A Designing And Implementation Of One-Time Password Authentication Scheme

The computer network is an open system. But, the open character brings on so many security vulnerabilities and attacks. The network resources can be accessed and copied by the lawless way easily. So it is very important to carry through the identity authentication for people who want to access the network resources.The technology of identity authentication basing on the static password is in common use. The characteristic of this technology is be easy to use and authenticating the users' identity safely and availably. With the applications of network develop deeply and the means of attacking become more various, the technology of static password authentication is not be applied for the network system which needs the upper requires of security because of it's security vulnerabilities.The main attack means to the static password authentication technology are: the users' non-cryptograph password caa be wiretapped from the network and the cryptograph password can be suffered record/replay attack. Other attacks means include forge host attack, inside attack and dictionary attack etc.The information security experts bring forward the technology of One-Time Password Authentication for the static password authentication's security vulnerabilities. This technology means the password for identity is only be used one time and differently every time. At this, the password is not the users' password that like in the static authentication.This password is calculated from the users' password and random genes.The One-Time Password authentication technique avoids the security vulnerabilities and offers safety authentication much more.First of all, the thesis research and analyze the basic theory, implement and security of the one-time password authentication technology. Base the research and analysis the thesis describe the classic two one-time password authentication schemes that are S/KEY authentication scheme and SAS-2 authentication scheme in details, and research these schemes thoroughly. Then the thesis point out the security flaws of these authentication schemes and improved schemes viaresearch the work flow and analyzes the security of these schemes. Synthesize the strongpoint of the classic authentication schemes, the thesis design a new one-time password authentication scheme, named NOTP authentication scheme and implement the NOTP authentication system base the new scheme. The specialties of the new scheme are simple process, excellent performance, not needs initialization anew and user can modify password freely. In addition the NOTP authentication scheme improves the resistance to the attacks and to be more security.The innovation in this article is bringing out a new One-Time Password Authentication design base on SAS-2 and carrying out the NOTP authentication system. There is the similarity between the two designs. The new design holds the SAS-2's strongpoint in performable function and at the same time improves on security.