EITN41 Advanced Web Security, 2014/2015
There are 5 sets of home assignments in the course HA1-HA5.
The procedure for solving and handing in the exercises can be found in the "introduction" lecture slides. Also rules and how grading is done can be found there. Make sure that you read those slides carefully!
Some exercises will require you to consult an academic paper. These can be accessed from the University network, but also from home by logging in to LibHub. In some cases a link is provided in the home assignment, otherwise Google Scholar is a good tool for findig them.
Home assignments can be generated here:
You hand in your assignments and view your results here. You username is your LTH-ID and your initial password is your personal number (10 digits). Change your password when you have logged in the first time.
Treating references in home assignments. You are not required to provide references in your answers to A-assignments. For B-assignments, you should only do it if you feel that it is really motivated, but you are not expected to do it. For C-assignments that require you to write a short essay, you should always provide relevant references.
Questions and Feedback hours. You can ask questions about and get feedback on your home assignments in Paul's office. Use the time slots below. Please respect these time slots!
- Mondays: 9–12
- Tuesdays: 9–12
- Wednesdays: 9–10
- Fridays: 9–11
Note that the deadlines below are sharp. They might be changed if necessary, but the written deadlines apply to everyone with no exceptions. All deadlines are 23:59:59.
Modified Deadlines: Following some student feedback, we have decided to move deadlines for B- and C- assignments so that you get som extra time for these:
B- and C- assignments
|Solutions (B and C)|
|HA 3||2014-12-09 (Tuesday)|
|HA 4||2015-01-05 (Monday)|
|HA 5||2015-01-05 (Monday)|
Note 1: Both HA4 and HA5 have been moved to next year (B- and C- assignments only).
Note 2: Hand-ins are graded continuously in a first come first served fashion. A first batch of results for HA4 and HA5 will be published on 2015-01-06, so if you want your result early, submit early.
A-22: Assume that the bank has a list of all ID's for people using the bank.
B-1: Clarification: Using a hash function refers to taking the 15 digits, hash them and take the result modulo 10. This value is then used as control digit.
C1: Clarification: You should implemement the improved protocol found on the slides, i.e., the one where you generate 2k quadruples. Only implement coin withdrawal. Purchase phase is not required.
A6: You want to recover s in slides and notes. "x" is a typo.
B3: If you use the figures from the lecture notes, note that 1543 should be 1523 and 1542 should be 1522.
C1: An attacker will typically want to break the binding property before the commitment is sent.
A24: Note that there is only one question mark. The third sentence is a statement, not a question.
Note: Martin will have difficulties reading email from 17/12, so please direct your questions to Paul.
Information about oral exam
The main goal is to make sure that you have a good understanding of the subjects. You should be able to
- discuss your solutions to your home assignments (those that you did),
- use your knowledge from the course to discuss the security of related topics, protocols or technologies,
- discuss design choices and the consequences when some parts are modified,
- compare similar protocols and provide clear explanations regarding the differences.
The exam will consist of questions related to the above aspects. Some questions will likely be in discussion form and may not have a clear answer. Your task is then to have an informed discussion about a problem.