Skip to content

danimnunes/sirs_project

BranchesTags

Repository files navigation

A10 TicketIST Project

1. Team

Number Name User E-mail
103095 Daniel Nunes https://github.com/danimnunes mailto:[email protected]
102078 João Costa https://github.com/joaolscosta mailto:[email protected]
102975 Rafael Ribeiro https://github.com/RafaR13 mailto:[email protected]

Daniel Nunes João Costa Rafael Ribeiro

2. Contents

This repository contains documentation and source code for the Network and Computer Security (SIRS) project.

The REPORT document provides a detailed overview of the key technical decisions and various components of the implemented project. It offers insights into the rationale behind these choices, the project's architecture, and the impact of these decisions on the overall functionality and performance of the system.

This document presents installation and demonstration instructions.

3. Installation

To see the project in action, it is necessary to setup a virtual environment, with N networks and 4 machines.

The following diagram shows the networks and machines:

Network Diagram

3.1 Prerequisites

All the virtual machines are based on: Linux 64-bit, Kali 2023.3

You need to download Oracle VirtualBox to set up virtual machines. Make sure to also download the Kali Linux distribution for use in the virtual environment. Install the Kali distro in the VirtualBox and clone the base machine to create the other machines that we will explain in detail below.

3.2 VirtualBox Machine Configuration

To have all the requeried machines working, you need to create 4 virtual machines (vm). From the initial Kali machine, clone it 4 times to create the other machines and name them:

  • VM1
  • VM2
  • VM3
  • VM4

Now lets configure the networks in each virtual machine inside VirtualBox.

(For all next Internal Network settings, click advanced and select Allow VMs for promiscuous mode.)

3.2.1 For VM1

  1. Go to the settings of VM1 and for adapter 1, select the Internal Network and name it sw-1.

3.2.2 For VM2

  1. Go to the settings of VM2 and for adapter 1, select the Internal Network and name it sw-1.
  2. For adapter 2, select the Internal Network and name it sw-2.
  3. For adapter 2, select the NAT.

3.2.3 For VM3

  1. Go to the settings of VM3 and for adapter 1, select the Internal Network and name it sw-2.

3.2.4 For VM4

  1. Go to the settings of VM4 and for adapter 1, select the Internal Network and name it sw-2.

3.3 Machine Network Configuration

Now that the networks are configured in VirtualBox, we need to configure the networks in the virtual machines. For each machine you will need to run the commands below so every machine can have access to the internet, communicate with each other and have the necessary tools to run the project in a secure environment.

After each network configuration, test if the routes were correctly configured by executing the command route or ifconfig in the terminal. If not, run each command again.

3.3.1 For VM1 (Buyer/Validator)

# eth0 (sw-1) - Connects to the Gateway (VM2)
$ sudo ip addr add 192.168.0.100/24 dev eth0
$ sudo ip link set eth0 up

# Default route via the Gateway (VM2)
$ sudo ip route add default via 192.168.0.10

3.3.2 For VM2 (Gateway)

# eth0 (sw-1) - Connects to the Client (VM1) for external access
$ sudo ip addr add 192.168.0.10/24 dev eth0
$ sudo ip link set eth0 up

# eth1 (sw-2) - Connects to the API and database
$ sudo ip addr add 192.168.1.1/24 dev eth1
$ sudo ip link set eth1 up

# Enable IP forwarding to allow routing between networks
$ sudo sysctl -w net.ipv4.ip_forward=1

# Configure NAT to allow the internal network to access the internet
$ sudo iptables -t nat -F
$ sudo iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
$ sudo iptables -P FORWARD ACCEPT
$ sudo iptables -F FORWARD

3.3.3 For VM3 (API)

# eth0 (sw-2) - Connects to the Gateway (VM2) for the API network
$ sudo ip addr add 192.168.1.2/24 dev eth0
$ sudo ip link set eth0 up

# Default route through VM2 (Gateway) for the API network
$ sudo ip route add default via 192.168.1.1

3.3.4 For VM4 (Database)

# eth0 (sw-2) - Connects to the Gateway (VM2) for the Database network
$ sudo ip addr add 192.168.1.10/24 dev eth0
$ sudo ip link set eth0 up

# Default route through VM2 (Gateway) for the Database network
$ sudo ip route add default via 192.168.1.1

3.3.5 Problems that may arise

It is possible that machines can communicate with each other but can't reach network and seems to have no internet access, leading to packet loss or no connection at all. If any of the virtual machines doesn't have internet access after all of this steps, edit the /etc/resolv.conf file, comment or delete the nameserver that might be there and add the following line:

nameserver 8.8.8.8

Now you have all the networks and machines configured and ready to run the project as we will explain in the next section.

3.4 Running the Project

For each machine, there is an initialization script with the machine name, with prefix init- and suffix .sh, that installs all the necessary packages and makes all required configurations in the a clean machine.

