Implementing and comprising of OTP techniques (TOTP,HOTP,CROTP)‎ to prevent replay attack in RADIUS protocol

العناوين الأخرى

برمجة و مقارنة لتقنيات كلمة المرور لمرة واحدة (TOTP,HOTP,CROTP)‎ لحماية هجمة الإعادة في بروتوكول RADIUS

مقدم أطروحة جامعية

Abu Khishipah, Aminah Salamah Muhammad

مشرف أطروحة جامعية

Barhum, Tawfiq Sulayman

أعضاء اللجنة

al-Agah, Iyad Muhammad
al-Sayigh, Sana Wafa

الجامعة

الجامعة الإسلامية

الكلية

كلية تكنولوجيا المعلومات

القسم الأكاديمي

قسم نظم تكنولوجيا المعلومات

دولة الجامعة

فلسطين (قطاع غزة)

الدرجة العلمية

ماجستير

تاريخ الدرجة العلمية

2014

الملخص الإنجليزي

Network security is a very important issue for organizations in order to protect their sensitive data from attackers.

Number of researchers have provided a different security solution supported network protocols to enhance data privacy and confidentiality over networks.

RADIUS is one of the most popular protocols used in network communication for user authentication.

Unfortunately, there are many vulnerabilities facing the security issue in RADIUS network protocol.

One of these vulnerabilities is a replay attack problem which is need to be prevented.

The previous protocols have presented number of techniques to reduce the effects of replay attack in RADIUS protocol.

One time password (OTP) technique is one of the most important techniques which are used to enhance the security of user authentication in numerous environments and to close the potential gap in network security.

With several OTP techniques, our contribution are to chosen three techniques namely Time OTP(TOTP), Hash OTP(HOTP) and Challenge Response OTP (CROTP).

This motivates us to present the ELSBOT (E-Learning System Based OTP techniques) for implementing the three OTP techniques to prevent the replay attacks in RADIUS protocol.

This thesis presents a comparison between these OTP techniques in the ELSBOT.

This comparison considers a set of factors like preventing replay attack, CPU overhead, algorithm speed, server response time and OTP duration.

After measuring these factors through our ELSBOT, the results show that the three OTP techniques of ELSBOT prevent the replay attack in RADIUS environment, the CPU overhead at TOTP technique is less than the CPU overhead at HOTP and CROTP techniques, the algorithm speed at TOTP technique is the highest while the algorithm speed at CROTP technique is higher than HOTP technique, the TOTP technique is the best in terms of the server response time.

Finally, from security perspective, the authors reach that the TOTP is the most secure technique in our work because its OTP is valid for a short time, while the CROTP is a more secure than HOTP because the server challenges us with the random PIN in the CROTP.

The ELSBOT is an efficient overall solution and it will be much more difficult for attackers to reach the ELSBOT server

التخصصات الرئيسية

تكنولوجيا المعلومات وعلم الحاسوب

الموضوعات

• شبكات الحاسوب
• الإجراءات الأمنية

عدد الصفحات

121

قائمة المحتويات

• APA
• MLA
• AMA

لغة النص

الإنجليزية

نوع البيانات

رسائل جامعية

رقم السجل

BIM-534656