【作者】 邱鹏飞；

【导师】 王庆生；

【作者基本信息】 太原理工大学 ， 计算机应用技术， 2008， 硕士

【摘要】 随着全球信息化发展和Internet普及,计算机网络安全逐渐成为人们关注的焦点问题。计算机网络的开放性导致计算机网络中存在相当多的安全漏洞和安全威胁,网络中的各类资源很容易被人非法访问和复制。因此,对网络资源访问者的合法身份进行认证就变得非常的重要,目前网络通信主要提供五种安全服务,即身份认证服务、访问控制服务、机密性服务、完整性服务和抗否认性服务。其中,身份认证作为安全应用系统的第一道防线,是最重要的安全服务,所有其它的安全服务都依赖于该服务,它的失败可能导致整个系统的失败。因此,身份认证技术已经成为网络系统安全中最重要的技术之一。较为常用的身份认证技术是基于静态口令的身份认证技术,该技术的特点是简单、易用,在一定的安全程度上可以进行有效的用户身份认证。但是,随着网络应用的深入化和网络攻击手段的多样化,静态口令认证技术由于其自身的安全缺陷己经不再适应于安全性要求较高的网络应用系统。静态口令认证技术面临的主要网络攻击手段有:明文形式的口令在网络上传输容易遭受口令窃听攻击;加密形式的口令则容易遭受截取/重放攻击;其他攻击手段还包括伪造主机攻击、内部人员攻击、字典攻击等等。针对静态口令认证技术存在的安全缺陷,业界提出了一次性口令认证技术(One-Time Password Authentication),也称为动态口令认证技术。一次性口令认证技术是在登陆过程中加入不确定因素,使每次的密码都不相同,系统接收到登陆口令后,以同样的算法做一次验算即可验证用户的身份。一次性口令是一种无需第三方如CA参与的,具有“一次一密”等优点的认证技术。它消除了静态口令认证技术的大部分安全缺陷,能有效抵抗静态口令认证技术所面临的主要安全威胁和攻击,为网络应用系统提供了更加安全可靠的用户身份认证保障。本论文提出的适用于Web应用的一次性口令登陆方案,采用了RSA,AES,MD5加密算法和运用普通口令和图片口令结合的双口令技术及服务器标识语(server identification)等设计出一种适用于B/S架构的一次性口令身份认证系统方案。该方案实现了双向认证,具有效率高,安全可靠,认证原理灵活等特点。更多还原

【Abstract】 With the development of global information and the popularization of Internet, the security of computer networks has become the focus of concern gradually. The computer networks brings so many security vulnerabilities and attacks because of its open character. The network resources can be accessed and copied easily. So it is very important to carry through the identity authentication for people who want to access the network resources. Nowadays, there are several security services in the network communication, such as identity authentication,access control, confidentiality, integrality and anti-negation, As the first line of defense in the security application system, identity authentication is the most important security services, all of others depending on it, and the whole system will be defeated if identity authentication lost. So, identity authentication is one of the most important technology in Network Security.The technology of identity authentication based on the static password is common. The characteristics of this technology is easy to use and authenticate the users’ identity safely and availably. As the applications of networks develop deeply and the means of attacking become variety, the technology of static password authentication can not meet the needs of network system which needs security requirements because it’s security vulnerabilities. The main attack means to the static password authentication technology are: the users’ non-cryptograph password can be wiretapped from the network and the cryptograph password can be suffered record/replay attack. Other attacks means include forge host attack, inside attack and dictionary attack etc.The information security experts bring forward the technology of One-Time Password Authentication for the static password authentication’s security vulnerabilities. This technology means the password for identity is only used one time and differently with adding indeterminable genes every time. The system can validate users by the same algorithm when receives the password.The One-Time Password is an identity authentication technique, which does not needs the third party as CA(Certificate Authority). It takes advantage of the "one time one cipher" , and can avoids the security vulnerabilities and offers safety authentication much more.In this paper, An one-time password authentication scheme, which implements two-way authentication for B/S structure ,is designed with RSA, AES, MD5 encryption algorithms , combinated with ordinary password, picture passwords, server identification technologies. this authentication scheme is efficient, safe, reliable, flexible.更多还原