Abstract:
According to HOTP authentication framework, an enhanced dynamic password generation algorithm EOTP is designed, combined with key generation algorithm, EHMAC algorithm and dynamic truncated function. At the same time, a detailed authentication protocol based on EOTP algorithm is proposed to meet the basic requirements of authentication system. Besides, in order to solve the problem of stepping out, a resynchronization scheme based on window mechanism is designed to provide inside window resynchronization and outside window resynchronization. Finally, the security and performance of the proposed algorithm and protocol are analyzed. Results show that the algorithm has fast computing speed and high security, and it is easy to be implemented by using token or smart card hardware. The protocol can resist attacks such as brute-force attack, password theft, dictionary attack and interception/replay attack effectively, and has very high security.