Information Security

Homework: 0 1 2 3 4 5 6 7

Assignment 2: Teller Login


Your solution should be a zip-file containing three things: your source code (, and any other source code files you create), your compiled code (TellerAuth.class and the compiled versions of any other files you create), and a report that describes what you did and why. The report should be an HTML file named index.html. (It may contain links to other files, if you include those files in your submission.)

You must work in a group on this assignment. You may not collaborate with anyone outside your group.


At present, the teller terminals, where bank tellers do their work, are vulnerable. An adversary can walk up to a teller terminal, log in, and proceed to create an account for himself, with a large initial balance. This is true because the login dialog accepts any username, and the password for every username is just equal to that username.

Your goal in this assignment is to improve the authentication of tellers. You will decide what kind of exchange will occur between the system and a teller when the teller logs in, and how the system will decide whether to allow access in each case.

You will implement your solution by modifying the file, which has been provided in the bank's software.

The Code

Authentication of tellers is currently performed by the code in the file This file contains the graphical user interface (GUI) code to draw the login window, as well as the code that decides whether to grant access.

At present, the code asks for a username and password, and grants access if the username and password are equal to each other. The decision whether to grant access is implemented by the "check" procedure.

The GUI code uses Sun's Swing toolkit. If you find that you need to modify the GUI code, we can give you hints and point you to the appropriate documentation on the Swing features you want to use. Swing is not too difficult to use once you get the hang of it.


Your goal is to modify, and add any other needed code, so that it is much harder for an adversary to gain access. Of course, your solution must allow legitimate tellers to gain access. In addition, there must be a way to grant newly hired tellers access, and to take away access from tellers who leave the bank's employ.

There are several approaches you might follow. Depending on your approach, you might need to modify the GUI code.

Threat Model

The adversary's goal is to gain access to a logged-in teller terminal. Your goal is to prevent him from doing so. Of course, you must not prevent legitimate tellers from gaining access.

You should make the following assumptions:

We suspect that the adversary may be able to look over the shoulders of tellers who are logging in, to see what they type. We prefer solutions that meet the objectives even if the adversary can do this. (Your report should say whether or not you protect against this threat; and if you do claim to protect against it, your report should justify this claim.)

Your Report

Your report should describe your solution, explain why it allows legitimate tellers to access their accounts, and justify why it prevents the adversary from gaining illegitimate access under the assumptions listed above. Your report should be concise but should be as convincing as you can make it. The quality of your report will be a very important component of your grade, so pay at least as much attention to your report as to your code.

Helpful Hints

If you want to store data in disk files, Java's serialization facility might be helpful. It provides an automatic way to write virtually any data structure out to a file, and then read it back later.

Copyright 2000-2001, Edward W. Felten.