summaryrefslogtreecommitdiffstats
path: root/notFinishedCode/Report/test.tex~
blob: 685711332be7a6d275f3510552e9349bd086e967 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
\documentclass[a4paper, titlepage, oneside, headsepline, footsepline]{scrartcl} 
%PACKAGES
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\usepackage[english]{babel} %what language are we using
\usepackage[latin2]{inputenc} %what alphabet

\usepackage[tt]{titlepic} %used for adding the title image
\usepackage{graphicx} %used for adding images
\usepackage{url}  %used for the url in bibliography
\usepackage{lastpage} %give me the total number of pages, used in footer: \pageref{LastPage}

\usepackage[T1]{fontenc} %used for fonts
\usepackage{scrpage2} %used for making headers, footers and correct margins

\usepackage{color} %used for highlighting source code
\usepackage{listings} %used to make a box with source code
\usepackage{fancyvrb}
\DefineVerbatimEnvironment{code}{Verbatim}{fontsize=\small}
\DefineVerbatimEnvironment{example}{Verbatim}{fontsize=\small}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%DEFINE LOOK OF THE PAGES
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\pagestyle{scrheadings}

\renewenvironment{abstract}
	{\begin{center}\large\textbf{}\noindent\end{center}}{\vspace{2\baselineskip}}

% Disable single lines at the start of a paragraph (Schusterjungen)
\clubpenalty = 10000
% Disable single lines at the end of a paragraph (Hurenkinder)
\widowpenalty = 10000 \displaywidowpenalty = 10000

\setlength{\parskip}{0.01\baselineskip}
\textheight = 620pt

\ohead{\titleOfProject} %make the header
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%DEFINE THE STUFF FOR CODE 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\lstset{ %
%language=Python,                % choose the language of the code
columns=fullflexible,
keywordstyle=\color[rgb]{0.608,0.561,0.008},
commentstyle=\color[rgb]{0.25,0.5,0.35},
stringstyle=\color[rgb]{0.25,0.35,0.85},
basicstyle=\footnotesize,%\scriptsize       % the size of the fonts that are used for the code
%numbers=left,                   % where to put the line-numbers
numberstyle=\footnotesize,      % the size of the fonts that are used for the line-numbers
stepnumber=1,                   % the step between two line-numbers. If it is 1 each line will be numbered
numbersep=8pt,                  % how far the line-numbers are from the code
backgroundcolor=\color{white},  % choose the background color. You must add \usepackage{color}
showspaces=false,               % show spaces adding particular underscores
showstringspaces=false,         % underline spaces within strings
showtabs=false,                 % show tabs within strings adding particular underscores
frame=single,   		% adds a frame around the code
tabsize=2,  		% sets default tabsize to 2 spaces
captionpos=b,   		% sets the caption-position to bottom
breaklines=true,    	% sets automatic line breaking
breakatwhitespace=false,    % sets if automatic breaks should only happen at whitespace
escapeinside={\%}{)}          % if you want to add a comment within your code
}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


\newcommand{\titleOfProject}{Software for self-testing of the Telecommunication network of University of Freiburg}



%begin of the document
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{document}



%make the title page
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\titlepic{\includegraphics[width=70mm]{uniLogo1.jpg}}
\title{Team project \\ ``\titleOfProject''}   % type title between braces
\date{\today}    % type date between braces
\author{Arda Akcay\\ Tri Atmoko\\ Refik Had\v{z}iali\'{c} }         % type author(s) between braces
\department{\vspace{1\baselineskip} \large Albert-Ludwigs-Universit\"{a}t Freiburg \\
Lehrstuhl f\"{u}r  Komunikationsysteme\\
Prof. Dr. Gerhard Schneider\\ \vspace{1\baselineskip} Supervisors: \\ Konrad Meier \\ Denis Wehrle \\ \vspace{1\baselineskip} Sommersemester 2011}

\maketitle
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%add the table of contents 
\tableofcontents 

