[Assingment-7] updated simulate.sh
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m4s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 32s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m4s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 32s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
This commit is contained in:
Sascha Tommasone
parent
5e174f25f3
commit
c5695837a5
GPG key ID:
751068A86FCAA217
1 changed files with 20 additions and 15 deletions
|
|
@ -5,29 +5,34 @@ TMP=/tmp/signatureproxy
|
||||||
KEYDIR=../employee_keys
|
KEYDIR=../employee_keys
|
||||||
mkdir -p $TMP
|
mkdir -p $TMP
|
||||||
|
|
||||||
echo "Step 1: Setting up the signature proxy..."
|
echo "At Embedded Solutions Inc., security was paramount. The company specialized in creating firmware for a wide range of embedded devices used in critical industries, from medical equipment to automotive systems. To protect their firmware, they had implemented a sophisticated signature proxy system using Intel's SGX enclave technology."
|
||||||
|
|
||||||
|
echo "One bright morning, Alice, a senior engineer known for her meticulous work, arrived at her desk. She was tasked with signing the latest stable version of a critical medical device firmware that she had finished engineering the previous night."
|
||||||
|
|
||||||
|
echo "As she settled in, the IT team, always vigilant, prepared the signature proxy. They initialized it with a secret key stored securely within the enclave, ensuring that only authorized firmware could pass through."
|
||||||
./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem
|
./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem
|
||||||
echo "The signature proxy is initialized."
|
echo "The proxy was now ready to guard the integrity of their firmware."
|
||||||
|
|
||||||
echo "Step 2: Generating dummy firmware..."
|
echo "With the proxy ready, Alice compiled the latest stable version of the firmware. This firmware would soon run on life-saving medical devices, a fact that weighed heavily on her as she meticulously checked every detail."
|
||||||
dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null
|
dd if=/dev/urandom of=$TMP/firmware.bin bs=1G count=1 &> /dev/null
|
||||||
echo "Dummy firmware is generated."
|
|
||||||
|
|
||||||
echo "Step 3: Alice signs the firmware..."
|
echo "Once satisfied with the build, Alice signed the firmware with her private key. This was her mark, an assurance to the company that the firmware came from a trusted source."
|
||||||
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
||||||
echo "Alice, a trusted employee, signs the firmware."
|
|
||||||
|
|
||||||
echo "Step 4: Resigning Alice's signed firmware using the signature proxy..."
|
echo "The signed firmware, along with Alice's signature, was then sent to the signature proxy. The proxy, acting as a vigilant guardian, verified Alice's signature against a list of authorized keys. Her identity confirmed, the proxy signed the firmware with its own private key, adding an extra layer of security."
|
||||||
cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der
|
cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der
|
||||||
echo "The signature proxy verifies and resigns Alice's firmware."
|
|
||||||
|
|
||||||
echo "Step 5: Verifying the signed firmware..."
|
echo "The final step was crucial: verifying the signed firmware to ensure it was ready for deployment. The team couldn't afford any mistakes, knowing the firmware's destination were life-saving medical devices."
|
||||||
cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin
|
cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin
|
||||||
echo "The firmware's signature is verified."
|
|
||||||
|
|
||||||
echo "Step 6: Oskar attempts to sign a modified firmware..."
|
echo "Meanwhile, in a dark corner of the tech world, Oskar, a disgruntled former employee, was plotting his revenge. He had managed to get his hands on an old private key. With malicious intent, he set out to sign a modified version of the firmware, hoping to bypass the security measures."
|
||||||
|
|
||||||
|
echo "Oskar, driven by his vendetta, signed the firmware with his private key, intending to trick the system and cause havoc."
|
||||||
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
||||||
echo "Oskar, an attacker, tries to sign a modified firmware."
|
|
||||||
|
|
||||||
echo "Step 7: Oskar's signing attempt is rejected by the signature proxy..."
|
echo "With a smug grin, he tried to pass his signed firmware through the proxy. But the system was built to withstand such threats. The proxy, ever vigilant, scrutinized the incoming data."
|
||||||
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt was successful." || echo "Oskar's signing request is successfully rejected."
|
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt seemed successful. (This should not happen in a secure system!)" || echo "The proxy detected Oskar's unauthorized key and rejected the firmware. His malicious intent was thwarted, and the firmware remained secure."
|
||||||
|
|
||||||
|
echo "With Oskar's attempt foiled, Embedded Solutions could breathe a sigh of relief. The integrity of their firmware was intact, safeguarded by the robust security measures of their signature proxy system. Alice and her team could continue their work with confidence, knowing that their systems were safe from internal and external threats."
|
||||||
|
|
||||||
|
echo "This concludes the story of Alice, Oskar, and the secure firmware signing process at Embedded Solutions Inc. Through the diligent efforts of trusted employees and advanced security technology, the integrity and safety of their embedded devices were preserved."
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue