What is a replay attack? How can we avoid replays?
What is meant by a session key? What is meant by a one-time password?
Explain how encryption can help with message authentication, even if the
encryption is weak and easily broken.
Describe the basic idea behind the Kerberos system. What are the major drawbacks of
Kerberos?
Graded problems
This week, the practical work is about preparing for the coming weeks
ahead, and testing your understanding of Hamming codes.
This part of the exercise should be documented in your project.
Download the file SecurityCourseKit.tar.gz from ftp.iu.hio.no,
using anonymous ftp.
Unpack the contents of this file into a directory which you use for your
security work, using tar zxf SecurityCourseKit.tar.gz.
The file contains a program which is a mixture of C and C++ code.
Compile the program by typing:
./configure
make
Something funny happens when you do this? Examine the Makefile and try
to find out what happens when you type make. What could have happened
if you compiled this program with root privileges?
Examine the make-up of the program appl which is built. It is composed
of some parts made of C++ and other parts made of C. There are many functions
provided for you which are not yet used by the program, but which you will
use in the coming weeks.
Describe for yourself how the program works. Where is the main()
function, where the program starts? Where are the other functions used by main()?
Run the program appl. Would it be safe to run this as superuser?
This part of the exercises must be submitted electronically.
You can only submit these answers once, and your score will contribute
to your final grade.
The following exercises on Hamming codes are randomly generated: