Research And Design Of EAP Authentication Scheme Based On One Time Password

With the development of the computer network technology, the wireless network technology has taken a great convenience to people. However, at the same time, there should be paying more attention to the security of the wireless network. It has become a major obstacle of the wireless network technology application and popularization. And the identity authentication is an important problem in network security. So designing a highly efficiency and highly security authentication protocol of the wireless network has major theoretical significance and practical value.This paper makes a detailed illustration for EAP (Extensible Authentication Protocol), compares and analyses the efficiency and the safety of authentication ways among different EAP protocols.This paper introduces the principles of OTP (One Time Password), emphatically illustrates the SAS (Simple And Secure) and S/KEY authentication scheme and analyses the advantages and disadvantages of the two schemes. In traditional S/KEY authentication scheme, both communication sides can't undertake two-way authentication, session keys consultation and authentication data encryption. Against the defects in the traditional authentication scheme, this paper advances a new type of S/KEY authentication scheme. This new S/KEY authentication scheme adds client to sever authentication part by using the secure and efficient symmetric encryption technology to encrypt random number. In the process of transmitting authentication data, shared key are using to encrypt random number in client, random number in server and one-time password in client, and adopts XOR algorithm which is safe and of small amount calculation to encrypt the server transmitted seeds and sequence number. The ways above ensure every mutual communication processing with good encryption and protection, and prevent authentication information tampering or eavesdropping. In the new protocol, there is no need to transmit the session keys in the network as the both sides of the communication can calculate their own session keys with high speed uniform exponent algorithm. And during every authentication, both sides of the communication generate different session keys to keep the session keys fresh.Finally, on the consideration that current EAP authentication schemes can not coordinate the efficiency and security of authentication protocols, the paper combines the S/KEY password authentication scheme with EAP protocol, takes one-time password authentication scheme as the core, and puts forward a new kind authentication solution of EAP, which named as EAP-NS/KEY(Extensible Authentication Protocol-New S/KEY) by the author, and then validates the new authentication scheme with BAN logic formalization analysis method.