TML / Studies / T-110.402 / Homeworks
2002: Preliminary assignment for Information Security Technology
It is possible to get a boomerang for this pre-assignment.
The deadline is 1st Oct 2002 at 15:45.
- The coursebook can be useful, but this preassignment should me doable even without it.
- GPG instructions
- Internet search engines can be useful, but remember to acknowledge your sources.
Preliminary assignmentGoals of this assignment:
- to think about the basics of traditional security
- to see a few well known attack types
- to refresh the basics of using sources
- to become familiar with the practical arrangements of the course (such as using GnuPG and returning homework assignments)
Basic concepts (6 points)
Traditionally the basic properties we wish to protect in information security are the following:
Historically, most effort has been put to protecting confidentiality. Mention at least three methods that have been used for protecting confidentiality of messages. (3 p)
Often all three properties (confidentiality, integrity, availability) are seen important, but sometimes we want to protect only some of them, depending on circumstances.
- In what kind of situation would we like to assure the integrity and availability of data, but not confidentiality (give an example)? (1 p)
- Give an example of a situation where we would like to protect integrity, but we do not have high requirements for neither confidentiality nor availability (as long as we can get the information in weeks or months - we do not want to lose availability totally). (2 p)
PGP/GnuPG (8 points)
- What can PGP (or GnuPG) be used for? Mention (at least) three different things and give an example of a GnuPG command that does each of these things. (3 p)
- What is a PGP fingerprint? (2 p)
- What is PGP authentication and why it is done on this course? Why is it good to do the authentication already in the beginning of the course? (3 p)
- Create yourself a GnuPG keypair (command
gpg --gen-key) if you do not yet have one. Authenticate your public key to the course assistant before returning this assignment. (0 p, mandatory)
Find the right pairs (6 points)
Pair the following attacks with the most suitable example
- Denial of Service attack
- Social engineering attack
- Man in the middle attack
- Salami attack
- Replay attack
- Sniffing for passwords in a local network.
- Pretending to be an administrator and asking a user to give his password.
- The cash register at Nice Try Supermarket is rounding the total in euros wrong (always rounding up).
- Harry Hacker hangs around a big shopping mall's parking place and catches signals that are used in remote controlled car locks. Next day, when a customer comes shopping again, Harry waits until the customer has gone out of sight and opens the car locks using the opening signal that he cought the day before.
- A mischievous friend of yours is playing with your mobile phone and enters a wrong PIN code so many times that you can not use your phone until you manage to find out and enter the unlocking code (PUK).
- A beginning chess player challenges two grandmasters in postal chess (one as black, one as white) and sends their moves between them as they were his own. (Based on J. Conway's original idea.)
Man in the Middle (3 points)
In the previous assignment there is a peculiar version of the man in the middle attack. How does it differ from a "normal" man in the middle attack? (An example of a typical MITM-attack can be found e.g. from http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html)
Using sources (6 points)
You find a web-article that happens to deal with the same topic as some homework question. How should you express the source, if you
- take a piece of text to your answer directly?
- translate a piece of text from some other language to English and use it in your answer?
- explain with your own words some idea that you read in the article?
Feedback (bonus max. 2p)
How long did it take to do this assignment? Was the assignment too easy or too difficult? How could the assignment be made better?
The preassignment is returned signed and encrypted, by e-mail. The answers should be written to a text file (not e.g. a MS Word document). In the beginning of your answer file you should write your name and your student number.
The answer file can be encrypted and signed in following way:
gpg -aes -r titu -u 'my_uid' ans_0.txt
where ans_0.txt is the answer file.
The encrypted and signed file is then sent to the address email@example.com with the subject "ASSIGNMENT 0" (without the quotes). This can be done e.g. from the command line like this:
mailx -s "ASSIGNMENT 0" firstname.lastname@example.org < ans_0.txt.asc
NB: Save your answer files, at least until you get results, preferably 'til the end of the course.
This page is made by assistants of the course. Newsgroup of the course: opinnot.tik.verkkoturva
Last updated 19.9.2002.