信息安全概论 作业5 身份认证(Introduction to information security assignment 5 identity authentication)

题目

今天校园里到处是快递小哥,同学们也经常帮别人取快递,快递小哥不会很细致的核实身份,就允许代领,存在很多不安全因素。

设计一款基于手机的app,用于快递小哥验证身份,顾客领取快递。具体认证方法不限,简单易行。

  • 给出:app包含哪些部分(可加图示),每部分的功能;
  • 模仿kerberos的写法,描述交互过程,并加说明。

题目解答

app 的部分与功能

app 的部分与功能如下:

  • 快递员端:快递列表,确认身份信息;
  • 客户端:快递状态,生成身份信息;
  • 服务端:进行身份认证,更新快递状态,调度快递员;
  • Kerberos 服务提供方:提供 Kerberos 服务。

交互过程

为了便于表说明,以下用 C 表示客户,用 D 表示快递员,用 S 表示服务器。

快递员与客户在登陆时都要进行 Kerberos 协议的身份认证,获取对服务器访问的 ticket,向服务器确认自己的身份,获取相应的密钥。

接着,服务器通过检查快递状态,调度合适的快递员去向指定的位置给客户送快递。

当快递员与客户见面后,快递员要求客户出示身份信息。

客户生成身份信息,发送给快递员:

\(C \to D: ID_C||E_{K_{C,S}}[ID_C||ID_{package}]\)

快递员为了验证该身份信息,将其处理并发送给服务器:

\(D \to S: E_{K_{D,S}}[ID_C||E_{K_{C,S}}[ID_C||ID_{package}]]\)

服务器将该信息解密,核对 \(ID_C\) 与 \(ID_{package}\) 是否相对应,并将相应信息发给快递员:

\(S \to D: E_{K_{D,S}}[ID_S||ID_C||ID_{package}||check]\)

快递员将该信息解密,得到客户是否可信的信息。如果可信,则将快递交付给客户,否则拒绝交付。

————————

subject

Today, the campus is full of express brothers, and students often help others get express. The express brother will not carefully verify his identity and will be allowed to receive on behalf of others. There are many unsafe factors.

Design a mobile phone based app for the courier brother to verify his identity and the customer to receive the express. The specific authentication methods are not limited and simple.

  • Give: which parts of the app (can be illustrated) and the functions of each part;
  • Imitate the writing method of Kerberos, describe the interaction process and explain it.

Problem solving

Part and function of app

The parts and functions of the app are as follows:

  • Courier side: Express list to confirm identity information;
  • Client: Express status, generate identity information;
  • Server: conduct identity authentication, update express status, and dispatch couriers;
  • Kerberos 服务提供方:提供 Kerberos 服务。

Interactive process

In order to facilitate the description of the table, C is used to represent the customer, D is used to represent the courier, and S is used to represent the server.

When logging in, both the courier and the customer should authenticate the identity of Kerberos protocol, obtain the ticket to the server, confirm their identity to the server and obtain the corresponding key.

Then, by checking the express status, the server dispatches the appropriate courier to the designated location to deliver the express to the customer.

When the courier meets the customer, the courier asks the customer to show his identity information.

Generate customer identity information, send to courier:

\(C \to D: ID_C||E_{K_{C,S}}[ID_C||ID_{package}]\)

In order to verify the identity information, the courier processes it and sends it to the server:

\(D \to S: E_{K_{D,S}}[ID_C||E_{K_{C,S}}[ID_C||ID_{package}]]\)

The server decrypts the information, checks whether \ (id_c \) corresponds to \ (id_ {package} \), and sends the corresponding information to the courier:

\(S \to D: E_{K_{D,S}}[ID_S||ID_C||ID_{package}||check]\)

The courier decrypts the information to get the information about whether the customer is credible. If it is credible, deliver the express to the customer, otherwise refuse to deliver.