COS 496: Information Security

Spring 2000

General information
Schedule
Homework: 0 1 2 3 4 5 6 7

Assignment 0: Warmup

Logistics

This assignment must be submitted by 1:30 PM on Tuesday 8 February.

There is no need to submit a lengthy "solution" to this problem. We simply ask that you certify that you have done the assignment. You can certify your completion of the assignment by sending an empty email message to submit496-0@felten.com.

You must do this assignment yourself, but you may ask other students for hints or advice.

Introduction

Several homework assignments later in the semester will ask you to improve the security of the software for a simulated bank. We will provide you with the bank's software, and you will improve it. The goal of this "warmup" assignment is to make sure that (a) you can compile and run the bank software, and (b) you understand its user interface.

You can get a zip-file containing the bank software here. The software is written in Java. It expects to be compiled and run in a Java 2 (also known as JDK 1.2) environment.

You can do this assignment (and all other programming assignments) on any machine you like, but your homework solutions must compile and run on the Computer Science machines. Java code tends to be very portable, so we don't anticipate many portability problems, but it's your responsibility to verify that your code works on the C.S. machines.

If you don't have an account on the C.S. machines, let us know and we'll get you one.

Compile and Run the Software

Your first task is to get the software to compile and run on your machine. Unzip the software into a fresh directory. If you're lucky, you can just type "javac *.java" in this directory and everything will compile. If not, you'll have to figure out what's wrong and fix it.

This is a good time to share hints with each other.

Anticipated common problems:

You might be using a pre-1.2 compiler. Type "javac -version" and look for a version number that starts with 1.2. If you have an older version you might need to change your PATH. For example, on the CIT arizona machines, you might need to add /usr/java2/bin to the front of your PATH.
Your CLASSPATH should be set to "." (a single dot character). On a Unix system you can add "setenv CLASSPATH ." to your .cshrc (or take some similar step, depending on which shell you're using.

Try It Out

Now that the software compiles, you're ready to run it.

First, type "java Init". This initializes the bank's database: it sets up accounts for two customers, and issues ATM cards to them. You can reinitialize the bank's database whenever you want, simply by running this command. In later assignments, it will be a good idea to reinitialize the database every time you make a significant change to the software.

The bank's database is stored in a file called "bank.db". There is also a simulated ATM card for each account-holder. The card for account number N is stored in a file called card_N.atm. (None of these files is human-readable.)

Once the database is initialized, you can start up the simulated bank run typing "java Bank". A small console window will pop up. The console window contains three buttons, one to create a (simulated) teller terminal, one to create a (simulated) ATM, and one to quit.

Start by making a teller terminal. The teller will first be asked to log in. For now, you can log in with any name; the password is equal to the name. (Try typing in an incorrect password to see what happens.)

After the teller logs in, you'll see a teller terminal window which contains a table of existing accounts, as well as two buttons. Try out the New Account button and create a few new accounts. For each one, you'll have to enter the name of the account's owner, the PIN to use for the account's ATM card, and the initial balance for the account. The ATM card is issued when you create the account.

Now close the teller terminal and open an ATM. First you'll see a window that asks you to choose an account number; by clicking the "Insert card" button you will insert that account's ATM card into the ATM. Of course, the "ATM cards" aren't real pieces of plastic. Instead, an "ATM card" is represented as a disk file that contains the bits that would be encoded on the magnetic stripe of a real card. "Inserting" a card just tells the software to load the appropriate disk file. Pick an account and insert its card.

Now you'll see a window that displays an account number and asks you to enter its PIN. Click the "Show card info" to see what is encoded on the ATM card that you just inserted into the ATM. The card contains the account number and 32 "check bytes". (In assignment 1 we'll focus on the role and purpose of the check bytes.) Now dismiss the ATM Card Info window by clicking its "Close" button.

Go back to the ATM window. For now, the PIN number is equal to the account number. Try entering the wrong PIN once just to see what happens; then enter the correct PIN.

Once you've entered the correct PIN and clicked OK, the window will change to let you do simulated deposits and withdrawals. Try a few of these; note that the balance is updated with each transaction. Try to withdraw more money than you have and see what happens.

Note that you can have many ATM and/or teller windows open at the same time. Try it and see what happens.

That's all. In the next assignment we'll start improving the bank's security.