%new page to start with 
\clearpage 




% first chapter
\section{Introduction and Motivation}             % chapter 1
\large In the following report, the authors will try to give you a brief insight into our team project. The goal of our project was to develop a mechanism for automatic testing of our University Telecommunication network. The Telecommunication network of University of Freiburg consists of: our own internal GSM and telephone network systems; GSM redirecting device (if one initiates a call to one of the four external GSM networks, it redirects the calls to: T-mobile, 02, Vodaphone or E-Plus); a SIP gateway for landline calls inside of Germany (sipgate.de) and international calls. Since we did not have access to internal servers, our strategy was to exploit the existing systems and infer the results out of our findings.
Before we had started working on our project, we had to analyze the overall network to come up with test cases that contain the highest information content. The next step in our procedure was to implement our ideas into a working piece of software. 
Gradually we implemented a bit-by-bit of the final software. Every single step was accompanied by testing and validation procedures. At the end we connected all the ``black-boxes'' into one big piece of software. We have fulfilled our requests and goals and made a fully working and operable test software. Despite developing a working software, all the way along we thought about the simplicity of the usage of the software. In the following chapters we will describe in more detail our approach and how each subsystem works.
\clearpage
\section{Requirements}           % chapter 2
\begin{figure}[ht!]
  \centering
  \includegraphics[width=140mm]{BigPicture_new1.png}
  \caption[]{Database relationship diagram}
\end{figure}
\newpage
\section{Database design}
At the start our database of choice was MySQL.
When the 
\begin{figure}[ht!]
  \centering
  \includegraphics[width=130mm]{DBRelationship.png}
  \caption[]{Database relationship diagram}
\end{figure}

\newpage
\section{Software design}     % section 2.1
\subsection{Database access}         % subsection 2.1.1
Accessing the database is of critical value to our project, therefore we had developed our own class that limits the access to the database. In the process of developing our own class we used the MySQLdb library in Python \cite{mysqlManual}.
The database class has two working modes, a normal working mode and a debugging mode. The difference between these two modes is in the output information. In case the error handling function raises an error and it is unknown, if the debug mode is set a complete backtrace of the error will be printed out. A developer can change the mode by setting the variable \emph{debugMode=1}. The class diagram can be seen in the following figure. 
\begin{figure}[ht!]
  \centering
  \includegraphics[width=100mm]{dbClass.png}
  \caption[]{Class diagram for the dbClass}
\end{figure}
The method names are self-explanatory and do not require extra explanations. All the outputs produced by the class can be found on the project wiki page \cite{wiki}.
\subsection{Controlling the cell phones}
Our first version of the developed program code for controlling the cell phones used predefined timed values
to send commands instead of using a state controlled approach to confirm that every command was successfuly received and executed by the cell phone. 
It meant we had to make an enormous number of assumptions. In comparison to our second approach, to build a state controlled cell phone control class,
our first approach was inferior and slower. The state controlled method connected two cell phones, on the same base station, up to 15 times faster than the timed approach. 
\begin{figure}[ht!]
  \centering
  \includegraphics[width=80mm]{serialPort.png}
  \caption[]{GSM class diagram for controlling the cell phones}
\end{figure}
One can easyly apply the class just by correctly defining the parameters: port address, baud rate and timeout. The former two are self-explanatory and the timeout parameter is used to define when the alarm function should raise a timeout exception. 
A timeout exception gets raised when the cell phone does not respond (i.e. when the cell phone enters a deadlock or delayed state.) We had used the serial port library inside of Python although we use USB cables to connect to our cell phones. One should 
be aware that our USB cables create a virtual serial port. More details on class design and an example can be found on our project wiki \cite{wiki}.
