| Nowadays, domestic computer network is vulnerable by direct wiretapping, intercepting, replaying, counterfeiting, masquerading, juggling, information deleting etc.. Therefore, it is a practical and urgent task to strengthen the security of information network. Authentication is an important line of defence of network security and it plays an important role in guaranteeing that information is accessed and obtained by authorized users.Password authentication is the simplest, most convenient and frequent used method of authentication. However, as the foregone research shows, static-password authentication can't withstand attack of direct wiretapping, replaying and password guessing. Its inherent security drawbacks are suitable for the application of open network environment. The dynamic-password authentication technique proposed by researchers can prominently enhance security of password authentication. In this dissertation, firstly, password authentication is introduced. Then two typical dynamic-password authentication schemes (CHAP and Lin-Shen-Hwang scheme) are demonstrated and security is deeply analyzed. Based on Lin-Shen-Hwang scheme (scheme A), dynamic-password mutual authentication scheme (scheme B) whose security is higher is proposed. User's authentication information of server terminal after sealing process makes insider attack difficultly. At the same time, if a reference factor (register time) is introduced in scheme B, a attacker-in-the-middle will be difficult. In transmissing authentication information, if the reference factor (random number) is introduced, the password guessing attack and replaying attack will be difficult, In scheme A, there is no integrity protect for user's authentication information, so it is vulnerable to the denial-of-service. Scheme B protects the integrity of authentication information. There is no server authentication for user in scheme A, and user is easy to be attacked by fake server. |
PDF Full Text Request