summaryrefslogblamecommitdiffstats
path: root/notFinishedCode/Report/test.tex
blob: 340eb611ec1c1aea46d93d930ff8f8d13216dac4 (plain) (tree)









































                                                                                            
                                                                  




                                                                                              
                                                                


















































                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
                                                                                                                                                                                                                                                         
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              


                                                

                         
                                        
                                             
        
                




                                                                                                   

                  



















                                                                                
                                           
                                                                              




                                                                                                                                                                                                                                                                                                                                                                                                 

                                                                                                                                                                                                                                                                                                                                                                                              
                                                                                                                                                                                                                                                       







                                                                               

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
                                                                                
                                                                                                                             
 
                  













                                                                                            
 



                                                                         
 
                    
 

                                                                     
 
                                                                                                                                                                                             
 



                                                     
 
                                                       
                








                                                                                                                             












































































































                                                                                                                                                                                                                                                                                                                                                     

                  
 
                   




                                                                              









                                                      


                                                                                                                                                              
 


                                                                                                                                              




                     
\documentclass[a4paper, titlepage, oneside, headsepline, footsepline]{scrartcl} 
%PACKAGES
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\usepackage[english]{babel} %what language are we using
\usepackage[latin2]{inputenc} %what alphabet

\usepackage[tt]{titlepic} %used for adding the title image
\usepackage{graphicx} %used for adding images
\usepackage{url}  %used for the url in bibliography
\usepackage{lastpage} %give me the total number of pages, used in footer: \pageref{LastPage}

\usepackage[T1]{fontenc} %used for fonts
\usepackage{scrpage2} %used for making headers, footers and correct margins

\usepackage{color} %used for highlighting source code
\usepackage{listings} %used to make a box with source code
\usepackage{fancyvrb}
\DefineVerbatimEnvironment{code}{Verbatim}{fontsize=\small}
\DefineVerbatimEnvironment{example}{Verbatim}{fontsize=\small}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%DEFINE LOOK OF THE PAGES
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\pagestyle{scrheadings}

\renewenvironment{abstract}
	{\begin{center}\large\textbf{}\noindent\end{center}}{\vspace{2\baselineskip}}

% Disable single lines at the start of a paragraph (Schusterjungen)
\clubpenalty = 10000
% Disable single lines at the end of a paragraph (Hurenkinder)
\widowpenalty = 10000 \displaywidowpenalty = 10000

\setlength{\parskip}{0.01\baselineskip}
\textheight = 620pt

\ohead{\titleOfProject} %make the header
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%DEFINE THE STUFF FOR CODE 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\lstset{ %
%language=Python,                % choose the language of the code
columns=fullflexible,
keywordstyle=\color[rgb]{0.608,0.561,0.008},
commentstyle=\color[rgb]{0.25,0.5,0.35},
stringstyle=\color[rgb]{0.25,0.35,0.85},
basicstyle=\footnotesize,%\scriptsize       % the size of the fonts that are used for the code
%numbers=left,                   % where to put the line-numbers
numberstyle=\footnotesize,      % the size of the fonts that are used for the line-numbers
stepnumber=1,                   % the step between two line-numbers. If it is 1 each line will be numbered
numbersep=8pt,                  % how far the line-numbers are from the code
backgroundcolor=\color{white},  % choose the background color. You must add \usepackage{color}
showspaces=false,               % show spaces adding particular underscores
showstringspaces=false,         % underline spaces within strings
showtabs=false,                 % show tabs within strings adding particular underscores
frame=single,   		% adds a frame around the code
tabsize=2,  		% sets default tabsize to 2 spaces
captionpos=b,   		% sets the caption-position to bottom
breaklines=true,    	% sets automatic line breaking
breakatwhitespace=false,    % sets if automatic breaks should only happen at whitespace
escapeinside={\%}{)}          % if you want to add a comment within your code
}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


\newcommand{\titleOfProject}{Software for self-testing of the Telecommunication network of University of Freiburg}



%begin of the document
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{document}



