sen-material: hws/hw01.tex@690d778b9127 (annotated)

10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass{article}
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	2	\usepackage{../style}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	3
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	4	\begin{document}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	5
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\section*{Homework 1}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	8	\begin{enumerate}
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	9	\item {\bf (Optional)} If you want to have a look at the code
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	10	presented in the lectures, install \texttt{Node.js} available (for free) from
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	11	\begin{center}
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	12	\url{http://nodejs.org}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	\end{center}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	14
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	15	It needs also the Node-packages Express, Cookie-Parser,
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	16	Body-Parser and Crypto. They can be easily installed using the
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	17	Node package manager \texttt{npm}.
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	18
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	19
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	20	\item Practice thinking like an attacker. Assume the following situation:
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	21
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	22	\begin{quote}\it
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	23	Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	24
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	25	\noindent
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	26	\begin{tabular}{@ {}l}
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	27	Write the first 100 digits of pi:\\
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	28	3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	29	\end{tabular}
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	30	\end{quote}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	31
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	32	\noindent
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	33	Think of ways how you can cheat in this exam? How would you defend
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	34	against such cheats.
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	35
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	36	\item Here is another puzzle where you can practice thinking
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	37	like an attacker: Consider modern car keys. They
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	38	wirelessly open and close the central locking system of
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	39	the car. Whenever you lock the car, the car ``responds''
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	40	by flashing the indicator lights. Can you think of a
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	41	security relevant purpose for that? (Hint: Imagine you
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	42	are in the business of stealing cars. What attack would
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	43	be easier to perform if the lights do not flash?)
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	44	Should the car also make a ``beep noise'' when it
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	45	unlocks the doors? Which threat could be thwarted
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	46	by that?
328 7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	47
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	48	\item And another one: Imagine you have at home a broadband
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	49	contract with TalkTalk. You do not like their service
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	50	and want to switch, say, to Virgin. The procedure
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	51	between the Internet providers is that you contact
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	52	Virgine and set up a new contract and they will
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	53	automatically inform TalkTalk to terminate the old
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	54	contract. TalkTalk will then send you a letter to
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	55	confirm that you want to terminate. If they do not hear
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	56	from you otherwise, they will proceed with terminating
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	57	the contract and will request any outstanding
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	58	cancellation fees. Virgin on the other hand sends you a
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	59	new router and paperwork about the new contract.
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	60	Obviously this way of doing things is meant to make
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	61	switching for you as convenient as possible. Still can
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	62	you imagine in which situations this way of switching
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	63	providers can cause you a lot of headaches to you? For
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	64	this consider that TalkTalk needs approximately 14 days
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	65	to reconnect you and might ask for reconnection fees.
370 ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	66
371 690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	67	\item And another one: A water company installed devices that
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	68	transmit meter readings when their company car drives
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	69	by. How can this transmitted data be abused, if not
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	70	properly encrypted? If you identified an abuse, then how
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	71	would you encrypt the data so that such an abuse is
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	72	prevented. Hint: Consider the fact that every person
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	73	uses approximately 120l of water every day.
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	74
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	75	\item And another one: Nowadays everybody is scared at a bomb
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	76	going off at a big event, say a football game. To
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	77	mitigate such a threat, you order expensive metal
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	78	detectors and hire a security team that will staff these
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	79	detectors at each game. Think whether people are really
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	80	safer at a football game with metal detectors or not.
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	81	Hint: People certainly might \emph{feel} safer by
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	82	going through metal detectors, but the question is
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	83	whether they \emph{are} safer. Hint: Consider how
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	84	people arrive at such an event: within a relative short
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	85	amount of time, thousands, if not more, spectators will
690d778b9127 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 370 diff changeset	86	arrive at your football game.
370 ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	87
350 54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	88	%\item Imagine there was recently a break in where computer criminals
54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	89	% stole a large password database containing
54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	90
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	91	\item Explain what hashes and salts are. Describe how they can be used
6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	92	for ensuring data integrity and storing password information.
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	93
171 6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	94	\item What is the difference between a brute force attack and a
6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	95	dictionary attack on passwords?
6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	96
14 fd7e587c794e tuning Christian Urban <urbanc@in.tum.de> parents: 10 diff changeset	97	\item What are good uses of cookies (that is browser cookies)?
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	98
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	99	\item Why is making bank customers liable for financial fraud a bad
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	100	design choice for credit card payments?
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	101
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	102	\end{enumerate}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	103
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	104	\end{document}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	105
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	106	%%% Local Variables:
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	107	%%% mode: latex
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	108	%%% TeX-master: t
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	109	%%% End:

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Fri, 17 Apr 2015 11:49:10 +0100
changeset 371	690d778b9127
parent 370	ddac52c0014c
child 372	486153025d71
permissions	-rw-r--r--