Mercurial Mercurial > hg > sen-material / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated
authorChristian Urban <christian dot urban at kcl dot ac dot uk>
Fri, 17 Apr 2015 11:49:10 +0100
changeset 371 690d778b9127
parent 370 ddac52c0014c
child 372 486153025d71
updated
handouts/ho08.tex file | annotate | diff | comparison | revisions
hws/hw01.pdf file | annotate | diff | comparison | revisions
hws/hw01.tex file | annotate | diff | comparison | revisions 
--- a/handouts/ho08.tex	Sun Mar 01 00:11:13 2015 +0000
+++ b/handouts/ho08.tex	Fri Apr 17 11:49:10 2015 +0100
@@ -866,3 +866,6 @@
 
 Jeffrey Robinson
 Bitcon: The Naked Truth about Bitcoin
+
+The Bitcoin Backbone Protocol: Analysis and Applications
+https://eprint.iacr.org/2014/765.pdf
Binary file hws/hw01.pdf has changed
--- a/hws/hw01.tex	Sun Mar 01 00:11:13 2015 +0000
+++ b/hws/hw01.tex	Fri Apr 17 11:49:10 2015 +0100
@@ -12,8 +12,9 @@
 \url{http://nodejs.org}
 \end{center}
 
-It needs aslo the Node-packages Express, Cookie-Parser, Body-Parser and 
-Crypto. They can be easily installed using the Node package manager \texttt{npm}.
+It needs also the Node-packages Express, Cookie-Parser,
+Body-Parser and Crypto. They can be easily installed using the
+Node package manager \texttt{npm}.
 
 
 \item Practice thinking like an attacker. Assume the following situation:
@@ -32,33 +33,57 @@
 Think of ways how you can cheat in this exam? How would you defend
 against such cheats.
 
-\item Here is another puzzle where you can practice thinking like an
-  attacker: Consider modern car keys. They wirelessly open and close
-  the central locking system of the car. Whenever you lock the car,
-  the car ``responds'' by flashing the indicator lights. Can you think
-  of a security relevant purpose for that? (Hint: Imagine you are in
-  the business of stealing cars. What attack would be easier to
-  perform if the lights do not flash?)
+\item Here is another puzzle where you can practice thinking
+      like an attacker: Consider modern car keys. They
+      wirelessly open and close the central locking system of
+      the car. Whenever you lock the car, the car ``responds''
+      by flashing the indicator lights. Can you think of a
+      security relevant purpose for that? (Hint: Imagine you
+      are in the business of stealing cars. What attack would
+      be easier to perform if the lights do not flash?)
+      Should the car also make a ``beep noise'' when it
+      unlocks the doors? Which threat could be thwarted
+      by that?
 
-\item Imagine you are at your home a broadband contract with
-      TalkTalk. You do not like their service and want to
-      switch, say, to ???. The procedure between the Internet
-      providers is that you contact ??? and set up a new
-      contract and they will automatically inform TalkTalk to
-      terminate the old contract. TalkTalk will then send you
-      a letter to confirm that you want to terminate. If they
-      do not hear from you otherwise, they will terminate the
-      contract and will request any outstanding cancellation
-      fees. Can you imagine in which situations this way of
-      doing things can cause you a lot of headaches? For this
-      consider that TalkTalk needs approximately 14 days to
-      reconnect you.
+\item And another one: Imagine you have at home a broadband
+      contract with TalkTalk. You do not like their service
+      and want to switch, say, to Virgin. The procedure
+      between the Internet providers is that you contact
+      Virgine and set up a new contract and they will
+      automatically inform TalkTalk to terminate the old
+      contract. TalkTalk will then send you a letter to
+      confirm that you want to terminate. If they do not hear
+      from you otherwise, they will proceed with terminating
+      the contract and will request any outstanding
+      cancellation fees. Virgin on the other hand sends you a
+      new router and paperwork about the new contract.
+      Obviously this way of doing things is meant to make
+      switching for you as convenient as possible. Still can
+      you imagine in which situations this way of switching
+      providers can cause you a lot of headaches to you? For
+      this consider that TalkTalk needs approximately 14 days
+      to reconnect you and might ask for reconnection fees.
       
-\item A water company has a device that transmits the meter
-      reading when their company car drives by. How can this 
-      transmitted data be abused, if not properly encrypted?      
-      If you identified an abuse, then how would you 
-      encrypt the data so that such an abuse is prevented.
+\item And another one: A water company installed devices that
+      transmit meter readings when their company car drives
+      by. How can this transmitted data be abused, if not
+      properly encrypted? If you identified an abuse, then how
+      would you encrypt the data so that such an abuse is
+      prevented. Hint: Consider the fact that every person
+      uses approximately 120l of water every day.
+
+\item And another one: Nowadays everybody is scared at a bomb
+      going off at a big event, say a football game. To
+      mitigate such a threat, you order expensive metal
+      detectors and hire a security team that will staff these
+      detectors at each game. Think whether people are really
+      safer at a football game with metal detectors or not.
+      Hint: People certainly might *\emph{feel}* safer by
+      going through metal detectors, but the question is
+      whether they *\emph{are}* safer. Hint: Consider how
+      people arrive at such an event: within a relative short
+      amount of time, thousands, if not more, spectators will
+      arrive at your football game.
 
 %\item Imagine there was recently a break in where computer criminals
 %  stole a large password database containing
sen-material