Usable Security and Privacy
Problem Set 5
Due in class, on paper at 3:00pm on Monday, May 15th.
Problem 1 (50 points)
As platforms like Samsung's SmartThings have brought an app-ified Internet of Things (IoT) to consumers, concerns have been raised about whether consumers are truly being notified about the privacy risks of having Internet-connected devices in their home. Thus, we want you to design a privacy notice for Internet of Things apps. You should turn in:
Problem 2 (50 points)
While we have spent most of the quarter focusing on designing interfaces and software to help users make security and privacy decisions, we have yet to spend much time engaging with how attackers exploit predictable human behaviors.
For this problem, we will distribute (one week before the assignment is due) 300 different password hashes to each member of the class. Your deliverable for this problem is to submit the plaintext passwords (hash preimages) for as many of these password hashes as you can crack.
We have uploaded the cracking tutorial and links to the hashes here. For performing the actual password cracking, we highly recommend hashcat, which is an excellent open-source tool for password recovery.
(CMSC 33210 only!) Problem 3 (24 points)
Write 3-7 sentence summaries and short "highlights" for both the Acar et al. reading assigned for May 3rd and the Miramirkhani et al. reading assigned for May 15th.