Design And Research Of Identity Authentication Security Gateway Based On Mimic Defense

The identity authentication gateway as a bridge between the internal and external networks,can ensure that legitimate users can obtain access rights to the internal network through identity authentication,and use authentication control methods to achieve network access to access specific application services,and provide a security protection barrier for the wide application of e-government and e-commerce on the network.Faced with endless attacks such as session hijacking,gateway spoofing,data theft,and illegal access in complex network environments,current identity authentication gateways can only use prior knowledge to defend against known attack threats and vulnerabilities through post remediation,thus it is unable to actively block external attacks.The mimic defense technology is taken as the theoretical basis in the thesis,an identity authentication gateway defense scheme under mimic scenarios is designed,in order to solve the problem that the identity authentication gateway defense lag and cannot be proactively defended to the greatest extent.The main research work is summarized in the following two aspects:(1)Aiming at the defense defects of the identity authentication gateway,based on the principle of mimic defense,using dynamic heterogeneous redundancy model architecture,construct a mimic identity authentication gateway model with higher security defense coefficient.Construct multiple functionally equivalent heterogeneous redundant actuators through diversified component design;at the same time,it introduces a dynamic scheduling strategy to enable the identity authentication gateway to dynamically transformation with the increase of running time;using multi-mode decision algorithm to analyze the consistency of the output of heterogeneous actuators;finally,according to the negative feedback control mechanism to determine whether to deal with abnormal output conditions.(2)Aiming at the potential risk of storing the identity authentication gateway user data information being destroyed by malicious leakage,based on the defense of the mimic identity authentication gateway,design a secure storage scheme for heterogeneous databases with good intrusion tolerance.This scheme aims at the user’s identity information is often subject to intrusion such as drag,SQL injection attacks,etc.,using SM2 threshold encryption algorithm to encrypt important data stored in the database,the secret value is divided into several shares and stored in several heterogeneous databases.Only a sufficient amount of heterogeneous database collaborative computing can recover the secret value,thereby ensuring the safe availability of data information,even if the gateway database is subjected to a malicious attack,it can reduce the risk of user data information leakage,and can also effectively prevent attackers from using legitimate user identity information to deceive the gateway.Finally,this thesis analyzes the defense effectiveness of the identity authentication gateway and the reliability of the gateway data encryption storage scheme in the mimic defense scenario through simulation.Verify the overall anti-attack capability of the mimic identity authentication gateway.The results show that the identity authentication gateway system under the mimic defense mechanism can effectively prevent external attacks and internal intrusions,and the system has higher stability and security.