Research on Identity Authentication Method Based on Negative Logic System

. With the rapid development of computer and network, new technologies and services such as mobile Internet, Internet of Things, cloud and arti ﬁ cial intelligence have arisen and changed people ’ s life. The identity authentication is a must for these services. To solve the problem, identity authentication system and method based on negative logic system (NLS) is proposed in the paper. NLS is introduced to improve security in the essence of attack and defense. Security mechanisms based on NLS are proved effective to increase attack cost and strengthen defense ability. So NLS-based identity authentication system and method in the cloud environment are designed. Meanwhile, the corresponding converters, distributed storage, distributed detectors and authentication are proposed. The proposed method can improve security and provide identity authentication for cloud, IoT, etc. The theoretical performance analysis proves that it is feasible and effective.


Introduction
With the rapid development of computer and network, new technologies and services are being generated, evolved and promoted constantly, bringing great convenience and changes to people's life. Of which, mobile Internet, Internet of Things, cloud and artificial intelligence are all becoming the rising topics. Concerning to these technologies and services, the identity authentication is the precondition to guarantee secure accessing. Taking cloud environment as an example, it has some features and advantages such as broadband interconnection, resource pool sharing, flexible configuration, on-demand services, etc. However, while providing services and sharing resources in an open cloud environment, how to ensure the confidentiality, integrity, and availability of system resources and user's data in the cloud is an important issue, and identity authentication is a premise guarantee to achieve this goal.
The researchers have already taken some studies on identity authentication. At present, Ghosh et al. focus on NFC and biometric algorithms [1]. Chien proposes video recognition technology [2]. Hu et al. point out the privacy protection using images and identity information [3]. And some other researchers propose the identity based encryption [4][5][6][7][8][9][10]. Of which, the identity based encryption is a new tendency for identity authentication. Urbi et al. propose PUF+IBE scheme, which contains the identity authentication algorithm for Internet of Things devices and its connection and protocol process based on elliptic curve [4]. In the field of aviation aircraft, a layered identity-based authentication IBV scheme is proposed. Wu et al. talk about the mobile device authentication and key agreement protocol based on elliptic curve [5]. Yuan et al. propose identity-based identification, mobile identity identification solutions based on IBI [6].
Although the research on identity authentication are more and more, there is a common problem on it, that is all the researches are based on positive logic system. It means that the user account authentication and other information are all stored in the identity authentication system based on positive logic system. Once the user's account is leaked or stolen, the attacker can make use of the acquired user information to access to the system and resources. Even worse, the attacker uses it as a springboard for taking deep cyber attack and penetration, which is a great security risk for the whole system. In addition, the security bottleneck of identity authentication lies in the selection of the authentication algorithm, which is the attacker's focused attack goal. If the authentication algorithm is attacked, the security of the entire cloud environment is hard to guarantee. Furthermore, the existing identity authentication technology does not involve the elements of a distributed cluster in the cloud environment, which has certain limitations in adaptability and scalability.
In order to solve the above problems, we propose the negative logic system (NLS) and take research on the method of identity authentication based on negative logic system in this paper. The identity authentication system and method based on negative logic system is proposed in the paper. NLS is introduced to improve security in the essence of attack and defense. Security mechanisms based on NLS are proved effective to increase attack cost and strengthen defense ability. So NLS-based identity authentication system and method in the cloud environment are designed. Meanwhile, the corresponding converters, distributed storage, distributed detectors and authentication are proposed. The proposed method can improve security and provide identity authentication for cloud, IoT, etc. The theoretical performance analysis proves that it is feasible and effective.
Our Innovations and Contributions. In this paper, there are some innovations and contributions. One of which is the negative logic system. The other is the security attack and defense mechanisms based on negative logic system. The third is the identity authentication method based on negative logic system. And the last is the method of converters and distributed storage based on NLS as well as the method of distributed detectors and authentication based on NLS.
The rest of this paper is organized as follows. Section 2 introduces the motivation. Section 3 proposes negative logic system. Section 4 presents security attack and defense mechanisms based on negative logic system. Section 5 proposes the identity authentication system and method based on NLS. Finally, in Sect. 6 we draw the conclusion of this paper.