\subsection{Client and Server class}
Our socket communication code is based on the example given in the Python socket manual \cite{socket}. 
We extended it into two classes, a client and a server class. We had used the TCP protocol to base our two classes on\footnote{TCP is reliable compared to UDP (i.e. transmitted packets get also delivered), 
packets are ordered when received and data are received in a stream (i.e. multiple packets can be read at once.)}. 
The Server class can be seen in the following figure. The server class is implemented to accept only local connections\footnote{More details are given in the section 7.1}. 
First we determine our IP address and then create the socket to listen only for the same IP address (with a different IP address than the selected one a connection cannot be even established.) 
One has to define the port on which the server object should listen.
When receiving data one can easily define the timeout to be raised if data are not received in the timeout range or set it to \emph{0} to infinitely wait for the buffer to be filled with received data. While testing the server class we had the problem to listen on the same port if the application was forcibly\footnote{Manually closed using CTRL+C and run again.} restarted in less than 60 seconds. We got the error message: \emph{"Address already in use"}. 
This is not known as error behavior but rather an option to help the server to catch lost live packets (i.e. packets that are still in the network looking for it is goal destination.)
We solved the problem by changing the socket options with the \emph{SO\_REUSEADDR} parameter. This enabled us to get around the error when we tried to restart our server application. 
Before solving the problem without using the socket parameter, we had another solution to get around this problem by killing the application running the port, this old method is obsolete now.
\begin{figure}[ht!]
  \centering
  \includegraphics[scale=0.8]{serverClass.png}
  \caption[]{Server class, used by the server application}
\end{figure}
In the process of testing the client class we did not have any major problems. The only major flow we had to debug was when one of the sides disconnects that we get out of the waiting loop if the timeout variable was set to \emph{0} (i.e. infinite waiting loop.) 
The client class can be seen in the following figure. To initialize the client object one needs to define the IP address and the port of the server application listening on it. 
\begin{figure}[hb!]
  \centering
  \includegraphics[scale=0.5]{ClientClass.png}
  \caption[]{Client class, used by the client application}
\end{figure}
Once an instance of it is created and loaded with the IP address and the port, one needs to call the \emph{connect()} method. 
The method will produce an integer based on its connection state. Output information and the programming code can be found on our project wiki page \cite{wiki}.
\subsection{Ping class}
Before making any test and establishing a connection we were required to ensure that the server is online. The best way to assess the liveness property was to ping the server computer running the required service. Once the class is properly defined, we could easily set the number of ping tries. 
A ping timeout response was set up to 2 seconds. For more details and insights, one can read more about it on our wiki page \cite{wiki}.
\begin{figure}[ht!]
  \centering
  \includegraphics[width=70mm]{ping.png}
  \caption[]{Ping class, used by test software}
\end{figure}
\subsection{Data logging}
If bugs appear it is important to reconstruct the case. One of the best ways to reconstruct the case was to log every single step part of code gets executed. 
We had used the logging class to follow our handler code run on the BeagleBoard. In case there is an error we could look inside of the log files and track the error. 
How the class works and what kind of outputs it produces can be found on our project wiki page \cite{wiki}. 
\begin{figure}[ht!]
  \centering
  \includegraphics[width=60mm]{logging.png}
  \caption[]{Logging class}
\end{figure}
\subsection{SSH Class}
\clearpage
\section{Hardware design}
In our team project we had the option to choose all the required hardware ourself beside the two BeagleBoards, which we were supplied by Konrad and Dennis. 
Since one of the project goals was to reduce the costs as much as it was possible, we had tried to use some of the leftovers found in our lab.

