summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--notFinishedCode/Report/test.aux35
-rw-r--r--notFinishedCode/Report/test.log65
-rw-r--r--notFinishedCode/Report/test.pdfbin556571 -> 577415 bytes
-rw-r--r--notFinishedCode/Report/test.tex114
-rw-r--r--notFinishedCode/Report/test.tex.backup120
-rw-r--r--notFinishedCode/Report/test.tex~116
-rw-r--r--notFinishedCode/Report/test.toc19
7 files changed, 410 insertions, 59 deletions
diff --git a/notFinishedCode/Report/test.aux b/notFinishedCode/Report/test.aux
index 474bc72..92accdc 100644
--- a/notFinishedCode/Report/test.aux
+++ b/notFinishedCode/Report/test.aux
@@ -5,24 +5,27 @@
\@writefile{lot}{\select@language{english}}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction and Motivation}{3}}
\@writefile{toc}{\contentsline {section}{\numberline {2}Software concept}{4}}
-\@writefile{toc}{\contentsline {section}{\numberline {3}Introduction}{5}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Usage}{5}}
-\@writefile{toc}{\contentsline {section}{\numberline {4}Design}{6}}
-\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces }}{6}}
-\@writefile{toc}{\contentsline {section}{\numberline {5}Protocol}{7}}
-\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces }}{7}}
-\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces }}{7}}
-\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces }}{7}}
+\@writefile{toc}{\contentsline {section}{\numberline {3}Database design}{5}}
+\@writefile{toc}{\contentsline {section}{\numberline {4}Introduction}{6}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Usage}{6}}
+\@writefile{toc}{\contentsline {section}{\numberline {5}Design}{7}}
+\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces }}{7}}
+\@writefile{toc}{\contentsline {section}{\numberline {6}Protocol}{8}}
+\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces }}{8}}
+\@writefile{lof}{\contentsline {figure}{\numberline {3}{\ignorespaces }}{8}}
+\@writefile{lof}{\contentsline {figure}{\numberline {4}{\ignorespaces }}{8}}
\citation{sshTunnel}
-\@writefile{toc}{\contentsline {section}{\numberline {6}Security and safety of the test system}{8}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {6.1}Encryption of the communication channels}{8}}
-\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces }}{8}}
+\@writefile{toc}{\contentsline {section}{\numberline {7}Security and safety of the system}{9}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {7.1}Encryption of the communication channels}{9}}
+\@writefile{lof}{\contentsline {figure}{\numberline {5}{\ignorespaces }}{9}}
\citation{https}
-\@writefile{toc}{\contentsline {subsection}{\numberline {6.2}Security on the web site}{9}}
-\@writefile{toc}{\contentsline {section}{\numberline {7}Web page}{11}}
-\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces }}{11}}
-\@writefile{toc}{\contentsline {section}{\numberline {8}Conclusion}{12}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {7.2}Security on the web site}{10}}
+\citation{https}
+\citation{https}
+\@writefile{toc}{\contentsline {section}{\numberline {8}Web page}{14}}
+\@writefile{lof}{\contentsline {figure}{\numberline {6}{\ignorespaces }}{14}}
+\@writefile{toc}{\contentsline {section}{\numberline {9}Conclusion}{15}}
\bibcite{site1}{1}
\bibcite{sshTunnel}{2}
\bibcite{https}{3}
-\newlabel{LastPage}{{}{13}}
+\newlabel{LastPage}{{}{16}}
diff --git a/notFinishedCode/Report/test.log b/notFinishedCode/Report/test.log
index 252e44c..783a104 100644
--- a/notFinishedCode/Report/test.log
+++ b/notFinishedCode/Report/test.log
@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.1415926-1.40.10 (TeX Live 2009/Debian) (format=pdflatex 2011.9.27) 6 OCT 2011 14:29
+This is pdfTeX, Version 3.1415926-1.40.10 (TeX Live 2009/Debian) (format=pdflatex 2011.9.27) 8 OCT 2011 22:05
entering extended mode
%&-line parsing enabled.
**test.tex
@@ -274,11 +274,11 @@ Class scrartcl Info: You've told me to use the font selection of the element
Class scrartcl Info: You've told me to use the font selection of the element
(scrartcl) `sectioning' that is an alias of element `disposition'
(scrartcl) on input line 4.
-LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <10.95> on input line 5.
