30 |
31 |
31 \noindent |
32 \noindent |
32 Think of ways how you can cheat in this exam? How would you defend |
33 Think of ways how you can cheat in this exam? How would you defend |
33 against such cheats. |
34 against such cheats. |
34 |
35 |
35 \item Here is another puzzle where you can practice thinking like an |
36 \item Here is another puzzle where you can practice thinking |
36 attacker: Consider modern car keys. They wirelessly open and close |
37 like an attacker: Consider modern car keys. They |
37 the central locking system of the car. Whenever you lock the car, |
38 wirelessly open and close the central locking system of |
38 the car ``responds'' by flashing the indicator lights. Can you think |
39 the car. Whenever you lock the car, the car ``responds'' |
39 of a security relevant purpose for that? (Hint: Imagine you are in |
40 by flashing the indicator lights. Can you think of a |
40 the business of stealing cars. What attack would be easier to |
41 security relevant purpose for that? (Hint: Imagine you |
41 perform if the lights do not flash?) |
42 are in the business of stealing cars. What attack would |
|
43 be easier to perform if the lights do not flash?) |
|
44 Should the car also make a ``beep noise'' when it |
|
45 unlocks the doors? Which threat could be thwarted |
|
46 by that? |
42 |
47 |
43 \item Imagine you are at your home a broadband contract with |
48 \item And another one: Imagine you have at home a broadband |
44 TalkTalk. You do not like their service and want to |
49 contract with TalkTalk. You do not like their service |
45 switch, say, to ???. The procedure between the Internet |
50 and want to switch, say, to Virgin. The procedure |
46 providers is that you contact ??? and set up a new |
51 between the Internet providers is that you contact |
47 contract and they will automatically inform TalkTalk to |
52 Virgine and set up a new contract and they will |
48 terminate the old contract. TalkTalk will then send you |
53 automatically inform TalkTalk to terminate the old |
49 a letter to confirm that you want to terminate. If they |
54 contract. TalkTalk will then send you a letter to |
50 do not hear from you otherwise, they will terminate the |
55 confirm that you want to terminate. If they do not hear |
51 contract and will request any outstanding cancellation |
56 from you otherwise, they will proceed with terminating |
52 fees. Can you imagine in which situations this way of |
57 the contract and will request any outstanding |
53 doing things can cause you a lot of headaches? For this |
58 cancellation fees. Virgin on the other hand sends you a |
54 consider that TalkTalk needs approximately 14 days to |
59 new router and paperwork about the new contract. |
55 reconnect you. |
60 Obviously this way of doing things is meant to make |
|
61 switching for you as convenient as possible. Still can |
|
62 you imagine in which situations this way of switching |
|
63 providers can cause you a lot of headaches to you? For |
|
64 this consider that TalkTalk needs approximately 14 days |
|
65 to reconnect you and might ask for reconnection fees. |
56 |
66 |
57 \item A water company has a device that transmits the meter |
67 \item And another one: A water company installed devices that |
58 reading when their company car drives by. How can this |
68 transmit meter readings when their company car drives |
59 transmitted data be abused, if not properly encrypted? |
69 by. How can this transmitted data be abused, if not |
60 If you identified an abuse, then how would you |
70 properly encrypted? If you identified an abuse, then how |
61 encrypt the data so that such an abuse is prevented. |
71 would you encrypt the data so that such an abuse is |
|
72 prevented. Hint: Consider the fact that every person |
|
73 uses approximately 120l of water every day. |
|
74 |
|
75 \item And another one: Nowadays everybody is scared at a bomb |
|
76 going off at a big event, say a football game. To |
|
77 mitigate such a threat, you order expensive metal |
|
78 detectors and hire a security team that will staff these |
|
79 detectors at each game. Think whether people are really |
|
80 safer at a football game with metal detectors or not. |
|
81 Hint: People certainly might *\emph{feel}* safer by |
|
82 going through metal detectors, but the question is |
|
83 whether they *\emph{are}* safer. Hint: Consider how |
|
84 people arrive at such an event: within a relative short |
|
85 amount of time, thousands, if not more, spectators will |
|
86 arrive at your football game. |
62 |
87 |
63 %\item Imagine there was recently a break in where computer criminals |
88 %\item Imagine there was recently a break in where computer criminals |
64 % stole a large password database containing |
89 % stole a large password database containing |
65 |
90 |
66 \item Explain what hashes and salts are. Describe how they can be used |
91 \item Explain what hashes and salts are. Describe how they can be used |