\subsection{BeagleBoard}
``The BeagleBoard is an OMAP3530 platform designed specifically to address the Open 
Source Community.
\begin{figure}[ht!]
  \centering
  \includegraphics[width=130mm]{bb.jpg}
  \caption[]{BeagleBoard, a linux-on-chip board where our controller software runs the GSM device }
\end{figure}
It has been equipped with a minimum set of features to allow the 
user to experience the power of the OMAP3530 and is not intended as a full development 
platform as many of the features and interfaces supplied by the OMAP3530 are not 
accessible from the BeagleBoard'' \cite{beagleDataSheet}.
We run on it a special precompiled version of Ubuntu for the ARM processor type. The Linux system boots up from an SD Card.
The board has an USB hub and network port attached to it. In our project it is connected to our
internal university LAN network and to a cell phone. We positioned the two BeagleBoards in rooms where
we had LAN access and GSM signal coverage of our two local base stations. 

\subsection{Cell phones}
Our first attempt was to control a Nokia cell phone 3310 with the supplied USB connection cable. 
The protocols used by old versions of Nokia cell phones, as the 3310, use the F-Bus protocol. It was not easy to work with. 
After performing various experiments we succeeded to send and to read SMS messages. Later on we found out that it was not possible to 
send commands for receiving and making the calls. In the meantime we found two Siemens phones, one M45 and S55. 
The first one, Siemens M45, had a cable supplied with it and it was not difficult to control it with the standard set of AT modem commands. 
At the start we did not have a cable supplied for the Siemens S55 phone. We controlled it over the Bluetooth port.

