Research On Bidirectional Authentication Scheme Based On Ntrusign Algorithm

Smart city is the future developing trend, and the optical networks play an important rolein it. EPON, as a kind of typical optical network has gained more attention. However, EPONsystem faces many security problems because of its simple topological structure andtransparent data transmission. There exists the risk of being stolen and tampered theinformation, so how to solve these problems is the focus of current research.In EPON system, ONU joins the system by automatic discovery and registration process.However, the standard registration process does not consider the verification of ONU’sidentity, which may be subject to masquerade attacks. The problem can be solved byauthentication. The existed one-way authentication scheme based on the registration processis just authenticating ONU side, ignoring the verification of OLT. But OLT acts as quite animportant device in EPON system that once an attacker successfully gains the vitalinformation of the system and mask an OLT, which will threaten the EPONsystem safety greatly. To avoid the problem, we design a bidirectional authentication schemebased on the NTRUSign signature algorithm. We use the NTRUSign signature algorithm torecognize the identity legitimacy of the OLT and ONU. Therefore, it can realize thebidirectional authentication between OLT and ONU. In the authentication process, the papercustomizes three information frames: authentication frame, information frame named MONUand information frame named MOLT, These three frames are used to carry authenticationinformation which is needed to be sent to OLT or ONU, and informs the currentauthentication state of both sides to help complete the authentication process efficiently andsafely. In order to guarantee the security of the subsequent data transmission between ONUand OLT, after the mutual authentication is completed, both sides negotiate to generate thesession key. And the shared key has the properties of fresh and forward security.This thesis also analyzes the proposed scheme on two aspects: security property andresisting attacks. Then the bidirectional authentication scheme is realized by using the Javalanguage, and the result of performance comparison with existed RSA authentication scheme,ECC authentication scheme and one way authentication based on registration processindicates that the performance of the proposed scheme is much better. The safety of thepresented scheme is higher than one way authentication based on registration process’s safety.Above all, the results demonstrate the feasibility of two-way authentication scheme based onNTRUSign signature algorithm.At the end of the thesis, I describe the shortage of the proposed scheme and my currentwork which is needed to be improved. At the same time, the future research work is prospected.