Problem R-1.16
Give an example of the false sense of security that can come from using the “security by obscurity” approach.
Problem C-1.2
Describe an instance of a file that contains evidence of its own integrity and authenticity.
Problem C-1.3
Suppose an Internet service provider (ISP) has a voice over IP (VoIP) telephone system that it manages and sells. Suppose further that this ISP is deliberately dropping 25% of the packets used in its competitors VoIP system when those packets are going through this ISP's routers. Describe how a user could discover that his ISP is doing this.
Problem C-1.14
Barack periodically comes up with brilliant ideas to stop the financial crisis, provide health care to every citizen, and save the polar bears. He wants to share these ideas with all the cabinet members but also get credit for the ideas. Extending the above approach, he shares a secret key k with all the cabinet members. Next, he broadcasts each idea z followed by value h(k||z). Does this approach work or can Tim claim that he came up with the ideas instead of Barack? Justify your answer.
Chapter 2
Problem R-2.15
A salesperson at a high-end computer security firm wants to sell you a protective cover for your passport, which contains an RFID tag inside storing your sensitive information. The salesperson's solution costs \only" $79.99 and protects your passport from being read via radio waves while it is in your pocket. Explain how you can achieve the same thing for under $3.00.
Problem C-2.6
A thief walks up to an electronic lock with a 10-digit keypad and he notices that all but three of the keys are covered in dust while the 2, 4, 6, and 8 keys show considerable wear.
He thus can safely assume that the 4-digit code that opens the door must be made up of these numbers in some order. What is the worst case number of combinations he must now test to try to open this lock using a brute-force attack?
Problem C-2.12
Consider the following security measures for airline travel. A list of names of people who are not allowed to fly is maintained by the government and given to the airlines; people whose names are on the list are not allowed to make fight reservations. Before entering the departure area of the airport, passengers go through a security check where they have to present a government-issued ID and a boarding pass. Before boarding a fight, passengers must present a boarding pass, which is scanned to verify the reservation. Show how someone who is on the no-fly list can manage to y provided boarding passes can be printed online. Which additional security measures should be implemented in order to eliminate this vulnerability?
