Assignment 8, due Apr 15

Always, on every assignment, please write your name legibly as it appears on your University ID and on the class list! All assignments will be due at the start of class on the day indicated (usually a Friday), and unless there is what insurance companies call "an act of God" - something outside your control; the only exceptions to this rule will be by advance arrangement.

1. Background: The CryptoThumb USB drive (a fictional but typical modern product) has cryptographic firmware in its on-board processor. When you mount it on your computer, it shows up as two separate USB devices, A and B, for our purposes. Device A is the "virtual disk" that the drive provides you. Device B is an output-only device to which you can send passwords that are used as cryptographic keys. It uses the SHA-1 hash function to compute a 128-bit key from the password, then uses this key with AES to encrypt and decrypt data.

   All data output to device A is encrypted with the password most recent password sent to device B, and all input from device A is decrypted with the most recent password. If you have the CryptoThumb device driver installed, as soon as you mount the drive, it asks for a password, and there is also a way to change the password using the CryptoThumb password tool if you want to change passwords in mid session.

   The CryptoThumb documentation states that it only holds the current password in RAM and never stores it in flash memory. Only encrypted data is stored in flash memory. Furthermore, the drive includes a self-destruct feature. If a user tries to read any particular "disk address" on drive A repeatedly, changing the password before each try, more than 10 times, the CryptoThumb drive concludes that it is under attack and disables itself, erasing all stored data. It gives you 10 trials to allow for mistyped passwords.

   Engulf and Devour Corporation distributes CryptoThumb drives to all of its employees in an effort to protect its company business. The company is notorious for evil, as documented in Silent Movie.

   CryptoThumb drives are actually made by Fly-By-Night Computer Peripherals Inc., a low-cost high-volume contractor with no employees and no production facilities. FBN outsources all of its work to a variety of subcontractors.

   a) An Engulf and Devour employee drops his CryptoThumb drive. You guess that most employees don't use long passwords, so you suspect you could use a trial-and-error dictionary attack. The root of the file system on the drive would be stored in "disk address" 0. You have software that can recognize a properly decrypted file-system root sector. Describe how you would attack the drive without setting off its self-destruct mechanism. (0.6 point)

   b) Fly-By-Night hires you on a short-term consulting contract to write the firmware for the new improved CryptoThumb 8G. You, being a crook, decide you would like to earn some extra money in the future because of your unique ability to extract data from CryptoThumb drives. Suggest firmware features you could add to the CryptoThumb 8G to help you crack the security on CryptoThumb 8G drives in the future. (0.6 point)

2. Background: The CryptoThumb Key is physically identical to the drive described above, but it has different firmware. Each CryptoThumb Key holds, inside the flash memory, a unique secret key, and a unique serial number. As with the drive above, when mounted, it appears as two devices, Device A is a conventional flash drive, while device B is a cryptographic engine that offers the following services: i) it will deliver its unique serial number request, and ii) it will encrypt or decrypt a block of data with the drive's secret key. The CryptoThumb I/O driver and the CryptoThumb utility cooperate to offer secure communication services.

   Crypto-Thumb maintains a public database on the Internet that returns the public key of any CryptoThumb drive when given the serial number of that drive. The CryptoThumb communications tool operates as follows: Given two computers, each with a CryptoThumb Key plugged in, with a drivers and support tools installed, the users create a data link between the two computers over the Internet.

   The CryptoThumb communications tool then begins the creation of a secure authenticated communications channel between the machines as follows: First, the two computers exchange the serial numbers of their thumb drives. Then, each machine gets the public key of the other from the CryptoThumb server.

   a) What is the security benefit of having the CryptoThumb do the encryption and decryption itself with the secret key instead of merely delivering the key to the user? (0.6 point)

   b) Suppose the security of CryptoThumb's data base server was compromised. What threat would this pose to a user of the CryptoThumb Key? (0.6 point)

   c) User X using CryptoThumb Key Kx on computer Cx wants to send a secure authenticated message M to user Y using CryptoThumb Key Ky on computer Cy. Note that CryptoThumb Key Ki holds private key KiPrivate and serial number KiNumber. The CryptoThumber server maps KiNumber to KiPublic. Which of the 4 processors encrypts or decrypts the message with what key in order to transmit the message from X to Y. (0.6 point)

   c) All CryptoThumb drives delivered by Fly-By-Night are identical. They are then plugged into a USB slot on CryptoThumb's database server, one at a time, by a robotic mechanism. This assigns them their unique ID and secret key. You are worried that CryptoThumb might not be honest. What threat does this pose? Is there any way that the folks at CryptoThumb could convince you that they were not threatening your security if you rely on their drives? (0.6 point)

3. Background: A stage in a mix net operates by decrypting a batch of messages with some key and then sorting the output messages in order to prevent the association of the encrypted message with the decrypted message. Typically, each message input to a mix net has been encrypted with several keys, and the mix net includes a corresponding number of stages, each with its own decryption key.

   Typically, public key encryption is used with mix nets, so each message is encrypted with the public keys of all the mix-net stages, and the stages apply the private keys.

   a) A large industrial plant has decided to replace their old wood suggestion box with an Internet-based suggestion box using a 4-stage mix net to assure anonymity. The plant is unionized, and relations between the union and the management are very tense. Suggest who you would select as key custodians in order to assure everyone that the suggestions are actually anonymous. (0.7 points)

   b) The stages for the 4 mix-net stages was purchased from a local computer dealer, and recently, both management and union officials have recently begun to suspect that someone is eavesdropping on the suggestion box and blackmailing people based on the content of their messages. Suggest what might have happened. (0.7 points)