%make the title page
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\titlepic{\includegraphics[width=70mm]{uniLogo1.jpg}}
\title{Team project \\ ``\titleOfProject''}   % type title between braces
\date{\today}    % type date between braces
\author{Arda Akcay\\ Tri Atmoko\\ Refik Had\v{z}iali\'{c} }         % type author(s) between braces
\department{\vspace{1\baselineskip} \large Albert-Ludwigs-Universit\"{a}t Freiburg \\
Lehrstuhl f\"{u}r  Komunikationsysteme\\
Prof. Dr. Gerhard Schneider\\ \vspace{1\baselineskip} Supervisors: \\ Konrad Meier \\ Denis Wehrle \\ \vspace{1\baselineskip} Sommersemester 2011}

\maketitle
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%add the table of contents 
\tableofcontents 

%new page to start with 
\newpage 




% first chapter
\section{Introduction and Motivation}             % chapter 1
\large In the following report, the authors will try to give you a brief insight into our team project. The goal of our project was to develop a mechanism for automatic testing of our University Telecommunication network. The Telecommunication network of University of Freiburg consists of: our own internal GSM and telephone network systems; GSM redirecting device (if one initiates a call to one of the four external GSM networks, it redirects the calls to: T-mobile, 02, Vodaphone or E-Plus); a SIP gateway for landline calls inside of Germany (sipgate.de) and international calls. Since we did not have access to internal servers, our strategy was to exploit the existing systems and infer the results out of our findings.
Before we had started working on our project, we had to analyze the overall network to come up with test cases that contain the highest information content. The next step in our procedure was to implement our ideas into a working piece of software. 
Gradually we implemented a bit-by-bit of the final software. Every single step was accompanied by testing and validation procedures. At the end we connected all the ``black-boxes'' into one big piece of software. We have fulfilled our requests and goals and made a fully working and operable test software. Despite developing a working software, all the way along we thought about the simplicity of the usage of the software. In the following chapters we will describe in more detail our approach and how each subsystem works.
\newpage
\section{Software concept}           % chapter 2
\newpage
\section{Database design}
\newpage
\section{Introduction}     % section 2.1
\subsection{Usage}         % subsection 2.1.1
\newpage
\section{Design}
\begin{figure}[hb!]
  \centering
  \includegraphics[width=130mm]{bb.jpg}
  \caption[]{BeagleBoard, a linux-on-chip board where our controller software runs the GSM device }
\end{figure}
\newpage
\section{Protocol}

\begin{figure}[hb!]
  \centering
  \includegraphics[width=130mm]{protocolCommunicationHandler.png}
  \caption[]{Flowchart of the protocol, on the handler side}
\end{figure}

\begin{figure}[hb!]
  \centering
  \includegraphics[width=130mm]{protocolCommunicationcControllerReceiver.png}
  \caption[]{Flowchart of the protocol, on the controller side for the caller}
\end{figure}

\begin{figure}[hb!]
  \centering
  \includegraphics[width=130mm]{protocolCommunicationcControllerCaller.png}
  \caption[]{Flowchart of the protocol, on the controller side for the receiver}
\end{figure}

%\newpage
\section{Security and safety of the system}
\large Safety and security of the software plays a major role in our project. 
It is of vital importance that only as few as possible people have access to our test system since the resulting data could be exploited to plan an attack 
(e.g. assume the University alarm system uses the SIP gateway to connect to the outside world and to alarm the police, if one knows that the SIP gateway is not working properly, a burglar could plan to rob the University building just at that moment.) Therefore the choice to go Open Source is justified due to the fact that one should know how every single detail of the system works.
All the time, while we were working on the project, we were made aware of this issue by Denis and Konrad.  
We decided to use asymmetric key cryptography, where each side has two keys (private and public.) In the next sections we will explain in more details how we applied the methods.
\subsection{Encryption of the communication channels}
At first we thoought to encrypt the data before sending them but since none of us was an expert on encryption standards the idea was rejected. Alongside the fact that none of us had been an expert in the field of cryptography, we were neither experts in the field of internet programming. One could find maybe a way to disable our server software with various hacking methods (e.g. 
trying to open the port until the system runs out of memory and in our case the system which we used on the handler side was a BeagleBoard with ARM architecture running on a single chip TI OMAP processor, refer to the picture in figure 1.) 
We had to eliminate even the slightest possible threat in return for spending more time for debugging the test software system. Despite we were aware of all these facts, we had to choose one of the plenty implemented encryption standards on Linux.
Denis and Konrad suggested using the SSH Tunneling method. 

