| author | Christian Urban <urbanc@in.tum.de> |
| Sat, 09 Jun 2018 21:01:46 +0100 | |
| changeset 565 | d58f8e3e78a5 |
| parent 529 | 9b01bb695b22 |
| permissions | -rw-r--r-- |
| 10 | 1 |
\documentclass{article}
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
2 |
\usepackage{../style}
|
| 10 | 3 |
|
4 |
\begin{document}
|
|
5 |
||
6 |
\section*{Homework 1}
|
|
7 |
||
|
382
5b943e29b717
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
380
diff
changeset
|
8 |
\HEADER |
|
5b943e29b717
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
380
diff
changeset
|
9 |
|
|
5b943e29b717
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
380
diff
changeset
|
10 |
|
| 10 | 11 |
\begin{enumerate}
|
|
165
6f84ad98cf49
added homework
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
12 |
\item {\bf (Optional)} If you want to have a look at the code
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
13 |
presented in the lectures, install \texttt{Node.js} available (for free) from
|
| 10 | 14 |
\begin{center}
|
|
165
6f84ad98cf49
added homework
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
15 |
\url{http://nodejs.org}
|
| 10 | 16 |
\end{center}
|
17 |
||
|
371
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
18 |
It needs also the Node-packages Express, Cookie-Parser, |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
19 |
Body-Parser and Crypto. They can be easily installed using the |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
20 |
Node package manager \texttt{npm}.
|
|
165
6f84ad98cf49
added homework
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
21 |
|
| 10 | 22 |
|
23 |
\item Practice thinking like an attacker. Assume the following situation: |
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
24 |
|
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
25 |
\begin{quote}\it
|
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
26 |
Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip |
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
27 |
|
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
28 |
\noindent |
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
29 |
\begin{tabular}{@ {}l}
|
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
30 |
Write the first 100 digits of pi:\\ |
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
31 |
3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ |
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
32 |
\end{tabular}
|
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
33 |
\end{quote}
|
| 10 | 34 |
|
35 |
\noindent |
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
36 |
Think of ways how you can cheat in this exam? How would you defend |
| 528 | 37 |
against such cheats? |
| 10 | 38 |
|
|
371
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
39 |
\item Here is another puzzle where you can practice thinking |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
40 |
like an attacker: Consider modern car keys. They |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
41 |
wirelessly open and close the central locking system of |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
42 |
the car. Whenever you lock the car, the car ``responds'' |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
43 |
by flashing the indicator lights. Can you think of a |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
44 |
security relevant purpose for that? (Hint: Imagine you |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
45 |
are in the business of stealing cars. What attack would |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
46 |
be easier to perform if the lights do not flash?) |
|
464
f76e1456b365
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
459
diff
changeset
|
47 |
%Should the car also make a ``beep noise'' when it |
|
f76e1456b365
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
459
diff
changeset
|
48 |
%unlocks the doors? Which threat could be thwarted |
|
f76e1456b365
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
459
diff
changeset
|
49 |
%by that? |
|
328
7ae9a893b76f
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
171
diff
changeset
|
50 |
|
|
371
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
51 |
\item And another one: A water company installed devices that |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
52 |
transmit meter readings when their company car drives |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
53 |
by. How can this transmitted data be abused, if not |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
54 |
properly encrypted? If you identified an abuse, then how |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
55 |
would you encrypt the data so that such an abuse is |
| 528 | 56 |
prevented? Hint: Consider the fact that every person |
|
371
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
57 |
uses approximately 120l of water every day. |
|
690d778b9127
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
370
diff
changeset
|
58 |
|
|
165
6f84ad98cf49
added homework
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
59 |
\item Explain what hashes and salts are. Describe how they can be used |
|
6f84ad98cf49
added homework
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
60 |
for ensuring data integrity and storing password information. |
| 10 | 61 |
|
|
171
6cdf4d3906e2
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
62 |
\item What is the difference between a brute force attack and a |
|
6cdf4d3906e2
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
63 |
dictionary attack on passwords? |
|
380
948f4b39d55d
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
372
diff
changeset
|
64 |
|
|
413
0f824ca252e4
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
384
diff
changeset
|
65 |
\item Even good passwords consisting of 8 characters, can be |
|
0f824ca252e4
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
384
diff
changeset
|
66 |
broken in around 50 days (obviously this time varies a |
|
0f824ca252e4
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
384
diff
changeset
|
67 |
lot and also gets shorter and shorter over time). Do you |
|
0f824ca252e4
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
384
diff
changeset
|
68 |
think it is good policy to require users to change their |
|
0f824ca252e4
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
384
diff
changeset
|
69 |
password every 3 months (as King's did until recently)? |
|
0f824ca252e4
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
384
diff
changeset
|
70 |
Under which circumstance should users be required to |
|
0f824ca252e4
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
384
diff
changeset
|
71 |
change their password? |
|
171
6cdf4d3906e2
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
169
diff
changeset
|
72 |
|
|
459
514485146641
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
456
diff
changeset
|
73 |
\item The biggest dictionary for dictionary attacks I know |
|
514485146641
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
456
diff
changeset
|
74 |
contains 15 Billion entries. If you try out all of these |
|
514485146641
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
456
diff
changeset
|
75 |
15 Billion entries in order to hack one password how |
|
514485146641
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
456
diff
changeset
|
76 |
much percent of the full brute-force space did you |
|
475
c5d9e164c5f1
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
464
diff
changeset
|
77 |
cover? For this assume passwords use 62 charcaters and |
|
459
514485146641
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
456
diff
changeset
|
78 |
are typically 8 characters long. |
|
514485146641
updated home works
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
456
diff
changeset
|
79 |
|
| 14 | 80 |
\item What are good uses of cookies (that is browser cookies)? |
| 10 | 81 |
|
|
169
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
82 |
\item Why is making bank customers liable for financial fraud a bad |
|
2866fae8c1cf
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
165
diff
changeset
|
83 |
design choice for credit card payments? |
|
165
6f84ad98cf49
added homework
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
97
diff
changeset
|
84 |
|
|
456
f65e4fa6e902
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
413
diff
changeset
|
85 |
\item \POSTSCRIPT |
| 10 | 86 |
\end{enumerate}
|
87 |
||
88 |
\end{document}
|
|
89 |
||
90 |
%%% Local Variables: |
|
91 |
%%% mode: latex |
|
92 |
%%% TeX-master: t |
|
93 |
%%% End: |