Homework #1 (IT-law group)
Deadline: October 6th (the solution has to be submitted before Monday)
- Introduction to Randomness and Random Numbers
- Why secure systems require random numbers
- Random vs. Pseudorandom Number Generators
- How to: Delete Your Data Securely on Windows
- Exposing the Hidden Web: Third-Party HTTP Requests On One Million Websites
- Read about random numbers (links are above) and answer the following questions.
- What are pseudorandom numbers and how they differ from random numbers? (0.5p)
- Why is randomness relevant when using encryption (be specific)? (0.5p)
- Name one method for generating true random numbers. (0.5p)
- Why are most software applications using pseudorandom number generators instead of using true random numbers? (0.5p)
Secure deletion & Hidden data
- What is the fastest way to wipe (make the data unrecoverable) an encrypted drive? It is not allowed to physically break or damage the drive. You can assume that the algorithm that is used to encrypt the drive is secure and can not be broken. Hint: What is normally needed to decrypt the drive? (1p)
Privacy and anonymity
- Use Tor Browser to visit a hidden service at http://4z4jqjlz5tvdc44w.onion/. You will have to register yourself in order to get the point. Hint: you will need to use the Tor browser to access this link. (1p)
- Visit http://infsec.cs.ut.ee/cookies/ and follow the instructions. You have to find a specific cookie in your web browser and copy its contents into a form on that site. (1p)
- Lets say that there is no encryption used between the web browser and the web server when the browser runs in a normal mode. Based on this information answer the following questions.
- Does private browsing mode encrypt the traffic between the web browser and web server? (0.5p)
- What is the technical reason for it to be possible or impossible? (0.5p)
- Read chapters 1,2,6 and 7 from the paper Exposing the Hidden Web: Third-Party HTTP Requests On One Million Websites. Briefly describe four facts or issues that seemed important. You should name the issue or fact and then briefly discuss why it is relevant. The reader should understand the answer even when the reader has not read the corresponding paper. (2p)
Security of smart devices
- Your task is to create instructions to mitigate the risks related to the confidentiality of the data in a smart device. The instructions should be based on real risks or attacks, which may lead to the leakage of data from the smart device. The answer has to contain a list of risks that have to be mapped to the mitigative measures. It is obvious that there are many risks and thus we want you to select four risks that you think are important. For each risk there has to be a protective measure. (2p)
Submission form for the written tasks
The solution has to be submitted through this website. The solution can be submitted once you have logged in with the university credentials. We accept solutions only in .pdf format if it is not stated otherwise in the homework task. The solutions of the practical tasks have to submitted separately to their corresponding input forms (see below).
We would like to get feedback about the difficulty of the homework and therefore we would kindly ask you to write in the comments box an estimate of how much time it took to solve the homework tasks.1. 1. Homework (in PDF format)
Recover the data from a virtual hard drive, the name of the virtual drive is "Virtual USB". If you already submitted the solution in the lab then you do not need to resubmit it. (2p)
Upload the following files:
- A picture that depicts Intenet. Open the recovered picture and write your name into the cloud that is in the top middle part of the image. Save the changes and submit the picture as part of your homework solution.
This task can only be solved during the practice session(s).5. Restored file
Create an encrypted file container with VeraCrypt and submit it as part of the homework. Follow the instructions in the lab session page on how to install and use VeraCrypt. If you already submitted the solution in the lab then you do not need to resubmit it. (2p)
- The container itself should be small (500 kB)
- The password must be "infsec" (written in lowercase and without quotes)
- Create a text (.txt) file in the container that has your first name as filename, e.g.
Kristjan.txt. The file content is not important.
- Make sure that you are able to mount the container with the correct password and then submit the VeraCrypt container as a solution. To upload the container you will first have to dismount it.