本文已被:浏览 1452次 下载 2412次
Received:January 15, 2015 Revised:March 04, 2015
Received:January 15, 2015 Revised:March 04, 2015
中文摘要: 为了提高TOTP协议应用在Web认证中的安全性, 依照HOTP认证三原则改进了基于TOTP的认证设计. 改进后的认证系统在一个时间窗口内增加了一个认证次数阈值和时间戳用来更好的抗蛮力攻击和重放攻击, 增加随机数和MD5哈希算法轻量化地抵抗中间人攻击. 最后用PHP语言设计了一个安全、实用的Web认证系统.
Abstract:The paper makes an improved authentication method order by Three-Protocol of HOTP authentication method based on TOTP. The authentication method uses an authentication number threshold and a timestamp to resist brute force attacks and replay attacks, uses a random number and the MD5 encryption resist Man-in-the-Middle attack. Finally, a safe and useful Web authentication protocol is designed by PHP.
keywords: HOTP TOTP One-time-password Web authentication attacks
文章编号: 中图分类号: 文献标志码:
基金项目:
Author Name | Affiliation |
ZHAO Jian-Xun | School of Mathematics and Computer Engineering, Xi'an University, Xi'an 710065, China |
Author Name | Affiliation |
ZHAO Jian-Xun | School of Mathematics and Computer Engineering, Xi'an University, Xi'an 710065, China |
引用文本:
赵建勋.基于TOTP的Web改进认证.计算机系统应用,2015,24(9):272-275
ZHAO Jian-Xun.Improved Web Authentication Based on TOTP.COMPUTER SYSTEMS APPLICATIONS,2015,24(9):272-275
赵建勋.基于TOTP的Web改进认证.计算机系统应用,2015,24(9):272-275
ZHAO Jian-Xun.Improved Web Authentication Based on TOTP.COMPUTER SYSTEMS APPLICATIONS,2015,24(9):272-275