88-5

90 E-COMMERCE
FALL 2015

HOMEWORK # 1
DUE SEPTEMBER 23, 2015
1.

Define the following security terms:

a. Electronic Purse
b. Dematerialized Currencies
c. Security Mechanisms
d. Active Attack versus Passive Attack
e. Security Risk

2.

Classify each of the following as a violation of confidentiality, of

integrity, of availability, or of some combination thereof.
(a) Alain copies Bashirs homework.
(b) Nabih crashes Weis system.
(c) Mutir changes the amount of Priyankas check from $100 to $1,000.
(d) Majid forges Shervins signature on a NSERC Grant proposal.
(e) Saif registers the domain name PrenticeHall.com and refuses to let
the publishing house buy or use that domain name.
(f) Shervin obtains Mahers credit card number and has the credit card
company cancel the card and replace it with another card bearing a
different account number.
(g) Shelby spoofs Andrias IP address to gain access to her computer.

3. Show a typical monetary flow of payments for an electronic purse.

4. What are the services needed to secure data exchanges in e-commerce?
10/19/2015

S. Erfani
88-590 E-Commerce
ECE Dept. U Windsor

5. Identify mechanisms for implementing the following. State what policy

or policies they might be enforcing.
a. A password-changing program will reject passwords that are less
than five characters long or that are found in the dictionary.
b. Only students in the DSP class will be given accounts on the
RCIMs computer system.
c. The login program of SIS computer system will disallow logins of
any students who enter their passwords incorrectly three times.
d. The permissions of the file containing Network Security Exams will
prevent Yibo from accessing and copying it.
e. When World Wide Web traffic climbs to more than 80% of the
networks capacity, systems will disallow any further
communications to or from Web servers.
f. Don, a system analyst, will be able to detect a student using a
program to scan his system for vulnerabilities.
g. E-Grade, a program used to submit homework will turn itself off
just after the due date.
6. A cryptographer once claimed that security mechanisms other than
encryption techniques were unnecessary because encryption could
provide any desired level of confidentiality and integrity. Ignoring
availability, either justify or refute the cryptographers claim.
7. Use your knowledge obtained in the Cryptography subject to compute
the following quantities using modular arithmetic:

a. 283 (mod 17)

99
b. 9 (mod 100)
29
c. 3 (mod 31)
19
d. 19 (mod 7)
8. What security mechanisms and/or techniques are needed to offer

nonrepudiation services?
9. Discuss some of the vulnerabilities of biometric authentication

mechanism.

10/19/2015

S. Erfani
88-590 E-Commerce
ECE Dept. U Windsor

10. Describe an example where absolute denial of service to a user (i.e., the
user gets no response from the computer) is a serious problem to that
user. Describe another example where 10 percent denial of service to a
user (i.e., the users computation progresses, but at a rate 10 percent
slower than normal) is a serious problem to that user. Could access by
unauthorized people to a computing system result in a 10 percent denial
of service to the legitimate users? How?

10/19/2015

S. Erfani
88-590 E-Commerce
ECE Dept. U Windsor