sen-material: hws/hw01.tex@ddac52c0014c (annotated)

10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass{article}
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	2	\usepackage{../style}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	3
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	4	\begin{document}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	5
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\section*{Homework 1}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	8	\begin{enumerate}
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	9	\item {\bf (Optional)} If you want to have a look at the code
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	10	presented in the lectures, install \texttt{Node.js} available (for free) from
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	11	\begin{center}
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	12	\url{http://nodejs.org}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	\end{center}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	14
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	15	It needs aslo the Node-packages Express, Cookie-Parser, Body-Parser and
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	16	Crypto. They can be easily installed using the Node package manager \texttt{npm}.
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	17
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	\item Practice thinking like an attacker. Assume the following situation:
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	20
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	21	\begin{quote}\it
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	22	Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	23
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	24	\noindent
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	25	\begin{tabular}{@ {}l}
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	26	Write the first 100 digits of pi:\\
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	27	3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	28	\end{tabular}
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	29	\end{quote}
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	30
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	31	\noindent
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	32	Think of ways how you can cheat in this exam? How would you defend
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	33	against such cheats.
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	34
328 7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	35	\item Here is another puzzle where you can practice thinking like an
7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	36	attacker: Consider modern car keys. They wirelessly open and close
7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	37	the central locking system of the car. Whenever you lock the car,
7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	38	the car ``responds'' by flashing the indicator lights. Can you think
7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	39	of a security relevant purpose for that? (Hint: Imagine you are in
7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	40	the business of stealing cars. What attack would be easier to
7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	41	perform if the lights do not flash?)
7ae9a893b76f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 171 diff changeset	42
370 ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	43	\item Imagine you are at your home a broadband contract with
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	44	TalkTalk. You do not like their service and want to
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	45	switch, say, to ???. The procedure between the Internet
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	46	providers is that you contact ??? and set up a new
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	47	contract and they will automatically inform TalkTalk to
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	48	terminate the old contract. TalkTalk will then send you
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	49	a letter to confirm that you want to terminate. If they
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	50	do not hear from you otherwise, they will terminate the
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	51	contract and will request any outstanding cancellation
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	52	fees. Can you imagine in which situations this way of
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	53	doing things can cause you a lot of headaches? For this
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	54	consider that TalkTalk needs approximately 14 days to
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	55	reconnect you.
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	56
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	57	\item A water company has a device that transmits the meter
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	58	reading when their company car drives by. How can this
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	59	transmitted data be abused, if not properly encrypted?
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	60	If you identified an abuse, then how would you
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	61	encrypt the data so that such an abuse is prevented.
ddac52c0014c updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 350 diff changeset	62
350 54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	63	%\item Imagine there was recently a break in where computer criminals
54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	64	% stole a large password database containing
54d6fc856950 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 328 diff changeset	65
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	66	\item Explain what hashes and salts are. Describe how they can be used
6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	67	for ensuring data integrity and storing password information.
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	68
171 6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	69	\item What is the difference between a brute force attack and a
6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	70	dictionary attack on passwords?
6cdf4d3906e2 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 169 diff changeset	71
14 fd7e587c794e tuning Christian Urban <urbanc@in.tum.de> parents: 10 diff changeset	72	\item What are good uses of cookies (that is browser cookies)?
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	73
169 2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	74	\item Why is making bank customers liable for financial fraud a bad
2866fae8c1cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 165 diff changeset	75	design choice for credit card payments?
165 6f84ad98cf49 added homework Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 97 diff changeset	76
10 c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	77	\end{enumerate}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	78
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	79	\end{document}
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	80
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	81	%%% Local Variables:
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	82	%%% mode: latex
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	83	%%% TeX-master: t
c8ff4c853130 new version Christian Urban <urbanc@in.tum.de> parents: diff changeset	84	%%% End:

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sun, 01 Mar 2015 00:11:13 +0000
changeset 370	ddac52c0014c
parent 350	54d6fc856950
child 371	690d778b9127
permissions	-rw-r--r--