AnonAccess/en: Unterschied zwischen den Versionen

Version vom 6. Mai 2009, 21:31 Uhr

This page is still under construction

This page introduces the Labor's access system.

The access system replaces the conventional key-lock combination to open the door with an electronic magnetic stripe card based system.

Security and anonymity is one of our main focuses and shall be guaranteed by cryptographic mechanisms.

The composition of system components is roughly as follows:

Master Unit
- Ticket Database
- Flag-Modifying Database
- QPort-tiny
- Real-time clock

The chipcard is a pure memory device which is interfaced to via the I²C-bus.

The card contains a so-called AuthBlock, which contains all data necessary for authentication.

**Authblock structure**
Name	Length	Description
UID	2 Byte	temporary user identifier which tells the memory location of the ticket in the internal database
Ticket	32 Byte	encrypted timestamp
rKey	32 Byte	random key to encrypt rID
rID	32 Byte	encrypted identifier
HMAC	32 Byte	HMAC over the test of the AuthBlock

**Authblock creation**
Name	Length	Description
UID	2 Byte	random
Ticket	32 Byte	enc(key_timestamp, 24Byte Random \| 8Byte Timestamp)
rKey	32 Byte	random
rID	32 Byte	enc(key_rid, enc(rKey, hmac(key_nick, nickname)))
HMAC	32 Byte	hmac(key_absign, UID \| Ticket \| rKey \| rID)

to be done

The following are used as cryptographic primitives:

@@ Zeile 33: / Zeile 33: @@
 The card contains a so-called AuthBlock, which contains all data necessary for authentication.
 {| {{Prettytable}}
-|+ Authblock structure
+|+ '''Authblock structure'''
 ! Name !! Length !! Description
 |-
@@ Zeile 48: / Zeile 49: @@
 | HMAC || 32 Byte || HMAC over the test of the AuthBlock
 |}
 {| {{Prettytable}}
-|+ Authblock creation
+|+ '''Authblock creation'''
 ! Name !! Length !! Description
 |-