AnonAccess/en: Unterschied zwischen den Versionen
Aus LaborWiki
(Die Seite wurde neu angelegt: „{{Grundkasten|param='''This page is still under construction'''}}<!-- keine Inhalte vor diesem Kommentar! (Kopf-Banner) --> right =...“) |
KKeine Bearbeitungszusammenfassung |
||
Zeile 33: | Zeile 33: | ||
The card contains a so-called AuthBlock, which contains all data necessary for authentication. | The card contains a so-called AuthBlock, which contains all data necessary for authentication. | ||
{| {{Prettytable}} | {| {{Prettytable}} | ||
|+ Authblock structure | |+ '''Authblock structure''' | ||
! Name !! Length !! Description | ! Name !! Length !! Description | ||
|- | |- | ||
Zeile 48: | Zeile 49: | ||
| HMAC || 32 Byte || HMAC over the test of the AuthBlock | | HMAC || 32 Byte || HMAC over the test of the AuthBlock | ||
|} | |} | ||
{| {{Prettytable}} | {| {{Prettytable}} | ||
|+ Authblock creation | |+ '''Authblock creation''' | ||
! Name !! Length !! Description | ! Name !! Length !! Description | ||
|- | |- |
Version vom 6. Mai 2009, 20:31 Uhr
This page is still under construction
Summary
This page introduces the Labor's access system.
The access system replaces the conventional key-lock combination to open the door with an electronic magnetic stripe card based system.
Security and anonymity is one of our main focuses and shall be guaranteed by cryptographic mechanisms.
Components
The composition of system components is roughly as follows:
- Master Unit
- Ticket Database
- Flag-Modifying Database
- QPort-tiny
- Real-time clock
- Panel
- Card reader
- User Input Devices
- User Output Devices
- QPort-tiny
- Chipcard
The Chipcard
The chipcard is a pure memory device which is interfaced to via the I²C-bus.
The card contains a so-called AuthBlock, which contains all data necessary for authentication.
Name | Length | Description |
---|---|---|
UID | 2 Byte | temporary user identifier which tells the memory location of the ticket in the internal database |
Ticket | 32 Byte | encrypted timestamp |
rKey | 32 Byte | random key to encrypt rID |
rID | 32 Byte | encrypted identifier |
HMAC | 32 Byte | HMAC over the test of the AuthBlock |
Name | Length | Description |
---|---|---|
UID | 2 Byte | random |
Ticket | 32 Byte | enc(key_timestamp, 24Byte Random | 8Byte Timestamp) |
rKey | 32 Byte | random |
rID | 32 Byte | enc(key_rid, enc(rKey, hmac(key_nick, nickname))) |
HMAC | 32 Byte | hmac(key_absign, UID | Ticket | rKey | rID) |
Inner Workings
to be done
Used Primitives
The following are used as cryptographic primitives:
- Hash: SHA256
- HMAC: HMAC-SHA256
- Blockcipher: Shabea256
- Pseudo-Random-Number-Generator: Selfmade based on SHA256