1) In real world, driver licenses are used to do authentication. Describe why a scanned-in digital copy of the driver license can’t be used by the server to authenticate owner (of the driver license) and let him login into the server?

2) Both encryption algorithms and hash algorithms transform messages, but why do encryption algorithms always need a key while hash algorithms do not?

3) Propose one method which uses a clock to generate one-time passwords. Describe your method with sufficient details.

4) Time-synchronized authentication could handle which of the following threats. Select all the threats that time-synchronized authentication could handle: __________

A) The long-term password is stolen by the hacker
B) Some used one-time passwords are stolen by the hacker
C) Replay attack
D) The clock is stolen
E) The hand-held authenticator is stolen

5) In challenge-response authentication, both the User ID (i.e., message 1) and the Challenge (i.e., message 2) are in cleartext, but why is challenge-response authentication still a secure authentication method that can defeat replay attacks? Please describe your reason with sufficient details.

6) Suppose Alice uses S/Key and a seed x to generate 200 one-time passwords for her to login into the EBay server. Please answer the following problems:

6.1) What is the 106th password that will be used for Alice to login into the EBay server? Please justify your answer with sufficient details.

6.2) When Alice logins into the server the 6th time (i.e., when the 6th password used to login is used by Alice), what is stored in the EBay server’s password file? Please justify your answer with sufficient details.

6.3) After the 22nd password used to login into the server is used by Alice, Mallory, the bad guy, steals her 87th password. Among the 200-22=178 passwords left for Alice to use, how many can still be used by Alice without worrying about attacks? Please justify your answer with sufficient details.