IT Security in Large IT Infrastructures VU - 2023S (183.633) Lab0

Team size: 1

Start and deadline for this lab: see (external link) tuwel

Exercise interview: No exercise interviews. If submissions are unclear, students can be invited for exercise interviews.

Exercise

The goal of this lab is to refresh experiences with cryptography, especially encryption of emails. If you succeed in solving the lab, you are able to log into the lab environment.

Specification Lab0a

This part of the exercise deals with simple cryptography which you are obliged to solve for receiving credentials for the lab environment. It is compulsory that you use your student email-address (eMATRICULATION-NUMBER(at)student.tuwien.ac.at, MATRICULATION-NUMBER stands for your own matriculation number and (at) for @). Use a mail client of your choosing and configure your email address (for further references: (external link) https://service.it.tuwien.ac.at/museum/zidline/zl17/studserver/)

Install, e.g., (external link) GnuPG. Create a key-pair, assign it to your e-mail address and set a name for the user id. Then use our Account Mailer.

IMPORTANT: You will receive the login credentials for further exercises via an encrypted e-mail. Therefore, it is mandatory that you manage to receive encrypted e-mails and decrypt them. Of course, you can use the account mailer service more than once for testing purposes. Please also remember your changed password for the further labs ;-)

Specification Lab0b

With the credentials of Lab0a you have to log in at the exercise environment using ssh (tese.inso.tuwien.ac.at, Port 65535. (On Windows you can use, e.g., putty.) On tese you will find a file named CHALLENGE -- follow the instructions in there.

The following fingerprints can be used for verification of the host key: SHA256:qQTnXCUlijOprDXGXxwUOEcIgA/wNKrX4uD/OWgDM/0 (ECDSA), SHA256:v/YF3mDXaebgn+hFhv7eCraHtL+7epMuOKLbV//SBvE (RSA). You might need to configure your client in order to obtain the desired key type.

You are required to change the initial password of your account obtained via the Lab0a web service on the first login.

Please make sure that SSH multiplexing is not enabled. Otherwise, the password change request happens again on successive logins through the established SSH connection.

Submission Lab0

You will find all necessary information in the CHALLENGE file. Follow the instructions and upload your submission to tuwel.

Notes

Upload your file before the deadline. Delayed uploads will be cut points even if you already uploaded a file before:
- max. 1 day delayed: max. 70% of the maximal points
- max. 2 days delayed: max. 50% of the maximal points
- 3 or more days delayed: max. 0% of the points
You will get automated feedback after the upload.
You have multiple attempts for your submission, after the third attempt you will lose 2 points with every succeeding attempt.
The last document you upload will be used for grading.

Please keep in mind that this lab is relatively short. Do not deduce the effort of later labs from lab0.

Additional Notes

Some of our systems will be rebooted at 04:00 AM automatically every day and are usually not reachable over the Internet for 30 minutes. You are responsible to finish your work before this time and save your data at your local computer. We do not backup any data from your exercise account. Anything you store in your exercise account may be deleted.
Please stick to the given deadline. Otherwise, you may lose points.
We will grade the last version of your submission to tuwel.
For team exercises, division of labor within the team is allowed, of course. However, every team member must know about the specifics of every exercise and needs be able to answer questions about it.
If stated, please use the compression algorithms or programs noted in the exercise descriptions. Should your submission differ from the given details, you will not be awarded any points.
If you have any questions ask your colleagues first. You can also use the tuwel forum. Please write questions which only affect yourself to esse-itseclarge@inso.tuwien.ac.at
Note concerning forums: We monitor the tuwel forum and answer questions there. We do not actively look at any other forums than the tuwel forum.
Please do not expect any help in time if you ask the day before the deadline :-)