At CoCoNut College, students have the ability to user their login and password c

Question

At CoCoNut College, students have the ability to user their login and password credentials to manage their classwork enrollment every semester. Right after the beginning of a new term, after the drop/add period is over, you (as a Network Administrator) have been called to the Registrar's office to investigate a case. A student has mentioned that all of her classes were dropped from the system, but claims that she did not do it.

1. Describe what is non-repudiation when it applies to network security and how does it apply to this situation?

Upon further investigation, you determine that the student's former boyfriend, upset after the break up, used the student's CoCoNut College credentials to login to the system and drop all of her classes.

2. How do you think the boyfriend obtained the credentials to the other student's account?

3. How could the system be modified to use biometrics to ensure non-repudiation?

4. Besides using biometrics, what other suggestions for authentication methodologies, technical or non-technical would you offer to help ensure non-repudiation?

5. As universities and colleges move more and more towards online learning, what other situations could arise in which a simple login and password would not be sufficient to ascertain a student's identity and prevent fraud?

6. How could the student have prevented this incident?

Explanation / Answer

Non Repudiation ( Solved/explained 4 parts of the question):

(1) Non repudiation is something to ensure that that one person cannot deny or contest. This means putting measures/technique in place so that a party cannot deny that he is receipent/sender of of trasaction.

This is normmaly applies to electronic communication where it cannot be confirmed that a party received/sent information. This is normmaly done putting signature on the document uisng public key infratsructure, validating the signauture for authenticity. In e-mail this is as simple as sending certified message and acknowledge through read receipts,

In this example as the user is given user name and password so all her transaction can be digitally signed using a key drived from password. Her log into system also to avoid repudiation.

(2) The following are the various methods which normally used for stealing/getting user name/password:

As he was her boy friend it seems the most comon techniques he may have used is social enginnering, personal information based most common password, security question based or forgot password when he has access of resources and stored password.

(3) If the system has been modified to use biometrics as password then password stealing has been avoided. Since in Biometric authentication finger print, irish of face recongnistion is used as idenity of user and the same is used as password.

Since if she has broken then her boy fried won’t be able to acces as it will require her biometrics. Secondly now as biometrics signature will be used to sign on trasaction one cannot deny that these are not done without the same.

(4) One such method can be signa based on certificates to users. Since now the user signature are not based on password but based on certificates kept at thrid parties.

This if combined with biometrics provides better results. The most common techniques are digital sign, Public Key Infrastructure (PKI) and certificates uisng Trusted Third Parties (TTP)

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.