Are you a good puzzle solver?

Do you like reading complicated mysteries, locked room puzzles?  Maybe writing them?

I have just the puzzle for you. 

Bob needs to send vital files back to Alice, his boss, at the Department of Saving the Earth.  These files contain the secret plans the evil aliens have hatched to take over the Earth, including the fact that Mallory has become a traitor, turning the Earth’s defenses over to the aliens in exchange for a beach house in the Hamptons.  Mallory,  using the powers of the evil aliens, can intercept messages Bob sends, and even inject messages of his own.  Bob can’t risk revealing that he’s onto Mallory and the aliens’ evil schemes.

How does Bob send the files to Alice in a way that Mallory can’t read what he’s sending and Alice can be sure that it was Bob who sent them?

It doesn’t sound too hard.  Bob encrypts the files and now Mallory, whose code breaking prowess is a little lacking–he skipped those classes in Secret Agent school–can’t read the file. 

Bob can use the super-secure file transfer program on his laptop to encrypt the file.  The file transfer program back at Headquarters will decrypt the file and put it into Bob’s Really Important Things folder.  Alice will see it there and save the world.

Bob’s super-secure file transfer program creates a cryptographic signature– a computation, using the secret key that exists only on Bob’s laptop–and the super-secure file transfer program back at Headquarters will check that signature, proving that it came from Bob, and using Bob’s ID, verified with the signature, store the file in the Bob’s Really Important Things folder.

But Bob’s super-secure file transfer program gives him two options–and here is the puzzle you have to help him solve–

A) It can create a digital signature of the original file, then encrypt the file, and then send both of those things to Headquarters (along with Bob’s ID so that the e-mail program can look up the correct keys to use to do the decrypting and signture checking).

B) Encrypt the file, then create a digital signature of the encrypted file, and send both of those to Headquarters (along with Bob’s ID so that the e-mail program can look up the correct keys to use to do the decrypting and signture checking).

Which should he do?  Can Bob save the world with either of these methods?  Mallory can intercept and manipulate the messages, but he can’t read them…

Time’s running out on Bob, should he choose A or B?  (No fair calling Alice on the phone and shouting “RUN!”)

About Patrick Sullivan

Pat Sullivan is an electrical engineer by training, corrupted into an Information Assurance architect--He recently let slip the secret motto of all IA people: "We're not happy 'til you're not happy." He likes to read science fiction and espionage thrillers, has a few patents, and is trying hard to breath life into a science fiction novel.


Are you a good puzzle solver? — 1 Comment

  1. I didn’t see it right away either. Both of these are broken, one is terribly, utterly broken.

    Think about what the signature is bound to. What does adding a signature prove? In one case (A), it says that the signer possesses the original, unencrypted, message. That should make you feel pretty good that the person who signed it is the person who created it.

    In option B, the signature is bound to the encrypted file, the ciphertext. Who has access to that? Well…anyone who can see the message as it is transiting the network. Like Mallory and our nasty aliens.

    See the problem?

    Mallory can intercept the message, strip off the signature, sign it with his private signing key, and send it on–destined for Mallory’s Boring Junk Don’t Read folder. (I didn’t want to clutter up the original problem with the presumptive detail that the super-duper fsecure file system is read/write–once the server receives the message, now from Mallory, it will decrypt the file, check the signature, see it came from Mallory, and place it in his files. Mallory can now ask the server to send him the file back. Reading the file he knows whether or not it is important. If it suits him, he can re-send the original message to Alice so that Alice doesn’t wonder why she hasn’t heard from Bob in a while. Or send Bob to sleep with the fishes, so to speak.

    The point of all of this is that it may be that the cryptographic primitives are perfectly secure, but that they have been combined in a protocol that makes them insecure.

    Who cares?

    Well, I’ve been told that one of the world’s most popular e-mail programs uses option B. Probably doesn’t matter to you or me, but it matters if you’re a dissident somewhere, or some executive sending sensitive merger and acquisition messages, or a prosecutor corresponding with law enforcement about the case you’re building against some Bad Guys, or an undercover drug agent working in a Bad Place.

    It does matter to them.

    As to what’s wrong with “A”? Only a glutton for punishement would want to know.