For Lecture, Monday, April 3rd (Authentication)

In preparation for this lecture, read the first section (pp. 6-3 to 6-15) of "The protection of information in computer systems" (old Chapter 6) by Saltzer and Schroeder. The old chapter gives a misleading description of authentication at the bottom right of p. 6-11. Section C of the new chapter version gives a proper description of authentication -- read it instead, as well as section D (pp. 6-21 to 6-33).

The second Design Project will be available this week on the Web. Form a team of three as soon as possible, and send an e-mail message to your recitation instructor before your recitation next Thursday, April 6th, listing the members of your team. All students in a team must have the same recitation instructor, since he will grade your Design Project 2 paper. Note that the student page of the 6.033 Web site contains an up-to-date list of potential team members.

For Recitation, Tuesday, April 4th (Trusting Trust)

To prepare for the recitation, read Ken Thompson's "Reflections on Trusting Trust". Do not be deceived by the shortness of this paper -- it is very deep and requires a lot of thinking and understanding, but it is also fun, once you get the hang of it. This paper exemplifies the qualities you should be striving for in your own papers: content, clarity and conciseness.

For your one-pager, discuss whether the attack described in the paper could conceivably still happen today, given the state of C compilers and organizations -- both companies and open source groups -- that put them out. In order to answer this, you will need to consider what sort of trust relationships exist in the environment you are discussing. As always, be specific and justify why you think the attack could (or could not) still happen today.

For Lecture, Wednesday, April 5 (Authorization)

In preparation for this lecture, read the second section (pp. 6-16 to 6-29) of "The protection of information in computer systems" by Saltzer and Schroeder (Old chapter 6).

For Recitation, Thursday, April 6 (Why Crypto Systems Fail)

Here is the hands-on assignment due today:

The goal of this hands-on is to give an introduction to web certificates and how they achieve their goal of authentication. MIT uses certificates to authenticate you to systems such as WebSIS (http://student.mit.edu). We are going to try and understand both the concepts and practice of how this works. Helpful URLs include http://web.mit.edu/is/help/cert/ and http://www.rsalabs.com/faq/.

1. Obtain an MIT Certificate

   If you have not already done so, please obtain an MIT Certificate from https://ca.mit.edu/. You will need to use Netscape for this to work; The Netscape available on Athena will work.

2. What did you get?
   • First, what does a certificate actually certify?
   • Please examine the certificate you have obtained --- in Netscape, you can view your certificate using the Security button. What are the components of your certificate that you can see here?
   • Why are each of these components important? Please enumerate the items you see and describe their importance in a sentence or two.
   • What components of your certificate do you not see here?
   • Are these missing components less important?
   • Why might the missing components not be shown?

3. How does it work?

   Describe (in 100 words or less) why the MIT Certificate server is willing to issue you a certificate bearing your name. How do they know you are you? Whom or what does the certificate server trust? How might this trust be violated?

   Describe (in 100 words or less) why it is that WebSIS can safely allow you access to your grades and financial information when you (i.e. Netscape) present them with this certificate. If you think that WebSIS cannot safely allow this access, explain why not. Who or what does the WebSIS server trust? How might this trust be violated?

4. Whom do you trust?

   When you connect to a secure site, your browser will typically inform you of this. You can verify this by looking at the Document Info for the page in question (by pressing the Security button). How do you know that you have actually connected to the correct site and not to an imposter? How might this trust be violated?

System aphorism of the week

The unavoidable price of reliability is simplicity. (C.A.R. Hoare)