| The era of network has opened a new world, in which more traditional field has brought topeople great convenient by network, as well as great challenges and tasks, one of which is howto keep some general characteristics, including confidence, privacy protection, identityauthentication and non-repudiation in network data exchange.Identity authentication is placed on the fundamental place in network security. For now,static password is a widely used method in user end while can be stolen by system monitoring inuser end and sniffing in network. For this, the correct way is to strengthen the design ofmechanism in identity authentication, which can be realized by adding server’s activeparticipation in user’s login process. One time password (OTP) is such a scheme of identityauthentication pointing to weakness of static password.OTP technique strengthen the security of password in transmission by mixing uncertaintyinto user’s login process. From the beginning of emerging, it has become an identityauthentication model widely used in important information exchange of network. But, it isproved that applying of OTP only on process of identity authentication without concerning withprocess of the actual data exchanging is easy to be suffered to the attack of man in the middle(MITM). So, a lot of enterprises make help of public key infrastructure (PKI). But, PKI has itsown weakness, such as system complexity, high technique threshold, high cost and lack of unityin technique standard, etc.This dissertation discusses and analysis the advantage and disadvantage of some kinds ofOTPs, and present a scheme that connect process of authentication with process of dataexchanging seamlessly, which use outcome of authentication as initiation of data exchanging, soextended OTP into process of data exchanging. This dissertation try to apply this scheme toDigital Compus Architecture of Zhejiang Business College to build a system of dynamicpassword identity authentication which is based on MD5and run in B/S model, and composedby module of OTP authentication server, application server and client program responsible fordynamic password generation. In the system, the application server is used to communicate withclient program, inqure and return information by user needing, authentication server is responsible to generate a challenge number and authenticate user’s identity. After that, serverwill send a one-time random number to user, which is based on OTP and used to mixing withpassword to encrypt data flow. This scheme can resist against replay attack, MITM attack, andusing crypt algorithms and hash function in design process, so keeping good security withoutcomplexity of PKI deploying. |
PDF Full Text Request