\subsection{Cables for the cell phones}
Due to the fact that we had used 5 cell phones on a single computer, the best solution was to order 5 USB cables. 
Konrad bought 5 cables for 5 Siemens S55 cell phones. All of the cables have an USB2Serial chip converter inside of them. 
Once they were plugged into the USB port, Ubuntu automatically recognized the cables and installed the drivers.
The virtual serial ports were created and could be found on \emph{/dev/ttyUSBx}, where $x$ is the automatically assigned number for the port. 
Some of the cables had the cability to charge the Siemens S55 phones. 
Konrad had opened several cables to solder the power supplies to some contacts and the problem was solved for all of the cables. 
\subsection{Server}
We were given an old Pentium 3 computer where we installed Ubuntu Linux. Configured the Appache web server and MySQL. 
\clearpage

\section{Communication protocol}
\subsection{Hanlder side}
\begin{figure}[ht!]
  \centering
  \includegraphics[width=130mm]{protocolCommunicationHandler.png}
  \caption[]{Flowchart of the protocol, on the handler side}
\end{figure}

\begin{figure}[ht!]
  \centering
  \includegraphics[width=130mm]{protocolCommunicationcControllerReceiver.png}
  \caption[]{Flowchart of the protocol, on the controller side for the caller}
\end{figure}

\begin{figure}[ht!]
  \centering
  \includegraphics[width=130mm]{protocolCommunicationcControllerCaller.png}
  \caption[]{Flowchart of the protocol, on the controller side for the receiver}
\end{figure}

\subsection{Verification of the protocol}
``SPIN is a model checker - a software tool for verifying models of physical
systems, in particular, computerized systems. First, a model is written that
describes the behavior of the system; then, correctness properties that express
requirements on the system's behavior are specified; finally, the model
checker is run to check if the correctness properties hold for the model, and,
if not, to provide a counterexample: a computation that does not satisfy a
correctness property.'' \cite{spin}. We modeled our simple protocol in SPIN using
the programming language PROMELA \cite{spin}. Since PROMELA is similar to C it was 
not possible to ensure 100\% matching with Python but we had made the assumptions of it.
We modeled both sides, server and client side. As well as the server side being a caller 
and a callee. It was important to find out if our protocol is deadlock or delayed state free. 
For more details our model can be found on our wiki project page with the PROMELA source code \cite{wiki}. 
We had built in a 50\% random probability that the call test will not be successful, to make the model even more
realistic. Our protocol idea was deadlock free and the verification results prove it:
\begin{lstlisting}
(Spin Version 6.1.0 -- 2 May 2011)
    + Partial Order Reduction
Full statespace search for:
    never claim             - (none specified)
    assertion violations    +
    cycle checks           - (disabled by -DSAFETY)
    invalid end states    +
State-vector 44 byte, depth reached 65, errors: 0 
       40 states, stored
        3 states, matched
       43 transitions (= stored+matched)
       90 atomic steps
hash conflicts:         0 (resolved)
    2.195    memory usage (Mbyte)
unreached in proctype Server1
    (0 of 36 states)
unreached in proctype Server2
    (0 of 36 states)
unreached in proctype Client
    (0 of 67 states)
pan: elapsed time 0 seconds
\end{lstlisting}
After we had modeled the basic idea we had written the code that implements our idea. The Python code
resembles some kind of a state machine which remembers the last state and what the next state should be in case
of receiving corresponding message. Otherwise it enters the exit state and then the start state.

\clearpage
\newpage


\section{Security and safety of the system}
\large Safety and security of the software plays a major role in our project. 
It is of vital importance that only as few as possible people have access to our test system since the resulting data could be exploited to plan an attack 
(e.g. assume the University alarm system uses the SIP gateway to connect to the outside world and to alarm the police, if one knows that the SIP gateway is not working properly, a burglar could plan to rob the University building just at that moment.) Therefore the choice to go Open Source is justified due to the fact that one should know how every single detail of the system works.
All the time, while we were working on the project, we were made aware of this issue by Denis and Konrad.  
We decided to use asymmetric key cryptography, where each side has two keys (private and public.) In the next sections we will explain in more details how we applied the methods.
\subsection{Encryption of the communication channels}
At first we thoought to encrypt the data before sending them but since none of us was an expert on encryption standards the idea was rejected. Alongside the fact that none of us had been an expert in the field of cryptography, we were neither experts in the field of internet programming. One could find maybe a way to disable our server software with various hacking methods (e.g. 
trying to open the port until the system runs out of memory and in our case the system which we used on the handler side was a BeagleBoard with ARM architecture running on a single chip TI OMAP processor, refer to the picture in figure 1.) 
We had to eliminate even the slightest possible threat in return for spending more time for debugging the test software system. Despite we were aware of all these facts, we had to choose one of the plenty implemented encryption standards on Linux.
Denis and Konrad suggested using the SSH Tunneling method. 

