CS-E4300 - Network Security D, Lecture, 1.11.2021-27.5.2022

Topic outline

• Projects
  • Everyone has to do three security design and implementation projects:

    Project 1: NFC ticket application
    
    Project 2: IPsec VPN: connecting IoT devices to cloud
    
    Project 3: Wireguard

    
    

    The projects can be done in pairs or individually (working in pairs is highly recommended).
    

    For each project, you need to do the following:

    1. Presentation (5-10 min) and demo about the design
    2. After the demo, submit in MyCourses a zip file containing the following:

    • Presentation slides (PowerPoint or PDF)
    • Design documentation (PDF, about 2 pages, reuse material from the presentation)
    • Source code for the implementation (typically only the modified files)

    
    

    The demo and presentation are the main way of getting feedback and the main method of evaluating your solution. You can reserve a demo time slot to get feedback on a partial solution before it is ready. You can also improve the design implementation after the demo, but for most changes, another demo will be needed. 
    

  • 

    Select your group here Group choice

    Not available unless any of:

    • You are a(n) Teacher
    • You are a(n) Student
  • 

    Project demo and advice sessions - Zoom link URL

    Not available unless any of:

    • You are a(n) Teacher
    • You are a(n) Student
  • 

    Project demo and advice sessions - booking Scheduler

    Not available unless any of:

    • You are a(n) Teacher
    • You are a(n) Student
  • Project 1: NFC tickets

    
    

    We will provide each group with Ultralight C smart cards. The cards can be collected after the lectures.

    Furthermore, we have a small number of Android phones with NFC that can be borrowed. To borrow a phone, send an email to cs-e4300@aalto.fi with your group name and student number. The phones can be collected from the CS building.

    
    
  • 

    Project 1 (NFC ticket) materials Folder
  • 

    Project 1 (NFC ticket) submission Assignment

    Not available unless any of:

    • You are a(n) Teacher
    • You are a(n) Student
  • Project 2: VPN from IoT devices to the cloud

  • 

    Project 2 instructions File

    PDF document
  • 

    Project 2 (VPN) submission Assignment

    Not available unless any of:

    • You are a(n) Teacher
    • You are a(n) Student

    Please submit the following in a zip or tar file:

    • A short PDF documentation of your solution that would enable a knowledgeable person to re-implement it. You can submit the presentation slides from the demo session as the documentation, but please check that the information is up to date and complete. The submitted documentation should contain at least the following information:
      
    • ip address allocation to different gateways and networks (if changed). You can edit (e.g., with Google Docs) the setup overview from img/setup.odp
      
    • server scalability solution (if changed)
    • authentication credentials configuration
      
    • deployment process (if not entirely manual)
    • commands and/or scripts used for the configuration
    • modified configuration files (or sections) for the gateways and other important nodes, including ipsec (e.g. /etc/ipsec.conf) and firewall (e.g. /etc/iptables/rules.v4)

    • Output of debugging commands that you find useful on the gateways, at least the following:
    • ip a
      
    • route -n
    • ipsec statusall (if using StrongSwan)
    • ip xfrm policy
    • ip xfrm state (when client connected to server)
    • iptables-save (should be the same as /etc/iptables/rules.v4)

    Include your group number in all the documents!

  • Project 3: Wireguard

  • 

    Project 3 (Wireguard) submission Assignment

    Not available unless any of:

    • You are a(n) Teacher
    • You are a(n) Student
  • 

    Project 3 description File

    PDF document