University of Chicago SUPERgroup

Usable Security and Privacy
Problem Set 5

Due in class, on paper at 3:00pm on Monday, May 15th.

Problem 1 (50 points)

As platforms like Samsung's SmartThings have brought an app-ified Internet of Things (IoT) to consumers, concerns have been raised about whether consumers are truly being notified about the privacy risks of having Internet-connected devices in their home. Thus, we want you to design a privacy notice for Internet of Things apps. You should turn in:

  1. One paragraph describing what medium (screen on a smart phone, spoken notification from something like the Amazon Echo, paper notices, etc.) you have chosen for delivering this privacy notice, and why.
  2. One paragraph describing what details you believe to be most important for an IoT app privacy notice to communicate, and why.
  3. One paragraph describing the decisions you made in designing your privacy notice.
  4. Sketches of your notice that you will use for a paper prototype. For more information on creating a paper prototype, please read this article. Note that you should have examples of all major screens or displays that a user would see. You can create sketches on paper (give us photocopies!), in Powerpoint, in rapid-prototyping software, etc.

Problem 2 (50 points)

While we have spent most of the quarter focusing on designing interfaces and software to help users make security and privacy decisions, we have yet to spend much time engaging with how attackers exploit predictable human behaviors.

For this problem, we will distribute (one week before the assignment is due) 300 different password hashes to each member of the class. Your deliverable for this problem is to submit the plaintext passwords (hash preimages) for as many of these password hashes as you can crack.

We have uploaded the cracking tutorial and links to the hashes here. For performing the actual password cracking, we highly recommend hashcat, which is an excellent open-source tool for password recovery.

(CMSC 33210 only!) Problem 3 (24 points)

Write 3-7 sentence summaries and short "highlights" for both the Acar et al. reading assigned for May 3rd and the Miramirkhani et al. reading assigned for May 15th.