ee4215_c6 - Content Internet Access One-Time Password MD4...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Content Internet Access One-Time Password MD4 MD5 Differences between MD4 & MD5 SSL 6.0 Internet Access In a secure remote access system, it must ensure the privacy and integrity of data as it traverses the Internet To achieve this, the system should provide user authentication, data encryption and key management. A secure one-time password authentication scheme is introduced which provides protection against replay attacks and remote client impersonation. This method is based on MD4 and MD5 message digest algorithm. Besides, a pseudo-random number generator is used to generate the keys that are needed for data encryption. The SSL and SET protocols will also be introduced 6.1 One-Time Password One form of attack on networked computing systems is eavesdropping on network connections to obtain authentication information such as the login IDs and passwords of legitimate users. Once this information is captured, it can be used at a later time to gain access to the system. One-time password systems are designed to counter this type of attack, called a "replay attack". The authentication system uses a secret pass-phrase to generate a sequence of one-time (single use) passwords. With this system, the user's secret pass-phrase never needs to cross the network at any time such as during authentication or during pass-phrase changes. Thus, it is not vulnerable to replay attacks. Added security is provided by the property that no secret information need be stored on any system, including the server being protected. The OTP system protects against external passive attacks against the authentication subsystem. It does not prevent a network eavesdropper from gaining access to private information and does not provide protection against either "social engineering" or active attacks. How it works There are two entities in the operation of the OTP one-time password system. The generator must produce the appropriate one-time password from the user's secret pass-phrase and from information provided in the challenge from the server. The server must send a challenge that includes the appropriate generation parameters to the generator, must verify the one-time password received, must store the last valid one-time password it received, and must store the corresponding one-time password sequence number. The server must also facilitate the changing of the user's secret pass-phrase in a secure manner. The OTP system generator passes the user's secret pass-phrase, along with a seed received from the server as part of the challenge, through multiple iterations of a secure hash function to produce a one-time password....
View Full Document

{[ snackBarMessage ]}

Page1 / 49

ee4215_c6 - Content Internet Access One-Time Password MD4...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online