This homework is focused on helping you familiarize yourself with practical security tools.
The purpose of this homework assignment is to give you some practical experience with and awareness of some consumer-focused security systems.
For this task, the goal is to give you experience with sending encrypted emails. To successfully complete this task, you will need to set up your email client and send/receive an encrypted email to/from the TAs.
Setting up your email client to send encrypted emails is a bit complicated, and the following link is helpful if you don’t want to follow the recommended setup below or you know what you are doing.
How to Encrypt Your Email and Keep Your Conversations Private
We found that using Mailvelope extension for the browser is easiest since you will be able to use your Gmail web client.
Subject: [Homework 2] Encrypted email
Content: <your UW Net ID> (so we know who you are)
Attachment: <your public key> (Select your key from ‘Display Keys’ on the Mailvelope site, and export the public key only. Download <yourkey>_pub.asc and attach it.)
Once you are OK with the contents, hit encrypt, select the correct key for the recipient and transfer the encrypted contents.
Note: In order for the TAs to send you an encrypted email, you will need to attach your public key with your email.
If you don’t want to use your main email account, you can use this with a throw away email address inside a virtual machine.
Once the TAs receive this email, a secret reply will be sent back to you. Submit the content of this email to your writeup.
Note that since this will be a manual process, it is important that you start early on this (i.e. the TAs might not reply in time if you send them an email right before the due date). Please email the TAs at least 48 hours before the deadline.
This task involves setting up and making use of two factor authentication, with the goal of exposing you to what it is like to enable two factor authentication
CAUTION: Before enabling two factor authentication, please understand that you may lock yourself out of your account if you lose your second factor and don’t have backups. It is important to get backup codes and enable fallback options, such as sending codes to your phone. If you’d like, you can do this whole process with a new, throw-away account, but you’d need to be willing to log-in daily for this exercise (see below).
Pick an account you login to at least once daily, and look into enabling two factor authentication. Since there are many services now that provide two factor, you may choose which service you want to use from the link below, pick a service that is green.
A good example of a service with 2 factor is Gmail, called 2-step Verification. Here you can specify
After a at least three days of using a service with 2FA, answer these questions.
The goal of this task is to give you a better understanding of Certificate Authorities (CA) and certificates.
Take a look at the CAs certificates that your computer trusts.
D. [2 points] What is a possible risk of trusting a CA?
Experiment with an anti-tracking browser add-on, such as Ghostery, Lightbeam, or Privacy Badger. Pick three websites (e.g., www.cnn.com, www.facebook.com, and www.weather.com -- though you may pick any sites), visit them with the add-on installed, and report on what you find.