Computer security principles and practice
Textbook Using: Computer Security Principles and Practice 2nd. Part 4: Essay Questions. 1. (20 points) One hundred years ago, Louis Brandeis and Samuel Warren warned us that, “Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the housetops.’” Cryptography is an enabling technology for self-help privacy. Conversely, cryptography can be used to conceal criminal conspiracies and activities, including espionage. (a) How does cryptography help or hinder protection of privacy and public safety? (b) What policies are needed and appropriate in a networked world regarding the use of cryptography? What new threats do computer systems and networks pose to personal privacy? In other words , what threats are enabled or enhanced by computer systems and networks? 2. Consider the following login protocol. User knows password P User knows Hash function H(.) and has a mobile calculator User gives login name N to machine Machine generates random number R Machine gives R to user User computes X: = Hash(P) XOR Hash(R) User gives X to machine Machine uses N to obtain P from password table Machine computes Y := Hash(P) XOR Hash(R) If X=Y then machine allows login Explain what is wrong with it and how can it be broken. Show a simple way to strengthen this protocol against your attack. How can a web site distinguish between lack of capacity and a denial-of-service attack? For example, web sites often experience a tremendous increase in volume of traffic right after an advertisement with the site’s URL is shown on television during the broadcast of a popular sporting event. That spike in usage is the result of normal access that happens to occur at the same time. How can a site determine that high traffic is reasonable? You discover that your computing system has been infected by a piece of malicious code. You have no idea when the infection occurred. You do have backups…
Leave a Reply
Want to join the discussion?Feel free to contribute!