A partire dall'a.a. 2023/2024 non terrò più il corso "Computer Networks 2 and Introduction to Cybersecurity" (9CFU).
Chi ha questo insegnamento nel proprio piano di studi ma deve ancora sostenere l'esame ovviamente può chiedere di fare l'esame con me sul programma dell'ultimo anno in cui l'ho tenuto, più o meno "senza scadenza". L'esame sarà sempre nella stessa data degli appelli ufficiali per gli altri miei corsi, contattatemi per tempo.
Il mio consiglio è quello di valutare la possibilità di cambiare il proprio piano di studio inserendo "Reti di calcolatori 2 (6CFU)" tenuto dal prof Trevisan ed, eventualmente, "Cybersecurity (9 CFU)" tenuto da me.
The student will have to:
Analyze with Wireshark the traffic generated by a smartphone app.
Demonstrate a a form of Man-In-The-Middle against a smartphone browser.
Both activities will have to be summarized in a short report.
Depending on the overall quality of report and analysis 1, the grade of the exam may be increased up to 3 votes at my discretion. My evaluation will be based on clarity, technical detail, technical difficulty, relevance of the observations.
Activity 1 has to be executed autonomously. Activity 2 has to be shown as a demo.
The typical scenario is a PC and a smartphone, both owned by the student; PC connected to the Internet through eduroam and acting as hotspot on the same Wi-Fi interface connected at eduroam. In Activity 1 Wireshark is executed on the PC. In Activity 2 a web server and a DNS server are executed on the PC. In case the demo has to be delivered in streaming (due to the pandemic), PC and smartphone will be connected to the home Wi-Fi network of the student.
Other scenarios are possible: PC acting as hotspot on the Wi-Fi interface and connected to the Internet on a different interface (perhaps on the wired interface); PC acting as hotspot and another device (e.g., a Raspberry or another PC) running web server and DNS server. If you are in doubt, please ask me.
I suggest to follow these steps:
In order to become familiar with Wireshark: See "Wireshark Long" in the first lecture of the course; watch the suggested video and execute the suggested exercise. Possibly execute also one or more of the Wireshark Labs provided in Networks Lab.
Configure PC as hotspot and connect the smartphone to the hotspot, as described in the first section of "3 - MITM on smartphone" in Networks Lab.
You are now ready to execute activity 1 and activity 2.
Choose a smartphone app that requires authentication. Analyze the traffic generated by that application, in particular with respect to authentication. By "analyzing" I mean answering one or more of these questions:
does the app use https?
on which servers?
does it use SPID? (no, only when SPID was part of the course)
does it use OAuth? (no, only when OAuth was part of the course)
does it use certificate pinning?
can you identify the DNS traffic of the app?
can you identify the servers involved?
This is just a non exhaustive list of "interesting" features that can be discovered with Wireshark. Having an account on the app is not strictly necessary for performing such analysis.
Suggested apps (non exhaustive list):
myUniTS
Safety4All - UniTS
ENEL Energia
Other apps of Italian Energy providers.
The student will have to show the scenario described below. The network traffic will have to be captured with Wireshark and then analyzed during the demo.
PC connected to the Internet and acting as hotspot.
Another device, either a smartphone or another PC, connected to the hotspot.
A DNS Server and a Web Server run on the PC.
A browser on the device connects to an HTTP website S1 and to an HTTPS website S2.
The two websites must correspond to the names of real websites. These websites may be chosen by the student.
Connecting to one website, first on HTTP and then on HTTPS, is also ok.
The device resolves the names of the websites through the DNS Server on the PC.
The DNS Server maps the requested names on the IP address of the Web Server on the PC.
The device accesses the websites at the Web Server on the PC.
The content displayed by the browser on the device must be different from the one of the real websites. Such content may be the same for the two sites and need not be particularly elaborated: an HTML page with some images and some CSS/Javascript decorations is adequate.
The above activities are described in detail in the 3 first "MITM LABS" provided in Networks Lab.
The demo must be shown and approved at least one week before the written exam.
Participation in the exam is allowed only when this constraint is satisfied. Once the demo has been approved, it will last “forever”.
Demo sessions with multiple students will be organized upon request.
The demo can be done from remote, with either Google Meet or Microsoft Teams. The student will share the PC screen to show Wireshark, web server, DNS server...whatever may be needed. The smartphone screen may be placed closed to the webcam at my request (to show the browser or whatever) or it may be mirrored on PC. There are many free tools for sharing the smartphone screen (see for example here); the free version of some tools has to be restarted after 5-10 minutes: no problems, I will wait; you do not need to pay a full version.
After completing the demo and before participating in the written exam, the student must provide a report as follows:
File in PDF format named “CompNet2 - 2020 - family name.pdf”
No more than 2 pages with a textual description of the main findings in Activity 1.
No more than 2 pages with:
Description of the scenario for the demo (devices, operating systems and other software).
Suggestions for improving the accompanying document (mistakes, inaccuracies, suggested changes or integrations).
An appendix with a potentially unlimited set of screenshots, referenced by the text, for demonstrating the findings of Activity 1.
It is strongly advised to execute Activity 1 and show the demo much earlier than the exam.