1. 

 

A secure web server uses public keys for customer logins. The idea is of course, the public-private key pair are completely immune to phishing attacks. Suppose Alice is a user of this service and her account name is “ALICE”. She has a public key k1a that she has registered with the service. She has a private key that only she knows.

 

In order to login:

Step1:  Alice opens an SSL connection to the web site.

Step 2: The web site puts up a form to enter her account name and she enters “ALICE” and hits “<next>”.

Step 3: ---

 

Step 3 is where the web server and Alice perform the authentication step.

 

Design step 3.

 

 

2.

In the buffer overflow project, if we change the location of the array “a” from a local variable to a global variable the return-address-changing attack may not work

 

1. Can the same return-address-change attack be made to work?
2. What other attacks may be possible due to the location change of the array?