finger.txt

Finger in the Middle Contest
=================================

Players:

    Defender - Tries to send a fingerprint over an insecure channel and wins iff
               they (1) detect every attack, or (2) successfully transfer the
               fingerprint.

    Attacker - Tries to modify the fingerprint sent over the channel.


Rules:

1. The Defender writes a program D.
2. The Attacker writes a program A (they are not given any information about D).
3. Two instances of D are run, passing messages through an instance of A.
4. All programs are shut down.
5. The Attacker is given a copy of the program D, and is allowed to modify A.
6. Modified-A is started.
7. The two instances of D are started up again, communicating through
   Modified-A.
    - They're allowed to state left over from the last time they were run, but
    - The Defender is not allowed to modify the program or that state.
7. A judge gives a secret message to one instance of D, and checks that the
   other instance of D successfully received it.
8. If the Attacker can recover the secret message within the next hour (or
   whatever), the Attacker wins. If not, the Defender wins.

The order is important, since it:

    - Stops the Defender from hard-coding secret keys into D.
        - The Attacker will eventually get access to them.
    - Stops the Attacker from being able to use D itself to understand what
      D tries to do.
        - The Attacker doesn't know D until after they do the interception.

Unfortunately, these rules don't work, because D could have a hard-coded HMAC
key, and use that for integrity. Once the Attacker learns the HMAC key in step
5, it's already too late.