辅导PDF、讲解Python/Java、CS/C++编程辅导讲解、CS/Java辅导

2018.10.07 - 首页 >> 其他

Homework 02

Due Monday, October 08 at 11:59pm

Please submit a PDF on Blackboard with your answers. They must be

typeset with LaTeX, or, if you prefer, Word. This is an individual assignment.

Please include the honor code at the bottom of your answers.

1. Consider a system that uses GitHub to submit homework assignments,

such as used by CSCI-241. Give examples of confidentiality, availability,

and integrity requirements associated with this system. For each, indicate

the degree of importance of that requirement.

2. Still considering the GitHub submission used by CSCI-241, what can you

say about the other 3 goals of security (Authenticity, Anonymity, and

Assurance)? For each, indicate if they apply and why/why not.

3. Reports of computer security failures frequently appear in the daily news.

Cite a recently reported failure that exemplifies one or more of the ”principles”

presented in class (easiest penetration, adequate protection, effectiveness,

weakest link) and explain how it applies. Include a discussion of

what security principles were violated.

4. [G&T R-1.6,1.9,10] With respect to the CIA-AAA concepts, what risks

are posed by:

(a) email spam

(b) a packet sniffer monitoring all traffic at a wireless access point

MP3s, and then giving all their friends copies of the songs

5. [G&T C-2.2] For safety reasons, external locked doors on commercial

buildings have mechanism that allow people on the inside to escape without

needing a key or combination. One type uses an infrared motion

detector to open an electronic lock for people moving towards the door

from the inside (e.g., grocery store doors). Explain how a gap under such

an external door might be exploited to open the door from the outside.

6. [G&T C-2.3] A group of n pirates has a treasure chest and one unique lock

and key for each pirate. Using hardware that is probably lying around

their ship, they want to protect the chest so that any single pirate can

open the chest using his lock and key. How do they set this up?

7. [G &T C-2.14] Consider the following simple protocol intended to allow

an RFID reader to authenticate an RFID tag. The protocol assumes that

the tag can store a 32-bit secret key, s, shared with the reader, perform

XOR (⊕) operations, and receive and transmit via radio 32-bit values.

The reader generates a random 32-bit challenge x and transmits y = x⊕s

to the tag. The tag computes z = y ⊕ s and sends z to the reader. The

reader authenticates the tag if z = x. Show that a passive eavesdropper

that observes a single execution of the protocol can recover key s and

impersonate the tag. What if the tag and reader share to secret keys s1

and s2, the reader sends x ⊕ s1 and the tag responds with x ⊕ s2 after

recovering x?

8. Oberlin College has a wide range of computer and network resources on

campus in a variety of locations (e.g., computer labs, servers, network

closets, wireless access points). Pick one and analyze it in terms of its

physical security. Address this in terms of

(a) Location protection

(b) Physical intrusion detection

(d) Eavesdropping

(e) Physical interface attacks

In your opinion, are the measures in place appropriate? What recommendations

would you make to the powers that be to reasonable improve the

physical security?

Based on material created by Benjamin Kuperman.