Inside each machine, use Git to clone the repository.

$ git clone https://github.com/tecnico-sec/A10.git

Next we have custom instructions for each machine to run the project all together but first, all of the machines will run their scripts in virtual environment to install the necessary packages and configurations. Create the virtual environment in the root project directory and activate it:

$ python3 -m venv venv
$ source venv/bin/activate

Make sure next to follow the instructions in order for each machine to run the project.

3.4.1 For VM4 (Database)

This machine will run the database that will store all the information about the tickets, users, events, and other necessary information. This database is developed in MariaDB and uses SQL to manage the data.

Do not forget to run with the virtual environment.

$ sudo ./scripts/init-database.sh

3.4.2 For VM3 (API)

This machine will run the API that will receive the requests from the buyers and validators and communicate with the database to store and manage tickets, users, events, and other necessary information. This API is developed in Python and uses Flask to handle the requests. Every request from client first goes through the Gateway and then to the internal network to reach this API.

Do not forget to run with the virtual environment.

$ sudo ./scripts/init-api.sh

3.4.3 For VM1 (Buyer/Validator)

This machine will run a buyer and a validator in different terminals. Validators can validate the tickets bought by buyers. Both types of users are able to run the same CLI and can login with their own credentials to perform the actions they are allowed to such as a buyer can buy, share, send for validation or look for tickets and a validator that can listen for tickets to validate.

Do not forget to run with the virtual environment.

To install dependencies, run the following command:

$ ./scripts/init-client-validator.sh

To run the CLI execute the following command for for both buyer and validator in two different terminals:

$ python3 app/main.py

Run this command in two different terminals to run the buyer and the validator.

4. Demonstration

Now that all the networks and machines are up and running, here are some examples of how the project can be used and features implemented.

First of all, you will face with an initial screen where you can choose between login as Buyer or Validator or even as staff if you have privileged access.

Initial Screen

4.1 Buyer

After that, you will be able to login with your credentials and perform the actions you are allowed to. The process of a buyer register and login into is account goes throught a validation from is institutional email receiving a code to validate the register ensuring security and privacy by the use of this 2-factor authentication.

Buyer Register

The following image shows an example of the validation code received in email.

Validation Code

When logged in, you will face a menu where buyer can view events, available tickets, buy tickets, share tickets, send tickets for validation.

Buyer Menu

By checking tickets, buyer can see which annual tickets are available, which tickets exists for a single event, which tickets he bought and which tickets he get shared with. They show in each case the ticket id, the corresponding event, the price, the owner, the type, the seat and most of other information user might need.

If a buyer wants to by a ticket, he can buy the ticket and receive in client_tickets folder the correspondent ticket in a .json file. Every ticket that buyer wants to buy or share will be securely transmitted to the API by using our library that encrypts the data before sending and decrypts the data after receiving as we can see in the following image.

Buyer Buy Ticket

If a buyer wants to share a ticket, he can share the ticket with another user by providing the id of the user he wants to share with. In the left terminal we can see that a buyer shared a ticket with the id of the ticket and the id of the user he wants to share with and in the right terminal we can see that the user received the ticket and is able to see the ticket in the View Tickets received by loan option.

Buyer Share Ticket

If a buyer wants to send a ticket for validation, he can send the ticket with the id of the ticket he wants to send for validation but has to make sure he has the ticket in his possession. For that he can check the tickets he has in his possession by checking the purchased tickets or the tickets he get shared with. If he buys a ticket, he automatically gets the ticket in his possession, but for shared tickets he has to download the ticket in the Download Ticket option by requesting the ticket id.

Dowload Ticket

4.2 Validator

As a validator, you can login with your credentials and perform the actions you are allowed to.

He has a menu where he can listen for tickets to validate and validate tickets.

Validator Menu

The following image shows the validator listening for tickets. As soon as a ticket is sent for validation, the validator will receive it. In the left terminal we can see that a buyer sent a ticket for validation and in the right terminal we can see that the validator received the ticket and is able to validate it, returning the message to the buyer.

Validator Listen

This concludes the demonstration.

Additional Information

Links to Used Tools and Libraries

  • Python 3.9+ – Used for developing the API and CLI tools.
  • Flask – Framework for API development.
  • MariaDB – Database system for storing project information.
  • SQLAlchemy – ORM for database interaction.
  • Cryptography – Library used for data encryption and transaction security.
  • VirtualBox – Virtualization platform for setting up virtual environments.
  • Kali Linux – Linux distribution used for configuring virtual machines.
  • Git – Version control system for code management.
  • Virtual Environment – Used to create isolated Python virtual environments.
  • iptables – Configured for routing and NAT between networks.

Versioning

We use SemVer for versioning.

License

This project is licensed under the MIT License - see the LICENSE.txt for details.

END OF README

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages