Research On One Time Password Mutual Authentication Of Smart Terminal Based On ECC

With the rapid development of network technology, people becoming more and more dependent on the network in all directions. Now, online shopping, online banking and online financial transactions take network as the platform develop quickly, subsequently the safety problem is becoming more and more important, and account number, password theft becoming a common problem. With the smart phone operating system market share gradually increase, more and more consumers have some online trading with smart phone client, smart phone safety problem has become the focus of attention.The security problem about how to accurately identify the user’s identity, to protect the user’s information, to maintain the interests of individuals and enterprises must be solved as soon as possible. The traditional static password authentication is based on static user name and password information combination, its authentication security depends on user password privacy, the static password authentication mechanism has already can’t meet the needs of the consumers in some online transactions.According to the defects of static password authentication, scientists Leslie Lamport in the United States put forward one-time Password for the first Time. The main idea of one-time Password is:join uncertainty factors when authentication, so that each user authentication code is different, use one time password system, to improve the safety, besides, the one-time Password notarization need no third party authentication, it is the most safe identity authentication mechanism theoretically.According to the characteristics of the smart phone embedded system resource constraints, combined with the disadvantage of existing one-time password authentication, such as need to re-register, complicated calculation, did not achieve the mutual authentication, using plaintext transmission, can not resist the impersonation attack, research a new type of one-time password authentication scheme for smart terminal——ST-OTP. ST-OTP scheme adopts the elliptic curve encryption algorithm ECC and provides client/server with mutual authentication under the premise of finishing the basic function of one-time password authentication, and encrypts the transmission data selectively. The authentication procedure is simple and small amount of calculation, the scheme can protect user information effectively and prevent the replay attack, personating attack, etc.In the experiment, choose relatively popular Android embedded operating system to verify ST-OTP scheme compared with the traditional one-time password authentication scheme S/KEY, SAS, SAS-2, and realized register process, login authentication process, modify password process of four kinds schemes with Java programming based on Android platform. Based on the comparison of CPU, memory allocation and power consumption of four authentication schemes to prove the superiority of ST-OTP scheme, and the experiment proved the ST-OTP scheme improved the operation efficiency under the premise of without reducing security. In addition, some other factors also can illustrate the difference between ST-OTP and other schemes, such as the storage data number, the number of hash function operation, encryption and decryption times and information transmission times between the client and server.