Homework #1 (16p)
Deadline: October 3rd (the solution has to be submitted before Monday)
Recommended reading
- Introduction to Randomness and Random Numbers
- Random vs. Pseudorandom Number Generators
- Why secure systems require random numbers
- How to: Delete Your Data Securely on Windows
Written tasks
Encryption
- Read about random numbers from the links above and answer the following questions. Format the answers in a numbered list, such that the answer for each subquestion does not exceed two sentences.
- What are pseudorandom numbers and how they differ from random numbers? (0.5p)
- Why is randomness relevant when using encryption (be specific)? (0.5p)
- Name one method for generating true random numbers. (0.5p)
- Why are most software applications using pseudorandom number generators instead of using true random numbers? (0.5p)
Secure deletion & Hidden data
- What is the fastest way to wipe (make the data unrecoverable) an encrypted drive? It is not allowed to physically break or damage the drive. You can assume that the algorithm that is used to encrypt the drive is secure and can not be broken and that there are not backups for the data and for the key. Hint: What is normally needed to decrypt the drive? (1p)
Privacy and anonymity
- Use Tor Browser to visit a hidden service at http://4z4jqjlz5tvdc44w.onion/. You will have to register yourself in order to get the point. Hint: you will need to use the Tor browser to access this link. (1p)
- Visit http://infsec.cs.ut.ee/cookies/ and follow the instructions. You have to find a specific cookie in your web browser and copy its contents into a form on that site. (1p)
- Lets assume that there is no encryption used between the web browser and the web server when the browser runs in a normal mode. Using this information, briefly discuss what are the technical/cryptographic reasons why private mode can not encrypt the connection between the browser and the same website. (1p)
- Read one of the papers from the list below. The first task is to write a one paragraph summary, which describes the main idea or contribution of the paper. The second task is to bring out and briefly describe two aspects that seemed most important to you in this paper. The latter has to be presented as a list. The third task is to add your own opinion / discussion to these aspects. The person reading the answer should understand it even without reading the corresponding paper. (3p)
- I never signed up for this! Privacy implications of email tracking (2018)
- Third Party Tracking in the Mobile Ecosystem (2018)
- Good News for People Who Love Bad News: Centralization, Privacy, and Transparency on US News Sites (2019)
- Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset (2020)
- The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion (2021)
Security of smart devices
- Your task is to create a brief instruction for mitigating the risks related to the confidentiality of the data in a smart device. The brief instructions should be based on real risks or attacks, which may lead to the leakage of data from the smart device. The answer has to contain a list of risks that have to be mapped to the mitigative measures. It is obvious that there are many risks and thus we want you to select four risks that you think are important. For each risk there has to be a protective measure. Format the answer either in the form of a list or as a table with two columns.(2p)
Submission form for the written tasks
The solution has to be submitted through this website. The solution can be submitted once you have logged in with the university credentials. We accept solutions only in .pdf format if it is not stated otherwise in the homework task. The solutions of the practical tasks have to submitted separately to their corresponding input forms (see below).
We would like to get feedback about the difficulty of the homework and therefore we would kindly ask you to write in the comments box an estimate of how much time it took to solve the homework tasks.
2. Homework 1 - written tasks (PDF)Practice session tasks
Data recovery
Recover the data from a virtual hard drive, the name of the virtual drive is "Virtual USB". If you already submitted the solution in the lab then you do not need to resubmit it. (2p)
Upload the recovered image. Edit the metadata according to the lab instructions. Submit the picture as part of your homework solution. This task can only be solved during the practice session(s). If you missed the lab and can not use the virtual machine provided for the lab, ask for an alternative task from the lecturer ASAP.
3. Lab 1: data recoveryVeraCrypt container
Create an encrypted file container with VeraCrypt and submit it as part of the homework. Follow the instructions in the lab session page on how to install and use VeraCrypt. If you already submitted the solution in the lab then you do not need to resubmit it. (2p)
- The container itself should be small (500 kB)
- The password must be "security" (written in lowercase and without quotes)
- Create a text (.txt) file in the container that has your surname as filename, e.g.
Krips.txt
. The file content is not important. - Make sure that you are able to mount the container with the correct password and then submit the VeraCrypt container as a solution. To upload the container you will first have to dismount it.
#7zip Encrypted zip file
Encrypt a file with 7-Zip and submit it as a solution to this task. You must follow the requirements that are described below in order to get full points. The submissions are graded automatically, which means that in case the requirements are not followed you may get 0 points. If you already submitted the solution in the lab then you do not need to resubmit it.(1p)
- There has to be one text file (.txt format, not .docx, not .pdf, etc.) in the zip container. The name of the zip file has to be your family name, for example
Krips.txt
. In the first row of the text file has to be your pseudonym, which you can find under you courses.cs.ut.ee profile (log in to find your profile from the top right corner of the page). - Thus, the zip file has to be small (less than 500 kB)
- The password has to be "1234567" (written without the quotes). In case the zip file does not decrypt with the password 1234567, the grading system will automatically assign 0 points for this task.
- There has to be one text file (.txt format, not .docx, not .pdf, etc.) in the zip container. The name of the zip file has to be your family name, for example