CS166 Section 02, Fall 2014
Due: Thursday, September 4th
** Read Chapter 1 (from the manuscript) and work the following
problems. Cite all sources you use to formulate your answers.
1) Among the fundamental challenges in information security are
confidentiality, integrity, and availability, or CIA.
a) Define each of these terms: confidentiality,
2) When you want to authenticate yourself to your computer, most
likely you type in your username and password. The username is
considered public knowledge, so it is the password that
authenticates you. Your password is something you know.
b) Give a concrete example where confidentiality is more important
c) Give a concrete example where integrity is more important than
d) Give a concrete example where availability is the overriding
a) It is also possible to authenticate based on
something you are, that is, a physical characteristic. Such a
characteristic is known as a biometric. Give an example of
12) CAPTCHAs are often used in an attempt to restrict access to
humans (as opposed to automated processes).
b) It is also possible to authenticate based on something you
have, that is, something in your possession. Give an example of
authentication based on something you have.
c) Two-factor authentication requires that two of the three
authentication methods (something you know, something you have,
something you are) be used. Give an example from everyday life
where two-factor authentication is used. Which two of the three
a) Give a real-world example where you were required to
solve a CAPTCHA to gain access to some resource. What do you have
to do to solve the CAPTCHA?
13) Suppose that a particular security protocol is well designed and
secure. However, there is a fairly common situation where
insufficient information is available to complete the security
protocol. In such cases, the protocol fails and, ideally, a
transaction between the participants, say, Alice and Bob, should not
be allowed to occur. However, in the real world, protocol designers
must decide how to handle cases where protocols fail. As a practical
matter, both security and convenience must be considered. Comment on
the relative merits of each of the following solutions to protocol
failure. Be sure to consider both the relative security and
user-friendliness of each.
b) Discuss various technical methods that might be used to break
the CAPTCHA you described in part a.
c) Outline a non-technical method that might be used to attack the
CAPTCHA from part a.
d) How effective is the CAPTCHA in part a? How user-friendly is
a) When the protocol fails, a brief warning is given to
Alice and Bob, but the transaction continues as if the protocol
had succeeded, without any intervention required from either Alice
16) Malware is software that is intentionally malicious, in the
sense that it is designed to do damage or break the security of a
system. Malware comes in many familiar varieties, including viruses,
worms, and Trojans.
b) When the protocol fails, a warning is given to Alice and she
decides (by clicking a checkbox) whether the transaction should
continue or not.
c) When the protocol fails, a notification is given to Alice and
Bob and the transaction terminates.
d) When the protocol fails, the transaction terminates with no
explanation given to Alice or Bob.
a) Has your computer ever been infected with malware? If
so, what did the malware do and how did you get rid of the
problem? If not, why have you been so lucky?
b) In the past, most malware was designed to annoy users. Today,
it is often claimed that most malware is written for profit. How
could malware possibly be profitable?
End of Document