Research On Identity Authentication And Authorization Technology In Multi-Access Edge Computing Environment

Multi-Access Edge Computing(MEC)is deployed at the edge of the network by combining cloud computing with IT service environment.It enhances the computing and storage capacity of the edge network,and reduces the delay of network operation and service delivery,and finally realizes the overall improvement of application service quality.Therefore,MEC technology is widely used in many fields.However,the openness of MEC technology not only satisfies the needs of users for ultra-low delay business services,but also exposes itself to an unsafe environment,which leads to the increasingly serious security problems faced by resource data.Considering the confidentiality and integrity of MEC system resources and privacy data,this paper studies the identity authentication and authorization technology in this environment.The main research contents and contributions of this paper include the following aspects:(1)An identity authentication and authorization mechanism based on OAuth2.0 for MEC environment is proposed.With the continuous development of MEC technology,various application systems in the Internet are gradually increasing,it has become a necessary requirement to build a unified identity authentication mechanism to enable users to access all applications with only once authentication.Therefore,according to the specific characteristics of MEC environment,in order to ensure the security of private data in MEC system,improve user experience and reduce the management pressure of service providers on account information,this study proposes a single-sign on mechanism based on OAuth2.0.This mechanism has the following advantages:(1)It extends OAuth2.0 authorization protocol to make it compatible with MEC environment,and finally realizes single-sign on operation.When users access multiple third-party application services deployed on MEC system,they can access other credit applications only by authenticating once.(2)The mechanism has completed formal analysis using BAN logic and AVISPA tool,and elaborated the informal analysis to prove that it can resist Man-in-the-Middle attack,replay attack and Cross Site Request Forgery(CSRF)attack.(2)A single-sign on mechanism across MEC environment is proposed.Due to the mobility characteristics of users,User Equipment(UE)faces the problem of handover between MEC servers when accessing third-party applications in MEC platform.For the access of the same application service in different MEC environments,it is necessary to avoid repeated identity authentication.At the same time,in order to realize the low delay of application services and solve the security problems of device privacy data,this study proposes a single-sign on mechanism across MEC environment.The mechanism has the following advantages:(1)In order to ensure the rapid response of application services during the handover between MEC servers,it provides a Tokenbased user state transmission mechanism,so as to access the same application in different MEC systems with only once user authentication.(2)The mechanism also designs a mutual identity authentication scheme based on Elliptic Curve Cryptography(ECC)to ensure the security of private information of users and different MEC platforms.(3)This mechanism realizes the requirement of user anonymity,and can resist replay,forgery and Man-in-the-Middle attacks.