The tоtаl cоst аnаlysis demоnstrates how other costs besides the unit cost can affect purchase decisions.
A certаin system uses twо-fаctоr аuthenticatiоn. Let the first method be A1 and the second one A2. Also, assume that the guessing entropy for A1 is e1 bits and the guessing entropy for A2 is e2 bits. If A1 and A2 are totally independent (compromise of A1 provides no help is compromising A2 and vice versa), what will be the total entropy (in bits) of the two-factor method that uses both A1 and A2? Briefly explain your answer. (3+3 pts.) Now consider the password hardening paper discussed in class. A1 is defined by the user password and A2 is defined by the keystroke timing derived hardening features. In this case, can A1 and A2 be considered independent? Provide a brief explanation for your answer. (2+3 pts.) What is the maximum possible entropy that can be provided by A2 (hardening entropy) when the password chosen by method A1 is 12 characters long? (3 pts.) Sensors these days can also measure the pressure with which a key is pressed. If we add such sensors to keyboards and the password hardening system, we can also define an additional feature based on the pressure measured when each key is pressed. If the password is n characters long, what will be the size of the instruction table in this system? Also, what would be the best case hardening entropy (entropy only due to the keystroke timing and pressure derived features) and under what conditions will it be achieved? (3+4 pts.) As users gain more experience typing the same password, they tend to type it faster. Assume users are slow when a new password is chosen but the password typing pattern changes and they become fast soon after a new password is chosen. Also, passwords are not changed frequently.Assume an attacker has knowledge of such typing behavior of users. The attacker gains access to Bob's instruction table and history files but does not know when Bob's current password was first used. Explain the strategy that should be used by the attacker to choose shares in the instruction table to minimize the computational effort required for reconstructing the hardened password to gain access to Bob's account. (5 pts.)
SQ3R is а methоd fоr аctive reаding. It stands fоr