Homework: 0 1 2 3 4 5 6 7
Assignment 2: Teller Login
Your solution should be a zip-file containing three things: your
source code (TellerAuth.java, and any other source code files
you create), your compiled code (TellerAuth.class and the
compiled versions of any other files you create), and a report that
describes what you did and why. The report should be an HTML file
named index.html. (It may contain links to other files, if
you include those files in your submission.)
You must work in a group on this
assignment. You may not collaborate with anyone outside your group.
At present, the teller terminals, where bank tellers do their work,
are vulnerable. An adversary can walk up to a teller terminal, log
in, and proceed to create an account for himself, with a large initial
balance. This is true because the login dialog accepts any username,
and the password for every username is just equal to that username.
Your goal in this assignment is to improve the authentication of
tellers. You will decide what kind of exchange will occur between the
system and a teller when the teller logs in, and how the system will
decide whether to allow access in each case.
You will implement your solution by modifying the file
TellerAuth.java, which has been provided in the bank's software.
Authentication of tellers is currently performed by the code in the
file TellerAuth.java. This file contains the graphical user interface
(GUI) code to draw the login window, as well as the code that decides
whether to grant access.
At present, the code asks for a username and password, and grants
access if the username and password are equal to each other. The
decision whether to grant access is implemented by the "check"
The GUI code uses Sun's Swing toolkit. If you find that you need to
modify the GUI code, we can give you hints and point you to the
appropriate documentation on the Swing features you want to use.
Swing is not too difficult to use once you get the hang of it.
Your goal is to modify TellerAuth.java, and add any other needed code,
so that it is much harder for an adversary to gain access. Of course,
your solution must allow legitimate tellers to gain access. In
addition, there must be a way to grant newly hired tellers access, and
to take away access from tellers who leave the bank's employ.
There are several approaches you might follow. Depending on your
approach, you might need to modify the GUI code.
The adversary's goal is to gain access to a logged-in teller terminal.
Your goal is to prevent him from doing so. Of course, you must not
prevent legitimate tellers from gaining access.
You should make the following assumptions:
We suspect that the adversary may be able to look over the shoulders
of tellers who are logging in, to see what they type. We prefer
solutions that meet the objectives even if the adversary can do this.
(Your report should say whether or not you protect against this
threat; and if you do claim to protect against it, your report should
justify this claim.)
- The adversary can gain physical access to the keyboard and
display screen of a teller terminal in the bank.
- The adversary knows the usernames of the legitimate tellers.
- Each legitimate teller can know one or more secrets that the
adversary is unable to learn.
- When a teller leaves the bank's employ, the adversary can bribe
that teller to disclose any information in the teller's possession.
- The adversary knows what algorithm you are using. He can read
your code, but he cannot observe the values of any of your variables.
- The adversary cannot observe or modify the contents of any data
files you create.
Your report should describe your solution, explain why it allows
legitimate tellers to access their accounts, and justify why it
prevents the adversary from gaining illegitimate access under the
assumptions listed above. Your report should be concise but should be
as convincing as you can make it. The quality of your report will be
a very important component of your grade, so pay at least as much
attention to your report as to your code.
If you want to store data in disk files, Java's serialization facility
might be helpful. It provides an automatic way to write virtually any
data structure out to a file, and then read it back later.
Copyright 2000-2001, Edward W. Felten.