M.I.T. DEPARTMENT OF EECS

6.033 - Computer System Engineering

Design Project #2: FAQ

Last updated: $Date: 1998/04/30 15:46:18 $ by $Author: csapuntz $

My group has been working on the 2nd design project for a while, but we keep coming up against a brick wall: we just are not exactly sure how conduits work. Could one of you perhaps point us to a source that describes conduits in detail, or even email me a short description?

To what degree should we trust conduits? In one example case, a person uses a public PC to send data to a pilot, using conduits on that public PC. Must our design account for possible compromise of conduits? Or can we assume that conduits are trusted by either the owner of a pilot or a provider of data, and are not subject to compromise?

I was wondering if I could have some clarification about the design project parameters.  From the description of most of the specification, it sounds like authentication is needed for sites or info or conduits the pilot is connecting to.  This seems like the case except for the one case where it says something about banks needing to approve something.  From that statement it sounds as though the design also needs to include user to bank authentication. If I am reading that correctly, it sounds as though the user needs private keys and such to sign outgoing traffic?  Am I just misreading?

The conduit SDK's specific purpose is to allow reconciliation of data between the pilot's databases and the desktop's databases for a specific appilication.  This involves communication with the pilot's databases, and therefore must support authentication.  However, there's also a desktop protocol that supports remote communication from a desktop application to the pilot's databases.  It seems that capabilities like the one described in the project's description (interaction between mit's registrar and the pilot, for example) is achieved using the desktop protocol, not writing conduits.  Most probably, the conduit sdk builds on top of the desktop protocol.  Do you think it's a good idea to state this in the paper, and extend the desktop protocol to support authentication?  or should we just focus on the conduit sdk, and do authentication only at that level.

On the third printed page of the design project, in the Operation section, the following query is made: * How do you make sure the phone number you're downloading is newer than the old one? What does this mean?  There is no reference to telephones prior to this in the document.

Well doesnt the user either have to state that the prof has the permission to give other people permission to the records that he has access to, or require the prof to use a 6.033 key pair that belongs to the 6.033 staff and that all the staff members have a coyp of the private key. (kind of like the registrar example where multiple people at the registrar's office may have scheduling power and may need to change your schedule, however, they will all use the "registrar's key" right?)

I have a quick question about the design project.  Can the patch for each PalmPilot be different, so that, for example, each PalmPilot gets a unique public/private key pair?

So in other words, if I trust Prof Kaashoek to do anything to my  6.033 grades and schedule, AND I trust the people that he TRUSTS to change my 6.033 grades. I can trust those people? Is that what you mean?  So I suppose in this scenario, the user has to trust the judgment of the prof. (his friends are my friends kind of thing?) in who he gives acces to?

How extensive is the public key library that is added to the PalmOS as a patch?

For the encryption algorithm that is provided to us (the public key system) how big is the output related to the input? i.e. if the input message is 160 bits, how big is the output message?

I was reading through the FAQ and am actually unclear about the discussion about private keys. It appears to me that private keys are in fact necessary because you need to send the registrar information (your class list) and it returns a schedule... In this case it wouldn't be devastating if you were not authenticated to the registrar, but in a scenario where I was accessing my bursar bill etc... I would want authentication. To accomplish that, I would in fact need a private-key on the pilot...

Hi, the design project says: "On the PalmPilot side, your authentication system will have to be implemented as a trusted authentication library and a security management application that users can install on their patched PalmPilots. "

What is this "security management application"? In other words, are we supposed to assume that the "already written" patch to the PalmOS will call the methods in our security library to perform authentication and authorization, or does the patch simply transfer control to the mythical "security management application?"

Any last minute advice?

Go to 6.033 Home Page Questions or Comments: 6.033-tas@mit.edu