Research On IoT Authentication Mechanism Based On Multi-party Closed Loop

With the rapid development of the Internet,people frequently submit their web identities to register and log in to get personalized services through authentication.When using web identities,people not only experience password fatigue,but also face serious network security problems such as password leakage,phishing scams,and crash attacks.Innovative identity authentication and management solutions to solve web identity security problems have become a hot research topic nowadays.A new solution—the multi-party closed-loop web identity management mechanism— has emerged.This mechanism is user-centered and uses trusted user agents as a tool for user identity information management and storage,which can guarantee web identity security more effectively.Compared with ordinary APPs,this mechanism involves highly sensitive user privacy data,which imposes higher requirements on the security of trusted user agent data.This thesis proposes and implements a hardware scheme to enhance the security of privacy data in APPs to address the key security requirements of trusted user agents and the APP privacy data storage problem.The privacy data encryption and decryption keys in the scheme are randomly generated and securely stored by the security hardware,and users can actively control the encryption and decryption of APP privacy data through the security hardware,so the security of users using APP can be significantly improved.The main research contents of this thesis are as follows.（1）A security hardware to enhance the security of APP data storage is designed and implemented,which combines the security chip and the proximity wireless communication technology.The details are as follows: the proximity wireless and passive power supply of the security hardware is realized by using the proximity wireless communication chip that can collect RF energy efficiently.At the same time,the security chip model N32S032 is used to realize the two-way security authentication between the APP and the security hardware and the function of encrypting and decrypting APP privacy data.This security hardware not only enhances the security of APP privacy data effectively,but also is very convenient to use.（2）A set of APP privacy data cryptographic storage protection scheme is designed and implemented,which mainly contains two parts: hardware design and APP design,with the following features: APP privacy data is encrypted in storage;independent hardware and double key technology are used;the root key is randomly generated by the security hardware;neither APP nor the server stores the root key;mutual authentication and key negotiation must be completed before the security hardware can communicated with APP;during the communication process,all transmitted data packets are encrypted;users can control the encryption and decryption of privacy data independently.The protection scheme improves the user’s trust in APP while satisfying the user’s sense of control over the privacy data.（3）Using formal analysis method and Delov-Yao attack model,the protocol between the trusted user agent and security hardware is modeled and analyzed and security assumptions and security objectives are proposed.Then the protocol is coded and experimentally verified using Pro Verif,and the results confirm the security of the protocol.