Research On Risk Based Dynamic Identity Authentication Method Based On The UCON Model

Nowadays,the rapid development of Internet makes the number of Internet users grow rapidly.Although the Internet brings many conveniences to people’s life,it also brings a series of security problems.Identity authentication technology is an important research direction in the field of information security.It can identify the operator’s identity in the insecure network environment to confirm whether the operator’s identity is legal,so as to prevent the illegal third party from invading the system for dangerous operation and threatening the network security.However,as the first gateway to maintain network security,identity authentication technology itself is also facing threats.The traditional authentication method can not adapt to the current network environment well,and there are some defects.Traditional identity authentication has the following problems:(1)Less flexibility.Most of the existing methods rely on the user’s unique deterministic credentials or characteristics,and identify whether the user meets the authentication requirements by matching the existing information in the system.As long as the user provides certain credentials,the authentication result of the user is usually unchangeable.Therefore,it can not adapt to the changing network environment,which makes the identity authentication lack of flexibility.(2)The security is weak.In the existing identity authentication,the user’s identity information is mostly audited by the authentication center.As a trusted third-party organization,identity authentication center can not effectively guarantee its own security and credibility.For example,when the authentication center itself is attacked,the user’s identity information may be exploited or tampered with,or even pose a greater threat.Through variables,UCON model can carry out continuous access control to meet the basic requirements of the current network environment.Therefore,UCON model is also considered as a new generation of access control model.However,UCON model also has some defects.For example,its security needs to be strengthened.In order to provide more flexible and secure identity authentication for the website,this paper improves the UCON model and carries out three aspects of research work.Firstly,a dynamic risk authentication method based on UCON model is proposed.When the user needs to be authenticated,the results of password authentication and permission control will be referred to at the same time.The two results together determine the result of user identity authentication and corresponding access rights,and improve the flexibility of identity authentication.Secondly,in the stage of risk assessment,a user risk assessment method based on historical behavior is proposed.Users’ online behavior will be recorded,and then risk assessment will be carried out.The risk value and trust value from the assessment will be used as the basis of authority control.Finally,using the blockchain smart contract,the automatic operation of user risk assessment and authority control is realized.At the same time,using the security and non tamperability of blockchain itself,the blockchain is used as a database to store relevant information.In order to verify the security of the scheme,SVO logic system is used to analyze the protocol logic reasoning,and the security of the method is analyzed based on various scenarios.According to the analysis,this scheme achieves the set security goal in security,and has high flexibility.In addition,the related experiments are carried out on the simulated campus network environment.Simulation tests show that this method has high efficiency and stability,and can be used in various scenarios where users need to be authenticated.