Arvutiteaduse instituut
  1. Kursused
  2. 2025/26 sügis
  3. Infoturve (MTAT.07.028)
EN
Logi sisse

Infoturve 2025/26 sügis

  • Home
  • Lectures & labs
  • Homework & course rules
  • Terminology
  • Exam
  • Links

Homework #1 (15p)

Table of contents

  • Recommended reading
  • Written tasks (8p)
    • Submission form
  • Practice session tasks (7p)
    • EXIF metadata
    • Data recovery
    • VeraCrypt container
    • Encrypted zip file



Deadline: October 12th. The deadline is the same for the solutions of written tasks and practice session tasks (lab tasks).

Estonian version (not for IT-Law) / eestikeelne kodutöö: https://courses.cs.ut.ee/2025/infsec/spring/Main/Hw1

Recommended reading

  • Introduction to Randomness and Random Numbers
  • Random vs. Pseudorandom Number Generators
  • Why secure systems require random numbers
  • How to: Delete Your Data Securely on Windows

Written tasks

Encryption

  1. Read about random numbers from the links above and answer the following questions. Format the answers in a numbered list, such that the answer for each subquestion does not exceed two sentences.
    • Why is randomness relevant when using encryption (be specific)? (0.5p)
    • Why are many software applications using pseudorandom number generators instead of using true random numbers? (0.5p)

Secure deletion & Hidden data

  1. What would be the fastest way to wipe (make the data unrecoverable) an encrypted HDD type drive? It is not allowed to physically break or damage the drive. You can assume that the algorithm, the software, and the configuration that were used to encrypt the drive are secure and can not be broken and that there are no backups for the data and for the key. Also assume that the key was correctly generated, it did not leak and it can not be brute forced. Hint: What is normally needed to decrypt the drive? (1p)

Privacy and anonymity

  1. Use Tor Browser to visit a hidden service at http://yoww5eeifvhavyzyz7ttpuyl5o7lodauguirwpknuzcs2mihkrzgg3ad.onion/. The link does not work with regular browsers. If the page does not load, make sure that the link begins with http instead of https. You will have to register yourself in order to get the point. You can find your information security course pseudonym from your courses.cs.ut.ee profile page. Hint: you will need to use the Tor browser to access this link. (1p)
  2. Visit https://infsec.cs.ut.ee/cookies/ and follow the instructions. You have to find a specific cookie in your web browser and copy its contents into a form on that site. (1p)
  3. Lets assume that there is no encryption used between the web browser and the web server when the browser runs in a normal mode. Using this information, briefly discuss what are the technical/cryptographic reasons why the browser in private mode can not encrypt the connection between the browser and the same web server. We expect a technical/cryptographic reason, saying that this is not the functionality of private mode is not sufficient. Hint: Private mode is actually not relevant in the context of this question. Think of what is needed to use encryption between two endpoints. (1p)
  4. Read one of the papers from the list below and answer the following questions. Format the answers so that it is clear, which question is answered. The person reading the answer should understand it even without reading the corresponding paper.
    • The first task is to write a one paragraph summary, which describes the main idea or contribution of the paper.
    • The second task is to bring out and briefly describe two aspects that seemed most important to you in this paper. The latter has to be presented as a list.
    • The third task is to add your own opinion / discussion to these aspects. (3p)
    1. I never signed up for this! Privacy implications of email tracking (2018)
    2. Third Party Tracking in the Mobile Ecosystem (2018)
    3. Good News for People Who Love Bad News: Centralization, Privacy, and Transparency on US News Sites (2019)
    4. Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset (2020)
    5. The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion (2021)
    6. Bugs in our Pockets: The Risks of Client-Side Scanning (2021)
    7. Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States (2021)
    8. Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors (2021)
    9. Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps (2022)
    10. Blocking JavaScript without Breaking the Web: An Empirical Investigation (2023)
    11. The Devil is in the Details: Detection, Measurement and Lawfulness of Server-Side Tracking on the Web (2024)
    12. Emerging privacy-enhancing technologies (2023) - if you choose this paper, then for the third task you will have to discuss, which two privacy-enhancing technologies seem the most relevant to you and why.

Submission form for the written tasks

The solution has to be submitted through this website. The solution can be submitted once you have logged in with the university credentials. We accept solutions only in .pdf format if it is not stated otherwise in the homework task. The solutions of the practical tasks have to submitted separately to their corresponding input forms (see below).

We would like to get feedback about the difficulty of the homework and therefore we would kindly ask you to write in the comments box an estimate of how much time it took to solve the homework tasks.

Lahenduste esitamiseks peate olema sisse loginud ja kursusele registreerunud.

Practice session tasks

The following tasks are supposed to be solved in the first lab. If you did not attend the lab, you will have to solve these tasks on your own. Submit the solutions via the lab web page.

EXIF metadata

The task is to use exiftool to view EXIF metadata included in photos. The instructions, requirements, and the submission form are on the lab web page.(2p)

Data recovery

Recover the data from a virtual hard drive. The instructions, requirements, and the submission form are on the lab web page. (1p)

This task can only be solved during the practice session(s). If you missed the lab and can not use the provided virtual machine, try to recover deleted files from your own computer. You can choose, which kind of software to use (lab notes contain instructions for Windows operating system). If you solve the task on your own, submit a screenshot of the software, which shows the recovered file (the filename can be blurred). The screenshot must contain your full name, date, time.

VeraCrypt container

Create an encrypted file container with VeraCrypt and submit it as part of the homework. The instructions, requirements, and the submission form are on the lab web page. (2p)

Encrypted zip file

Encrypt a file with 7-Zip and submit it as a solution to this task. The instructions, requirements, and the submission form are on the lab web page. (2p)

  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused