INFS 767 Spring 2004

Prof. Ravi Sandhu

Take-home Examination 1

 

Due in class on 2/18/04

 

This is an examination.  You must write the answer yourself without ANY discussion with anyone else.  Your answers should be based on the material discussed in class.  You are free to consult additional literature on the topic but your time is likely better spent answering the question based on the lectures and the class readings.

 

Provide a signed statement with your submission stating, I have not given help or taken help from anyone on this assignment.

 

All questions have equal weight.  Please answer each question in approximately 1 page, single-spaced.  Your answer should be a coherently written essay that flows and reads similar to a technical paper.  Your solution should be prepared in soft copy, although diagrams may be hand-drawn.  Please submit hard copy on the due date in class.  If you cannot make it to class on the due date submit via email to sandhu@gmu.edu or fax to 253 563 3509 before the class.

 

1.      Compare the exposure to a dictionary attack in these two situations.

a.       A password-based system such as Kerberos which is based entirely on symmetric keys (no asymmetric keys allowed at all).

b.      A password-based PKI system where private keys are not allowed to be stored and processed on a smartcard on the client machine.

 

2.      Identify three claimed advantages of PKI and discuss the validity of each of these claims..

 

3.      Consider the server-side SSL vulnerability discussed in the Hayes 1998 paper.  Assume that client-side SSL is not an option.  Is there something that could be done on the server side to address this vulnerability?   Is there something that could be done on the client side to address this vulnerability?