Research On User Identity Authentication Of Trusted Mobile Equipment

With the development of the calculational capability and storage, and the appearance of embeded operate systems and kinds of wireless applications, the mobile equipment has been facing increasing security threats. It has thus a pivotal importance to ensure the integrity and security of the mobile equipment, and prevent from using illegally, tampering and copying. This paper focuses on these problems. Based on the the characteristics of the mobile platform, which is short of storages and calculations, an improved authorization protocol and an user authentication protocol are presented. The main works are as followed:(1) The paper researches on the architecture of the software and hardware, and analyses Trusted Platform Module and the working principle, which provides the theoretic basis for the Trusted Booting in the mobile equipment.(2) The application of domain isolation and Role-Based Access Control to the mobile equipment is presented. Data structure and system call are designed to implement the access control of several users and protect the secure communiction between processes.(3) Object-Independent Authorization Protocol and Object-Specific Authorization Protocol in Trusted Computing Platform Criterion are researched. They communicate in a plaintext and it is easy to be replayed. So An authorization Protocol for mobile equipment is presented. The paper uses ECC to improve the secure intensity and ordinal number to avoid replaying, as well as establishes an authentication.(4) An user-domain authentication of three factors is proposed. The authentication adopts Wireless Pulic Key Infrastructure and binds password and biologic data to authenticate the user identity, so it accords to the Secure Level 3 in the Truted Platform Module standard.(5) Based on the Motorola A1200, modifying the source code of Bootloader and replanting it to the process PXA270, an embeded trusted mobile platform is designed to achieve integrity measurement. The paper connects it and USB-Key with ESAM to a PC, translating and editing Linux in order to test the feasibility of the user authentication.