【作者】 于晓晨；

【导师】 赵铭伟；

【作者基本信息】 大连理工大学 ， 计算机应用技术， 2014， 硕士

【摘要】 目前,随着电子计算机的普及和互联网技术日新月异的发展,计算机网络已经渗透到社会生活的各个方面。特别是近年来信息化建设的不断加快,电子政务、电子商务、网络游戏等网上业务也如雨后春笋般遍布我们生活的各个角落。但网络全球化、开放化的特点使得网络环境充满着复杂性和不确定性,各种网络攻击与假冒手段等不安全因素充斥着整个网络。针对重要信息资源和网络基础设施的蓄意攻击、篡改、窃听、植入病毒木马、非法访问等各种恶意入侵行为给信息社会带来了极大的威胁。因此,如何保证网上业务开展的安全性是当前面临的主要问题,计算机网络安全已经成为当今世界各国共同关注的焦点。身份认证技术是构筑现代网络信息系统安全基石的不可或缺的组成部分,是信息安全的基础。目前,常用的身份认证方法有：基于证书的数字签名认证方式和口令方式。基于证书的数字签名认证的安全性较高,但需要一个完善的证书系统作为基础。而口令认证技术作为最早出现的身份认证技术之一,以其简洁性和实用性得到了广泛的发展和应用。但是传统的静态口令认证存在着明显的安全隐患,因此动态口令技术就应运而生了。动态口令是随机变化的一种口令,在口令中加入不确定因子作为动态因子,以提高登录过程中的安全性。论文主要完成了以下几个方面的工作：(1)阐述了选题背景、研究价值和意义,着重说明了当前的研究现状。(2)介绍了动态口令身份认证技术的发展和分类,重点说明了几种不同动态口令的实现机制,并进行比较。(3)在分析了几种典型的动态口令认证技术的优缺点的基础上,提出了一种将哈希函数、对称加密体制和挑战/应答机制相结合的新型动态口令身份认证方案,改进了传统的动态口令认证方案的安全缺陷,并对改进方案进行了综合性能分析。(4)将设计的方案应用于教学管理软件原型系统中,作为系统的身份认证子模块。通过系统性能测试和安全性测试,证明了该方案不但实现了网络环境下的服务器和用户之间的双向认证,而且具有安全性高,实用性强,开销小等特点,可以作为绝大多数不安全网络信道中的身份认证协议。更多还原

【Abstract】 As the popularity of computer technology and the rapid development of Internet, computer network have penetrated into all aspects of social life. Especially, E-government, e-commerce, online games and other online business have sprung up in every corner of our life with the information construction accelerating in recent years. However, the network environment is filled with complexity and uncertainty because of its globalization and opening, which makes it suffer variety of attacks and fake. Deliberate attacks, tampering, eavesdropping, implant viruses, Trojans, malicious intrusions and illegal access to important information resources and network infrastructure have brought great threat. Therefore, it has been a problem that how to ensure computer network security, which has become the focus that all the country concern.Identity authentication is the indispensable part to construct network information system security, as well as the basis of information security. Currently, digital signature authentication and password authentication are common identity authentication methods. Certificate-based digital signature provides high security, which requires a complete certificate-based system correspondingly. As one of the earliest authentication technology, password authentication has been widely developed and applied for its simplicity and practicality. Instead of traditional static password authentication with obvious security weakness, dynamic password technology came into existence. It is raised as a way of certification where the password changes randomly every time. In order to improve the safety of the login process, uncertain factors are added in the password so that the information which is transferred during certification process is different.This paper mainly completed the following aspects of the work:(1) A description is made on the background, value and significance about research, in which the current research status is highlighted.(2) A survey is discussed on the development and classification of typical dynamic password authentication technology, with a comparison between several different mechanisms to achieve in details.(3) With the analysis of advantages and disadvantages on a couple traditional dynamic password authentication strategies, a new dynamic password authentication scheme is proposed, which is based on Challenge/Response mechanism, at the same time symmetric encryption and hash function is combined. The design of the scheme improves the existing security flaws. In addition, a comprehensive performance evaluation is carried out. (4) The scheme is implemented and tested, by means of applying it to a prototype system of teaching management software as a sub-module of identity authentication system. Performance and security testing proves that this scheme not only achieve mutual authentication between server and client under the network environment, but also has the advantages of high safety, strong practicability, low cost etc., which can be used as identity authentication protocol in most insecure network channels.更多还原