1 For this question, consider a solution where each of the devices approved by Vertika get an authentication token K, put on the device by Vertika’s IT department. Possession of this authentication token is a factor in authenticating to the cloud as an employee – the other part is a valid username and password.
a) Would you consider this set-up to be a cloud? Why ? half page b) On a conceptual
level, how would you authenticate an employee, using his/her username, password, and the token on their device? With this approach, are you vulnerable to replay attacks, or people learning the value of K? Why? 1 page
c) Can a disgruntled designer currently employed by Vertika enable a competitor to gain
access to confidential files – in particular, files that the disgruntled designer is authorised to access?
d) Describe a process of how an employee that cannot log in can be provided access.
