Computer Security: Art and Science

14.10 Exercises

1:
The Web site www.widget.com requires users to supply a user name and a password. This information is encoded into a cookie and sent back to the browser. Whenever the user connects to the Web server, the cookie is sent. This means that the user need only supply a password at the beginning of the session. Whenever the server requests reauthentication, the client simply sends the cookie. The name of the cookie is "identif."

Assume that the password is kept in the clear in the cookie. What should the settings of the secure and expires fields be, and why?
Assume that the name and password are hashed and that the hash is stored in the cookie. What information must the server store to determine the user name associated with the cookie?
Is the cookie storing state or acting as an authentication token, or both? Justify your answer.
2:
Assume that a Cypherpunk remailer reorders messages. It has a pool of n � 1 messages at all times. When the nth message arrives, one of the n messages is selected at random and forwarded. An attacker floods the server with enough messages to force the n � 1 messages in the original pool to be sent.

Assuming that the message to be sent is chosen according to a uniform random distribution, what is the expected number of messages that the attacker would have to send to achieve this goal?
How can the attacker determine when all the messages originally in the pool have been sent?
3:
Consider a scheme that allows a recipient to reply to a message from a chain of Cypherpunk remailers. Assume that encipherment is used throughout the chain.

Bob selects a chain of remailers for the return path. He creates a set of keys and enciphers them so that only the key for the current remailer is visible to that remailer. Design a technique by which he could accomplish this. Describe how he would include this data in his message.
How should Alice's mailer handle the processing of the return address information?
When Bob receives the reply, what does it contain? How can he obtain the cleartext reply?
4:
Give reasons why root should not be able to change the audit UID on a UNIX system, and give reasons why it should. Which reasons sound more persuasive to you?

Top

1:	The Web site www.widget.com requires users to supply a user name and a password. This information is encoded into a cookie and sent back to the browser. Whenever the user connects to the Web server, the cookie is sent. This means that the user need only supply a password at the beginning of the session. Whenever the server requests reauthentication, the client simply sends the cookie. The name of the cookie is "identif." Assume that the password is kept in the clear in the cookie. What should the settings of the secure and expires fields be, and why? Assume that the name and password are hashed and that the hash is stored in the cookie. What information must the server store to determine the user name associated with the cookie? Is the cookie storing state or acting as an authentication token, or both? Justify your answer.
2:	Assume that a Cypherpunk remailer reorders messages. It has a pool of n � 1 messages at all times. When the nth message arrives, one of the n messages is selected at random and forwarded. An attacker floods the server with enough messages to force the n � 1 messages in the original pool to be sent. Assuming that the message to be sent is chosen according to a uniform random distribution, what is the expected number of messages that the attacker would have to send to achieve this goal? How can the attacker determine when all the messages originally in the pool have been sent?
3:	Consider a scheme that allows a recipient to reply to a message from a chain of Cypherpunk remailers. Assume that encipherment is used throughout the chain. Bob selects a chain of remailers for the return path. He creates a set of keys and enciphers them so that only the key for the current remailer is visible to that remailer. Design a technique by which he could accomplish this. Describe how he would include this data in his message. How should Alice's mailer handle the processing of the return address information? When Bob receives the reply, what does it contain? How can he obtain the cleartext reply?
4:	Give reasons why root should not be able to change the audit UID on a UNIX system, and give reasons why it should. Which reasons sound more persuasive to you?