Design a protocol to allow mobile user to securely download

Assignment Help Computer Networking

Reference no: EM131305131

Problem -

An advanced drinks vending machine allows a mobile user to pay for a drink using a mobile phone billing account based on his/her fingerprint. The user is assumed to have data related to one of his/her fingerprints registered with a server operated by the service provider that manages the user's billing account. To purchase a drink, the mobile user uses his/her mobile phone to dial the number associated with the vending machine, and the machine then displays a request for the selection of a drink and provision of data related to the user's fingerprint. Having received the user's valid drink selection and user's fingerprint related data, the vending machine uses the fingerprint related data to request the server of the user's service provider to pay for the drink selected. Here assume that the vending machine can obtain the user's phone number and identify the server of his/her service provider based on the number.

Upon receipt of the vending machines payment request, the server checks that it has a billing account associated with the fingerprint data received and the amount of money in the account is sufficient to pay for the drink. The server grants the payment by debiting the user's billing account and crediting the designated account of the vending machine, only if the checking is positive, and informs the vending machine of its decision. If the server grants the payment, the vending machine delivers a selected drink; Otherwise, the vending machine terminates the purchase and informs the user by a displayed message.

The drinks vending machine is mainly designed for a mobile user using an advanced mobile phone with a built-in fingerprint scanner. However, sometimes the mobile user can only get hold of an ordinary mobile phone with no built-in fingerprint scanner. In this case, the user is allowed to download his/her fingerprint related data from the server of the user's service provider. This coursework only considers the latter case.

It is assumed that:

Each user's mobile phone offers a DES-based symmetric cryptosystem including a secure hash function;
The user has a password registered with the server of his/her service provider but does not share any extra DES key with the server,
The user has a password registered with the server of his/her service provider but does not share any extra DES key with the server;
The user does not share any DES key with the vending machine;
The user's mobile phone cannot run any asymmetric cryptosystem such as RSA;
For the sake of cost-saving, the use of Kerberos has been ruled out.

You are required to perform the following tasks (you can make necessary assumptions):

1. Secure downloading of a mobile user's fingerprint related data. This includes:

(a) Design and explain (with diagrammatical illustration) a protocol to allow the mobile user to securely download his/her fingerprint related data from the server of the user's service provider to his/her mobile phone.

Note that the design of this protocol must meet the following requirements:

(i) The server transfers the fingerprint related data to the mobile user only when the server is convinced that the user is the legitimate owner of the fingerprint related data and that the request is indeed from the claimed user.

(ii) The confidentiality of the fingerprint related data transferred from the server to the user must be protected.

(iii) Measures should be taken to reduce the risk of Denial of Service (DoS) attacks on the server.

(b) Analyse the designed protocol to justify how the protocol satisfies the above requirements 1 (a) (i), (ii) and (iii).

2. Authorised purchase of a drink by a mobile user. This includes:

(a) Design and explain a protocol (with diagrammatical illustration) to allow the mobile user to purchase a drink based on his/her fingerprint related data already downloaded from the server of the user's service provider to his/her mobile phone.

Note that the design of this protocol can omit the details of the drink purchase (e.g. the drink price and account details of the drink vending machine), and that the design must meet the following requirements:

(i) The mobile user authorises the drink purchase using his/her fingerprint related data, the drink vending machine receives the authorisation but cannot obtain any information on the user's fingerprint data, and the service provider's server can verify the authenticity of the user's authorisation and the vending machines payment request.

(ii) The drink purchase authorisation of the mobile user cannot be re-used for deceptive charging by the vending machine if it misbehaves.

(b) Analyse the designed protocol to justify how the protocol satisfies the above requirements 2 (a) (i) and (ii).

Reference no: EM131305131

Questions Cloud

Why might securitization lead to a mortgage broker : Why might securitization lead to a mortgage broker becoming disconnected from the outcome of a lending decision?

Describe the impact of pubertal timing on adolescent : Describe the impact of pubertal timing on adolescent adjustment. Please note gender differences.Discuss your thoughts on primary and secondary sex characteristics that indicate sexual maturity.Describe positive and negative ways in which teens influe..

What action is being taken by the actors in the article : What action is being taken by the actors in the article? What are the consequences of these actions? Who benefits or loses from these actions? How do they benefit or lose?

Moral hazard is likely to be less of a problem : Explain in which of the following situations moral hazard is likely to be less of a problem.- A manager is paid a flat salary of $150,000.- A manager is paid a salary of $75,00 plus 10% of the firm's profits.

Design a protocol to allow mobile user to securely download : Design and explain (with diagrammatical illustration) a protocol to allow the mobile user to securely download his/her fingerprint related data from the server of the user's service provider to his/her mobile phone

Calculates class standing from the number of credits earned : A certain college classifies students according to credits earned. A student with less than 7 credits is a Freshman. At least 7 credits are required to be a Sophomore, 16 to be a Junior and 26 to be classified as a Senior.

Analyze the psychosocial stage of development louisa : Analyze the psychosocial stage of development Louisa is in; why you believe she is in this stage; and how personal, family, and community relationships, as well as related attachments, influence her psychosocial development. Be sure to provide a r..

What is the exercise price in an options contract : Why would a company use stock options as part of a top manager's compensation?- What is the "exercise price" in an options contract? Why would this manager have wanted his options backdated?

Calculates the total babysitting bill : You may assume that the starting and ending times are in a single 24 hour period. Partial hours should be appropriately prorated.

Reviews

len1305131

12/8/2016 2:23:52 AM

This is an individual coursework, so it must be completed independently. This coursework should be carried out with reference to relevant textbooks and published articles. The length of the report should not exceed four A4 sides (i.e. approximately no more than 2000 words). Correct protocol design, clear explanation, and convincing analysis against the specified requirements. Correct protocol design, clear explanation, and convincing analysis against the specified requirements. Report clarity and quality (clear justifications, protocol efficiency considerations, conciseness and accuracy, evidence of research).

Write a Review

Required(*) Message

User Account

All Pages