Design And Implementation Of User-centric Authentication And Authorization System For IoT

In recent years, it is a trend to develop applications on the open IoT platform. The open IoT platform can be able to provide basic-service for applications, such as accessing the data of device and operating device,and also manage the access of user’s various devices. In order to protect the interests of users, it is important to provide a unified authentication and authorization, and access control of the device for user.In the current authentication and authorization system, because user can not set the visibility of the identity information and the type of authorization of the device for application, and the authorization between users is achieved by pre-authorization under the trust condition, it lack of user interoperability, and does not solve the real-time authorization and authorization between the unknown users. Besides, the system does not provide the security management mechanism of the application, leading to the lack of security of the application environment.This paper focuses on the research and implementation of user-centric authentication and authorization system for IoT. The main contents include:1. Demand analysis and architecture design of user-centric authentication and authorization system for IoT. Define the functions of the system based on the demand analysis, including authentication and authorization, the access of protected device resource, evaluation of the application’s security and so on. And through these functions, design the overall architecture.2. Research on the user-centric authentication and authorization system for IoT. It mainly include the implementations of authentication and authorization processes and access control processes with good user interoperability in the IoT environment based on OpenID Connect 1.0 that is a user-centric authentication and authorization protocol, the access control model based on the contribution which solves the problem of real-time authorization and authorization between the unknown users, the management of application’s security which calculate the total information of application’s security on the evaluations of application’s security and provide user the total information of application’s security when authorize that ensure the safety of the environment.3. According to the functions of the system, the overall architecture and related research work, define the interaction between the modules.And on this basis design and implement the modules. Finally, test the system to ensure feasibility.