FAQ for Phase I 
Last modified 3/9/00

Does the AliRSASignature class create a hash for me?

AliRSASignature calculates the hash for you, given a message to sign. An example of using the Signature object is:

AliRSASignature signer = new AliRSASignature();
byte[] signature = signer.sign();

What was the bug in the provided code?  How does it affect me?

The bug was in the processing of transfers.  The correct behavior of a transfer is GUI x sends a transfer to SERVER x.  SERVER x withdraws the amount from the account and then creates a deposit which is sent to SERVER y.  SERVER y processes the deposit and was sending a response to GUI y.  Since GUI y was not expecting a response, the response gets queued on the channel.  The next time GUI y makes a request to SERVER y, GUI y receives the response from the transfer instead of a response to its request.

If you had this problem, it is now fixed so that SERVER y does not send a response to GUI y if the request came from a SERVER instead of GUI y.  Minor changes were made to processTransaction(BankAction t) and recvObject(Class c), and two lines were added to send.  The only change that affects the solution to phase 1 is that recvObject now returns an object that a) is of type BankAction, b)is of type Class c, c) is of a type which is a direct subclass of Class c.  You are responsible for assuring that transfers between branches process normally, but you are not responsible for ensuring that those transmissions are secure.

What is causing an array out bounds exception when I start up ATMGUI/BankOperations?

If you do not specify a number between 1 and 5 when starting either ATMGUI or BankOperations, then the corresponding sockets will fail to bind.

How do I use AliRSACipher?

To use AliRSACipher, first initialize the cipher object with an AliRSAPublicKey.  Then update the cipher with the byte array you wish to encrypt.  The update method of AliRSACipher returns the byte array encrypted with the public key. It will not necessarily be the same length as the original byte array.  See cipherPage.html in AliGoodies.  

How do I create a shared key?

The Cryptix package provides an implementation for Triple-DES, which is sufficient for shared key generation and encryption. See both the Cryptix documentation and the javasoft documentation on security providers at www.javasoft.com.

What is the .pair/.pub file created by PrivPubKeyGenerator?

The .pair/.pub files are serialized instances of AliKeyPair and AliRSAPublicKey respectively.  To use these files, it is necessary to read them into an object.  Once read into an object, they can be treated like any ordinary object.  See the documentation in AliGoodies for information on object members and methods of these types.  See the phase 1 handout discussion on the .pair/.pub files.

What does it mean for the Bank Server and ATM to be stateless?

The Bank Server's hard drive is not secure and, therefore, anything written to it could be read/altered by an attacker.

However, you may assume that the Server has some static memory that is initialized when ther server is started and cannot be accessed by an attacker. There isn't much of this memory, though, so use it sparingly. And be sure to include in your write-up a description of what members of BankOperations are assumed to be stored in this secure memory.

The ATM has a memory that can be trusted only while any given transaction is in progress. In particular, the ATM is unable to store information from one transaction to the next. It is as if the ATM does a soft reset every time a customer's bank card is removed.

What does it mean that the ATM is in an insecure location?

An attacker can read/alter anything that is stored at the ATM by physically attempting to break into the ATM. Therefore, you can assume that for the duration of a customer's session, the ATM is secure---the customer is standing at the ATM and would notice if there were a computer geek next to the machine and trying to copy the ATM's memory onto his laptop.

Are clocks at the bank and the ATM synchronized?

No. That would make a good project for CS514---not for CS513.

What's causing a string index out of bounds exception when I try to verify a message AliRSASignature?

If you are getting this type of exception then you are not using the Signature class correctly.  To verify a signature, first initialize your Signature object with the public key.  Then update the Signature object with your signature.  Finally verify the signature by calling verify with the original message.  Switching the message and the signature will cause a string index out of bounds error.  See signaturePage.html in AliGoodies.

What's causing the number format exception when I verify/decrypt using AliRSASignature/AliRSACipher?

If you are getting an exception of this type, then it means that AliRSASignature/AliRSACipher was unable to verify/decrypt the message with the key specified.  A way to handle bad messages is to catch this exception and then notify the user. However, you are not required to do this --- it is acceptable for your code to die or hang in any fashion after such an attack.

When I encrypt and then decrypt a byte array, I can no longer unserialize the object. What's going on?

The RSA encryption implementation may cause an extra byte with value 0 to be appended to the front of the message after it has been encrypted and then decrypted.  If you attempt to unserialize an object that has been appended with this extra byte, then the method readObject() will fail.  The way around this limitation is to test the value of the first byte and strip off the byte if it has value 0.  No serialized object can start with a 0, since every object starts with the name of the object, and the name cannot be null.  See cipherPage.html in AliGoodies.

What is the proper way to handle a message that has been altered while being transmitted over the wire?

It is sufficient if you (i) simply prevent any bad information from being stored on the Bank Server and (ii) prevent the ATM from improperly distributing funds (as evidenced by the absence of the window announcing that funds have been transferred).  It is OK if either the Bank Server or the ATM GUI hangs because it was unable to decrypt or verify a message.  You also do not have to worry about trying to resend a message if it is lost on the wire.