Security Research Of Authentication On SSL VPN System

VPN(Virtual Private Network) can let enterprise offer to mobile subscriber, branch and cooperative partner access to head office safely and conveniently. Nowadays there are two kinds of VPN system:IPSec VPN and SSL VPN.VPN system based on IPSec client installation is very complex and needed maintained by employees, thus it dosen't suit for small and medium enterprises and schools.And VPN system based on SSL(Security Socket Layer) protocol can not merely let enterprises enjoy these advantages, also bring a great deal of convenient places to enterprise, such as convenient installation and low cost etc. Now the enterprises always adopt digital certificate to authenticate on client.Although digital certificate authentication can provide complete technical methods on information confidentiality, integrity and non-repudiation, domestic PKI(Public Key Infrastructure) technology is limited by many facets. In addition, it's high demand on elites, material and finance when implement a whole suite of CA system. So this kind of authentication method doesn't suit for some small and medium enterprises to build SSL VPN system.According to such present condition, this thesis advances one SSL VPN system which adopts one-time password mechanism,and there is no relationship between any two passwords and all passwords are independent to the secret phrase. OTP has many advantages. For client, it needs none calculation and reduces operating load, which is the real thin client. For server, administrators can't obtain these passwords because of none password stored in server, which prevents leaking information inside.This thesis first analyses the advantages and disadvantages which IPSec VPN and SSL VPN system exists,and expatiate the development trend of VPN system. Because the current client authentication method, digital certificate providing authentication information, doesn't suit for small and medium enterprises.According to this, the author proposes his own improvement view,which using based Sequence Key OTP mechanism.Finally describes the feasibility in theory,performance,and security after improved.