Class scrartcl Info: You've told me to use the font selection of the element
(scrartcl) `sectioning' that is an alias of element `disposition'
-(scrartcl) on input line 6.
+(scrartcl) on input line 5.
+LaTeX Font Info: External font `cmex10' loaded for size
+(Font) <10.95> on input line 6.
Class scrartcl Info: You've told me to use the font selection of the element
(scrartcl) `sectioning' that is an alias of element `disposition'
(scrartcl) on input line 7.
@@ -287,57 +287,70 @@ Class scrartcl Info: You've told me to use the font selection of the element
(scrartcl) on input line 8.
Class scrartcl Info: You've told me to use the font selection of the element
(scrartcl) `sectioning' that is an alias of element `disposition'
-(scrartcl) on input line 11.
+(scrartcl) on input line 9.
Class scrartcl Info: You've told me to use the font selection of the element
(scrartcl) `sectioning' that is an alias of element `disposition'
(scrartcl) on input line 12.
+Class scrartcl Info: You've told me to use the font selection of the element
+(scrartcl) `sectioning' that is an alias of element `disposition'
+(scrartcl) on input line 13.
)
\tf@toc=\write4
\openout4 = `test.toc'.
[2] [3]
-[4] [5] <bb.jpg, id=25, 521.95pt x 516.93124pt>
+[4] [5] [6] <bb.jpg, id=28, 521.95pt x 516.93124pt>
File: bb.jpg Graphic file (type jpg)
- <use bb.jpg> [6 <./bb.jpg>]
-<protocolCommunicationHandler.png, id=29, 2486.93823pt x 792.13588pt>
+ <use bb.jpg> [7 <./bb.jpg>] <protocolCommunicationHandler.png, id=33, 2486.938
+23pt x 792.13588pt>
File: protocolCommunicationHandler.png Graphic file (type png)
<use protocolCommunicationHandler.png>
-<protocolCommunicationcControllerReceiver.png, id=30, 1808.16705pt x 766.62883p
+<protocolCommunicationcControllerReceiver.png, id=34, 1808.16705pt x 766.62883p
t>
File: protocolCommunicationcControllerReceiver.png Graphic file (type png)
<use protocolCommunicationcControllerReceiver.png>
-<protocolCommunicationcControllerCaller.png, id=31, 1808.16705pt x 766.62883pt>
+<protocolCommunicationcControllerCaller.png, id=35, 1808.16705pt x 766.62883pt>
File: protocolCommunicationcControllerCaller.png Graphic file (type png)
-<use protocolCommunicationcControllerCaller.png> [7 <./protocolCommunicationHan
+<use protocolCommunicationcControllerCaller.png> [8 <./protocolCommunicationHan
dler.png (PNG copy)> <./protocolCommunicationcControllerReceiver.png (PNG copy)
> <./protocolCommunicationcControllerCaller.png (PNG copy)>]
-<sshTunnel.png, id=36, 696.6025pt x 152.57pt>
+<sshTunnel.png, id=39, 696.6025pt x 152.57pt>
File: sshTunnel.png Graphic file (type png)
- <use sshTunnel.png> [8 <./sshTunnel.png (PNG copy)>]
+ <use sshTunnel.png> [9 <./sshTunnel.png (PNG copy)>]
LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <9> on input line 162.
+(Font) <9> on input line 164.
LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <5> on input line 162.
- [9] [10] <resultsImage.png, id=49, 702.625pt x 431.6125pt>
-File: resultsImage.png Graphic file (type png)
+(Font) <5> on input line 164.
+ [10] [11]
+LaTeX Font Info: Try loading font information for OMS+cmr on input line 275.
+
-<use resultsImage.png> [11 <./resultsImage.png (PNG copy)>] [12]
-LaTeX Font Info: Try loading font information for T1+cmtt on input line 224.
+(/usr/share/texmf-texlive/tex/latex/base/omscmr.fd
+File: omscmr.fd 1999/05/25 v2.5h Standard LaTeX font definitions
+)
+LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <9> not available
+(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 275.
+ [12] [13]
+<resultsImage.png, id=59, 702.625pt x 431.6125pt>
+File: resultsImage.png Graphic file (type png)
+ <use resultsImage.png>
+[14 <./resultsImage.png (PNG copy)>] [15]
+LaTeX Font Info: Try loading font information for T1+cmtt on input line 334.
