Homework 3 - Authentication and Project Milestone

Due: Friday April 23, 2010 at 5:00pm

Part 1: Questions for Chapters 2 & 3

Each question is worth 2 points, 10 points total.

  1. List at least two ways someone could attack a challenge-response system.
  2. One issue with passwords is that users tend to set passwords and then never change them. Why is the policy of forcing a password change every month NOT a good way to handle this issue? Answer in terms of the psychological acceptability of this method.
  3. Is using a Kerberos ticket more secure, less secure or equivalent to setting a session key in the user's browser? Justify your answer.
  4. If a password consists purely of 6 upper case letters, how long would it take to test all possible passwords if the attacker could generate and test one password per second?
  5. If a password consists of 10 tokens, where each token can be an upper case letter, a lower case letter, a number or a symbol chosen from ! @ # $ % ^ & * . = +, now how long would it take to test all possible passwords, again assuming the attacker could generate and test one password per second?

Part 2: Project Milestone

Find two references for your research topic. Each reference is worth 5 points.

Send me your references using the following format, which is the standard format for Computer Science references: 

Conference proceeding:
Author List. Title. In Proceedings of the Conference Name, Conference Location, Month and Year of Conference, Page Numbers.

Journal proceeding:
Author List. Title. Journal Name, Volume Number, Issue Number, Page Numbers, Month and Year Published.

Book:
Author List. Title. Publisher, Year Published.

Online article:
Author List. Title. [Online] URL, Date Retrieved.
Examples of each reference style: 
S. Jha, O. Sheyner, and J. Wing. Two Formal Analyses of Attack Graphs. In
Proceedings of the IEEE Computer Security Foundations Workshop, Cape Brenton, 
Nova Scotia, Canada, June 2002, pp 49-63.

C.E. Landwehr, A.R. Bull, J.P. McDermott, and W.S. Choi. A Taxonomy of Computer
Program Security Flaws. ACM Computing Surveys, vol. 26, no. 3, pp 211-254,
September 1994.

E. Friedman-Hill. JESS in Action. Manning Publications Company, 2003.

MIT Press Release. MIT Lincoln Laboratory software aims to thwart cyber
hackers. [Online] http://web.mit.edu/newsoffice/2008/security-0827.html,
August 2008.
For each reference, also provide a brief description (1 paragraph) of the contents of that reference.