A bank requires for their customers to access their online banking accounts to provide as User...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
A bank requires for their customers to access their online banking accounts to provide as User Id (or user name) the last 8 digits of their bank card number, and a password with a length between 8 and 12 ASCII characters, including the following restrictions: Password must: • Have at least 8 characters • Have at least 1 letter (a, b, c.) • Have at least 1 number (1, 2.3.) • Include both Upper case and Lower case characters Password must NOT: • Contain only one character (11111111 or aaaaaaaa) • Contain only consecutive characters (12345678 or abcdefgh) Confirm Password By signing up. I agree to the Privacy Policy and Terms of Service. Note: Passwords nust have at least 8 characters long and at most 12 characters long. By signing up. I agree to the Privacy Policy and Terms of Service. Note: Passwords must have at least 8 characters long and at most 12 characters long. The bank also requires that each password be changed at least once every five years. 1. Assume that by conducting the attack using an average modern GPU 15.6×1010 passwords can be tested per second, calculate the probability that a hacker can guess a password in the timeframe between two consecutive changes. [2%] 2. A hacker controls a network of compromised machines (botnet) that can be used to launch the attack. The network consists of 1 million compromised machines (bots) located in different countries around the globe. Assume that the machines have approximately the same computing capability. The hacker uses a simple strategy consisting of slicing the usemame space in subsets of equal size, and assigning a subset to each of the bots to conduct the attack in parallel. Calculate the probability that a successful password guess can be obtained in the timeframe between two consecutive changes. Briefly comment the results [3%]. In order to strengthen the above password scheme, the bank investigates the following two different solutions: Using an exponential back-off schenme, ie., introduces a delay of " between consecutive failed authentications. The back-off scheme begins when a user attempts to authenticate and fails. The system waits x=1 second before re- prompting for the name and authentication data. If the user fails again. the system re-prompts after r=x seconds. After n failures, the system waits seconds. Using One-Time Password (OTP) tokens. A standard token displays a variable password consisting of 6 digits. For the sake of simplicity, consider that the OTP tokens are event-based 3. Calculate the probability of successfully breaching an online account for each of the above options (in the time period between 2 consecutive password changes) using the botnet, i.e.: a. Standard pasSword scheme with exponential back-off using x=1.1 second for the base delay. [3.5%] b. Multifactor authentication scheme combining standard password and OTP. assuming that the test frequency for (OTP. fixed password) pairs remains virtually the same as that of single password (ie. 15.6×1019 guesses/second). [3.5%) 4. Discuss the benefits and limitations of cach solutions and indicate (in your opinion) the best option. [3%] A bank requires for their customers to access their online banking accounts to provide as User Id (or user name) the last 8 digits of their bank card number, and a password with a length between 8 and 12 ASCII characters, including the following restrictions: Password must: • Have at least 8 characters • Have at least 1 letter (a, b, c.) • Have at least 1 number (1, 2.3.) • Include both Upper case and Lower case characters Password must NOT: • Contain only one character (11111111 or aaaaaaaa) • Contain only consecutive characters (12345678 or abcdefgh) Confirm Password By signing up. I agree to the Privacy Policy and Terms of Service. Note: Passwords nust have at least 8 characters long and at most 12 characters long. By signing up. I agree to the Privacy Policy and Terms of Service. Note: Passwords must have at least 8 characters long and at most 12 characters long. The bank also requires that each password be changed at least once every five years. 1. Assume that by conducting the attack using an average modern GPU 15.6×1010 passwords can be tested per second, calculate the probability that a hacker can guess a password in the timeframe between two consecutive changes. [2%] 2. A hacker controls a network of compromised machines (botnet) that can be used to launch the attack. The network consists of 1 million compromised machines (bots) located in different countries around the globe. Assume that the machines have approximately the same computing capability. The hacker uses a simple strategy consisting of slicing the usemame space in subsets of equal size, and assigning a subset to each of the bots to conduct the attack in parallel. Calculate the probability that a successful password guess can be obtained in the timeframe between two consecutive changes. Briefly comment the results [3%]. In order to strengthen the above password scheme, the bank investigates the following two different solutions: Using an exponential back-off schenme, ie., introduces a delay of " between consecutive failed authentications. The back-off scheme begins when a user attempts to authenticate and fails. The system waits x=1 second before re- prompting for the name and authentication data. If the user fails again. the system re-prompts after r=x seconds. After n failures, the system waits seconds. Using One-Time Password (OTP) tokens. A standard token displays a variable password consisting of 6 digits. For the sake of simplicity, consider that the OTP tokens are event-based 3. Calculate the probability of successfully breaching an online account for each of the above options (in the time period between 2 consecutive password changes) using the botnet, i.e.: a. Standard pasSword scheme with exponential back-off using x=1.1 second for the base delay. [3.5%] b. Multifactor authentication scheme combining standard password and OTP. assuming that the test frequency for (OTP. fixed password) pairs remains virtually the same as that of single password (ie. 15.6×1019 guesses/second). [3.5%) 4. Discuss the benefits and limitations of cach solutions and indicate (in your opinion) the best option. [3%]
Expert Answer:
Answer rating: 100% (QA)
Required code in C include using namespace std selectArray is a utility function that is used to randomly generate a integer in the range 1 to 4 both inclusive int selectArray srandtimeNULL int i rand ... View the full answer
Related Book For
Posted Date:
Students also viewed these accounting questions
-
Solve the problem. Certain laboratory animals must have at least 30 g of protein and at least 20 g of fat per feeding period. These nutrients come from food A, which costs $0.18 per unit and supplies...
