Homework Solutions 9 - MIT OpenCourseWare
Homework 9 Solutions1.264, Fall 2013Security1. Agreement1. Kerberos is a private key, trusted third party authentication system. Itrequires all the companies to have single, trusted Kerberos server. Thishas an internal risk: the Kerberos administrator(s) would manage allsecurity for each ERP, not just access to the shared features. This isprobably unacceptable: a customer could spy on other customers.Kerberos is almost always used within one organization, where theserisks are minimal.2. SSL is a public key, certificate-based authentication system. SSLcertificates can be issued by the aircraft parts company or a third party,which is a certificate authority (CA). The aircraft parts company, if itissued its own certificates, would also use a root CA. Each of the 11companies would decide which certificates had which privileges in itsERP system; there is no centralized security administration.3. The tradeoffs between Kerberos and SSL are:a. Kerberos requires a trusted server; SSL doesn’t (though itrequires a certificate authority to issue the certificates)b. Kerberos has central management of user authentication andauthorization; SSL has certificates that identify the principals, butauthorization (access to apps) is handled by each ERP.c. SSL can be used to establish communications between parties whodon’t have a shared secret (private key). This isn’t important inthis case, since the aircraft parts company and its customers areknown to each other.d. SSL client certificates only identify the client’s email address,which is weak authentication for access that may allow financialtransactions. A Kerberos username and password are controlledmore closely by the Kerberos administrator.e. Both SSL and Kerberos encrypt the session with the ERP.4. Usernames and passwords are probably the least acceptable.a. For usernames and passwords, it will be necessary for each of the11 companies to manage their own system. Requests to add,change or delete a username will have to be handled at all 11systems. The same username/password pair will be assigned to auser across all 11 systems. To manage this centrally would requirea group that has admin access to all 11 ERPs, which is probablyan unnecessary security risk, since these admins would almostcertainly have access to the full ERP.1
2. Define all the principals and variables in the protocol:1. Principals:a. Let D be driver and his/her IDb. Let T be the smartcard issued by aircraft parts company tocarrierc. Let F be the freight bill numberd. Let G be the gate and its smartcard reader; KT is the shared keybetween the gate and all smartcardse. Let C be the transportation carrier server and KC its public keyf. Let M be the aircraft parts distributor serverg. Let A be the access codeDefine the protocol2. Protocol:a. M- C: {F} KCb. C- D: Fc. T- G: T, {T, N} KTd. G- T: {A} KTe. D- G: F2
3. List three potential flawsa. List the flaws:1.2.3.4.Driver ID not in protocol.Access code written to card before valid freight bill number entered.Freight bill sent in clear.Shared private key KT across all smart cards.b. Describe one or more attacks:If an intruder wishes to improperly enter the facility, these flaws can be used incombination:1. The intruder can steal a smart card from any driver of any carrierserving the distribution center. Or the intruder can use a man in themiddle attack or crack the key, as in the lecture notes. Since driver ID isnot in the protocol, any card will do.2. The freight bill number is sent in the clear from the carrier to the driverin email, so the intruder can intercept it. The intruder can also get thenumber when the driver keys it in, by getting the electromagneticradiation from the key taps, or by a hidden camera near the gate, orother means. Freight bill numbers remain valid and can be reused forsome period by an attacker, so one freight bill may allow multiple entries.3. The access code is written to the card before a valid freight bill number isentered. An intruder with a stolen card can get the access code from thegate first, and then get a freight bill number later, making an attackeasier. The access code may remain in effect for a long period allowingmultiple attacks.3
4. Use casesSome plausible scenarios are listed below. You will have others that are equallyplausible.1. Steal or hijack a high value shipment for direct financial gaina. Steal an access card, intercept a freight bill number as in question 32. Steal or hijack a safety critical shipment to use for blackmail or other threat.a. Same steps as above.3. Break into the database to steal aircraft parts company’s financialinformation, such as bank accounts that can be stolen from.a. Attackers try all Web pages and Web services, looking for flaws inlogic. Methods include cross site script attacks, SQL injection, etc.The goal is to obtain administrator access to the database.4. Break into the database to steal vendor or customer financial information, tosteal from it.a. Same steps as in 3 above. Other possibilities are to compromise anemployee, guess passwords, etc.5. Introduce a virus in the company’s systems to shut down the distributioncenter or cause processes to malfunction, as an extortion attempt.a. System operators with Internet access are lured to Web sites that caninfect the system software.6. Tamper with aircraft parts products, as an extortion attempta. Gain physical access, as in question 37. Steal trade secrets and sell them to a competitor.a. Gain access to the company’s file servers or internal network, andobtain documents with trade secrets.4