\begin{figure}[ht!]
  \centering
  \includegraphics[width=120mm]{sshTunnel.png}
  \caption[]{SSH Tunnel, all the communication inside the tunnel is encrypted }
\end{figure}

Using the SSH Tunnel port forwading method we could hide the real port we had used for our socket connection. On the other hand we could force the socket to accept only local connections (i.e. from the machine where the handler software was running.) 
The SSH Tunnel port forwarind method creates an encrypted tunnel between the two computers and then it creates two ports, one on the local and remote computer. All the data sent through the port on the local machine appear on the port at the remote machine. \newline The first problem we faced was that SSH required the username and password everytime we tried to make an SSH connection. We could avoid this problem by copying the public key from our server (where our test software runs) to the BeagleBoard \cite{sshTunnel}. 
This can be performed by executing the following commands in the terminal shell.
One has to create first the private and public keys on the local machine(i.e. server computer, where the test software runs):

\begin{lstlisting}
jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/jsmith/.ssh/id_rsa.
Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
The key fingerprint is:
33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host
\end{lstlisting}

Then one needs to copy the public key to the remote machine (BeagleBoard) using ssh-copy-id:

\begin{lstlisting}
jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
jsmith@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting. 
\end{lstlisting}

After we have created the public and private keys, and coppied the public key on the machine to which we want to connect, we can test if we can make an SSH connection to the remote machine:

\begin{lstlisting}
jsmith@local-host$ ssh remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]
\end{lstlisting}
The test was successful. We tested it with our SSH Tunnel port forwarding class and it worked perfectly. 
\subsection{Security on the web site}
Securing the communication channels without making certain the web site is safe would be worthless. 
We decided to use the \emph{https} protocol instead of the \emph{http} since a person in the middle 
could sniff our data (e.g. a person is connected with his/her smart-phone over an unprotected wireless network) \cite{https}.
At the same time the web site should be accessible only by the authorized personel. Our first approach to this 
problem was to build an PHP page with \emph{MD5} hashed passwords, however we got a suggestion by Konrad and Denis to 
use a safer encryption method implemented in the Apache web server software, \emph{.htaccess}. By using 
these two techniques we protected the web site of some vulnerabilities known to us. If the web site 
will be only accessed from our local university network, we can additionally add an IP filter mask as well.
In the following paragraph we will explain our procedure how to generate the keys and to enable the https protocol. 
\par First we want to generate a server key by typing the following command:
\begin{lstlisting}
openssl genrsa -des3 -out server.key 4096
\end{lstlisting}
\par This will generate a 4096 bit long private server key, one is asked to enter two times a password for the \emph{server.key}.
Using the generated private server key, we will create a certificate signing request, \emph{server.csr}. We were prompted with a series of questions 
like country, state, organization name and etc which we had to enter to resume.
\begin{lstlisting}
openssl req -new -key server.key -out server.csr 
\end{lstlisting}
\par In the next step we had to sign the certificate signing request and enter the amount of days for how long it should be valid. 
In our case we entered the duration of one year, one can make it for longer periods as well (i.e. the amount of 365 has to be changed.)
\begin{lstlisting}
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
\end{lstlisting}
\par We were asked to enter the password again for \emph{server.key}. After we have completed this step we had to make
a version of the \emph{server.key} which did not require a password, \emph{server.key.insecure} and we will rename the files appropriately. 
\begin{lstlisting}
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
\end{lstlisting}
\par The generated files are very sensitive, since they are our keys. After these steps were completed, we had generated 4 files (\emph{server.crt}, \emph{server.csr}, \emph{server.key} and \emph{server.key.secure}). Now we need to enable the SSL engine on the Apache web server. 
We coppied \emph{server.key} and \emph{server.crt} into \emph{/etc/appache2/ssl}. 
\begin{lstlisting}
refik@ubuntu:/etc/apache2$ sudo mkdir ssl
cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl
\end{lstlisting}
\par Then we enabled SSL by typing in \emph{a2enmod ssl}, ``it is simply a general purpose utility to establish a symlink between a module in \emph{/etc/apache2/mods-available} to \emph{/etc/apache2/mods-enabled} (or give a message to the effect that a given module does not exist or that it is already symlinked for loading)'' \cite{https}.
\begin{lstlisting}
refik@ubuntu:/etc/apache2/ssl$ sudo a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
\end{lstlisting}
\par In the next procedure we had to establish a symlink from the 'available' default-ssl file to the 'enabled' file \cite{https}. Then we created a folder where our secured PHP files will be located (e.g. https://some-domain-name.com/test-software).
\begin{lstlisting}
refik@ubuntu:/etc/apache2/ssl$ sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl 
refik@ubuntu:/etc/apache2/ssl$ cd /var/
refik@ubuntu:/var$ sudo mkdir www-ssl
\end{lstlisting}
\par We had backed up our old configuration files for the virtual hosts, for the case that the damage the Apache configuration files. Then we edited the \emph{default-ssl} file.
\begin{lstlisting}
refik@ubuntu:/var$ cd /etc/apache2/sites-available
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default default_original
refik@ubuntu:/etc/apache2/sites-available$ sudo cp default-ssl default-ssl_original
refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
\end{lstlisting}
\par Only the begining of the file is listed here and we have modified the line starting with \emph{DocumentRoot}
from \emph{DocumentRoot /var/www} to \emph{DocumentRoot /var/www-ssl} (i.e. we had to redefine the location of our SSL directory.)
\begin{lstlisting}
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www-ssl
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
\end{lstlisting}
\par One should keep in mind that the port 443 should be free for Apache to use it. In the proceeding step we had to ensure that Apache listens on the given port for a \emph{https} connection. 
One could test that by going into the \emph{/etc/apache2/ports.conf}. 
\begin{lstlisting}
<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>
\end{lstlisting}
\par In our case it was set up correctly, since the command: \emph{Listen 443} was present. 
In our last configuration step we had to edit \emph{default-ssl} file to define the correct locations of our keys and to ensure the SSL engine was turned on.
\begin{lstlisting}
refik@ubuntu:/etc/apache2/sites-available$ sudo vim default-ssl
\end{lstlisting}
\newpage
\par The following part of the file had to be found and modified according to our locations:
\begin{lstlisting}
SSLEngine on

