| With the development of global information and the popularization of Internet, the security of computer network has became the focus of concern gradually. Nowadays, there are several security service in the network communication , such as identity authentication , access control, confidentiality, integrality and anti-negation,, As the first line of defence in the security application system, identity authentication is the most important security service, all of others depend on it, and the whole system will be defeated if identity authentication lost.Identity authentication is a process that is used to approve whether the true identity of user is matched to the identity which the user claims, so that the nonlicet user can not access the system resource by identity cheat . Usually the technology of identity authentication includes password authentication, one time password, public key infrastructure and character of biology,. Compared to the other technology,one time password has good application future because it is secure, convenience in use, simpleness managed and cheaper cost.By adding uncertain factors to entering course, one time password makes authentication information dynamicly at every time, so as to improve the security.Secure identity authentication protocol is the kernel of authentication system. Taking technology of identity authentication and authentication protocol as research emphases, the paper discusses peculiarities of identity authentication system and the threaten faced under the network environment, and expounds the theory and implement of one time password based on the machanism of challenge-response. Aimed at the security flaws of server-impersonated and session hijacked in CHAP, an improved scheme is proposed by combined with key exchangeusing Diffie - Hellman. The new protocol integrates identityauthentication and session key generated , supports both sides authenticating each other, and erects a secure channel between sever and user, network attack such as playback, monitor and session-hijacked can be kept away effectively<>Based on the above improved CHAP, an one time password identity authentication sysytem is designed in this paper., Firstly we discuss the network structure, working flow and cryptogram arithmetic particularly, and then implement software modules, including client, server, administrator and data-baseo The system works in mode of client/server , and mainly is composed with two parts <> During authentication process, the user inputs password at client, makes some cryptogram disposal, and then sends it to server? After receiving authentication information, the server val i dates it, and the user will can access the sysytem resource if the result is true0 To make the authentication system more secure, we introduce some policy: user can modify password freely, increasing the length of password etc, and provide some function such as inbreak alarming, log audit? The system not only keeps the merit of simpleness of static password authtication, but also enhances the security of one time password, and thus brings protection of high strength,, To sum up, the whole system has following virtues: briefness in design, principium agility, more secure and cheapness in cost, and it can help all kinds of company to solve the problem of identity authentication and communication confidentialityo... |
PDF Full Text Request