Description
1 Problem 1 – News Story of Security Incident
In 2018, USPS website exposed data on 60 millions users. Apparently, the problem originated
from an authentication weakness in the USPS API that tied to a Postal Servive initiative called
“Informed Visibility”. It was meant for buinesses, advertisers, and other bulk mail senders to
“make better business decisions by providing them with access to near real-time tracking data”. As
a result, anyone logged into the usps.com was able to query the system for account details belonging
to any the users. Information such as email address, usernames, user IDs, street address, phone
numbers, and etc were released or available to anyone. They were also able to modified said users
information.
This type of breach hit two of the big three security goals. There was definitely a loss of confidentiality since the website did not prevent unauthorized reading of information and there was a loss
of integrity since the website did not prevent modification of the users’ information.
The article mentions that many of those that were aware of the problem were able to obtain anyone’s
information for any purpose. There was an example of a user indicating that they had moved away
to a new location due to an issue with neighbors and if such a breach occurred, there location was
now available to their own neighbors.
2 Problem 2 – Definitions
• A. Define each of these terms: confidentiality, integrity, and availability.
– a. Confidentiality – preventing unauthorized access of secured information
– b. Integrity – preventing unauthorized modification of secured information
– c. Availability – ensures data is available at all times
• B. Provide concrete example where confidentiality is more important than integrity.
Anonymous submissions. For example, Piazza is platform that allows the students to confidently post any questions or comments anonymously. If that goal was removed, the students
would lose trust within the site and no longer feel comfortable with asking questions or seeking
for help.
• C. Provide a concrete exmaple where integrity is more important than confidentiality.
Perhaps power/energy systems where a delicate balance of information/calculations is necessary to run whatever system or operation is being completed. A nuclear powerplant is another
good example.
1
• D. Provide a concrete example where availability is the overriding concern.
Accessing a bank account. It is important to reassure the user that their money is safe and
available at all times.
3 Problem 3 – Bank Account Scenario
Q: From a bank’s perspective, which is more important, the integrity of its customer’s data or the
confidentiality of the data? From the bank’s customers, which is more important?
I believe confidentiality would be important for both sides. A customer would be upset if the adversary was able to go within their accounts because of lack of confidentiality. Once the adversary has access to the account, they would be able to breach the integrity of the user by, for example, changing the password. This will obviously lead to an upset user and more problems for the bank.
4 Problem 4 – Scheming
Q: Sender and receiver have same key. To determine they have same key, sender generates R, XOR
with K and sends to receiver. Receiver XOR R with K again, and sends back the original plaintext
R to sender to confirm they have same K. Is there a flaw?
I think the obvious problem is that the receiver is sending back the plaintext to the original sender. If there was a passive eavesdropper collecting information, they would have access to a plaintext/ciphertext pair. Thus, they would easily be able to determine the key.
5 Problem 5 – XOR Arithmetic Expressions
Given: a XOR b = c 1. a XOR a = 0 2. a XOR a’ = 1 3. a XOR b’ = c’ 4. a’ XOR b’ = c 5. a
XOR b XOR a = b 6. b XOR c = a
6 Problem 6 – Simple Shift Substitution
Given ciphertext: CSYEVIXIVQMREXIH
After doing frequency analysis, I = 3 and E = 2…Taking a wild guess, I assigned I = E, which would mean a shift by 4. Forward shift resulted in gibberish, so I tried a backward shift.
Plaintext: YOUARETERMINATED
7 Problem 7 – Encrypt using Double Transposition
Plaintext: We are all together; Use double transposition cipher with 4 rows and 4 columns. * Row
permutation: (1, 2, 3, 4) -> (2, 4, 1, 3) * Column permutation: (1, 2, 3, 4) -> (3, 1, 2, 4)
Original:
w e a r
e a l l
t o g e
t h e r
Row Permutation:
e a l l
t h e r
w e a r
t o g e
2
Column Permutation:
l e a l
e t h r
a w e r
g t o e
Final Ciphertext: LEALETHRAWERGTOE
8 Problem 8 – Computation
Q: Computer can test 2^40 keys each second and the key space is size of 2^128. Compute the
average time taken to find the correct key.
2
128/240 = 2^88.
3