ECS 153 Homework 2
Due: Mon, Mar 12, in class
Guidelines
- This is an individual homework. You may discuss with other
students, but you must write your own solution and the names of the
students who you discuss with.
- Write your answer concisely. I reserve the authority to
penalize you for wordiness.
- Print your answer; handwritten answer is unacceptable.
However, you may draw figures by hand if you like.
1. Secure automobile remote control system (60 points)
Design an automobile remote control system. The system consists of a
receiver inside the automobile and a handheld transmitter with the
driver. We want the system to be secure, reliable, and cheap:
- Secure: only the driver holding the transmitter can open the doors
of the corresponding automobile.
- Reliable: the system must work reliably. For example, a lost
signal from the transmitter to the receiver should not prevent the
driver from pressing a button on the transmitter to send a signal again.
- Cheap: to cut cost, you may not use public key cryptographic
schemes. You may, however, use a symmetric key cryptographic scheme,
if you like, and assume that it is unbreakable. The communication is
one way, from the transmitter to the receiver only.
Threat model:
-
When the transmitter and the receiver are physically separated, communication
between them is unreliable. For example, signals may be lost or
garbled. However, once inside the car, the driver can attach the
transmitter to the receiver to initiate reliable communication.
- The adversary can eavesdrop, modify, delete, and insert signal
between the transmitter and the receiver. However, the adversary
cannot access either the transmitter or the receiver physically.
Briefly sketch a design that satisfies the above requirements.
Analyze the security of your design with respect to the threat model.
2. Secure, usable passwords (40 points)
As we discussed in class, it is insecure to use the same username
and password pair at different web sites, because it allows an
adversarial web master to impersonate you at other web sites.
Unfortunately, using different passwords at different web sites has
obvious usability problems: how to remember these numerous
passwords, or how to record them securely?
Design a scheme that
- allows you to use different passwords at different web site,
and
- does not record these passwords, and
- does not require you to remember more than one password
- does not require cooperation from any web sites.
State your threat model, and analyze the security of your scheme
with regard to your threat model.