What Is Bistro?
Bistro is a scalable and secure system for uploading data through the Internet. It is under development at the University of Southern California under the direction of Professor Leana Golubchik.
Bistro uses a client-sever architecture. Near the bottom of every programming assignment web page, you will see a web form that you can use to upload your submission to a Bistro server. The purpose of this document is to briefly describe this process.
The Bistro Server
One of the features we use in Bistro for programming assignment submissions is that the Bistro serve can give secure timestamps. The timestamps a Bistro server issues is secure because it is digitally signed by the Bistro server and this digital signature cannot be forged and can be digitally verified.
We will use a web browser as the client program to upload submissions to the Bistro server. Near the bottom of every programming assignment web page, you will see a web form that you can use for this purpose.
When the web client successfully upload a submission to the Bistro server, the Bistro server will issue a digitally signed ticket and e-mail the ticket to your USC e-mail address specified in the web form. The ticket contains important information such as the time the Bistro server got your submission, the size of your submission, a digital fingerprint of your submission (which is known as a "message digest" of your submission), etc. Please see a sample of what a ticket looks like below. This ticket is your proof that your submission has made the deadline.
Your submission sits on the Bistro server until the instructor downloads it (after the deadline). Since you can make multiple submissions, a notification e-mail will be sent to you letting you know which submission was downloaded for grading.
A typical ticket (which is a text file that you can open with a text editor) looks like the following:
MIME-Version: 1.0 Content-Type: multipart/signed ; protocol="application/x-pkcs7-signature" ; micalg=sha1 ; boundary="----B3D7DE4A3A337FD8C0DAC10F10512AA1" This is an S/MIME signed message ------B3D7DE4A3A337FD8C0DAC10F10512AA1^M [ticket] format_version=1.0 type=simple ticket_id=1 evid=merlot.usc.edu_80_1557931083_7 firstname.lastname@example.org client_ip=188.8.131.52 hash_algorithm=sha1 hash_value=a506d58ed0a35027f33b9fe11f9032a8b86aeb90 random_value=f4220de784cd1d617af1bdc72fbf1504eabcecab file_size=72 file_name=C:/fakepath/hello.txt userid=bill.cheng server_id=merlot.usc.edu_80_1557931083 server_time=1558504371 server_time_string=21May2019-22:52:51 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Do NOT delete this file. This ticket file is PROOF ; ; that your submission with the above hash value was ; ; received by the server at the time indicated by the ; ; server_time_string above. Also, please do NOT ; ; alter this file. ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ------B3D7DE4A3A337FD8C0DAC10F10512AA1 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIIC4gYJKoZIhvcNAQcCoIIC0zCCAs8CAQExDzANBglghkgBZQMEAgEFADALBgkq hkiG9w0BBwExggKqMIICpgIBATCBlzCBkTELMAkGA1UEBhMCVVMxCzAJBgNVBAgM Ak1EMQswCQYDVQQHDAJDUDEMMAoGA1UECgwDVU1EMSEwHwYDVQQLDBhCaXN0cm8t MTU1NzkzMTA4My1yb290Y2ExDzANBgNVBAMMBm1lcmxvdDEmMCQGCSqGSIb3DQEJ ARYXd2lsbGlhbUBib3VyYm9uLnVzYy5lZHUCAQYwDQYJYIZIAWUDBAIBBQCggeQw GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTkwNTIy MDU1MjUxWjAvBgkqhkiG9w0BCQQxIgQgJgd3+kAXx1nUSK/wvDkluZjT6RplcMiG Nbpo/gjNyQkweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUD BAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYI KoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEB BQAEggEAiTxsJ9UZr1mmwFIykz6DcNQHSKuFGx64m42WTLsIgeTEv9LLBnujQfDx nDWF53YY8aBStHw/1s5QyhaXxNmoa2vy7ut5L+kl5SzNzpHhbzRl8W3R0QQ0tV1g CVyJN5Dc7e3Yov7nitbj7UTxEemDoaEDQWBCiqZfZNSyiaf0zXd/VYns9c6FzP5R mTaDjjHfIq5d1kYe/7GW4iVq9df0uUnR1muE2s08TDEXa8cgQ4xPgvdX69LEYky1 3TCFuRDABOJoMoYtXCW8/xskHp6iB0r/kuikYc1f7k4uaPuC8twRqkmj7VtvJfWk d4yBbWKyYKnSe9gtlZrUlgt2VWeWSw== ------B3D7DE4A3A337FD8C0DAC10F10512AA1--The top section of the ticket is just a header and the last section of the ticket is a digital signature. The middle part contains the information about the submission and the timestamp. A few things to note:
If you want to be 100% sure that what the server has received is exactly what you have submitted, you should check the hash_value and the file_size in the ticket. In the above example, the file_name is "C:/fakepath/hello.txt", which means that the name of the file you have submitted is "hello.txt" (you need to ignore the "fake path" part). Also, the hash_algorithm is "sha1". Therefore, you should run the following command:
ls -l hello.txt openssl sha1 hello.txtThe file name arguments for the "ls -l" and "openssl sha1" commands above should match the last part of file_name in the ticket. The printout of the "ls -l" command should match the file_size in the ticket and the printout of the "openssl sha1" command should match the hash_value in the ticket. If they don't match, you have submitted the wrong file (or you are running the above commands with the wrong file)!