Arvutiteaduse instituut
  1. Kursused
  2. 2018/19 sügis
  3. Infoturve (MTAT.07.028)
EN
Logi sisse

Infoturve 2018/19 sügis

  • Home
  • Lectures & labs
  • Homework
  • Exam
  • News
  • Links

Homework #1 (IT-law group)

Deadline: October 7 (the solution has to be submitted before Monday)

Written tasks

Recommended reading

  • Introduction to Randomness and Random Numbers
  • Why secure systems require random numbers
  • Random vs. Pseudorandom Number Generators
  • How to: Delete Your Data Securely on Windows
  • Exposing the Hidden Web: Third-Party HTTP Requests On One Million Websites

Encryption

  1. Read about random numbers (links are above) and answer the following questions. (1p)
    • What are pseudorandom numbers?
    • Why is randomness relevant when using encryption?
    • Name one method for generating true random numbers.
    • Why are most software applications using pseudorandom number generators instead of using true random numbers?
  2. Alice and Bob plan where they should meet tomorrow. They will meet either at the beach, the town hall square, the castle, or the cinema, but haven't yet decided where. They have no other way of communicating except leaving messages under a stone. For the sake of secrecy, they decide to encode their messages to each other and then encrypt the encoded messages using an one-time-pad.They decide to use an encoding where they denote "meeting at the beach" with "00", "meeting at the town hall square" with "01", "meeting at the castle" with "10", and "meeting at the cinema" with "11". They also agree on a secret key for the one-time-pad. The next day, Alice will decide where she wants to go, encrypt either "00", "01","10" or "11" depending on her respective choice and leave the encrypted message under the stone. Eve overhears everything about this plan except the secret key. (that is, she knows about the stone, what the encodings mean and that Alice and Bob are using a OTP but she doesn't know the value of the secret key). Eve doesn't want Alice and Bob to meet. What can Eve do to the message so that the probability of Alice and Bob meeting would be the lowest? Describe what will happen if she carries out her plan. (1p)

Secure deletion & Hidden data

  1. What is the fastest way to wipe (make the data unrecoverable) an encrypted drive? It is not allowed to physically break the drive. You can assume that the algorithm that is used to encrypt the drive is secure. Hint: What is normally needed to decrypt the drive? (1p)

Privacy and anonymity

  1. Use Tor Browser to visit a hidden service at http://4z4jqjlz5tvdc44w.onion/. You will have to register yourself in order to get the point. Hint: you will need to use the Tor browser to access this link. (1p)
  2. Visit http://infsec.cs.ut.ee/cookies/ and follow the instructions. You have to find a specific cookie in your web browser and copy its contents into a form on that site. (1p)
  3. Lets say that there is no encryption used between the web browser and the web server when the browser runs in a normal mode. Answer the following questions. (1p)
    • Does private browsing mode encrypt the traffic between the web browser and web server? What is the technical reason for it to be possible or impossible?
  4. Read chapters 1,2,6 and 7 from the article Exposing the Hidden Web: Third-Party HTTP Requests On One Million Websites. Briefly describe four facts or issues that seemed important. You should name the issue or fact and then briefly discuss why it is relevant. (2p)

Security of smart devices

  1. Which security measures should be used in order to protect confidential data which is stored on a smart device? Think of different ways how the adversary might try to attack and based on think of the security measures that should be applied. As an answer write down the threats and the corresponding countermeasures. (1p)

Submission form for the written tasks

The solution has to be submitted through this website. The solution can be submitted once you have logged in with the university credentials. We accept solutions only in .pdf and .txt formats if it is not stated otherwise in the homework task. The solutions of the practical tasks have to submitted separately to their corresponding input forms (see below).

We would like to get feedback about the difficulty of the homework and therefore we would kindly ask you to write in the comments box an estimate of how much time it took to solve the homework tasks.

1. 1. Homework
Sellele ülesandele ei saa enam lahendusi esitada.

Data recovery

Recover the data from a virtual hard drive, the name of the virtual drive is "Virtual USB". If you already submitted the solution in the lab then you do not need to resubmit it. (2p)

Upload the following files:

  • A picture that depicts Intenet. Open the recovered picture and write your name into the cloud that is in the top middle part of the image. Save the changes and submit the picture as part of your homework solution.

This task can only be solved during the practice session(s).

5. Restored file
Sellele ülesandele ei saa enam lahendusi esitada.

VeraCrypt container

Create an encrypted file container with VeraCrypt and submit it as part of the homework. Follow the instructions in the lab session page on how to install and use VeraCrypt. If you already submitted the solution in the lab then you do not need to resubmit it. (2p)

  • The container itself should be small (500 kB)
  • The name of the container must be your family name. If necessary, substitute non-standard characters (e.g. å -> a).
  • The password must be "infsec" (written in lowercase)
  • Create a text (.txt) file in the container that has your first name as filename, e.g. Kristjan.txt. The file content is not important.
  • Make sure that you are able to mount the container with the correct password and then submit the VeraCrypt container as a solution.
4. VeraCrypt container
Sellele ülesandele ei saa enam lahendusi esitada.
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused