Research On Key Technologies Of Unified Framework Of Multi-Authentication Methods Based On FIDO Protocol

With the rapid development of network technology,identity authentication as an important technical means to ensure network security has attracted wide attention.Many mainstream manufacturers and research institutions jointly proposed the FIDO(Fast Identity Online)protocol framework to solve the problems of the lack of interoperability,mutual authentication and integration difficulties among different authentication methods.The protocol framework is open,easy to integrate,and supports multiple authentication methods.It is one of the mainstream frameworks of multi-authentication methods integration.Multi-authentication methods integration and decision making,cross domain authentication and privacy protection are the problems that the FIDO protocol framework needs to solve in the complex Internet environment.Based on the framework of FIDO protocol,this paper puted forward the dynamic decision of identity authentication based on fuzzy decision theory,anonymous authentication under Cross domain and privacy protection for user information.A unified framework of multi-authentication methods based on FIDO protocol is designed.The prototype system of unified identity authentication platform is designed and implemented preliminarily.The main work and innovation of this article include:(I)A multi-authentication methods integration scheme based on FIDO protocol is proposed.In view of the different requirements of various application systems for identity authentication,a multi-authentication methods integration scheme based on FIDO protocol is proposed.The local Authenticator of original FIDO protocol is optimized and integrated into unified management system,which reduces the calculation of user terminal,which improves the applicability of the framework in terminal resource constrained environment.The scheme integrates various authentication methods such as password,biometric feature,digital certificate and so on to meet the application of different security requirements.(2)A dynamic decision method based on fuzzy decision theory is proposed.In view of the different requirements of authentication method for different application,dynamic decision making is required.In this paper,the concept of weight synthesis and fuzzy numbers is introduced into the traditional analytic hierarchy process(AHP),and an improved analytic hierarchy process(AHP)is proposed,which can consider various weights for decision making.A dynamic decision method of identity authentication based on fuzzy decision theory is proposed.The method supports the identification of identity based on many factors,such as network risk,service reputation,and user role.It not only considers the static and dynamic factors that affect the identity decision,but also solves the problem that the objective weight and the subjective weight are difficult to balance.(3)An anonymous authentication scheme and data privacy protection method in cross domain environment are proposed.An anonymous cross domain authentication scheme is proposed for cross domain authentication requirements in the unified framework of multiple authentication methods.By improving the traditional Certificate-Based Signature(CBS)scheme,an anonymous cross domain authentication scheme is constructed,and the scheme is introduced from system model,scheme design,security and performance analysis.The analysis shows that the scheme has great advantages in efficiency,security,anonymity,and key updating.In view of the problem of privacy leakage caused by user information sharing in cross domain environment,a data privacy protection method based on differential privacy is proposed.By introducing the full sequence distance calculation algorithm and the hybrid distance calculation algorithm into the MDAV(Maximum Distance to Average Vector)clustering algorithm,a ICMD(Insensitive clustering for mixed data)clustering algorithm is proposed to fulfill the differential privacy operation of the ICMD(Insensitive clustering for mixed data).Differential privacy operations are performed on the output data set to preserve privacy while preserving high availability.Finally,the simulation of the method from two aspects of information disclosure and information loss is carried out to verify the effectiveness of the method.(4)Preliminary implementation of the unified identity authentication platform prototype system.Base on the research of the key technologies mentioned above,a unified framework of multi authentication methods based on FIDO protocol is proposed,and a unified identity authentication platform is designed according to the framework.The function structure and service composition of the unified identity authentication platform are designed.The relationship between the main entities of the platform,call relationship between the modules and the definition of the interface are given.Finally,the prototype system is implemented.