Design of secure FTP system

As a kind of protocol for transferring files, the File Transferring Protocol (FTP) has already been widely used for many years. However, there exist some secure vulnerabilities in the protocol. For example, both passwords and files are transmitted in plaintext. Although some new FTPs such as FTPS have been proposed and applied to overcome these vulnerabilities, there are many drawbacks such as lack of flexibility in use, failing to meet specific security requirements, etc. Given these facts, the FTP and its requirements are studied deeply and a new secure FTP system is designed in this paper. In the new system, a dynamic password mechanism is combined with smart card technology to achieve mutual authentication, key distribution and secure information transmission. The security level selection mechanism is adopted to meet individual security requirements. The resource access control mechanism is used to keep the server from unauthorized access attacks. Analysis shows that compared with existing FTP systems, the new system makes not only data transmission securer but also system in use easier, more flexible and efficient.