Research On Key Technologies Of Identity Authentication In Mobile Internet

With the rapid development of mobile Internet and the deep integration of emerging technologies such as cloud computing and internet of things(IoT),mobile Internet has penetrated into all fields of our daily lives.Different mobile Internet services have put forward strict requirements for identity authentication due to their role as the first security defense line of mobile Internet services.It has become the important direction of identity authentication to support multiple types and levels of mobile Internet services,in order to meet the differential requirements of different types and scales of mobile Internet services.This paper makes an in-depth study on the key technologies of identity authentication in mobile Internet,in order to establish a multi-level authentication scheme for typical mobile Internet services.Firstly,we propose a multi-factor authentication technology with intelligent risk management,in order to satisfy the diversification of application scenarios and the differentiation of security requirements.Secondly,we propose a security testing scheme using adversarial examples for the cutting-edge speaker verification system based on deep learning.Finally,aiming at different mobile Internet service scenarios,we propose an Elliptic Curve Cryptography(ECC)-based three-factor authentication protocal and a hardware token-based IoT authentication model respectively.The main contributions of our paper are summarized as follows:(1)We propose a multi-factor authentication technology with intelligent risk management,which can be used to meet the different authentication requirements for different mobile Internet services and large-scale concurrent authentication.Specifically,we first introduce the technical architecture of multi-factor authentication with intelligent risk management,and propose a high-performance lightweight access service for the large-scale identity authentication.Then,we study the strength of joint multi-factor authentication,in order to decrease the disturbance to users under the condition of ensuring the security of authentication.Furthermore,we research the Deep Neural Network(DNN)-based risk management.Finally,we introduce the application case of the multi-factor authentication technology with intelligent risk management.(2)We propose a security testing scheme for the speaker verification system based on deep learning.Firstly,we introduce the implementation principle of speaker verification system based on deep learning.Then,we design a new loss function to deploy an adversarial instance generator and generate adversarial instances with slight disturbance.Furthermore,we use these adversarial examples to spoof the speaker verification system.Finally,we carry out an experiment to achieve the performance of the security testing scheme.(3)We design a three factor authentication protocol based on Elliptic Curve Cryptography(ECC).Firstly,we analyze the security threats to the high sensitive application scenarios,e.g.mobile government,and propose the relevant security requirements.Then taking Mo et al's scheme as an example,we point out that this scheme is suffering the attacks including stealing verifier attack,denial of service,off-line guessing and temporary information of known specific session.Furthermore,we propose our provably secure ECC-based three-factor authentication scheme.The scheme inherits the advantages of the existing schemes and is applied to the authentication system including user equipment,cloud server and registration center.Security analysis shows that our scheme can resist known attacks and provide user friendliness.Performance analysis and comparison show that our scheme consumes less computation and communication overhead,and provides more security attributes.(4)We design a hardware token-based IoT authentication model.Firstly,we analyze the security threats and security requirements of the IoT authentication model.Then,we propose a Gateway-based Second Factor(G2F)authentication scheme for gateway-centric IoT,which is based on FIDO U2F.The scheme combines the tamper-proof hardware token in U2F protocol with the gateway-centric IoT architecture,in order to achieve high security and efficiency of the identity authentication in IoT while reducing the dependence on service providers.The hardware token can interact with the gateway node and mobile Internet server simultaneously.The scheme realizes the high security and efficiency of identity authentication in IoT,while reducing the dependence on service providers and protecting the Internet of things devices from malicious attacks.After that,we apply the G2F prototype in Alicloud for practical test and evaluation.The security and performance test results show that G2F can realize the lightweight and fast identity authentication in IoT,while protecting the identity authentication in IoT from the known security attacks.