Assignment 6: Information Flow, Authentication/Integrity, Cryptography
Start date 6 November, due beginning of class 12 November.
1. Digital Signatures
Typically, digital signature schemes work by taking a hash of the
object to be signed, then encrypting that hash with the private
key of the signer. To verify the signature, you decrypt the signature
using the signer's public key, compute a hash of the object, and make
sure that the values match.
Following are two alternative proposals for
a digital signature scheme. For each, list/describe desirable properties of
a digital signature scheme that are not supported by
the given method (but are by the encrypt a hash
method above.)
- As above, but instead of a public key scheme, use a symmetric key scheme.
To verify the signature, the reader gives the signature to the signer to decrypt
and check. (Only the signer has the key, otherwise anyone could sign...)
-
Instead of taking a hash of the object, the signer encrypts the
entire object with their private key. The reader decrypts with
the signer's public key to both read and verify the document.
2. Authentication and Identity
Given events of the past weeks (I hope you know what I'm talking about),
we have some questions on authentication and identity in voting systems.
- Outline the challenges in the process of authentication of voters for voting systems.
We are looking for a few bullet points/explanation, not a complete formal
protection profile...
- Describe a solution to authentication of voters in voting systems.
Hint: it doesn't have to be a novel solution...
- Answer yes or no, and briefly justify your answer:
Cryptography is necessary but not sufficient for authentication
and identity management.
3. Design Principles
We covered a number of design principles in class, but sometimes
these can conflict.
- Give two examples of a pair of design principles that are likely
to conflict (i.e., a design that does well for one will do poorly
for the other.) For each pair, briefly (1-2 sentences) describe why
they conflict.
-
For one of your pairs above, give examples of two systems
where the principles conflict. For one of the systems, it should
be appropriate to give priority one principle, for the other system,
priority should be given to the other principle. We would expect
about one-half page (typeset) to describe each system and why the
particular tradeoff is appropriate.
4. Information Flow
We mentioned the concept of a Data Diode
in class: A
TCP/IP router that only allows information to flow in one direction
(from low
to hight
.
Keep in mind that it must appear to both sides that they are
talking to a real device (e.g., the data diode needs to send appropriate
TCP/IP acknowledgements to both sides.) Presumably such a device generates
the reply packets to the low
side on its own, regardless of
how, when, or if the high side responds - otherwise there are obvious
covert channels based on the timing of the response.
- One possible covert channel could occur if the data diode
provided TCP-style guaranteed delivery. Assume the data diode
acknowledges packets send by the (low) sender automatically
(without waiting to see if the (high) receiver responds), but
buffers packets until the receiver acknowledges. If the buffer
is full, the data diode drops packets (and does not send acknowledgements
to the sender), resulting in the sender retransmitting.
This gives an obvious covert channel based on the receiver failing
to acknowledge packets, causing the sender to not receive acknowledgements.
- Is this a noisy or noiseless covert channel? Explain briefly.
- What more would you need to know to calculate the capacity of this channel?
- Given some reasonable assumptions for what you would need to know, calculate
the capacity of the channel. You may make simplifying assumptions (e.g.,
if you said it is a noisy channel, you could calculate the maximum capacity
with no noise), provided you list those assumptions.
- Describe briefly (at the level we used to introduce the previous question, e.g.,
a paragraph or so) at least two other covert channels that the
data diode would need to protect against.