Institute of Computer Science
  1. Courses
  2. 2020/21 fall
  3. Information Security (MTAT.07.028)
ET
Log in

Information Security 2020/21 fall

  • Home
  • Lectures & labs
  • Homework & course rules
  • Exam
  • News
  • Links

Homework #1 (14p)

Table of contents

  • Recommended reading
  • Written tasks (10p)
    • Submission form
  • Practice session tasks (4p)



Deadline: October 4th (the solution has to be submitted before Monday)

Recommended reading

  • Introduction to Randomness and Random Numbers
  • Random vs. Pseudorandom Number Generators
  • Why secure systems require random numbers
  • How to: Delete Your Data Securely on Windows

Written tasks

Encryption

  1. Read about random numbers from the links above and answer the following questions. Format the answers in a numbered list, such that the answer for each subquestion does not exceed two sentences.
    • What are pseudorandom numbers and how they differ from random numbers? (0.5p)
    • Why is randomness relevant when using encryption (be specific)? (0.5p)
    • Name one method for generating true random numbers. (0.5p)
    • Why are most software applications using pseudorandom number generators instead of using true random numbers? (0.5p)

Secure deletion & Hidden data

  1. What is the fastest way to wipe (make the data unrecoverable) an encrypted drive? It is not allowed to physically break or damage the drive. You can assume that the algorithm that is used to encrypt the drive is secure and can not be broken and that there are not backups for the data and for the key. Hint: What is normally needed to decrypt the drive? (1p)

Privacy and anonymity

  1. Use Tor Browser to visit a hidden service at http://4z4jqjlz5tvdc44w.onion/. You will have to register yourself in order to get the point. Hint: you will need to use the Tor browser to access this link. (1p)
  2. Visit http://infsec.cs.ut.ee/cookies/ and follow the instructions. You have to find a specific cookie in your web browser and copy its contents into a form on that site. (1p)
  3. Lets say that there is no encryption used between the web browser and the web server when the browser runs in a normal mode. Based on this information briefly answer the following questions.
    • Does private browsing mode encrypt the traffic between the web browser and web server? (0.5p)
    • What is the technical/cryptographic reason for it to be possible or impossible? (0.5p)
  4. Read one of the papers from the list below. Write a one paragraph summary, which describes the main idea or contribution of the paper. In addition, bring out and comment or discuss two aspects that seemed most important to you in this paper. The latter has to be presented as a list. The person reading the answer should understand it even without reading the corresponding paper. (2p)
    1. Good News for People Who Love Bad News: Centralization, Privacy, and Transparency on US News Sites (2019)
    2. I never signed up for this! Privacy implications of email tracking (2018)
    3. Third Party Tracking in the Mobile Ecosystem (2018)
    4. Exposing the Hidden Web: Third-Party HTTP Requests On One Million Websites (2015)

Security of smart devices

  1. Your task is to create a brief instruction for mitigating the risks related to the confidentiality of the data in a smart device. The brief instructions should be based on real risks or attacks, which may lead to the leakage of data from the smart device. The answer has to contain a list of risks that have to be mapped to the mitigative measures. It is obvious that there are many risks and thus we want you to select four risks that you think are important. For each risk there has to be a protective measure. Format the answer either in the form of a list or as a table with two columns.(2p)

Submission form for the written tasks

The solution has to be submitted through this website. The solution can be submitted once you have logged in with the university credentials. We accept solutions only in .pdf format if it is not stated otherwise in the homework task. The solutions of the practical tasks have to submitted separately to their corresponding input forms (see below).

We would like to get feedback about the difficulty of the homework and therefore we would kindly ask you to write in the comments box an estimate of how much time it took to solve the homework tasks.

2. Homework 1 - written tasks (PDF)
Solutions for this task can no longer be submitted.

Practice session tasks

Data recovery

Recover the data from a virtual hard drive, the name of the virtual drive is "Virtual USB". If you already submitted the solution in the lab then you do not need to resubmit it. (2p)

Upload the recovered image. Edit the metadata of the image and add your name as the title. There are more precise instruction in the lab instructions. Submit the picture as part of your homework solution. This task can only be solved during the practice session(s).

3. Lab 1: data recovery
Solutions for this task can no longer be submitted.

VeraCrypt container

Create an encrypted file container with VeraCrypt and submit it as part of the homework. Follow the instructions in the lab session page on how to install and use VeraCrypt. If you already submitted the solution in the lab then you do not need to resubmit it. (2p)

  • The container itself should be small (500 kB)
  • The password must be "infsec" (written in lowercase and without quotes)
  • Create a text (.txt) file in the container that has your first name as filename, e.g. Kristjan.txt. The file content is not important.
  • Make sure that you are able to mount the container with the correct password and then submit the VeraCrypt container as a solution. To upload the container you will first have to dismount it.
4. Lab 1: veracrypt container
Solutions for this task can no longer be submitted.
  • Institute of Computer Science
  • Faculty of Science and Technology
  • University of Tartu
In case of technical problems or questions write to:

Contact the course organizers with the organizational and course content questions.
The proprietary copyrights of educational materials belong to the University of Tartu. The use of educational materials is permitted for the purposes and under the conditions provided for in the copyright law for the free use of a work. When using educational materials, the user is obligated to give credit to the author of the educational materials.
The use of educational materials for other purposes is allowed only with the prior written consent of the University of Tartu.
Terms of use for the Courses environment