User Account

All Pages

Implement core security features

Assignment Help Python Programming
Reference no: EM131065039

Project - Defeating SkyNet

Introduction

In the first part, you created the base foundations of a botnet. Project 2 extends upon this and implements some core security features most recently used in the Conficker worm. Using these cryptography methods, Conficker was able to remain out of the control of hackers, well funded organisations and even the US government.

The new features for SkyNet include:

- Using public key cryptography to ensure only data or updates sent out by the botnet master are downloaded by the bot

- Using public key cryptography to ensure no-one but the botnet master can decrypt valuable data sent by the bot SkyNet will be using advanced cryptograpy to protect itself against well funded organisations, government agencies and other hackers. What you will be implementing here is inspired by real world cases such as the Conficker work. To have any chance of defeating such a threat, you need to understand how they defend themselves.

Part 2 Protecting the Castle

In the previous part of the project, uploads were supplied to the bot via another bot using peer-to-peer (P2P) or a central website (pastebot.net). As you might have noticed, these updates were not verified in any secure way. By default, updates only needed to start with a specific string (Caesar) to be considered ‘signed' from the botnet master. Any third parties with trivial reverse engineering knowledge would be able to realise this and create their own ‘signed' updates.

You must devise a scheme where the botnet master is able to securely sign updates for SkyNet. Bots should perform this verification on updates retrieved via P2P or a website.

The exact mechanism by which this occurs is up to you, though some form of public key cryptography is suggested. Your signature scheme should also remain secure even when confrontd with attackers who have access to significant resources. The scheme should also be secure even if an attacker reverse engineers your program or the source code for your bot is stolen or released.

2 Securely Transferring Valuable Data to the Botnet Master

As part of their operation, the bots in SkyNet collect valuable data that is then sent to the botnet master. In the current codebase, this valuable data is uploaded in plaintext to pastebot.net. As it is plaintext, the data could be read by anyone who is able to intercept or access these uploads.

You must devise a scheme where the bots are able to securely upload valuable data to pastebot.net. No-one but the botnet master should be able to read the contents of these uploads. The exact mechanism by which this occurs is up to you, though some form of public key cryptography is suggested.

3 Implementation

An insecure skeleton framework written in Python 3 has been provided for you as a starting point. If you wish to use another language, such as Java with the Java Cryptography Extension (JCE), you may do so after seeking permission from your tutor. We can not provide any technical support if you select another language however.

4 Code Checklist

- Enable signing and verification for any botnet updates. This requires signing code in master sign.py and verification code in the verify file function in lib/files.py.

- Ensure upload valuables to pastebot securely encrypts the data so it's only accessible to the botnet master. You also need to modify mas-ter view.py to allow the file to be decrypted and read by the botnet master.

We will test that you can:

- Create and sign a new botnet update

- Test bot update verification by trying to download a legitimate update and a fradulent update from pastebot.net

- Test bot update verification when downloading updates via P2P

- Upload valuables of arbitrary size to pastebot.net in an encrypted man- ner

- Decrypt encrypted valuables of arbitrary size using the botnet master's private key

Your code must be well commented and in neat order.

Documentation

You are to write a two page design document outlining the security you im- plemented with your system. Your choices for authentication, confidentiality and integrity for the SkyNet botnet should be justified.

Specifically, you should provide a brief answer to these questions:

- How do you ensure the only one who can send updates to SkyNet is the botnet master?

- How do you protect the valuable information to ensure it can only be read by the botnet master? Remember that anyone can read the information uploaded onto pastebot.net.

- How do you ensure the botnet updates signed by the botnet master cannot be forged or modified?

- If SkyNet's botnet code is dismantled and/or the source code for it stolen, does your scheme become less secure?

- Give an indication of how difficult it would be for an adversary to take control of SkyNet when your protections are used.

