| VPN(Virtual Private Network) can let enterprise offer to mobile subscriber, branch and cooperative partner access to head office safely and conveniently. And VPN system based on SSL(Security Socket Layer) protocol can not merely let enterprises enjoy these advantages, also bring a great deal of convenient places to enterprise, such as convenient installation and low cost etc. But the incomplete of SSL protocol let SSL VPN system obstruct on affairs similar to e-commence which demands authentication on client strictly, so we always adopt digital certificate authentication to remedy this shortcoming. While though digital certificate authentication can provide complete technical methods on information confidentiality, integrity and non-repudiation, and domestic PKI(Public Key Infrastructure) technology also develops well, yet it's limited to apply extensively by many facets. For there exists so many CA centers, yet few are real authoritative the third party, so it's difficult to cross authenticate and coordinate between CA centers; and self-management of CA is very disordered. In addition, it's high demand on elites, material and finance when implement a whole suite of CA system. So this kind of authentication method doesn't suit for some small and medium enterprises to build SSL VPN system.According to such present condition, this project advances one improved SSL VPN system which adopts independent one-time password mechanism and SSL protocol to build VPN system. Independent one-time password (Independent OTP) mechanism is used to authenticate client, which is not same with exist one-time password(OTP) mechanism. There is no relationship between any two passwords and all passwords are independent to the secret phrase stored by user just like traditional password. Independent OTP has many advantages. For client, it needs none calculation andreduces operating load, which dower with the design thought of SSL VPN system. For server, administrators can't obtain these passwords because of none password stored in server, which prevents leaking information inside.This paper first analyses the pluses and minuses that traditional VPN system exists, and the advantages and development trend of VPN system built on SSL protocol. Because the traditional client authentication method, digital certificate providing authentication information, doesn't suit for small and medium enterprises, according to this, then the chapter three proposes one improvement view, which uses independent one-time password mechanism, and describes the feasibility in theory and performance. Its' realization is illustrated in the last chapter.
|
PDF Full Text Request