(/usr/share/texmf-texlive/tex/latex/base/t1cmtt.fd
File: t1cmtt.fd 1999/05/25 v2.5h Standard LaTeX font definitions
)
-AED: lastpage setting LastPage [13] (./test.aux) )
+AED: lastpage setting LastPage [16] (./test.aux) )
Here is how much of TeX's memory you used:
- 4857 strings out of 495061
- 67143 string characters out of 1182621
+ 4877 strings out of 495061
+ 67482 string characters out of 1182621
255251 words of memory out of 3000000
- 7979 multiletter control sequences out of 15000+50000
+ 7996 multiletter control sequences out of 15000+50000
16954 words of font info for 41 fonts, out of 3000000 for 9000
28 hyphenation exceptions out of 8191
- 36i,10n,45p,751b,1088s stack positions out of 5000i,500n,10000p,200000b,50000s
+ 36i,10n,45p,751b,1285s stack positions out of 5000i,500n,10000p,200000b,50000s
</home/refik/.texmf-var/font
s/pk/ljfour/jknappen/ec/ectt1200.600pk> </home/refik/.texmf-var/fonts/pk/ljfour
/jknappen/ec/ecti1200.600pk> </home/refik/.texmf-var/fonts/pk/ljfour/jknappen/e
@@ -349,9 +362,9 @@ nts/pk/ljfour/jknappen/ec/ecsl1095.600pk> </home/refik/.texmf-var/fonts/pk/ljfo
ur/jknappen/ec/ecrm1200.600pk> </home/refik/.texmf-var/fonts/pk/ljfour/jknappen
/ec/ecrm1728.600pk></usr/share/texmf-texlive/fonts/type1/public/amsfonts/cm/cms
y9.pfb>
-Output written on test.pdf (13 pages, 556571 bytes).
+Output written on test.pdf (16 pages, 577415 bytes).
PDF statistics:
- 490 PDF objects out of 1000 (max. 8388607)
+ 529 PDF objects out of 1000 (max. 8388607)
0 named destinations out of 1000 (max. 500000)
36 words of extra memory for PDF output out of 10000 (max. 10000000)
diff --git a/notFinishedCode/Report/test.pdf b/notFinishedCode/Report/test.pdf
index ab0bab0..d996043 100644
--- a/notFinishedCode/Report/test.pdf
+++ b/notFinishedCode/Report/test.pdf
Binary files differ
diff --git a/notFinishedCode/Report/test.tex b/notFinishedCode/Report/test.tex
index f1d273f..340eb61 100644
--- a/notFinishedCode/Report/test.tex
+++ b/notFinishedCode/Report/test.tex
@@ -104,6 +104,8 @@ Gradually we implemented a bit-by-bit of the final software. Every single step w
\newpage
\section{Software concept} % chapter 2
\newpage
+\section{Database design}
+\newpage
\section{Introduction} % section 2.1
\subsection{Usage} % subsection 2.1.1
\newpage
@@ -135,7 +137,7 @@ Gradually we implemented a bit-by-bit of the final software. Every single step w
\end{figure}
%\newpage
-\section{Security and safety of the test system}
+\section{Security and safety of the system}
\large Safety and security of the software plays a major role in our project.
It is of vital importance that only as few as possible people have access to our test system since the resulting data could be exploited to plan an attack
(e.g. assume the University alarm system uses the SIP gateway to connect to the outside world and to alarm the police, if one knows that the SIP gateway is not working properly, a burglar could plan to rob the University building just at that moment.) Therefore the choice to go Open Source is justified due to the fact that one should know how every single detail of the system works.
@@ -202,7 +204,115 @@ At the same time the web site should be accessible only by the authorized person
problem was to build an PHP page with \emph{MD5} hashed passwords, however we got a suggestion by Konrad and Denis to
use a safer encryption method implemented in the Apache web server software, \emph{.htaccess}. By using
these two techniques we protected the web site of some vulnerabilities known to us. If the web site
-will be only accessed from our local university network, we can additionally add an IP filter mask as well.
+will be only accessed from our local university network, we can additionally add an IP filter mask as well.
+In the following paragraph we will explain our procedure how to generate the keys and to enable the https protocol.
+\par First we want to generate a server key by typing the following command:
+\begin{lstlisting}
+openssl genrsa -des3 -out server.key 4096
+\end{lstlisting}
+\par This will generate a 4096 bit long private server key, one is asked to enter two times a password for the \emph{server.key}.
