The Design And Implementation Of Otp-based Authentication And Key Agreement Scheme

Nowadays, more and more enterprises, organizations rely on the network communication system to carry out various business activities. The security of system is getting more attention. How to authenticate the network users'identities reliability effectively and protect the information security of the communication process is a key issue which these systems must solve.At present, the security protocol is the most effective methods to solve the security problem of the network. The password-based authentication and key agreement protocol for its simplicity and practicality is applied in the network authentication communication systems extensively. This protocol's principle is that both sides of the communicators share a password in advance, then authenticate each other and negotiate a short-term and secure session key together. Password-based scheme can avoid complex key management, additional public-key infrastructure or security hardware. But the users usually choose simple and easy to remember passwords, which lead to dictionary attack. How to resist the password offline guess attack effectively is a goal for designing such a protocol.This thesis researches on password authentication and key agreement protocol, with the main analysis of the CHAP password authentication protocol and Diffie-Hellman key agreement protocol for their principles, advantages and disadvantages. With password authentication and key agreement, a one-time password (OTP) authentication and key agreement scheme is constructed, which is based on the combination of the challenge-response mechanism and secure Hash fuction as well as Diffie-Hellman key agreement protocol. Meanwhile, with the concern of the possible security flaws of Dos attack in the authentication protocol, this scheme uses a combination method of cookie mechanism and proof of work to resist this attack. According to password authentication and key agreement protocol's security objectives, this scheme is analyzed for its safety and performance. Then, this scheme's specific design is described carefully and implemented by encoding to test and verify the feasibility. Finally, the work in this thesis is summarized, and the research work in the future is also suggested.