Attachment:- Assignment.rar

Reference no: EM131065039

Questions Cloud

How can you best describe jason attitude toward risk : Jason Scott (see Problem 8-42, below) has decided to incorporate utility theory into his decision with his mortgage application. How can you best describe Jason's attitude toward risk? Justify your answer
Analyze impact that law to have on market for electricians : What economic principle justifies the high salaries of some professional athletes? Suppose the manager of a baseball team wants to hire a new pitcher for $4 million per year. Under what circumstances would it make sense for the team to do so?
What are advantages of a bond issued by federal government : Assume that you are choosing an investment for your retired parents. What are the advantages and disadvanges of a bond issued by the federal issued by the federal government.
Minor project 2 - decision analytic practicum : Frisco Property Management is a hypothetical company that manages a large number rental properties in the northern suburbs of Dallas. The company is outfitting a new administrative office and needs to select a safe to store important documents. I..
Implement core security features : What you will be implementing here is inspired by real world cases such as the Conficker work. To have any chance of defeating such a threat, you need to understand how they defend themselves.
Calculate the allowable load p using a factor of safety : Calculate the allowable load P using a factor of safety n = 2.4, taking into account the possibility of Euler buckling about either principal centroidal axis (i.e., axis 1-1 or axis 2-2).
What are advantages to an investor who chooses mutual fund : What are the advantages to an investor who chooses mutual fund investments over direct investments in stocks and bonds? When your financial plan is set up there are tools that need to be researched to be utilized at the highest potential.
Create a scatter diagram with monthly loan requests : Review of the linear trend model. Use the "loans" data attached to determine whether the linear trend model can be used to assess monthly loan requests. In your answer, please do the following:
What is the maximum weight of pipe that can be lifted : Based upon a factor of safety of 2.25 with respect to Euler buckling of the spreader, what is the maximum weight of pipe that can be lifted? (Assume pinned conditions at the ends of the spreader.)

Reviews

Write a Review

Python Programming Questions & Answers

  Write a loop that counts the number of space

Write a loop that counts the number of space characters in a string. Recall that the space character is represented a

  Write a program to convert an input value from base

Write a program to convert an input value from base 10 to a user selectable base between 2 and 16.

  Tower of hanoi game

Tower of Hanoi game that you can let a player to move discs between the towers using a mouse - Each move consists of taking the upper disk from one of the pegs and sliding it onto another rod, on top of the other disks that may already be present o..

  Write a python program that draw as pie chart

Write a python program that draw as pie chart go n frequent lettering word.txt file. The program, will Use tkinter to build an interface to input n

  Write a program that uses a bar

Write a program that uses a bar chart to display the percent-ages of the overall grade represented by the project, quizzes the midterm exam and the final exam

  Student record due smartsite thursday 1211 1155 pm file

due smartsite thursday 1211 1155 p.m. file names grading.py ltbrgtall prompts for input and all output must match my

  Cleint software so that it does not display

Rewrite the cleint software so that it does not display an echo of a message sent by the users. Maybe it means that each time a user tries to send a private message that same message is also sent back to them? summary: stop that from happening?

  Write an expression that concatenates the string

Write an expression that concatenates the String variable suffix onto the end of the String variable prefix .

  Recursion to write a python function

Use recursion to write a Python function depth(LL), where LL is a nested list of lists of lists etc. of numbers (i.e., oat and int) and strings. We want to return the depth of nesting, i.e., how often, maximally, there is a list in a list etc

  When we sort a list of items, we need a basis

When we sort a list of items, we need a basis on which to compare the items to see whether one is bigger than another. If it's a list of numbers, Python just compares the numeric values; if it's a list of strings, Python compares the strings alpha..

  Write a program that reads the name of a data file

Write a program that reads the name of a data file which contains student ids (such as c1234500) and their scores. The program will find and print the average score, the number of students processed.

  Calculate the total displacement of the system of springs

Calculate the total displacement of the system of springs - You are free to use any linear system solver from chapter 6, including the solvers that are part of the SciPy and/or numpy packages.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd