Homework 2

CS155, Spring 2005

Due: Thursday, May 12

Problem 1

Suppose Alice and Bob have RSA public keys in a file on a server. They communicate regularly using authenticated, confidential messages. Eve wants to read the messages but is unable to crack the RSA private keys of Alice and Bob. However, she is able to break into the server and alter the file containing Alice's and Bob's public keys.

  1. How should Eve alter that file so that she can read confidential messages sent between Alice and Bob, and forge messages from either?
  2. How does the use of a server certificate in SSL address this form of attack to some degree?
  3. If you want to trick a client into accepting an SSL server certificate that is issued by a malicious certificate authority, what would you need to do?

Problem 1a

A web server requires each user to log in. However, the implementers of the web site are worried about storing passwords on the server, since they are afraid someone might break in and steal them. Therefore, they decide to use a clever idea. When a user creates an account, the account number is stored on the server and the user's password is stored in a cookie on the user's machine. Then, when the user tries to log in later, the server compares the password typed in by the user with the password stored in the user's cookie.

  1. Assuming that the implementers have not thought of any other clever ideas, how would you log into another users account without knowing their password?
  2. What methods could you use to keep passwords in cookies, but prevent the attack you devised in part (a)?

Problem 2

In Internet Explorer, javascript can access the users clipboard. For example, the javascript statement var content = clipboardData.getData("Text") reads text from the clipboard. Javascript is not allowed to make arbitrary network connections, but it can post forms, and it can do so in a way that will not be observed by most users. Explain some of the security consequences of these design decisions. What kind of information would you expect to find in a user's clipboard? (Extra credit: write a web page that reads the user's clipboard and displays it on a page.)

Problem 3

Consider a web-based mail system such as HotMail. Suppose the web system displays incoming email messages in a web browser using the following HTML sketch: 

        <HTML>
        <BODY>
        ---  Headers  ---
        <DIV ID="msg">
        ---  Verbatim Email Message ---
        </DIV>
        </BODY>
        </HTML>
  1. Give an example email message you could send to a user of this web system that would allow you to read all of that user's incoming email. You may assume the web system uses a cookie called SessionID to authenticate user requests after user login.
  2. How could the web-based email system defend against such attacks?

Problem 4

  1. Consider a system call interposition sandbox that makes allow/deny decisions based only on the type of system calls being used (that is, without looking at the system call arguments). Give an example sandboxing policy that cannot be implemented on such a sandbox.
  2. In class we described a covert channel based on CPU utilization that can be used to transfer information between two sandboxed processes. How would you extend the sandboxing mechanism to block this specific covert channel?