What Is Bistro?
Bistro is a scalable and secure system for uploading data through the Internet. It is under development at the University of Southern California under the direction of Professor Leana Golubchik.

Bistro uses a client-sever architecture. Near the bottom of every programming assignment web page, you will see a web form that you can use to upload your submission to a Bistro server. The purpose of this document is to briefly describe this process.

The Bistro Server
One of the features we use in Bistro for programming assignment submissions is that the Bistro serve can give secure timestamps. The timestamps a Bistro server issues is secure because it is digitally signed by the Bistro server and this digital signature cannot be forged and can be digitally verified.

We will use a web browser as the client program to upload submissions to the Bistro server. Near the bottom of every programming assignment web page, you will see a web form that you can use for this purpose.

When the web client successfully upload a submission to the Bistro server, the Bistro server will issue a digitally signed ticket and e-mail the ticket to your USC e-mail address specified in the web form. The ticket contains important information such as the time the Bistro server got your submission, the size of your submission, a digital fingerprint of your submission (which is known as a "message digest" of your submission), etc. Please see a sample of what a ticket looks like below. This ticket is your proof that your submission has made the deadline.

Your submission sits on the Bistro server until the instructor downloads it (after the deadline). Since you can make multiple submissions, a notification e-mail will be sent to you letting you know which submission was downloaded for grading.

A typical ticket (which is a text file that you can open with a text editor) looks like the following:
    MIME-Version: 1.0
    Content-Type: multipart/signed ;
        protocol="application/x-pkcs7-signature" ;
        micalg=sha1 ;

    This is an S/MIME signed message


    ; Do NOT delete this file.  This ticket file is PROOF ;
    ; that your submission with the above hash value was  ;
    ; received by the server at the time indicated by the ;
    ; server_time_string above.  Also, please do NOT      ;
    ; alter this file.                                    ;

    Content-Type: application/x-pkcs7-signature; name="smime.p7s"
    Content-Transfer-Encoding: base64
    Content-Disposition: attachment; filename="smime.p7s"


The top section of the ticket is just a header and the last section of the ticket is a digital signature. The middle part contains the information about the submission and the timestamp. A few things to note:
  • The evid is the Event ID in the web form that you used.
  • The hash_algorithm is the name of the message digest function.
  • The hash_value is the message digest.
  • The file_size is the file size of your submission (in bytes).
  • The file_name contains a "fake path" followed by the file name of your submission.
  • The server_time_string is the timestamp.
Please look at these values carefully to make sure that they make sense.

If you want to be 100% sure that what the server has received is exactly what you have submitted, you should check the hash_value and the file_size in the ticket. In the above example, the file_name is "C:/fakepath/hello.txt", which means that the name of the file you have submitted is "hello.txt" (you need to ignore the "fake path" part). Also, the hash_algorithm is "sha1". Therefore, you should run the following command:
    ls -l hello.txt
    openssl sha1 hello.txt
The file name arguments for the "ls -l" and "openssl sha1" commands above should match the last part of file_name in the ticket. The printout of the "ls -l" command should match the file_size in the ticket and the printout of the "openssl sha1" command should match the hash_value in the ticket. If they don't match, you have submitted the wrong file (or you are running the above commands with the wrong file)!

The Bistro system is under development. If you see anything that looks like a bug, please send e-mail to Bill Cheng with a detailed description.