You can download the sample Information Technology essay on Software Engineering with the following question for free at the end of this page. For further assistance in Information Technology Assignment help, please check our offerings in Information Technology assignment solutions. Our subject-matter experts provide online assignment help to Information Technology students from across the world and deliver plagiarism free solution with free Turnitin report with every solution.
(AssignmentEssayHelp does not recommend anyone to use this sample as their own work.)
Information Technology Assignment Question
1. You have been hired by a bank to help them harden their online banking service against phishing
attacks. Explain briey the strengths and weaknesses of the following four possible countermeasures:
(a) SSL/TLS client certi_cates issued to each customer.
(b) A handheld password calculator issued to each customer.
(c) Displaying a unique picture to each customer during the login process.
(d) Requiring that large payments, or payments to new recipients, be authorised by telephone or SMS as well as online.
2. Describe the following terminology in the content of anonymity:
3. These questions relate to hill climbing attacks.
(a) Explain how a hill climbing attack works in the context of biometrics.
(b) What assumptions underly the use of this attack?
(c) Based on the assumptions, how might we provide protection against a hill climbing attack?
Information Technology Assignment Solution on Software Engineering
Under the scenario of hardening an online banking platform against phishing attacks.
a) SSL/TSL is used by most of the websites for server authentication but it can be extended to have client authentication. And it can be used for safeguarding against phishing attacks. But the weakness of this approach is all client do not support client authentication as they lack having certified public key. However, there is a process that can be used to automate the process of acquiring the client-side public key. Hence it can be used against phishing successfully. (Alsaid & Mitchell, 2006)
b) Yes, use of handheld password generators will help in combating phishing. As in this case, the attacker won’t have knowledge about the password easily.
c) The displaying unique picture to each customer during login is same as using CAPTCHA. Use of CAPTCHA ensures the user is human, not some bot. And studies have shown CAPTCHA based visual security implementation is not sufficient for being used as an anti-phishing technique. Because all customers will not have the same degree of information security awareness. Some advanced bot can be used to capture sessions and key loggings. Later one that can be used for login. (Leung, 2009) However, if the process is such that no matter what, every time a customer will need to use CAPTCHA for login even after expiration of session. Then it might help.
d) If the telephone number and online email addresses are verified for every customer then this process will be useful. Otherwise, it will create security loopholes only.
Anonymity is applicable to a subject or person. There should be a set of similar subjects with a similar set of attributes. With reference to such set of the subject, a subject will have anonymity when it will not be identifiable from other similar subjects from the set. Such subject will be called as the anonymous subject. (Pfitzmann & Hansen, 2010)
Unlinkability is a description of a state of a link between two subjects of interest. Unlinkability is the lack of information on such links such that it cannot be determined whether the link is there between the subjects or not or it can be said, that the link is indistinguishable. (Pfitzmann & Hansen, 2010)
Unobservability of a subject means the subject cannot be distinguished from others. There is a difference between anonymity and unobservability. The existence of an anonymous subject is known, but the existence of an unobservable subject is not certain. (Pfitzmann & Hansen, 2010)
A subject can have another identifier than its real names. Such identifies is called pseudonym. When these pseudonyms are used as identifiers for a subject then this is called pseudonymity. (Pfitzmann & Hansen, 2010)
(Some parts of the solution has been blurred due to privacy protection policy)