Research On Authentication Mechanism With Supporting Privacy Protection In The Internet Of Things

Internet of Things (IoTs) is considered as the third wave and revolution of information technology industrial development in the world. IoTs has a huge market size and a broad prospect in industrial applications. Its emergence brings extraordinary attention of government, academe and industry and has become a hotspot and frontier research area. However, the information security problem of the IoTs has also become a serious and unavoidable problem, especially for the problem related to authentication, such as unauthorized access, imitation and injections of false data.Information security has four core security properties in CACA model, which including confidentiality, authentication, controllability and availability. While, authentication reflects the information and behavior in system can’t be forged, tampered and imitated. Authentication in the IoTs reflects the information and behavior of entity in IoTs system can’t be forged, tampered and imitated. In this dissertation, the problem of authentication mechanism with supporting privacy protection in the IoTs was researched based on analysis and summarize the open issues in existing research work. According to the characteristics and practical requirements of authentication, these aspects of authentication, which including the formal definition and evaluation of authentication, the balancing of authentication and privacy protection and resource conservation, the balancing of authentication and usability and privacy protection, have been researched by using the CACA model, formal method, incentive strategy, game theory, and feature fusion method.The following is a summary of the research results:First, since there is a lack of the formal definition and evaluation of authentication for the IoTs, a non-leakage-based CSP framework of authentication was proposed, which including a general non-leakage-based formal definition and an evaluation method of authentication based on CSP and model checking. Firstly, existing formal definitions, the behavior characteristics, the objects and the strength of authentication, were analyzed, in view of the above, a general formal definition of authentication was proposed. In the formal definition, according to the diverse requirements of authentication object, authentication was divided into three subclasses-entity authentication, action authentication and claim authentication. According to the diverse requirements of authentication strength, three strength levels of authentication for each subclass-weak level, non-injective level and injective level-were defined. Secondly, in order to express privacy protection during authentication, the notion of non-leakage was introduced. Each subclass and level of authentication were formalized by the process algebra CSP. Thirdly, an evaluation method of authentication was proposed based on CSP and model checking. Finally, an authentication protocol in the IoTs, TAM, was formally analyzed, modelled and evaluated by the proposed non-leakage-based CSP framework of authentication. The experiment verified the effectiveness of the proposed framework in formal defining, expressing and evaluating of authentication.Second, in order to solve the problem of low cooperation willingness of nodes may be caused by privacy leakage and resource consumption in cooperative authentication mechanism, also known as the incentive strategy problem of cooperation willingness, the conflict relation among authentication, privacy leakage and resource consumption was analyzed, a bargaining-based incentive mechanism under the constraint of privacy was proposed for cooperative authentication based on the price-based incentive strategy. Firstly, all the factors affecting cooperation willingness of nodes were analyzed and quantified by virtual currency. Secondly, after analysing the characteristics of cooperative authentication request, a price system was established for encouraging node to be cooperative, which including the bidding price-set of buyer and the asking price-set of seller. Thirdly, according to the process procedure of cooperative authentication request, a bargaining-based incentive procedure was built and a bargaining-based algorithm was designed for cooperative authentication. Finally, the experiment verified the effectiveness of the proposed method in improving the cooperation willingness of nodes and the probability of successful cooperative authentication.Third, in order to address the problem of balancing authentication, privacy protection and resource conservation in cooperative authentication mechanism, also known as the optimal strategy problem of cooperative authentication, a choice mechanism of optimal strategy based on bargain game model was proposed for cooperative authentication. Under the assumption of that node can rational decide whether or not to participate in cooperation according to the utility, the game model for cooperative authentication was established by combining the bargaining-based incentive mechanism. Further, to analyze the behaviors and decision-making of nodes in different situations, two type games static game and dynamic game-with complete information and incomplete information were analyzed respectively for cooperative authentication. Under complete information, Nash Equilibriums and Subgame Perfect Nash Equilibriums are obtained to guide the node to choose its optimal strategy to maximize its utility. In reality, nodes often do not have good common knowledge about others’utility and type (this case is often called "incomplete information"). To deal with this case, Bayesian Nash Equilibriums and Perfect Bayesian Nash Equilibriums are established to eliminate the implausible Equilibriums and maximize node’s expected utility. Based on the proposed model and analyzed results, an algorithm of bargaining-based game with incomplete information was designed for cooperative authentication. Finally, the experiment verified the effectiveness of the proposed method in solving the optimal strategy problem of cooperative authentication. In the proposed model, nodes participating in cooperative authentication will maximize their location privacy and minimize their resource consumption with ensuing the probability of correct authentication, extend the network lifetime.Last, in order to solve the problem of balancing authentication, usability and privacy protection, a multi-feature fusion based implicit authentication mechanism was proposed. Firstly, diverse kinds of data, sensor data, biometric and behavioral data of user, which generated during use smartphone were collected and analyzed. Various kinds of features related to user identity, location feature, environment feature, posture feature, gait feature, biometric feature and behavioral feature, were trained and extracted by using the support vector machine. Secondly, the multi-feature fusion model was designed for calculating the user confidence level and the framework of implicit authentication based on the proposed model was constructed for continuously and transparently authenticating the user of smartphone.Further, personalized security policy of implicit authentication was designed for meeting the diverse security requirements of the user. Finally, the experiment verified the effectiveness of the proposed method in balancing authentication, usability, privacy protection and energy consumption.