User Account

All Pages

Create and sign a new botnet update

Assignment Help Other Subject
Reference no: EM131502412

Project: Defeating SkyNet - Part 2: Commanding the Legion

Introduction

In the first part, you created the base foundations of a botnet. Part 2 of the project extends upon this and implements some core security features most recently used in the Conficker worm. Using these cryptography methods, Conficker was able to remain out of the control of hackers, well-funded organisations and even the US government.

The new features for SkyNet include:

  • Using public key cryptography to ensure only data or updates sent out by the botnet master are downloaded by the bot.
  • Using public key cryptography to ensure no-one but the botnet master can decrypt valuable data sent by the bot

SkyNet will be using advanced cryptography to protect itself against well-funded organisations, government agencies and other hackers. What you will be implementing here is inspired by real world cases such as the Conficker work. To have any chance of defeating such a threat, you need to understand how they defend themselves.

Note that you will use the same repository and code base from Project Part 1 in Part 2.

Part 2: Protecting the Castle

1. Securely Updating SkyNet

In the previous part of the project, uploads were supplied to the bot via another bot using peer-to-peer (P2P) or a central website (pastebot.net). As you might have noticed, these updates were not verified in any secure way. By default, updates only needed to start with a specific string (Caesar) to be considered 'signed' from the botnet master. Any third parties with trivial reverse engineering knowledge would be able to realise this and create their own 'signed' updates.

You must devise a scheme where the botnet master is able to securely sign updates for SkyNet. Bots should perform this verification on updates retrieved via P2P or a website.

The exact mechanism by which this occurs is up to you, though some form of public key cryptography is suggested. Your signature scheme should also remain secure even when confronted with attackers who have access to significant resources. The scheme should also be secure even if an attacker reverse engineers your program or the source code for your bot is stolen or released.

2. Securely Transferring Valuable Data to the Botnet Master

As part of their operation, the bots in SkyNet collect valuable data that is then sent to the botnet master. In the current codebase, this valuable data is uploaded in plaintext to pastebot.net. As it is plaintext, the data could be read by anyone who is able to intercept or access these uploads.

You must devise a scheme where the bots are able to securely upload valuable data to pastebot.net. No-one but the botnet master should be able to read the contents of these uploads. The exact mechanism by which this occurs is up to you, though some form of public key cryptography is suggested.

3. Code Checklist             

  • Enable signing and verification for any botnet updates. This requires signing code in master_sign.py and verification code in the verify_file function in lib/files.py.
  • Ensure the upload_valuables_to_pastebot function securely encrypts the data so it's only accessible to the botnet master. You also need to modify master_view.py to allow the file to be decrypted and read by the botnet master.

You should be able to:

  • Create and sign a new botnet update
  • Test bot update verification by trying to download a legitimate update and a fraudulent update from pastebot.net
  • Test bot update verification when downloading updates via P2P
  • Upload valuables of arbitrary size to pastebot.net in an encrypted manner
  • Decrypt encrypted valuables of arbitrary size using the botnet master's private key

Your code should be well commented and in neat order.

4. Documentation

You are to write a two page design document outlining the security you implemented with your system. Your choices for authentication, confidentiality and integrity for the SkyNet botnet should be justified.

Specifically, you should provide a brief answer to these questions:

  • How do you ensure the only one who can send updates to SkyNet is the botnet master?
  • How do you protect the valuable information to ensure it can only be read by the botnet master? Remember that anyone can read the information uploaded onto pastebot.net.
  • How do you ensure the botnet updates signed by the botnet master cannot be forged or modified?
  • If SkyNet's botnet code is dismantled and/or the source code for it stolen, does your scheme become less secure?
  • Give an indication of how di?cult it would be for an adversary to take control of SkyNet when your protections are used.

5. Disclaimer

This is not an operational botnet nor do we intend you to create one. To defeat blackhat hackers, you must understand how they work and the tools they use. Recent botnets have used advanced computer science and crypto-graphic methods in order to remain secure from both hackers, well-funded organisations and even governments. These advanced methods are what we intend you to learn and what we believe will help you detect, prevent and disassemble such attacks in the future.

Attachment:- Assignment Files.zip

Reference no: EM131502412

Questions Cloud

Explain type of inventories given companies currently manage : Determine the types of inventories these companies currently manage and describe their essential inventory characteristics.
How did the proclamation of 1763 affect the perception : How do you think this proclamation influenced the future perceptions and relationships with Indians?
Discuss if any of sams actions subject to criminal liability : Identify if there is an intellectual property at issue here. If so, what type? Discuss if any of Sam's actions subject him to criminal liability.
Identify four different stakeholders : Identify four different stakeholders (feel free to be creative) in the Flint water crisis and explain why you consider them to be a stakeholder.
Create and sign a new botnet update : You should be able to: Create and sign a new botnet update and Upload valuables of arbitrary size to pastebot.net in an encrypted manner
What makes a good office design in your opinion : What makes a good office design, in your opinion? Which elements are most important to you when choosing an office design and why?
Large percentage of total assets : Suppose someone says that a relatively small percentage of Americans own a large percentage of total assets and that therefore the government.
An ethical analysis supporting each conclusion : Examine two potential solutions, including an ethical analysis supporting each conclusion, as well as any potential consequences.
Present an ethical problem confronted by starbucks : present an ethical problem confronted by Starbucks. You can choose one such ethical problem from the video.

Reviews

Write a Review

Other Subject Questions & Answers

  Corpus in the context of the war on terror

Write an essay about the right of habeas corpus in the context of the war on terror. Your essay should address the following subtopics:

  Explain the characters personality and the theory

Describe the connection between the character's personality and the theory used to explain it using relevant information such as direct quotes.

  Pharaphase-sound ethics is good business

Mr. Carr disposes of phrases like "it pays to be ethical" or "sound ethics is good business" by saying this is simply a self-serving calculation in disguise. "

  Explain which services might be most challenging

Explain which services might be most challenging to provide to shelter residents, assuming this shelter is located in your community, and why

  Create presentation detailing history of learning disability

Prepare a PowerPoint presentation detailing the history of learning disabilities. Provide substantial definitions and discuss discrepancies that may cause misidentification of students.

  Neuropsychology and general psychology

Could you please do an "objective" conversational response on how this person has done on their description on their description on neuropsychology and general psychology?

  Anthology an effective structure

Describe the thematic unity of the present arrangement of the twenty seven books of the New Testament. Do you see an overriding design that gives this anthology an effective structure?

  Mental health professionals about the insanity defense

Which of the following is a concern raised by mental health professionals about the insanity defense?

  What are the major accounting differences between nonprofit

resource financial management for human service administratorswrite 200- to 300-word responses flexible to each of the

  Description of each of responsibilities that you identify

Identify at least five HR manager responsibilities with in the company. Provide a 2 to three sentence description of each of the responsibilities that you identify.

  Explain how the strategies in the art of war apply

Explain how the strategies in The Art of War apply or do not apply to the way that Mary Wollstonecraft shapes her argument ( The best will consider both)

  Write the response of the given discussions

Performance of measurement is the regular collection of data to assess whether the correct processes are being performed and desired results are being achieved (HRSA, n.d.). Most of the time when we go in for an interview we want to make sure our..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd