security and ghosts
For this week’s tutorial exercise, the question was this:
Suppose you are the friendly Major M from the base who can see the alien A but who cannot see the invisible man X. Only A can see and hear X.
Q: What would you M do to get from X his report on the Alien's (A's) planet?
Now the problem with this scenario is whether or not Alien A is a good or bad guy. If A is evil, then for all we know, he could have killed X already, and is just infiltrating our group for his own purposes. And since X is invisible (a ghost), we have no way of telling if X really is where A says he is.
Now if A is allegedly good, then he needs to prove that somehow. So first, we must check that X really is there and... not dead. And so we need some way of authenicating X’s existence. This can be done by asking A something only X will know, such as his mother’s maiden name.
Now that we know X really is not dead or made up, then we can at the very least trust A to transfer our message. But we now run into the issue of whether or not A will tamper with X’s words, since X’s report may include information regarding the aliens. Although if A really hasn’t killed X yet, then we can hopefully trust that A will continue to communicate with X for us.
Therefore, we need a method of authenticating the integrity of our message so that we can know whether or not A tampered with the message. The other solution is to create a method that is tamper proof, or encrypted in a way that A does not know X and our shared key. That is, something that we and X know, but is oblivious to A. Now this can be as simple as using some military-specific protocol protocol that uses a word substitution cipher, or even just a simple monoalphabetic cipher like morse code.
Now a more interesting solution that was raised in class was create a barrier between what A and us. However, we can still ask X a question, and then he can tell his answer to A, and then A can relay that answer back to us in writing. The idea is that we remove the context from A, so A cannot know what questions we are asking, and so can not understand the what his answers mean. If he does not know what the answers mean, then he can not tamper with the answers.
If we want to increase the security or our communication even further, we can ask our questions where the answer is either yes or no, or maybe even some form of multiple choice. With this method, we can authenticate that the message is not being tampered with by randomly asking X really obvious questions amid secret ones. And if we recieve the correct answer from X, then we know that the A can be trusted and that the method works. However, if we recieve a wrong answer, then A must be guessing the questions, and of course, that makes things more difficult. So I suppose we can just repeat the questions and collate the most repeated answer from A (since A cannot be guessing correctly every single time).