Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hws/hw01.tex
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Sun, 01 Mar 2015 00:11:13 +0000
changeset 370 ddac52c0014c
parent 350 54d6fc856950
child 371 690d778b9127
permissions -rw-r--r--
updated

\documentclass{article}
\usepackage{../style}

\begin{document}

\section*{Homework 1}

\begin{enumerate}
\item {\bf (Optional)} If you want to have a look at the code
  presented in the lectures, install \texttt{Node.js} available (for free) from
\begin{center}
\url{http://nodejs.org}
\end{center}

It needs aslo the Node-packages Express, Cookie-Parser, Body-Parser and 
Crypto. They can be easily installed using the Node package manager \texttt{npm}.


\item Practice thinking like an attacker. Assume the following situation:

  \begin{quote}\it
    Prof.~V.~Nasty gives the following final exam question (closed books, closed notes):\bigskip

    \noindent
    \begin{tabular}{@ {}l}
      Write the first 100 digits of pi:\\
      3.\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
    \end{tabular}
  \end{quote}

\noindent
Think of ways how you can cheat in this exam? How would you defend
against such cheats.

\item Here is another puzzle where you can practice thinking like an
  attacker: Consider modern car keys. They wirelessly open and close
  the central locking system of the car. Whenever you lock the car,
  the car ``responds'' by flashing the indicator lights. Can you think
  of a security relevant purpose for that? (Hint: Imagine you are in
  the business of stealing cars. What attack would be easier to
  perform if the lights do not flash?)

\item Imagine you are at your home a broadband contract with
      TalkTalk. You do not like their service and want to
      switch, say, to ???. The procedure between the Internet
      providers is that you contact ??? and set up a new
      contract and they will automatically inform TalkTalk to
      terminate the old contract. TalkTalk will then send you
      a letter to confirm that you want to terminate. If they
      do not hear from you otherwise, they will terminate the
      contract and will request any outstanding cancellation
      fees. Can you imagine in which situations this way of
      doing things can cause you a lot of headaches? For this
      consider that TalkTalk needs approximately 14 days to
      reconnect you.
      
\item A water company has a device that transmits the meter
      reading when their company car drives by. How can this 
      transmitted data be abused, if not properly encrypted?      
      If you identified an abuse, then how would you 
      encrypt the data so that such an abuse is prevented.

%\item Imagine there was recently a break in where computer criminals
%  stole a large password database containing 

\item Explain what hashes and salts are. Describe how they can be used
  for ensuring data integrity and storing password information.

\item What is the difference between a brute force attack and a 
  dictionary attack on passwords? 

\item What are good uses of cookies (that is browser cookies)?

\item Why is making bank customers liable for financial fraud a bad
design choice for credit card payments?

\end{enumerate}

\end{document}

%%% Local Variables: 
%%% mode: latex
%%% TeX-master: t
%%% End:
sen-material