Chapter 2 Homework Problems

Design a protocol that will prevent the "MIG-in-the-middle" attack discussed in the textbook.
Dog race tracks often employ Automatic Betting Machines (ABM's), which are somewhat analogous to ATM's. An ABM is a terminal where a user can place his own bets and scan his winning tickets. An ABM machine does not accept or dispense cash; instead, it only accepts and dispenses vouchers. A voucher can be purchased from a separate voucher machine for cash and a voucher can only be converted into cash by a human teller. An image of a voucher appears below.

A voucher includes 15 hexadecimal digits, which can be read by a human or scanned (similar to a bar code) by a machine. A voucher is valid for 1 year from its date of issue. (However, the older that a voucher is, the more likely that it has been lost and will never be redeemed.) Vouchers are printed on cheap paper and hence they are easily damaged to the point where they fail to scan. In some cases, the voucher can be so damaged that it is even difficult for a human teller to process manually.

A list of all outstanding vouchers is kept in a database. Any teller can see the first 10 hex digits of any outstanding voucher, but, for security reasons, he cannot see any of the last 5 hex digits.

If a teller is given a valid voucher that does not scan, he must manually enter the hex digits in order to cash the voucher. Matching the first 10 hex digits is trivial. However, determining the last 5 hex digits can be difficult if the voucher is in poor condition.

Describe a protocol to be used by human tellers to manually process vouchers that fail to scan. The protocol must not place an undo burden on the busy tellers, but it must also protect against likely frauds.
What is key diversification? When (and why) is it advisable to employ key diversification?