt.sha512

Pack the following files into the file lab0d_MATRICULATION_NUMBER.tar.bz2

Upload the file lab0d_MATRICULATION_NUMBER.tar.bz2 via tuwel at the submission page of Lab0d (external link)tuwel

The submission of Lab0d is worth 15 points (of total 20 points for Lab0).

Notes

Please keep in mind that this lab is relatively short. Do not deduce the effort of later labs from lab0.

Additional Notes

Back to Top