5. Biometrics1. Fingerprint readers are the most widely used biometric technique.Equipment is readily available. The false match rate is about 1% and themissed match rate is perhaps 4% in many cases. These are likely to beacceptable for a relatively small number of drivers, and in a system wherethere are other elements that control access, such as having the card and thefreight bill number. Fraud is possible through “lifting” fingerprints andmaking copies, so a sophisticated attacker must be assumed to be able todefeat the fingerprint check.2. Iris scans are more expensive, take more time (the driver would probablyhave to exit the truck), but have lower error rates than fingerprint readers.Fraud is possible through taking pictures of a valid driver’s eyes and usingthe picture, possibly printed on a contact lens, so again, a sophisticatedattacker must be assumed to be able to defeat the iris check.3. Voice recognition is likely to be unreliable, as noted in Anderson. Recordingsare an easy way to defeat them, and there are others.4. These methods add security in routine operations, but probably not muchagainst a sophisticated attack. These methods work best in attendedoperations, so the aircraft parts distribution center security staff may need tobe assigned to the gate to obtain the benefit of biometric checks. Biometricsis unlikely to provide after-the-fact proof in court. Last, biometrics oftenappears to have a deterrent effect on criminals; its capabilities to identifycriminals may be limited.5
MIT OpenCourseWarehttp://ocw.mit.edu1.264J / ESD.264J Database, Internet, and Systems Integration TechnologiesFall 2013For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
b. Let T be the smartcard issued by aircraft parts company to carrier c. Let F be the freight bill number d. Let G be the gate and its smartcard reader; KT is the shared key between the gate and all smartcards e. Let C be the transportation carrier server and KC its public key f. Let M be the aircr
tell me your favorite subject in first grade and why! Monthly ELA Homework Calendar: Please complete your ELA homework nightly on the white paper provided in the homework section of your P.A.W. binder. Homework will be checked on Friday’s. Homework is a completion grade and is a good practice of the content that we cover in class. Spelling .
Unlocking Knowledge, Empowering Minds About MIT OpenCourseWare › MIT OpenCourseWare Free and open educational resource (Syllabi, lecture notes, videos, psets, exams, Java applets ) No credit, degrees, or faculty access 1.5 - 2 million visitors/month (including 10,000 HS students) Publishing 1
For Peer Review A OverCode: Visualizing Variation in Student Solutions to Programming Problems at Scale ELENA L. GLASSMAN, MIT CSAIL JEREMY SCOTT, MIT CSAIL RISHABH SINGH, MIT CSAIL PHILIP J. GUO, MIT CSAIL and University of Rochester ROBERT C. MILLER, MIT CSAIL In MOOCs, a single programming exercise may produce thousands of solutions from learners.
PowerBook 145B/80 B1433 MIT 1370 PowerBook Duo 230/ 120 B1432 MIT 2480 ThinkPad 720/160 9552-308 MIT 3245 ThinkPad 720C/160 9552-30J MIT 4540 DeskJet 500 HP-C2106A MIT 370 LaserJet lIP Plus HP-C2007A MIT 790 Value Bundle 4MB RAM/120MB hard disk MIT 1215 Value Bundle
Let’s try: Weak Entity Set homework have course c_number title hw_number total_scores due_date Homework cannot exist without a course. Every homework must belong to a single class. A course can have many homework. Different courses may have the same homework number
Homework If your school has decided to share homework tasks with parents, you will see the Homework tab when viewing pupils from that school. Selecting this tab will display a list of homework tasks which your child has been assigned to. To change the date range for displayed homework tasks, click on the Date button to select from the
Homework If your school has decided to share homework with pupils, you will see the Homework tab in your account. Selecting this tab will display a list of the homework tasks which you have been given. To change the date range for displayed homework tasks, click on the orange Date button. To display tasks in the order they were
Research on effective homework practices (Pickering, 2003) suggests the following. Vary the amount of homework assigned to students from elementary to middle school to high school. As students grow older, they should spend more time on homework. The homework chart below (Table 1) reflects the results of six studies
