As a kind of protocol for transferring files, the File Transferring Protocol (FTP) has already been widely used for many years. However, there exist some secure vulnerabilities in the protocol. For example, both passwords and files are transmitted in plaintext. Although some new FTPs such as FTPS have been proposed and applied to overcome these vulnerabilities, there are many drawbacks such as lack of flexibility in use, failing to meet specific security requirements, etc. Given these facts, the FTP and its requirements are studied deeply and a new secure FTP system is designed in this paper. In the new system, a dynamic password mechanism is combined with smart card technology to achieve mutual authentication, key distribution and secure information transmission. The security level selection mechanism is adopted to meet individual security requirements. The resource access control mechanism is used to keep the server from unauthorized access attacks. Analysis shows that compared with existing FTP systems, the new system makes not only data transmission securer but also system in use easier, more flexible and efficient.
[1]
Raphael C.-W. Phan.
Cryptanalysis of two password-based authentication schemes using smart cards
,
2006,
Comput. Secur..
[2]
J. Postel,et al.
File transfer protocol (FTP)
,
1985
.
[3]
Li Ning,et al.
Double Secret Keys and Double Random Numbers Authentication Scheme
,
2007,
2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007).
[4]
Luo Pin.
One-time password scheme based on hash function and public key encryption
,
2009
.
[5]
Tatu Ylönen,et al.
The Secure Shell (SSH) Protocol Architecture
,
2006,
RFC.
[6]
Zhang Yuan-yang.
Analysis and Amendment of One-time Password Authentication Scheme
,
2006
.
[7]
Tang Shou-lian.
Research and Design of Time-susceptive Dynamic Password Identity Authentication System
,
2007
.
[8]
Paul Ford-Hutchinson,et al.
Securing FTP with TLS
,
2005,
RFC.