Question

Traditional password entry schemes are susceptible to "shoulder surfing" in which an attacker watches an unsuspecting user enter their password or PIN number and uses it later to gain access to the account. One way to combat this problem is with a randomized challenge-response system. In these systems, the user enters different information every time based on a secret in response to a randomly generated challenge. Consider the fol- lowing scheme in which the password consists of a five-digit PIN number (00000 to 99999). Each digit is assigned a random number that is 1, 2, or 3. The user enters the random numbers that correspond to their PIN instead of their actual PIN numbers.For example, consider an actual PIN number of 12345. To authenticate the user would be presented with a screen such as:PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 3 2 3 1 1 3 2 2 1 3The user would enter 23113 instead of 12345. This doesn’t divulge the password even if an attacker intercepts the entry because 23113 could correspond to other PIN numbers, such as 69440 or 70439. The next time the user logs in, a different sequence of random numbers would be generated, such as: PIN: 0 1 2 3 4 5 6 7 8 9 NUM: 1 1 2 3 1 2 2 3 3 3Your program should simulate the authentication process. Store an actual PIN number in your program. The program should use an array to assign random numbers to the digits from 0 to 9. Output the random digits to the screen, input the response from the user, and output whether or not the user’s response correctly matches the PIN number.I have this code so far, but would like to input cstrings and vectors to fulfill the requirements, I need help with that. This is for c++ for beginners#include #include #include #include using namespace std;void generateRandomNumbers(int *random){ // Use current time as seed for random generatorsrand(time(0));for(int i=0;i<10;i++){random[i] = 1 + rand() % 3;}}bool isMatch(string pin,string randomPin,int *random){int index;for(int i=0;i<(int)pin.length();i++){ //converting pin number to int so that we can check the random number at that indexindex = pin[i]-'0';if((randomPin[i]-'0') != random[index-1])return false;}return true;}int main(){string pin = "12345";string randomPin;int random[10];generateRandomNumbers(random);cout << "Randomly Generated numbers " << endl;for(int i=0;i<10;i++){cout << random[i] << " ";}cout << endl;cout << "Now Enter your pin interms of random numbers: ";cin >> randomPin;if(isMatch(pin,randomPin,random)){cout << "Both matches" << endl;}else{cout << "Sorry you entered wrong pin.." << endl;}}

Answer 1

The following code or the program will be used:

Step-by-step explanation:

import java.util.Scanner;

public class Authenticate

{

public static void main(String[] args)

{

// Actual password is 99508

int[] actual_password = {9, 9, 5, 0, 8};

// Array to hold randomly generated digits

int[] random_nums = new int[10];

// Array to hold the digits entered by the user to authenticate

int[] entered_digits = new int[actual_password.length];

// Randomly generate numbers from 1-3 for

// for each digit

for (int i=0; i < 10; i++)

{

random_nums[i] = (int) (Math.random() * 3) + 1;

}

// Output the challenge

System.out.println("Welcome! To log in, enter the random digits from 1-3 that");

System.out.println("correspond to your PIN number.");

System.out.println();

System.out.println("PIN digit: 0 1 2 3 4 5 6 7 8 9");

System.out.print("Random #: ");

for (int i=0; i<10; i++)

{

System.out.print(random_nums[i] + " ");

}

System.out.println();

System.out.println();

// Input the user's entry

Scanner keyboard = new Scanner(System.in);

System.out.println("Enter code.");

String s = keyboard.next();

String s = keyboard.next();

// Extract the digits from the code and store in the entered_digits array

for (int i=0; i<s.length(); i++)

{

entered_digits[i] = s.charAt(i) - '0'; // Convert char to corresponding digit

}

// At this point, if the user typed 12443 then

// entered_digits[0] = 1, entered_digits[1] = 2, entered_digits[2] = 4,

// entered_digits[3] = 4, and entered_digits[4] = 3

/****

TO DO: fill in the parenthesis for the if statement

so the isValid method is invoked, sending in the arrays

actual_password, entered_digits, and random_nums as

parameters

***/

if (isValid (actual_password, entered_digits, random_nums)) // FILL IN HERE

{

System.out.println("Correct! You may now proceed.");

}

else

{

System.out.println("Error, invalid password entered.");

}

/***

TO DO: Fill in the body of this method so it returns true

if a valid password response is entered, and false otherwise.

For example, if:

actual = {9,9,5,0,8}

randnums = {1,2,3,1,2,3,1,2,3,1}

then this should return true if:

entered[0] == 1 (actual[0] = 9 -> randnums[9] -> 1)

entered[1] == 1 (actual[1] = 9 -> randnums[9] -> 1)

entered[2] == 3 (actual[2] = 5 -> randnums[5] -> 3)

entered[3] == 1 (actual[3] = 0 -> randnums[0] -> 1)

entered[4] == 3 (actual[4] = 8 -> randnums[8] -> 3)

or in other words, the method should return false if any of

the above are not equal.

****/

public static boolean isValid(int[] actual, int[] entered, int[] randnums)

{

int Index = 0;

boolean Valid = true;

while (Valid && (Index < actual.length))

{

int Code = actual[Index];

if (entered [Index] != randnums [Code])

{

Valid = false;

}

Index++;

}

return Valid;

}