User Context-Based Security Access Scheme For Mobile Terminal

Due to the refinement, multifunction, openness, individuation, capacity of installing the third-party applicative programs and management of complicated business, the mobile intelligence terminal has been an essential device for everyone in commercial activities or in daily life since recent years. However, it comes to be a new breach of security, which is a powerful challenge on the administrator in IT corporations. Hence, this thesis analyzed the access control when mobile terminal connecting to inner-net before the access and discussed the problem of assigning permission in the process of access. The main contributions of our work are summarized as follows:Firstly, the thesis summarized the security problem of mobile terminal and its connection with inner-net from three aspects:disguise threat, malicious code threat and abuse threat. In addition, it made a comprehensive analysis of the challenges about the solution of traditional mobile terminal. On this basis, we presented an access control model for security connection with the mobile terminal. In this model, there are four phases for controlling a mobile terminal to connect with inner-net:registration, identification, risk assess and dynamic authorization. The process of four phases provided a more secure access control method when mobile terminal connect to the inner-net.Secondly, the thesis proposed a lightweight access authentication scheme. Scheme stated that, in the process of access, the identification and password were managed by the mobile terminal. It can decrease the possibility of passwords leakage. Besides, the scheme designs a mutual identification between users and server that reduces the exchange in the identification process without third-party involving every time, which not only assures the safety of serves, but also enhances the execution efficiency.Thirdly, we studied security risk assessment methods of traditional information system and the technical standard of mobile intelligent terminal security capability which was issued by Industry and Information Technology in2013. Then we proposed a risk assessment and authorization method based on the context of mobile terminal. In this method, we divided the mobile terminal context, which would affect the security of inner-net, into three categories:system security context, application security context and user behavior security context. Then we set the indexes of risk assessment for mobile terminal to connect the inner-net. And then we work out the weight of each index by AHP algorithm. After that we calculated the safe rank’s quantization value of mobile terminal system using MAUT algorithm. At last, we authorized mobile terminal based on the result of risk assessment. During the connection, the server sent periodical requests to the mobile terminal for risk assessment and monitored the mobile terminal connecting with inner-net in real-time to distribute authorization dynamically.Finally, based on the control model proposed in this thesis, we developed a security management prototype system of mobile terminal. The introduction of this system focused on3modules:user management, information acquisition of mobile terminal context and security assessment of mobile terminal. The test results showed that this system had achieved the anticipated design targets.