       #   A self-signed (snakeoil) certificate can be created by installing
       #   the ssl-cert package. See
       #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
       #   If both key and certificate are stored in the same file, only the
       #   SSLCertificateFile directive is needed.
       SSLCertificateFile    /etc/apache2/ssl/server.crt
       SSLCertificateKeyFile /etc/apache2/ssl/server.key

       #   Server Certificate Chain:
       #   Point SSLCertificateChainFile at a file containing the
\end{lstlisting}
\par Finally we had configured our server and can proceed with the restart of the apache web server. We created a test web site \emph{/var/www-ssl/index.php} and navigated our browser to \emph{https://localhost}. The test was successful! 
\begin{lstlisting}
refik@ubuntu:/etc/apache2/sites-available$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                                                                                                        [Sat Oct 08 21:52:51 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
 ... waiting [Sat Oct 08 21:52:52 2011] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ OK ]
refik@ubuntu:/etc/apache2/sites-available$  
\end{lstlisting}




  
\newpage
\section{Web page}
\large One of the requests of our team project was to build a test system that could be started from the web site.
Since we used the Open Source platform to base our project on, it was certain we will use it for the web site as well. 
The dynamic parts of the web site were programmed using PHP and JavaScript. The GUI was done using CSS. 
The web site opens TCP/IP sessions between itself and the Python test software. Due reasons explained in the section above, 
a test user needs first to enter his username and password to acccess the web site. Then a test user can manually select what type of tests he wants to perform or he can select already defined test, 
like the simple, smart or full test. (Describe here these three type of tests.) 
Data about the performing tests are inserted into the database only in the case if the mutex lock for the web site can be obtained\footnote{The mutex lock will be explained in the next subsection.}. 
This way we can avoid inserting data about the test in case there is already a test user on the website performing some tests on the system.
\subsection{Communication between the web page and the test software}
Our first idea was that the PHP file starts the test software. 
However, parts of our test software open new terminal windows and 
since PHP has restrictions for starting GUI applications our approach was condemned for a failure at the start. 
We had to deal with this problem and our solution to it was to write a little Python script that will run in background and start our
test software when required. Once a person starts the test over the web site, it automatically connects to the Python script over an TCP/IP socket. 
Before being able to start the test software one needs first to obtain the mutex lock on the web site and to check if there is a mutex lock for the test software running. 
Using this approach we can ensure that only one user at the time can be on the web site and run only one instance of the test software.
In the next step we send the Python script a message to start the test software. The test software obtains a mutex lock as well. 
When the test software is started the web page checks if a software lock is obtained. 
Once it is obtained we can proceed with creating a new socket connection between the web site and the test software. 
Our TCP/IP communication between the web site and the test software is not encrypted since both the web page and the test software run on the same server computer. 
The mutex locks are freed after the tests are performed. Our test software has a timeout timer in case that the web site hangs or somehow the socket connection breaks
where it automatically shuts down.  
\subsection{Results on the web page}
All the performed test results are displayed on the web site. The results are displayed in real time after each selected test case is performed. 
After all the test cases have been performed a topological picture is generated which represents the current state of the system, this can bee seen in the following figure. 
Afterwards, when the result picture is generated, the test user can easily see what is wrong in the system. Various icons represent different subsystems.
Reading the test results is simple as looking at the icons and identifying if they have: a green plus signs (i.e. working properly), a red minus sign (i.e. not working properly) and a yellow exclamation mark (i.e. it was not tested).

\begin{itemize}
\item Triangles represent BTS stations
\item Cellphones represent the external networks (E-Plus, Vodaphone, T-Mobile and O2)
\item Telephone represents the landline and a telephone with a mortarboard the University telephone network
\item Servers represent the OpenBSC and LsfKs-Asterisk
\item Two monitors represent the SIP system
\end{itemize} 

\par The inference mechanism works as following: if a test case works, we can conclude that the subsystems connected inbetween the two ends are working properly as well.
We use the pChart library\footnote{It is under the GNU GPLv3 license and our project is nonprofit!} to generate the topological picture of our telecommunication system \cite{pChart}. 
\begin{figure}[ht!]
  \centering
  \includegraphics[width=120mm]{resultsImage.png}
  \caption[]{Result image showing working, defected and not tested subsystems}
\end{figure}
\par On the right side of the result picture the test user can immediatelly identify the network operability in percentage\footnote{The test user has to take into account that this percantage is only valid if a full test is performed.}. Bellow the network operability statistics are the ping results statistics located. 
If one of the fields is red it means the subsystem is not online or cannot be seen by our server computer where the test software is located.
\newpage
\section{Conclusion}
\newpage

%bibliography start
\begin{thebibliography}{9}

\bibitem{mysqlManual} \emph{MySQLdb User's Guide},  accessed on 05.06.2011, available at \\
\url{http://mysql-python.sourceforge.net/MySQLdb.html}.

\bibitem{wiki} \emph{[2011] GSM Selftest  - Wiki - Lehrstuhl f\"{u}r Kommunikationssysteme}, accessed on 20.09.2011, available at \\
\url{http://lab.ks.uni-freiburg.de/projects/gsm-selftest/wiki}.

\bibitem{socket} \emph{17.2. socket - Low-level networking interface}, accessed on 20.06.2011, available at 
\url{http://docs.python.org/library/socket.html}.
 
\bibitem{spin} M. Ben-Ari \emph{Principles of the Spin Model Checker},
Springer Verlag, Weizmann Institute of Science, Israel, ISBN: 978-1-84628-769-5, 2008.

\bibitem{sshTunnel} R. Natarajan, \emph{3 Steps to perform SSH login without password using ssh-keygen \& ssh-copy-id},  accessed on 18.08.2011, available at 
\url{http://goo.gl/fX68N}.

\bibitem{https} P. Bramscher, \emph{Creating Certificate Authorities and self-signed SSL certificates},  accessed on 05.09.2011, available at 
\url{http://www.tc.umn.edu/~brams006/selfsign.html}.

\bibitem{pChart} \emph{pChart},  accessed on 15.08.2011, available at 
\url{http://www.pchart.net/}.

\bibitem{beagleDataSheet} \emph{BeagleBoard System Reference Manual},  accessed on 20.06.2011, available at 
\url{http://beagleboard.org/static/BBSRM_latest.pdf}.

%bibliography end
\end{thebibliography}

%end of the document
\end{document}