COMP3334 Computer Systems Security 2021/22 Semester 2
Tutorial 5 Authentication I Question 1 Password Security
If there is a password with a length of 8, containing any of lowercase letters, uppercase letters, numerals and special characters. Allowable special characters are
~ ! @ # $ % ^ & * ( ) _ + | ` – = \ { } [ ] : ” ; ’< > ? , . /
Copyright By PowCoder代写 加微信 powcoder
a) How many possible passwords can be formed?
b) What is the entropy of this password?
Question2 One-wayAuthentication
Consider a one-way authentication technique based on asymmetric encryption:
B → A: E(PKA, R) A→B: R
a) Explain the protocol.
b) What type of attack is this protocol susceptible to?
COMP3334 Computer Systems Security 2021/22 Semester 2
Question3 BiometricAuthenticationSystems
A bank uses a biometric system to authenticate employees entering the safe where the money is stored overnight. To get in the room, one has to type in the username and put his/her finger on the sensor. The fingerprint is then digitalized and sent to the authentication server, which accepts or rejects access to the room. The authentication server relates the username with the digital version of the fingerprint. Statistical analysis show that the authentication server has a false-reject rate of 10% and a false-accept rate of 0.5%. The user is allowed to try five attempts, after which security guards are called and the user is intercepted.
a) Explain what false-accepts and false-rejects are. Are the above-mentioned rates suitable for this kind of application?
b) If Tom finds a way to manipulate the fingerprint-reader as he wants, what interesting data would he be able to collect? How can he exploit what he collects?
COMP3334 Computer Systems Security 2021/22 Semester 2
Question 4 Salted Password
Consider the following simple password-based authentication system. A secret key X is embedded inside the application software. The application software requires access to a file called userlist.txt for its functioning. userlist.txt is a text file recording the list of legitimate users. Each line in userlist.txt records the login credential of a user and is of the following format: USERID#SALT#SH#HMAC, where the character # is used as a separator. The fields are explained below.
ID of the user
A random string of 64 bits
Hash of the salt concatenated with the user’s password. SHA-1 is used.
HMAC of salt concatenated with SH using X as the secret key. Again, SHA-1 is used and HMAC is 160 bits.
a) How can the program verify the user’s password?
b) What is the purpose of SALT? Compare the security if SH is only hash of the user’s password.
c) Discuss the conditions under which this authentication system is secure.
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com