一次性口令认证系统的研究

辽宁石油化工大学学报 ›› 2007, Vol. 27 ›› Issue (4): 68-70.

一次性口令认证系统的研究

张　丽¹ , 毕于深², 黄　璐³

1 .沈阳化工学院计算机科学与技术学院, 辽宁沈阳110142 ;
2 .辽宁石油化工大学成人教育学院, 辽宁抚顺113001 ;
3 .大连水产学院信息工程学院, 辽宁大连116023

收稿日期:2006-11-16 出版日期:2007-12-20 发布日期:2017-07-05
作者简介:张丽(1979 -), 女, 辽宁铁岭市, 硕士

Research on One -Time Password Authentication System

1 .S chool of Comp uter Science and Technolog y , Sheny ang Institute o f Chemical Technology , Sheny ang Liaoning 110142 ,P .R .China ;
2.School of Adult Education , Liaoning University o f Petroleum & Chemical Technolog y ,Fushun Liaoning 113001, P .R .China ;
3.School of In f ormation &Engineering , Dalian Fisheries Univ ersity ,Dalian Liaoning 116023, P .R .China

Received:2006-11-16 Published:2007-12-20 Online:2017-07-05

摘要/Abstract

摘要： 在传统的口令认证机制中, 用户的口令多数以明文形式在网上传输并且固定不变。这使得攻击者可以通过窃听得到这些可重用的口令达到入侵系统的目的。一次性口令系统允许用户每次登录时使用不同的口令,很好地防止了口令重用攻击, 增强了系统的安全性。介绍了S/ key 一次性口令认证系统, 指出了S/ key 系统的安全漏洞, 提出了一种增强型的一次性口令认证方案SOTP, 并分析了新认证系统的安全性。

关键词: 身份认证, 　一次性口令, 　S/ key , 　小数攻击

Abstract:

　 In the traditional password authentication system , user's passwords a re mostly transmitted through the Internet in the way of plaintext and keep constant, resulting in that attackers can get reusable passwords through wire tapping and invade the system .One -time password system lets users log in using different passwords every time , which can prevent effectively the attack of password reuse and enhance the security of system .The one -time password authentication system of S/key was introduced , and the security vulnerability of system was descrided.A one -time authentication scheme of streng thened SOTP was presented and the security of the new authentication system was analyzed.

Key words: Identity authentication, , One -time password, , S/key , , Decimal attack

张　丽, 毕于深,黄　璐. 一次性口令认证系统的研究[J]. 辽宁石油化工大学学报, 2007, 27(4): 68-70.

ZHANG Li,BI Yu -shen, HUA NG Lu. Research on One -Time Password Authentication System[J]. Journal of Liaoning Petrochemical University, 2007, 27(4): 68-70.