+Using the generated private server key, we will create a certificate signing request, \emph{server.csr}. We were prompted with a series of questions
+like country, state, organization name and etc which we had to enter to resume.
+\begin{lstlisting}
+openssl req -new -key server.key -out server.csr
+\end{lstlisting}
+\par In the next step we had to sign the certificate signing request and enter the amount of days for how long it should be valid.
+In our case we entered the duration of one year, one can make it for longer periods as well (i.e. the amount of 365 has to be changed.)
+\begin{lstlisting}
+openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+\end{lstlisting}
+\par We were asked to enter the password again for \emph{server.key}. After we have completed this step we had to make
+a version of the \emph{server.key} which did not require a password, \emph{server.key.insecure} and we will rename the files appropriately.
+\begin{lstlisting}
+openssl rsa -in server.key -out server.key.insecure
+mv server.key server.key.secure
+mv server.key.insecure server.key
+\end{lstlisting}
+\par The generated files are very sensitive, since they are our keys. After these steps were completed, we had generated 4 files (\emph{server.crt}, \emph{server.csr}, \emph{server.key} and \emph{server.key.secure}). Now we need to enable the SSL engine on the Apache web server.
+We coppied \emph{server.key} and \emph{server.crt} into \emph{/etc/appache2/ssl}.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2$ sudo mkdir ssl
+cp server.key /etc/apache2/ssl
+cp server.crt /etc/apache2/ssl
+\end{lstlisting}
+\par Then we enabled SSL by typing in \emph{a2enmod ssl}, ``it is simply a general purpose utility to establish a symlink between a module in \emph{/etc/apache2/mods-available} to \emph{/etc/apache2/mods-enabled} (or give a message to the effect that a given module does not exist or that it is already symlinked for loading)'' \cite{https}.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
+Enabling module ssl.
+See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
+Run '/etc/init.d/apache2 restart' to activate new configuration!
+\end{lstlisting}
+\par In the next procedure we had to establish a symlink from the 'available' default-ssl file to the 'enabled' file \cite{https}. Then we created a folder where our secured PHP files will be located (e.g. https://some-domain-name.com/test-software).
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/ssl$ sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
+refik@ubuntu:/etc/apache2/ssl$ cd /var/
+refik@ubuntu:/var$ sudo mkdir www-ssl
+\end{lstlisting}
+\par We had backed up our old configuration files for the virtual hosts, for the case that the damage the Apache configuration files. Then we edited the \emph{default-ssl} file.
+\begin{lstlisting}
+refik@ubuntu:/var$ cd /etc/apache2/sites-available
+refik@ubuntu:/etc/apache2/sites-available$ sudo cp default default_original
+refik@ubuntu:/etc/apache2/sites-available$ sudo cp default-ssl default-ssl_original
+refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
+\end{lstlisting}
+\par Only the begining of the file is listed here and we have modified the line starting with \emph{DocumentRoot}
+from \emph{DocumentRoot /var/www} to \emph{DocumentRoot /var/www-ssl} (i.e. we had to redefine the location of our SSL directory.)
+\begin{lstlisting}
+<IfModule mod_ssl.c>
+<VirtualHost _default_:443>
+ ServerAdmin webmaster@localhost
+
+ DocumentRoot /var/www-ssl
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+\end{lstlisting}
+\par One should keep in mind that the port 443 should be free for Apache to use it. In the proceeding step we had to ensure that Apache listens on the given port for a \emph{https} connection.
+One could test that by going into the \emph{/etc/apache2/ports.conf}.
+\begin{lstlisting}
+<IfModule mod_ssl.c>
+ # If you add NameVirtualHost *:443 here, you will also have to change
+ # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
+ # to <VirtualHost *:443>
+ # Server Name Indication for SSL named virtual hosts is currently not
+ # supported by MSIE on Windows XP.
+ Listen 443
+</IfModule>
+\end{lstlisting}
+\par In our case it was set up correctly, since the command: \emph{Listen 443} was present.
+In our last configuration step we had to edit \emph{default-ssl} file to define the correct locations of our keys and to ensure the SSL engine was turned on.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
+\end{lstlisting}
+\newpage
+\par The following part of the file had to be found and modified according to our locations:
+\begin{lstlisting}
+SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/apache2/ssl/server.crt
+ SSLCertificateKeyFile /etc/apache2/ssl/server.key
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+\end{lstlisting}
+\par Finally we had configured our server and can proceed with the restart of the apache web server. We created a test web site \emph{/var/www-ssl/index.php} and navigated our browser to \emph{https://localhost}. The test was successful!
