-------------------------------------------------------------------------------
Mohamed G. Gouda						Homework 3
CS 395T: Network Protocol Security				Fall 2006
-------------------------------------------------------------------------------
1.
* The disadvantage of making each security association uniquely identifiable in
the Internet by (SA#,type) is that adding a new security association to the
Internet requires a global knowledge of all the security associations that are
currently in the Internet.

* The disadvantage of making each security association uniquely identifiable in
the Internet by (type,dst) is that each computer can be the destination of at 
most two security associations, one AH and one ESP.

* The disadvantage of making each security association uniquely identifiable in
the Internet by (SA#,dst) is that each computer can be the destination of at 
most 32^2 security associations, rather than 2*(32^2).

-------------------------------------------------------------------------------
2.
The firewall has the following seven rules:
 
ntrf=0 ^ src in 128.83.0.0/16 -> discard

ntrf=0 ^ src=any ^ dst=128.83.5.3 ^ prtcl=tcp ^ dprt=25  -> accept

ntrf=0 ^ src=any ^ dst=128.83.5.3 ^ prtcl=any ^ dprt=any -> discard

ntrf=0 ^ src=any ^ dst=any ^ prtcl=tcp ^ syn=1 ^ ack=0 -> discard

ntrf=0 ^ src=any ^ dst=any ^ prtcl=any -> accept 

ntrf=1 ^ src in 128.83.0.0/16 -> accept 

ntrf=1 ^ src=any              -> discard 
 
-------------------------------------------------------------------------------
3.
The voting system satisfies the following three security properties:

(1) The voting server does not know how each voter votes.
(2) Only eligible voters can vote.
(3) Each eligible voter can vote at most one.

The voting system does not satisfy the following security property:

No voter has a proof, signed by the voting server, that the voting server
has received their vote. 

-------------------------------------------------------------------------------