-
+160V +100V +40V OV B FIGURE 23-10 C D /-40V F /-100V /-160V H The equipotential surfaces between two spherical conductors are shown in Fig. 23-10, with the value of the potential marked for each...
-
Consider the diode bridge rectifier shown below with the voltage regulating capacitor in parallel with the load resistor. 60Hz 120V 10:1 C-470F IL R=1kQ a) For the input signal, sketch waveforms of...
-
Ronnie owns 600 shares of a stock mutual fund. This year he received dividend distributions of 60 stock mutual fund shares ($ 40 per share) and long term capital gain distributions of 45 stock mutual...
-
Recall the survival lottery described in Question 2.2.14. What is the probability
-
Castle Leasing Company signs a lease agreement on January 1, 2014, to lease electronic equipment to Jan Way Company. The term of the noncancelable lease is 2 years, and payments are required at the...
-
Calculate the energy density versus temperature very early in the universe when the temperatures were above \(k T=300 \mathrm{MeV}\). At those temperatures, quarks and gluons were released from...
-
Tsang, Inc., is considering the sale of two bond issues. Choice A is a $1,600,000 bond issue that pays semiannual interest of $128,000 and is due in 20 years. Choice B is a $1,600,000 bond issue that...
-
What are some similarities and differences between the Microsoft SQL Server, Oracle Database, Amazon Aurora, IBM Db2, and MySQL relational database vendors?
-
Suppose the program counter (PC) is set to 0x20000000. 1. What range of addresses can be reached using the MIPS jump-and-link (jai) instruction? (In other words, what is the set of possible values...
-
1. The lower growth in the money supply, the higher is the inflation rate. True False 2. If a market basket was defined in 1998(base year), it cost $10,000 to purchase the items in that basket in...
-
What does the company Coca-Cola state about its view on ethics?
-
Does Coca-Cola company published view on ethical standards conform to or differ from its practices of individualism view, moral rights view, justice view, and utilitarian view versus their practiced...
-
A thermocouple made of Chromel/alumel is placed in an oven and connected to a computer DAQ system. The Junction box temperature is independently measured to be 25 o C. The thermo -couple voltage is...
-
Two objects, each having a mass of 2.3 x 10 8 kg, are separated by a distance of 3.0 x 10 3 m. What is the gravitational force of attraction between them?
-
For the common-base network of Fig. 4.138 a. Using the information provided determine the value of Ro b. Find the currents I and I. c. Determine the voltages VBC and VCE 14 V RC Ve=8V H 4Vo 8=90 RE...
-
DO not use for or while. Any looping must be accomplished using recursion. Part 3a. Largest power of two less than Implement the method public static int lp2lt(int n) which calculates and returns the...
-
Suppose the concentration of glucose inside a cell is 0.1 mm and the cell is suspended in a glucose solution of 0.01 mm. a. What would be the free energy change involved in transporting 10-o mole of...
-
OpenTable.com Inc., with more than 13,000 participating restaurants, is the market leader in online restaurant reservations service providers. Restaurants pay a monthly fee as well as $1.00 per head...
-
Midas Inc., best known for its automobile muffler repair business, provides its products and services through hundreds of franchised dealers throughout the U.S. Although Midas offers other auto...
-
Discuss the major issues facing the channel manager with respect to where buyers make their purchases.
-
Obtain a copy of the ACAS Code of Practice 1: Disciplinary and Grievance Procedures (2009). Use this, and our suggestions in this chapter, to rewrite or modify either of the procedures you used for...
-
One of the disadvantages of the IEEET1 exciter is following a fault the terminal voltage does not necessarily return to its prefault value. Using PowerWorld Simulator case Problem 12_3 determine the...
-
Rework Example 13.6 if the source impedance at the sending end of line \(\mathrm{A}\) is \(\mathrm{Z}_{\mathrm{G}}=\mathrm{Z}_{\mathrm{A}} / 4=100 \Omega\), and the receiving end of line...
Study smarter with the SolutionInn App