# 信息安全概论 作业5 身份认证(Introduction to information security assignment 5 identity authentication)-其他

## 信息安全概论 作业5 身份认证(Introduction to information security assignment 5 identity authentication)

### 题目

• 给出：app包含哪些部分（可加图示），每部分的功能；
• 模仿kerberos的写法，描述交互过程，并加说明。

### app 的部分与功能

app 的部分与功能如下：

• 快递员端：快递列表，确认身份信息；
• 客户端：快递状态，生成身份信息；
• 服务端：进行身份认证，更新快递状态，调度快递员；
• Kerberos 服务提供方：提供 Kerberos 服务。

### 交互过程

$$C \to D: ID_C||E_{K_{C,S}}[ID_C||ID_{package}]$$

$$D \to S: E_{K_{D,S}}[ID_C||E_{K_{C,S}}[ID_C||ID_{package}]]$$

$$S \to D: E_{K_{D,S}}[ID_S||ID_C||ID_{package}||check]$$

————————

### subject

Today, the campus is full of express brothers, and students often help others get express. The express brother will not carefully verify his identity and will be allowed to receive on behalf of others. There are many unsafe factors.

Design a mobile phone based app for the courier brother to verify his identity and the customer to receive the express. The specific authentication methods are not limited and simple.

• Give: which parts of the app (can be illustrated) and the functions of each part;
• Imitate the writing method of Kerberos, describe the interaction process and explain it.

### Part and function of app

The parts and functions of the app are as follows:

• Courier side: Express list to confirm identity information;
• Client: Express status, generate identity information;
• Server: conduct identity authentication, update express status, and dispatch couriers;
• Kerberos 服务提供方：提供 Kerberos 服务。

### Interactive process

In order to facilitate the description of the table, C is used to represent the customer, D is used to represent the courier, and S is used to represent the server.

When logging in, both the courier and the customer should authenticate the identity of Kerberos protocol, obtain the ticket to the server, confirm their identity to the server and obtain the corresponding key.

Then, by checking the express status, the server dispatches the appropriate courier to the designated location to deliver the express to the customer.

When the courier meets the customer, the courier asks the customer to show his identity information.

Generate customer identity information, send to courier:

$$C \to D: ID_C||E_{K_{C,S}}[ID_C||ID_{package}]$$

In order to verify the identity information, the courier processes it and sends it to the server:

$$D \to S: E_{K_{D,S}}[ID_C||E_{K_{C,S}}[ID_C||ID_{package}]]$$

The server decrypts the information, checks whether \ (id_c \) corresponds to \ (id_ {package} \), and sends the corresponding information to the courier:

$$S \to D: E_{K_{D,S}}[ID_S||ID_C||ID_{package}||check]$$

The courier decrypts the information to get the information about whether the customer is credible. If it is credible, deliver the express to the customer, otherwise refuse to deliver.