Research And Implemention Of One Time Password Identity Authentication System

With the rapid development of computer technology and network technology, a variety of network applications have come forth one after another, and a network application system should firstly fulfill the authentication service when it should meet the demand of security. In the traditional system of one time password authentication, the seed key is pre-written and users have no right to know and to participate. The generation algorithm of one-time password generally adopts SHA-1 hash algorithm which is not security currently. The certification process only achieves the authentication from the server to the client, which is not available in the reverse direction. There are also many problems in the certification process such as the server impersonation attack.Based on the study of elliptic curve cryptosystem and the pairing technology, a new key exchange protocol is proposed in this paper. The protocol uses Universal Serial Bus and network socket programming to realize the spot inpouring function for the seed key of dynamic token. The C8051F320 is used as the main controller, which achieves the hardware design of the dynamic token. This paper introduces the software design and implementation of the system in detail, including USB2.0 protocol, the reading and writing operation of the memory chips, the drivers of the dynamic token, the generation algorithm of one time password and the two-way authentication protocol. This paper simultaneously uses the system time of the dynamic token as the dynamic factor to ensure the freshness of the authentication information, the propose of which is to against the replay attack. This paper also uses the connection of the dynamic factor and the seed key as the input of SHA-256 hash algorithm, and the hash algorithm generates one time authentication password to realize the authentication from the server to the client. AES encryption algorithm is used to encrypt dynamic factor, which is to realize the authentication from the client to the server.The new scheme proposed by this paper has implemented spot inpouring of seed key and the mutual authentication between the server and the client. It has withstand the man-in- middle attack, the replay attack and the server impersonation attack effectively. The results of several experiments indicate that the dynamic token designed in this paper can operate accurately and steadily. The new scheme can achieve the authentication function, and it has determinate practical value.