sen-material: hws/hw01.tex@0f824ca252e4 (annotated)

10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass{article}
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	2	\usepackage{../style}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	3
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	4	\begin{document}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	5
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\section*{Homework 1}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	8	\HEADER
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	9
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	10
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	11	\begin{enumerate}
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	12	\item {\bf (Optional)} If you want to have a look at the code
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	13	presented in the lectures, install \texttt{Node.js} available (for free) from
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	14	\begin{center}
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	15	\url{http://nodejs.org}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	16	\end{center}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	17
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	18	It needs also the Node-packages Express, Cookie-Parser,
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	19	Body-Parser and Crypto. They can be easily installed using the
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	20	Node package manager \texttt{npm}.
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	21
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	22
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\item Practice thinking like an attacker. Assume the following situation:
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	24
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	25	\begin{quote}\it
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	26	Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	27
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	28	\noindent
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	29	\begin{tabular}{@ {}l}
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	30	Write the first 100 digits of pi:\\
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	31	3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	32	\end{tabular}
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	33	\end{quote}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	34
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	35	\noindent
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	36	Think of ways how you can cheat in this exam? How would you defend
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	37	against such cheats.
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	38
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	39	\item Here is another puzzle where you can practice thinking
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	40	like an attacker: Consider modern car keys. They
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	41	wirelessly open and close the central locking system of
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	42	the car. Whenever you lock the car, the car ``responds''
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	43	by flashing the indicator lights. Can you think of a
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	44	security relevant purpose for that? (Hint: Imagine you
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	45	are in the business of stealing cars. What attack would
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	46	be easier to perform if the lights do not flash?)
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	47	Should the car also make a ``beep noise'' when it
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	48	unlocks the doors? Which threat could be thwarted
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	49	by that?
328 7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	50
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	51	\item And another one: Imagine you have at home a broadband
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	52	contract with TalkTalk. You do not like their service
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	53	and want to switch to Virgin, say. The procedure
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	54	between the Internet providers is that you contact
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	55	Virgin and set up a new contract and they will
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	56	automatically inform TalkTalk to terminate the old
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	57	contract. TalkTalk will then send you a letter to
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	58	confirm that you want to terminate. If they do not hear
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	59	from you, they will proceed with terminating
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	60	the contract and will request any outstanding
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	61	cancellation fees. Virgin on the other hand sends you a
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	62	new router and paperwork about the new contract.
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	63	Obviously this way of doing things is meant to make
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	64	switching as convenient as possible. Still can
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	65	you imagine situations in which this way of switching
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	66	providers can cause you a lot of headaches? For
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	67	this consider that TalkTalk needs approximately 14 days
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	68	to reconnect you and might ask for reconnection fees.
370 ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	69
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	70	\item And another one: A water company installed devices that
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	71	transmit meter readings when their company car drives
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	72	by. How can this transmitted data be abused, if not
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	73	properly encrypted? If you identified an abuse, then how
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	74	would you encrypt the data so that such an abuse is
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	75	prevented. Hint: Consider the fact that every person
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	76	uses approximately 120l of water every day.
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	77
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	78	%\item And another one: Nowadays everybody and their
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	79	% grandmother seems to be scared about a bomb going off at
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	80	% a big event, say a football game. To mitigate such a
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	81	% threat, you order expensive metal detectors and hire a
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	82	% security team that will staff these detectors at each
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	83	% game. Think whether people are really safer at a
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	84	% football game with metal detectors or not. Hint: People
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	85	% certainly might \emph{feel} safer by going through
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	86	% metal detectors, but the question is whether they
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	87	% \emph{are} safer. Hint: Consider how people arrive at
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	88	% such an event: within a relative short amount of time,
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	89	% thousands, if not more, spectators will arrive at your
5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	90	% football game.
370 ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	91
372 486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	92	%% CYA security - cover-your-ass
486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	93	% It's an attitude I've seen before: "Something must
486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	94	% be done. This is something. Therefore, we must do it."
486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	95	% Never mind if the something makes any sense or not.
486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	96
486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	97	\item And another one: Imagine you are researching security
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	98	products (e.g.~CCTV, alarms etc) on a helpful website.
384 3a7c08f2bf5d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 382 diff changeset	99	They ask you for your address details? Think about
382 5b943e29b717 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 380 diff changeset	100	whether this can be bad for you.
372 486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	101
486153025d71 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 371 diff changeset	102
350 54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	103	%\item Imagine there was recently a break in where computer criminals
54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	104	% stole a large password database containing
54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	105
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	106	\item Explain what hashes and salts are. Describe how they can be used
6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	107	for ensuring data integrity and storing password information.
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	108
171 6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	109	\item What is the difference between a brute force attack and a
6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	110	dictionary attack on passwords?
380 948f4b39d55d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 372 diff changeset	111
413 0f824ca252e4 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 384 diff changeset	112	\item Even good passwords consisting of 8 characters, can be
0f824ca252e4 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 384 diff changeset	113	broken in around 50 days (obviously this time varies a
0f824ca252e4 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 384 diff changeset	114	lot and also gets shorter and shorter over time). Do you
0f824ca252e4 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 384 diff changeset	115	think it is good policy to require users to change their
0f824ca252e4 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 384 diff changeset	116	password every 3 months (as King's did until recently)?
0f824ca252e4 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 384 diff changeset	117	Under which circumstance should users be required to
0f824ca252e4 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 384 diff changeset	118	change their password?
171 6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	119
14 fd7e587c794e tuning Christian Urban <urbanc@in.tum.de> parents: 10 diff changeset	120	\item What are good uses of cookies (that is browser cookies)?
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	121
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	122	\item Why is making bank customers liable for financial fraud a bad
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	123	design choice for credit card payments?
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	124
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	125	\end{enumerate}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	126
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	127	\end{document}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	128
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	129	%%% Local Variables:
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	130	%%% mode: latex
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	131	%%% TeX-master: t
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	132	%%% End:

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sat, 17 Oct 2015 11:31:12 +0100
changeset 413	0f824ca252e4
parent 384	3a7c08f2bf5d
child 456	f65e4fa6e902
permissions	-rw-r--r--