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
+ * Restarting web server apache2 [Sat Oct 08 21:52:51 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
+ ... waiting [Sat Oct 08 21:52:52 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ]
+refik@ubuntu:/etc/apache2/sites-available$
+\end{lstlisting}
+
+
+
+
+
\newpage
\section{Web page}
diff --git a/notFinishedCode/Report/test.tex.backup b/notFinishedCode/Report/test.tex.backup
index 6f41bb3..b54cbe6 100644
--- a/notFinishedCode/Report/test.tex.backup
+++ b/notFinishedCode/Report/test.tex.backup
@@ -104,6 +104,8 @@ Gradually we implemented a bit-by-bit of the final software. Every single step w
\newpage
\section{Software concept} % chapter 2
\newpage
+\section{Database design}
+\newpage
\section{Introduction} % section 2.1
\subsection{Usage} % subsection 2.1.1
\newpage
@@ -135,7 +137,7 @@ Gradually we implemented a bit-by-bit of the final software. Every single step w
\end{figure}
%\newpage
-\section{Security and safety of the test system}
+\section{Security and safety of the system}
\large Safety and security of the software plays a major role in our project.
It is of vital importance that only as few as possible people have access to our test system since the resulting data could be exploited to plan an attack
(e.g. assume the University alarm system uses the SIP gateway to connect to the outside world and to alarm the police, if one knows that the SIP gateway is not working properly, a burglar could plan to rob the University building just at that moment.) Therefore the choice to go Open Source is justified due to the fact that one should know how every single detail of the system works.
@@ -197,11 +199,120 @@ The test was successful. We tested it with our SSH Tunnel port forwarding class
\subsection{Security on the web site}
Securing the communication channels without making certain the web site is safe would be worthless.
We decided to use the \emph{https} protocol instead of the \emph{http} since a person in the middle
-could sniff our data (e.g. a person is connected with his/her smart-phone over an unprotected WiFi network).
+could sniff our data (e.g. a person is connected with his/her smart-phone over an unprotected wireless network) \cite{https}.
At the same time the web site should be accessible only by the authorized personel. Our first approach to this
problem was to build an PHP page with \emph{MD5} hashed passwords, however we got a suggestion by Konrad and Denis to
use a safer encryption method implemented in the Apache web server software, \emph{.htaccess}. By using
-these two techniques we protected the web site of some vulnerabilities known to us.
+these two techniques we protected the web site of some vulnerabilities known to us. If the web site
+will be only accessed from our local university network, we can additionally add an IP filter mask as well.
+In the following paragraph we will explain our procedure how to generate the keys and to enable the https protocol.
+\par First we want to generate a server key by typing the following command:
+\begin{lstlisting}
+openssl genrsa -des3 -out server.key 4096
+\end{lstlisting}
+\par This will generate a 4096 bit long private server key, one is asked to enter two times a password for the \emph{server.key}.
+Using the generated private server key, we will create a certificate signing request, \emph{server.csr}. We were prompted with a series of questions
+like country, state, organization name and etc which we had to enter to resume.
+\begin{lstlisting}
+openssl req -new -key server.key -out server.csr
+\end{lstlisting}
+\par In the next step we had to sign the certificate signing request and enter the amount of days for how long it should be valid.
+In our case we entered the duration of one year, one can make it for longer periods as well (i.e. the amount of 365 has to be changed.)
+\begin{lstlisting}
+openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+\end{lstlisting}
+\par We were asked to enter the password again for \emph{server.key}. After we have completed this step we had to make
+a version of the \emph{server.key} which did not require a password, \emph{server.key.insecure} and we will rename the files appropriately.
+\begin{lstlisting}
+openssl rsa -in server.key -out server.key.insecure
+mv server.key server.key.secure
+mv server.key.insecure server.key
+\end{lstlisting}
+\par The generated files are very sensitive, since they are our keys. After these steps were completed, we had generated 4 files (\emph{server.crt}, \emph{server.csr}, \emph{server.key} and \emph{server.key.secure}). Now we need to enable the SSL engine on the Apache web server.
+We coppied \emph{server.key} and \emph{server.crt} into \emph{/etc/appache2/ssl}.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2$ sudo mkdir ssl
+cp server.key /etc/apache2/ssl
+cp server.crt /etc/apache2/ssl
+\end{lstlisting}
+Then we enabled SSL by typing in \emph{a2enmod ssl}, ``it is simply a general purpose utility to establish a symlink between a module in \emph{/etc/apache2/mods-available} to \emph{/etc/apache2/mods-enabled} (or give a message to the effect that a given module does not exist or that it is already symlinked for loading)'' \cite{https}.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
+Enabling module ssl.
+See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
+Run '/etc/init.d/apache2 restart' to activate new configuration!
+\end{lstlisting}
+\par In the next procedure we had to establish a symlink from the 'available' default-ssl file to the 'enabled' file \cite{https}. Then we created a folder where our secured PHP files will be located (e.g. https://some-domain-name.com/test-software).
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/ssl$ sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
+refik@ubuntu:/etc/apache2/ssl$ cd /var/
+refik@ubuntu:/var$ sudo mkdir www-ssl
+\end{lstlisting}
+\par We had backed up our old configuration files for the virtual hosts, for the case that the damage the Apache configuration files. Then we edited the \emph{default-ssl} file.
+\begin{lstlisting}
+refik@ubuntu:/var$ cd /etc/apache2/sites-available
+refik@ubuntu:/etc/apache2/sites-available$ sudo cp default default_original
+refik@ubuntu:/etc/apache2/sites-available$ sudo cp default-ssl default-ssl_original
+refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
+\end{lstlisting}
+\par Only the begining of the file is listed here and we have modified the line starting with \emph{DocumentRoot}
+from \emph{DocumentRoot /var/www} to \emph{DocumentRoot /var/www-ssl} (i.e. we had to redefine the location of our SSL directory.)
+\begin{lstlisting}
+<IfModule mod_ssl.c>
+<VirtualHost _default_:443>
+ ServerAdmin webmaster@localhost
+
+ DocumentRoot /var/www-ssl
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+\end{lstlisting}
+\par One should keep in mind that the port 443 should be free for Apache to use it. In the proceeding step we had to ensure that Apache listens on the given port for a \emph{https} connection.
+One could test that by going into the \emph{/etc/apache2/ports.conf}.
+\begin{lstlisting}
+<IfModule mod_ssl.c>
+ # If you add NameVirtualHost *:443 here, you will also have to change
+ # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
+ # to <VirtualHost *:443>
+ # Server Name Indication for SSL named virtual hosts is currently not
+ # supported by MSIE on Windows XP.
+ Listen 443
+</IfModule>
+\end{lstlisting}
+\par In our case it was set up correctly, since the command: \emph{Listen 443} was present.
+In our last configuration step we had to edit \emph{default-ssl} file to define the correct locations of our keys and to ensure the SSL engine was turned on.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
+\end{lstlisting}
+\newpage
+\par The following part had to be found and modified according to our locations:
+\begin{lstlisting}
+SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/apache2/ssl/server.crt
+ SSLCertificateKeyFile /etc/apache2/ssl/server.key
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+\end{lstlisting}
+Finally we had configured our server and can proceed with the restart of the apache web server.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
+ * Restarting web server apache2 [Sat Oct 08 21:52:51 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
+ ... waiting [Sat Oct 08 21:52:52 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ]
+refik@ubuntu:/etc/apache2/sites-available$
+\end{lstlisting}
+
+
+
+
+
\newpage
\section{Web page}
@@ -225,6 +336,9 @@ Hypothesis}, preprint (2003), available at
\bibitem{sshTunnel} R. Natarajan, \emph{3 Steps to perform SSH login without password using ssh-keygen \& ssh-copy-id}, accessed on 18.08.2011, available at
\url{http://goo.gl/fX68N}.
+\bibitem{https} P. Bramscher, \emph{Creating Certificate Authorities and self-signed SSL certificates}, accessed on 05.09.2011, available at
+\url{http://www.tc.umn.edu/~brams006/selfsign.html}.
+
%bibliography end
\end{thebibliography}
diff --git a/notFinishedCode/Report/test.tex~ b/notFinishedCode/Report/test.tex~
index 40dc5c1..92b9005 100644
--- a/notFinishedCode/Report/test.tex~
+++ b/notFinishedCode/Report/test.tex~
@@ -104,6 +104,8 @@ Gradually we implemented a bit-by-bit of the final software. Every single step w
\newpage
\section{Software concept} % chapter 2
\newpage
+\section{Database design}
+\newpage
\section{Introduction} % section 2.1
\subsection{Usage} % subsection 2.1.1
\newpage
@@ -135,7 +137,7 @@ Gradually we implemented a bit-by-bit of the final software. Every single step w
\end{figure}
%\newpage
-\section{Security and safety of the test system}
+\section{Security and safety of the system}
\large Safety and security of the software plays a major role in our project.
It is of vital importance that only as few as possible people have access to our test system since the resulting data could be exploited to plan an attack
(e.g. assume the University alarm system uses the SIP gateway to connect to the outside world and to alarm the police, if one knows that the SIP gateway is not working properly, a burglar could plan to rob the University building just at that moment.) Therefore the choice to go Open Source is justified due to the fact that one should know how every single detail of the system works.
@@ -197,12 +199,120 @@ The test was successful. We tested it with our SSH Tunnel port forwarding class
\subsection{Security on the web site}
Securing the communication channels without making certain the web site is safe would be worthless.
We decided to use the \emph{https} protocol instead of the \emph{http} since a person in the middle
-could sniff our data (e.g. a person is connected with his/her smart-phone over an unprotected WiFi network).
+could sniff our data (e.g. a person is connected with his/her smart-phone over an unprotected wireless network) \cite{https}.
At the same time the web site should be accessible only by the authorized personel. Our first approach to this
problem was to build an PHP page with \emph{MD5} hashed passwords, however we got a suggestion by Konrad and Denis to
use a safer encryption method implemented in the Apache web server software, \emph{.htaccess}. By using
these two techniques we protected the web site of some vulnerabilities known to us. If the web site
-will be only accessed from our local university network, we can additionally add an IP filter mask as well.
+will be only accessed from our local university network, we can additionally add an IP filter mask as well.
+In the following paragraph we will explain our procedure how to generate the keys and to enable the https protocol.
+\par First we want to generate a server key by typing the following command:
+\begin{lstlisting}
+openssl genrsa -des3 -out server.key 4096
+\end{lstlisting}
+\par This will generate a 4096 bit long private server key, one is asked to enter two times a password for the \emph{server.key}.
+Using the generated private server key, we will create a certificate signing request, \emph{server.csr}. We were prompted with a series of questions
+like country, state, organization name and etc which we had to enter to resume.
+\begin{lstlisting}
+openssl req -new -key server.key -out server.csr
+\end{lstlisting}
+\par In the next step we had to sign the certificate signing request and enter the amount of days for how long it should be valid.
+In our case we entered the duration of one year, one can make it for longer periods as well (i.e. the amount of 365 has to be changed.)
+\begin{lstlisting}
+openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+\end{lstlisting}
+\par We were asked to enter the password again for \emph{server.key}. After we have completed this step we had to make
+a version of the \emph{server.key} which did not require a password, \emph{server.key.insecure} and we will rename the files appropriately.
+\begin{lstlisting}
+openssl rsa -in server.key -out server.key.insecure
+mv server.key server.key.secure
+mv server.key.insecure server.key
+\end{lstlisting}
+\par The generated files are very sensitive, since they are our keys. After these steps were completed, we had generated 4 files (\emph{server.crt}, \emph{server.csr}, \emph{server.key} and \emph{server.key.secure}). Now we need to enable the SSL engine on the Apache web server.
+We coppied \emph{server.key} and \emph{server.crt} into \emph{/etc/appache2/ssl}.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2$ sudo mkdir ssl
+cp server.key /etc/apache2/ssl
+cp server.crt /etc/apache2/ssl
+\end{lstlisting}
+\par Then we enabled SSL by typing in \emph{a2enmod ssl}, ``it is simply a general purpose utility to establish a symlink between a module in \emph{/etc/apache2/mods-available} to \emph{/etc/apache2/mods-enabled} (or give a message to the effect that a given module does not exist or that it is already symlinked for loading)'' \cite{https}.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
+Enabling module ssl.
+See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
+Run '/etc/init.d/apache2 restart' to activate new configuration!
+\end{lstlisting}
+\par In the next procedure we had to establish a symlink from the 'available' default-ssl file to the 'enabled' file \cite{https}. Then we created a folder where our secured PHP files will be located (e.g. https://some-domain-name.com/test-software).
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/ssl$ sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
+refik@ubuntu:/etc/apache2/ssl$ cd /var/
+refik@ubuntu:/var$ sudo mkdir www-ssl
+\end{lstlisting}
+\par We had backed up our old configuration files for the virtual hosts, for the case that the damage the Apache configuration files. Then we edited the \emph{default-ssl} file.
+\begin{lstlisting}
+refik@ubuntu:/var$ cd /etc/apache2/sites-available
+refik@ubuntu:/etc/apache2/sites-available$ sudo cp default default_original
+refik@ubuntu:/etc/apache2/sites-available$ sudo cp default-ssl default-ssl_original
+refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
+\end{lstlisting}
+\par Only the begining of the file is listed here and we have modified the line starting with \emph{DocumentRoot}
+from \emph{DocumentRoot /var/www} to \emph{DocumentRoot /var/www-ssl} (i.e. we had to redefine the location of our SSL directory.)
+\begin{lstlisting}
+<IfModule mod_ssl.c>
+<VirtualHost _default_:443>
+ ServerAdmin webmaster@localhost
+
+ DocumentRoot /var/www-ssl
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+\end{lstlisting}
+\par One should keep in mind that the port 443 should be free for Apache to use it. In the proceeding step we had to ensure that Apache listens on the given port for a \emph{https} connection.
+One could test that by going into the \emph{/etc/apache2/ports.conf}.
+\begin{lstlisting}
+<IfModule mod_ssl.c>
+ # If you add NameVirtualHost *:443 here, you will also have to change
+ # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
+ # to <VirtualHost *:443>
+ # Server Name Indication for SSL named virtual hosts is currently not
+ # supported by MSIE on Windows XP.
+ Listen 443
+</IfModule>
+\end{lstlisting}
+\par In our case it was set up correctly, since the command: \emph{Listen 443} was present.
+In our last configuration step we had to edit \emph{default-ssl} file to define the correct locations of our keys and to ensure the SSL engine was turned on.
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
+\end{lstlisting}
+\newpage
+\par The following part had to be found and modified according to our locations:
+\begin{lstlisting}
+SSLEngine on
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/apache2/ssl/server.crt
+ SSLCertificateKeyFile /etc/apache2/ssl/server.key
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+\end{lstlisting}
+\par Finally we had configured our server and can proceed with the restart of the apache web server. We created a test web site \emph{/var/www-ssl/index.php} and navigated our browser to \emph{https://localhost}. The test was successful!
+\begin{lstlisting}
+refik@ubuntu:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
+ * Restarting web server apache2 [Sat Oct 08 21:52:51 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
+ ... waiting [Sat Oct 08 21:52:52 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ]
+refik@ubuntu:/etc/apache2/sites-available$
+\end{lstlisting}
+
+
+
+
+
\newpage
\section{Web page}
diff --git a/notFinishedCode/Report/test.toc b/notFinishedCode/Report/test.toc
index 509d259..213bd35 100644
--- a/notFinishedCode/Report/test.toc
+++ b/notFinishedCode/Report/test.toc
@@ -1,12 +1,13 @@
\select@language {english}
\contentsline {section}{\numberline {1}Introduction and Motivation}{3}
\contentsline {section}{\numberline {2}Software concept}{4}
-\contentsline {section}{\numberline {3}Introduction}{5}
-\contentsline {subsection}{\numberline {3.1}Usage}{5}
-\contentsline {section}{\numberline {4}Design}{6}
-\contentsline {section}{\numberline {5}Protocol}{7}
-\contentsline {section}{\numberline {6}Security and safety of the test system}{8}
-\contentsline {subsection}{\numberline {6.1}Encryption of the communication channels}{8}
-\contentsline {subsection}{\numberline {6.2}Security on the web site}{9}
-\contentsline {section}{\numberline {7}Web page}{11}
-\contentsline {section}{\numberline {8}Conclusion}{12}
+\contentsline {section}{\numberline {3}Database design}{5}
+\contentsline {section}{\numberline {4}Introduction}{6}
+\contentsline {subsection}{\numberline {4.1}Usage}{6}
+\contentsline {section}{\numberline {5}Design}{7}
+\contentsline {section}{\numberline {6}Protocol}{8}
+\contentsline {section}{\numberline {7}Security and safety of the system}{9}
+\contentsline {subsection}{\numberline {7.1}Encryption of the communication channels}{9}
+\contentsline {subsection}{\numberline {7.2}Security on the web site}{10}
+\contentsline {section}{\numberline {8}Web page}{14}
+\contentsline {section}{\numberline {9}Conclusion}{15}