Research On Trusted Security Authentication Technology In Cyber-physical Systems

With the continuous development of computer network technology,the Internet of Things has become the demand and mainstream direction of current society.It's worth that CPS(Cyber-Physical Systems)is an IoT information system focusing on embedded automation.It is widely used in real-time sensing,dynamic control,human-computer interaction and communication services in large-scale engineering systems,emphasizing network physical integration and creating a safe,reliable,real-time and efficient IoT system.There are security issues that cannot be ignored while providing convenient services: the server of control layer of the Internet of Things uses cloud system architecture.Border protection is one of the important point in the security technology of IoT to access cloud.For the identification of users and the privacy protection of terminal devices accessing the network,it is urgent to solve the security problem of CPS device itself and network access.In order to explore the methods and ideas for solving CPS secure access,this thesis studies the trusted anonymous authentication mechanism and crossdomain authentication problem.The main research contents and innovation work are as follows:1.Introduce trusted computing technology into CPS communication network and build a complete CPS trusted security model.In this model,the trusted root and the delivery of trust chain is built in the CPS terminal device to build a trusted computing platform,which ensures the trust of the device itself and ensures the basic security of the system.Then,the Trusted Network Connection(TNC)mechanism is used to extend the trusted environment to a wider range of trust domains,and the identity authentication,remote platform trusted certificate,and integrity verification process are completed,which uses an anonymous authentication mechanism to implement a trusted certificate for the platform.2.Considering that the insufficient computing capacity of CPS terminal device,a lightweight direct anonymous authentication protocol A-DAA(Advanced-DAA)based on TPMv2.0 specification is proposed as the authentication mechanism for trusted access of CPS terminal device.The internal interface command of the TPM(Trusted Platform Module)is modified without affecting the security of the protocol.This measure reduces the calculation of the terminal device in the phase of authentication and improves the efficiency of the protocol.The quantitative calculation and experimental test are used to compare the calculation amount of each sub-protocol between different schemes,which proves the superiority of A-DAA.At the same time,this thesis fixes the security vulnerabilities of existing DAA schemes and gives a proof of security using the random oracle model.In addition,considering that the key data collected by the terminal device may be defrauded by an illegal attacker,this thesis introduces a mutual anonymous authentication mechanism in the signature authentication phase of the protocol,which not only authenticates the legitimacy of the access device but also protects the user's private information.3.Considering that the cross-domain authentication problem in CPS multi-application domain,a cross-domain anonymous authentication scheme MD-DAA(Multi-Domain DAA)is proposed based on A-DAA.MD-DAA inherits the security features of A-DAA,fixes the security flaws of existing cross-domain schemes,and also has certain optimization in efficiency,giving quantitative data comparison and security analysis.It provides an effective solution for the cross-domain authentication mechanism of the CPS communication system.