Assignment 4: Identity, Authentication, Malware
Due 11:59pmEDT, 27 March, 2019
Please turn in a PDF through Gradescope (this link works if you are logged in to Blackboard.) The answer to each question should begin on a new page.
Gradescope is pretty self-explanatory,
but if you'd like you can watch the ITaP video instructions.
Make sure that you mark the start/end of each question in Gradescope. Assignments will be graded based on what you mark as the start/end of each question.
Expect this to be enforced starting with this assignment.
Please typeset your answers (You won't be doing handwritten responses during a
Google phone interview, why would you do so for class?)
A. Identity and Authentication
- Briefly describe the difference between identity and authentication.
- Give an example where we might want authentication but not use identity.
-
Give an example where we might use identity without authentication.
B. Biometrics
-
Give an example of using biometrics for identification
-
Give an example of using biometrics for authentication but not identification
C. Password Mechanism
A company employs the following password verification mechanism, designed for user convenience. The user is logged in as soon as they enter the correct password (no need to click submit or hit enter.) If they mistype the password, the password is rejected as soon as an incorrect character is entered.
- Explain the problem with this approach, and devise an attack
that allows you to easily guess a user's password.
-
Give a measure of the expected strength of a password, and
how strong the password really is given your attack. Assume
that there are S possible characters,
and the password is length L.
D. Malware
-
What are the differences between scareware and ransomware?
-
Malware can be used to form a Botnet. Explain the steps involved
in doing so.
-
Malware is often used for the financial gain of the malicious actor.
It is reasonably obvious how this happens with scareware and ransomware.
Explain briefly how a botnet might be used for financial gain of whoever
releases the malware, and how this might impact detection.