Homework #2 (15p)
Deadline: 30th of October (the solution has to be submitted before Monday)
Recommended reading
- Announcing the first SHA1 collision
- SHAttered
- HTTPS Certificate Revocation is broken, and it’s time for some new tools
Written tasks
PKC, PKI and HTTPS
- Hashing
- What are the two main differences between encryption and hashing? The answer must be formatted as a list. This question can have multiple correct answers. (1p)
- Read the following article: HTTPS Certificate Revocation is broken, and it’s time for some new tools. Answer the following questions:
- Why are certificate revocation lists not guaranteed to work in practice? (1p)
- Online Certificate Status Protocol has also some issues, list two issues. (1p)
Smartcards, e-voting, blockchain
- In an opinion story Otto de Voogd wrote about the possibility of the state having access to the secret keys on the Estonian ID-card. As a response to the opinion Agu Kivimägi wrote how private keys are generated. Name two different reasons why the Estonian government can not access / know the secret key that is on your ID-card. The ID-card vulnerabilities that were described in 2017 are out of scope of this question. The answer must be formatted as a list. (1p)
- It is difficult to build secure internet voting systems. Some people have proposed to use blockchain as a solution to improve the security of internet voting. You have two tasks. First, read the following two papers and make a brief summary of the main points presented in these papers regarding the use of blockchain in internet voting. Second, add your own opinion or comments. More specifically, do you agree with the authors? Why? (4p)
Lab tasks (7p)
There are four lab tasks that have to be solved. The submission forms are available at the lab page.
- Task is about image metadata.
- Task is about TLS and certification information.
- Task is about syncing files with Syncthing.
- Task is about using Signal for end-to-end encrypted messaging. As an alternative, also a theory task is offered.
Submission form for the written tasks
The solution for the written tasks has to be submitted through this website. The solution can be submitted once you have logged in with the university credentials. We accept solutions only in .pdf format if it is not stated otherwise in the homework task.
We would like to get feedback about the difficulty of the homework and therefore we would kindly ask you to write in the comments box an estimate of how much time it took to solve the homework tasks.
6. Homework 2 - written tasks (PDF)Solutions for this task can no longer be submitted.