| With the rapid development of the Internet,more and more people's social activities happens in the virtual network space.Network service providers provide people with a wide range of convenient network services,e.g.instant messaging and network payment.But at present,the identity authentication mechanism of these services is based on user's account and password.This authentication mechanism requires the user to enter a complex and cumbersome password every time.And in order to reduce the user's association between different services,users will use different passwords on different network services,which is not conducive to the user's password management.At the same time,this single factor authentication system is vulnerable to theft,Man-In-The-Middle attack and phishing attacks.Therefore,in order to provide a more secure and convenient authentication technology,this paper discusses a kind of authentication device designed and implemented under the U2 F protocol framework of FIDO to reduce the complexity of the current password authentication and provides users with a unified authentication service management through the authenticator.In order to solve the above-mentioned problems,this paper is based on the research of FIDO's U2F(Universal Second Factor)protocol framework.Based on the security element's infrastructure and Android system architecture,this paper designs and implements a authenticator that is compatible with the U2 F protocol.And this paper implements a client-side unified management of the authenticators,providing a unified interface for third-party applications to facilitate its integration.The authenticator is the key module of the U2 F authentication system,which implements the authentication of the user and generates the authentication information.The client is responsible for the management of the authenticators on multiple platforms and connects the secure transmission channel between the authenticator and the server.The main work of this paper includes the following points: 1.The U2 F protocol framework is studied,and the whole U2 F authentication system is modeled according to the business process.The server,the client and the authenticator are logically layered.Abstract and out of this paper concerns the client layer and the authenticatro layer.The architecture of the security element is studied.Considering the computational resources and storage resource constraints on the platform,some key algorithms in the U2 F protocol areoptimized.When the authenticator is implemented on the platform,the platform characteristics are considered and the APDU instruction interactive process is fully implemented.3.This paper studies the security mechanism applied on the Android system,and implements the authenticator on the system.It puts forward a technical solution for the protection of key information such as device attestation key,signature algorithm and counter value.4.The client implements a common APDU generation components.Standardizing and processing the APUD command generation process in the Android system,so that the client can be compatible with multiple communication channels to communicate with the authenticators.5.The authenticity,usability and security of the authenticator designed and implemented in this paper are verified and compared with other mainstream identity authentication systems,which reflects the superiority of the results of this paper. |
PDF Full Text Request