\begin{figure}[ht!]
  \centering
  \includegraphics[width=120mm]{sshTunnel.png}
  \caption[]{SSH Tunnel, all the communication inside the tunnel is encrypted }
\end{figure}

Using the SSH Tunnel port forwading method we could hide the real port we had used for our socket connection. On the other hand we could force the socket to accept only local connections (i.e. from the machine where the handler software was running.) 
The SSH Tunnel port forwarind method creates an encrypted tunnel between the two computers and then it creates two ports, one on the local and remote computer. All the data sent through the port on the local machine appear on the port at the remote machine. \newline The first problem we faced was that SSH required the username and password everytime we tried to make an SSH connection. We could avoid this problem by copying the public key from our server (where our test software runs) to the BeagleBoard \cite{sshTunnel}. 
This can be performed by executing the following commands in the terminal shell.
One has to create first the private and public keys on the local machine(i.e. server computer, where the test software runs):

\begin{lstlisting}
jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host
\end{lstlisting}

Then one needs to copy the public key to the remote machine (BeagleBoard) using ssh-copy-id:

\begin{lstlisting}
jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting. 
\end{lstlisting}

After we have created the public and private keys, and coppied the public key on the machine to which we want to connect, we can test if we can make an SSH connection to the remote machine:

\begin{lstlisting}
jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]
\end{lstlisting}
The test was successful. We tested it with our SSH Tunnel port forwarding class and it worked perfectly. 
\subsection{Security on the web site}
Securing the communication channels without making certain the web site is safe would be worthless. 
We decided to use the \emph{https} protocol instead of the \emph{http} since a person in the middle 
could sniff our data (e.g. a person is connected with his/her smart-phone over an unprotected wireless network) \cite{https}.
At the same time the web site should be accessible only by the authorized personel. Our first approach to this 
problem was to build an PHP page with \emph{MD5} hashed passwords, however we got a suggestion by Konrad and Denis to 
use a safer encryption method implemented in the Apache web server software, \emph{.htaccess}. By using 
these two techniques we protected the web site of some vulnerabilities known to us. If the web site 
will be only accessed from our local university network, we can additionally add an IP filter mask as well.
In the following paragraph we will explain our procedure how to generate the keys and to enable the https protocol. 
\par First we want to generate a server key by typing the following command:
\begin{lstlisting}
openssl genrsa -des3 -out server.key 4096
\end{lstlisting}
\par This will generate a 4096 bit long private server key, one is asked to enter two times a password for the \emph{server.key}.
Using the generated private server key, we will create a certificate signing request, \emph{server.csr}. We were prompted with a series of questions 
like country, state, organization name and etc which we had to enter to resume.
\begin{lstlisting}
openssl req -new -key server.key -out server.csr 
\end{lstlisting}
\par In the next step we had to sign the certificate signing request and enter the amount of days for how long it should be valid. 
In our case we entered the duration of one year, one can make it for longer periods as well (i.e. the amount of 365 has to be changed.)
\begin{lstlisting}
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
\end{lstlisting}
\par We were asked to enter the password again for \emph{server.key}. After we have completed this step we had to make
a version of the \emph{server.key} which did not require a password, \emph{server.key.insecure} and we will rename the files appropriately. 
\begin{lstlisting}
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
\end{lstlisting}
\par The generated files are very sensitive, since they are our keys. After these steps were completed, we had generated 4 files (\emph{server.crt}, \emph{server.csr}, \emph{server.key} and \emph{server.key.secure}). Now we need to enable the SSL engine on the Apache web server. 
We coppied \emph{server.key} and \emph{server.crt} into \emph{/etc/appache2/ssl}. 
\begin{lstlisting}
refik@ubuntu:/etc/apache2$ sudo mkdir ssl
cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl
\end{lstlisting}
\par Then we enabled SSL by typing in \emph{a2enmod ssl}, ``it is simply a general purpose utility to establish a symlink between a module in \emph{/etc/apache2/mods-available} to \emph{/etc/apache2/mods-enabled} (or give a message to the effect that a given module does not exist or that it is already symlinked for loading)'' \cite{https}.
\begin{lstlisting}
refik@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
\end{lstlisting}
\par In the next procedure we had to establish a symlink from the 'available' default-ssl file to the 'enabled' file \cite{https}. Then we created a folder where our secured PHP files will be located (e.g. https://some-domain-name.com/test-software).
\begin{lstlisting}
refik@ubuntu:/etc/apache2/ssl$ sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl 
refik@ubuntu:/etc/apache2/ssl$ cd /var/
refik@ubuntu:/var$ sudo mkdir www-ssl
\end{lstlisting}
\par We had backed up our old configuration files for the virtual hosts, for the case that the damage the Apache configuration files. Then we edited the \emph{default-ssl} file.
\begin{lstlisting}
refik@ubuntu:/var$ cd /etc/apache2/sites-available
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default default_original
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default-ssl default-ssl_original
refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
\end{lstlisting}
\par Only the begining of the file is listed here and we have modified the line starting with \emph{DocumentRoot}
from \emph{DocumentRoot /var/www} to \emph{DocumentRoot /var/www-ssl} (i.e. we had to redefine the location of our SSL directory.)
\begin{lstlisting}
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www-ssl
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
\end{lstlisting}
\par One should keep in mind that the port 443 should be free for Apache to use it. In the proceeding step we had to ensure that Apache listens on the given port for a \emph{https} connection. 
One could test that by going into the \emph{/etc/apache2/ports.conf}. 
\begin{lstlisting}
<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>
\end{lstlisting}
\par In our case it was set up correctly, since the command: \emph{Listen 443} was present. 
In our last configuration step we had to edit \emph{default-ssl} file to define the correct locations of our keys and to ensure the SSL engine was turned on.
\begin{lstlisting}
refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
\end{lstlisting}
\newpage
\par The following part of the file had to be found and modified according to our locations:
\begin{lstlisting}
SSLEngine on

       #   A self-signed (snakeoil) certificate can be created by installing
       #   the ssl-cert package. See
       #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
       #   If both key and certificate are stored in the same file, only the
       #   SSLCertificateFile directive is needed.
       SSLCertificateFile    /etc/apache2/ssl/server.crt
       SSLCertificateKeyFile /etc/apache2/ssl/server.key

       #   Server Certificate Chain:
       #   Point SSLCertificateChainFile at a file containing the
\end{lstlisting}
\par Finally we had configured our server and can proceed with the restart of the apache web server. We created a test web site \emph{/var/www-ssl/index.php} and navigated our browser to \emph{https://localhost}. The test was successful! 
\begin{lstlisting}
refik@ubuntu:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                                                                                                        [Sat Oct 08 21:52:51 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
 ... waiting [Sat Oct 08 21:52:52 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ]
refik@ubuntu:/etc/apache2/sites-available$  
\end{lstlisting}




  
\newpage
\section{Web page}

\begin{figure}[hb!]
  \centering
  \includegraphics[width=100mm]{resultsImage.png}
  \caption[]{Result image showing working, defected and not tested subsystems}
\end{figure}

\newpage
\section{Conclusion}
\newpage

%bibliography start
\begin{thebibliography}{9}

\bibitem{site1} H. Simpson, \emph{Proof of the Riemann
Hypothesis},  preprint (2003), available at 
\url{http://www.math.drofnats.edu/riemann.ps}.
 
\bibitem{sshTunnel} R. Natarajan, \emph{3 Steps to perform SSH login without password using ssh-keygen \& ssh-copy-id},  accessed on 18.08.2011, available at 
\url{http://goo.gl/fX68N}.

\bibitem{https} P. Bramscher, \emph{Creating Certificate Authorities and self-signed SSL certificates},  accessed on 05.09.2011, available at 
\url{http://www.tc.umn.edu/~brams006/selfsign.html}.

%bibliography end
\end{thebibliography}

%end of the document
\end{document}