CS5430 System Security

CS5430 Homework 1: Basic Concepts

General Instructions. You may (but do no have to) collaborate with one other student on this assignment. If you do collaborate then both students should form a CMS group and submit their paper to that group. Both students are responsible for all of the answers.

Due: Sept 15, 2020 at 10:00am. No late assignments will be accepted.

Submit your solution using CMS. Prepare your solution as .pdf, as follows:

Use 10 point or larger font.
Put each problem into a separate file and submit it to the correct CMS submission box for that problem.
Use at most 1 page per problem.

Give a definition/explanation for each of the following terms, as we will be using them in this class. Use one or (at most) two sentences for each term.
1. threat
2. vulnerability
3. trustworthy
4. confidentiality
5. integrity
6. availability
7. authorization
8. authentication
9. privacy
10. trusted computing base
One way that contact tracing for controlling the spread of a disease might be implemented is to have a set of protocols whereby each person is informed after they have come into contact with a contagious person, assuming a contagious person will eventually register the earliest time he/she might have been contagious. Many contact tracing protocols in this class employ a third party CDC that maintains a database but might not be trusted.
1. List the security properties that we should expect will be satisfied by such a set of contact tracing protocols in order to be accepted and effective. For each property, identify whether it is confidentiality, integrity, or availability.
2. Here is a proposed contact tracing protocol. It uses an app installed on the cell phones that individuals carry. Bluetooth communication in one cell phone is employed to detect when that cell phone is within 6 feet of another and is also used by the pair of cell phones to exchange messages. The Internet is used by a cell phone to send an anonymous message for posting on a database DB that a third party operates and that any cell phone can read.
  - Each cell phone generates a random identifier, on demand. The chances that two cell phones will generate the same random identifier is negligible.
  - Whenever cell phone A remains within Bluetooth range of another cell phone B for long enough then each generates a new random identifier, they exchange these values, and they each locally store a pair containing the contact time and the random identifier received from the other. Cell phone A also maintains a separate list of random identifiers it has sent, and adds to that list the random identifier it sent to B.
  - If the owner of a cell phone A discovers that he/she is ill, then that owner enters into the app running on A the likely time that the owner started to be contagious. That app then sends to DB for posting those pairs where the contact time is larger than the time that was just entered into the app.
  - The app running on every cell phone reads DB each day in order to see if any random identifier generated by this cell phone is now posted. If it is posted then the cell phone's owner is notified to quarantine.
  Suppose Cornell's President (and CS faculty member!) Pollack asked your advice about whether Cornell should mandate students, staff, and faculty to run this app on their cell phones. Tompkins County Health Services would provide DB. For your analysis, assume that all individuals who are participating in this protocol are trustworthy and, therefore, will report to the app if and when they became contagious. What do you recommend to President Pollack and why?
3. What kinds of damage can be caused by an individual who is dishonest (and therefore not trustworthy) but is participating in this protocol?