信息安全概论作业5-身份认证(Introduction to information security 5 – identity authentication)

作业题目

今天校园里到处是快递小哥,同学们也经常帮别人取快递,快递小哥不会很细致的核实身份,就允许代领,存在很多不安全因素。

设计一款基于手机的app,用于快递小哥验证身份,顾客领取快递。具体认证方法不限,简单易行。

(1)给出:app包含哪些部分(可加图示),每部分的功能;

(2)模仿kerberos的写法,描述交互过程,并加说明。

请注意:本题成绩记10分,大家写作业或提交作业之前应参看别人提交的作业,但请保持不雷同,要突出自己的特点,如雷同后面提交的将减分!!!

APP设计

所含模块

客户端

  • 用户使用的app软件,对用户的ID和密码进行验证,确认用户的身份。
  • 给顾客发送快递到达提示信息,并给与用户认证端加密后的密文。
  • 快递员输入取件人所提供的密文发送给认证端,认证端解密后的明文与原明文一致则输出提示信息,允许用户取件。

认证端

  • 接受ID和密码,确认用户身份
  • 加密取件信息,形成密文和取件信息一并发送给用户
  • 接受快递员发送的密文与取件信息,解密后对照明文和取件信息是否一致

交互过程

  • 用户登陆app
    (1)\(C\)→\(AS\) : \(ID_c\)||\(PassWord\)
    (2)\(AS\)→\(C\) : \(INF\)||\(E_A(INF)\)
    注:步骤一为用户验证登陆
    \(ID_c\):用户的账户
    \(PassWord\):用户的密码
    \(INF\):认证端给用户的取件信息
    \(A\):仅有认证端直到的密钥,\(E_A\)表示用该密钥加密取件信息
  • 用户取件,快递员认证用户取件信息
    (1)\(C\)→\(KDY\) : \(INF\)||\(E_A(INF)\)
    (2)\(KDY\)→\(AS\) : \(ID_K\)||\(PassWord\)
    (3)\(KDY\)→\(AS\) : \(INF\)||\(E_A(INF)\)
    (4)\(AS\)→\(KDY\) : \(RESULT\)
    注:步骤2为快递员验证身份
    \(RESULT\):认证端返回的取件认证结果,提示快递员是否允许用户领取该快递
————————

Homework topic

Today, the campus is full of express brothers, and students often help others get express. The express brother will not carefully verify his identity and will be allowed to receive on behalf of others. There are many unsafe factors.

Design a mobile phone based app for the courier brother to verify his identity and the customer to receive the express. The specific authentication methods are not limited and simple.

(1) Give: which parts of the app (can be illustrated) and the functions of each part;

(2) Imitate the writing method of Kerberos, describe the interaction process and explain it.

Please note: the score of this question is 10 points. Before you write your homework or submit your homework, you should refer to the homework submitted by others, but please keep it different and highlight your own characteristics. If it is the same, the score will be reduced!!!

APP设计

Modules included

client

  • The app software used by the user verifies the user’s ID and password to confirm the user’s identity.
  • Send the prompt message of express delivery to the customer, and give the encrypted ciphertext to the user authentication end.
  • The courier inputs the ciphertext provided by the receiver and sends it to the authentication terminal. If the decrypted plaintext of the authentication terminal is consistent with the original plaintext, the prompt information will be output to allow the user to pick up the piece.

Authentication end

  • Accept ID and password to confirm user identity
  • Encrypt the retrieval information to form a ciphertext and send it to the user together with the retrieval information
  • Accept the ciphertext and pick-up information sent by the courier, and check whether the illumination text and pick-up information are consistent after decryption

Interactive process

  • User login app
    (1)\(C\)→\(AS\) : \(ID_c\)||\(PassWord\)
    (2)\(AS\)→\(C\) : \(INF\)||\(E_A(INF)\)
    Note: Step 1 is user authentication login
    \(id_c \): user’s account
    \(password \): the password of the user
    \(inf \): the retrieval information from the authenticator to the user
    \(a \): there is only the key of the authentication end up to, \ (e_a \) means that the access information is encrypted with the key
  • User pick-up, courier authentication, user pick-up information
    (1)\(C\)→\(KDY\) : \(INF\)||\(E_A(INF)\)
    (2)\(KDY\)→\(AS\) : \(ID_K\)||\(PassWord\)
    (3)\(KDY\)→\(AS\) : \(INF\)||\(E_A(INF)\)
    (4)\(AS\)→\(KDY\) : \(RESULT\)
    Note: Step 2 is to verify the identity of the courier
    \(result \): the pick-up authentication result returned by the authentication end, prompting whether the courier allows the user to pick up the express