Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw01.tex
author cu
Sat, 28 Oct 2017 00:02:06 +0100
changeset 559 a2d690dde419
parent 529 9b01bb695b22
permissions -rw-r--r--
updated cw

\documentclass{article}
\usepackage{../style}

\begin{document}

\section*{Homework 1}

\HEADER


\begin{enumerate}
\item {\bf (Optional)} If you want to have a look at the code
  presented in the lectures, install \texttt{Node.js} available (for free) from
\begin{center}
\url{http://nodejs.org}
\end{center}

It needs also the Node-packages Express, Cookie-Parser,
Body-Parser and Crypto. They can be easily installed using the
Node package manager \texttt{npm}.


\item Practice thinking like an attacker. Assume the following situation:

  \begin{quote}\it
    Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip

    \noindent
    \begin{tabular}{@ {}l}
      Write the first 100 digits of pi:\\
      3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
    \end{tabular}
  \end{quote}

\noindent
Think of ways how you can cheat in this exam? How would you defend
against such cheats?

\item Here is another puzzle where you can practice thinking
      like an attacker: Consider modern car keys. They
      wirelessly open and close the central locking system of
      the car. Whenever you lock the car, the car ``responds''
      by flashing the indicator lights. Can you think of a
      security relevant purpose for that? (Hint: Imagine you
      are in the business of stealing cars. What attack would
      be easier to perform if the lights do not flash?)
      %Should the car also make a ``beep noise'' when it
      %unlocks the doors? Which threat could be thwarted
      %by that?

\item And another one: A water company installed devices that
      transmit meter readings when their company car drives
      by. How can this transmitted data be abused, if not
      properly encrypted? If you identified an abuse, then how
      would you encrypt the data so that such an abuse is
      prevented? Hint: Consider the fact that every person
      uses approximately 120l of water every day.

\item Explain what hashes and salts are. Describe how they can be used
  for ensuring data integrity and storing password information.

\item What is the difference between a brute force attack and a 
  dictionary attack on passwords? 
  
\item Even good passwords consisting of 8 characters, can be
      broken in around 50 days (obviously this time varies a
      lot and also gets shorter and shorter over time). Do you
      think it is good policy to require users to change their
      password every 3 months (as King's did until recently)?
      Under which circumstance should users be required to
      change their password?

\item The biggest dictionary for dictionary attacks I know
      contains 15 Billion entries. If you try out all of these
      15 Billion entries in order to hack one password how
      much percent of the full brute-force space did you
      cover? For this assume passwords use 62 charcaters and
      are typically 8 characters long.

\item What are good uses of cookies (that is browser cookies)?

\item Why is making bank customers liable for financial fraud a bad
design choice for credit card payments?

\item \POSTSCRIPT
\end{enumerate}

\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material