Motivation
The existing security attack and defense mechanisms are based on the security attack and defense mechanisms of the positive logic system (PLS), that is to say, the state description of the security attack and defense is positive to the logic description of the security attack and defense. Hence, in the PLS-based security attack and defense mechanisms, the information is same and equal for both offensive and defensive sides. The essence of security attack and defense is the cost and expense of both offensive and defensive sides taken while attacking and defending. On the basis of information equivalence, the degree of confrontation, the superiority and inferiority status and the active and passive situation of both offensive and defensive sides can only rely on the cost and expense of cyber attack and defense tactics.
Therefore, the disadvantage of the existing PLS-based security attack and defense mechanisms is the limitation of offensive and defensive information equivalence. Firstly, on the basis of PLS, information is a one-to-one correspondence. Relatively speaking, the attacker can use a large number of attack groups to achieve an attack. The attack group here is a broad group that includes both the actual attacker population and any host, device, or computer network system that can be used in the network. Secondly, the existing attack and defense mechanisms increase the cost of information network defense side relatively. When it comes to the network or system of defensive side, it can be protected and defended by the defensive side only. For the decentralized or centralized attack methods and attack groups, only by strengthening the protection system of the defense side, can it be possible to defend against the attacker's attack, so that the defense cost and expense is much greater.
In order to solve the disadvantage of the existing mechanisms, the security attack and defense mechanisms based on negative logic system are innovatively proposed in the paper. That's the motivation of this paper. The NLS-based security attack and defense mechanisms can break the situation of information equivalence between offensive and defensive sides, so as to achieve that the information for both offensive and defensive sides is not equal, and then increase the cost and expense of cyber attacks, and meanwhile reduce the cost and expense of cyber defense.
What's more, the method of using the negative logic system for identity authentication is also proposed innovatively. And this NLS-based identity authentication method can be applied not only in the cloud environment but also in the Internet of Things (IoT) environment, which is of great significance to secure accessing.

Negative Logic System
We innovatively propose the negative logic system in the cyber security area together with the security attack and defense mechanisms based on negative logic system as well as the principle and method of our negative logic system.
Principle and Method of Negative Logic System. The principle and method of our negative logic system is described as follows.
The negative logic system is the opposite logic to the positive logic [11][12][13][14][15][16][17], and the corresponding relationship is 1:N mode, i.e. a one-to-many relationship. As for the formal language description, it can adopt the normal binary, octal, decimal, or hexadecimal formats, and it can also use the state number of the practical applications as well, for example, the state number of the application is N, then it can use N bases. Therefore, its formal language description method is flexible and can be selected according to the requirements.
We take the actual state number as an example to give the formal language description and definition of negative logic system. Assuming that there are n kinds of states in a system, which are defined as S 1 ; S 2 ; S 3 ; . . .. . .; S n . Let S ¼ fS 1 ; S 2 ; S 3 ; . . .. . .; S n g, so that for any state S i 2 S, in which i 2 f1; 2; 3; . . .. . .; ng, the negative logic value of S i is any one of the states in S except S i . That is to say, The method of NLS is illustrated in following Fig. 1.
According to the above Fig. 1, the method of NLS is combined with input, NLS processing center and output.
As for input item, it is the value for inputting, which is transferred to the NLS processing center. The input value can be data information formatted in binary base, data information formatted in decimal base, data information or text information formatted in hexadecimal base, etc. As for NLS processing center, it includes NLS processing mechanisms, the choosing and the transforming of number bases, selecting algorithm, calculation method, etc. Its main function is to determine the negative logic values according to the input and give result to the output part. For example, when the input is S i , the negative logic values are in the following sets fS 1 g; fS 2 g; Á Á Á ; fS iÀ1 g; fS i þ 1 g; Á Á Á ; fS n g: As for output item, one of the negative logic values will be output randomly according to the selecting method and the calculation method set in the NLS processing center and even the time the input value being inputted into the NLS processing center. Taking the above example, one of fS 1 g; fS 2 g; Á Á Á ; fS iÀ1 g; fS i þ 1 g; Á Á Á ; fS n g may be outputted as the actual output value, such as S 2 at this moment. So the negative logic system result for S i at the moment is S 2 .

Security Attack and Defense Mechanisms Based on Negative Logic System
The structure of security attack and defense mechanisms based on negative logic system is shown in Fig. 2 below. It is comprised of the attack module, NLS module and defense module.
In Fig. 2, we can see that attack module under the NLS-based security mechanisms is with less information so that the cost and expense to take an attack is much higher than ever PLS-based security mechanisms.
NLS module is the negative logic system and it is implemented according to the principle described in Fig. 1.
Defense module is under the NLS-based security mechanisms and its information is much more so that the cost and expense to take defense is much lower than ever PLSbased security mechanisms.
The performance analysis of security attack and defense mechanisms based on NLS is presented as follows.
According to the NLS principle and method, and combing with the security attack and defense mechanisms based on NLS, it is assumed that the number of states of a Research on Identity Authentication Method system is n, which are defined as S 1 ; S 2 ; S 3 ; . . .. . .; S n . Let S ¼ fS 1 ; S 2 ; S 3 ; . . .. . .; S n g, so based on NLS, there are n À 1 possible kinds of negative logic value for any state S i 2 S, such as fS 1 g; fS 2 g; Á Á Á ; fS iÀ1 g; fS i þ 1 g; Á Á Á ; fS n g. Therefore, in order to get the value of S i , at least n À 1 different values after data de-duplicating must be given. And by combing and analyzing, the value of S i can be computed. Compared to the PLS, to get the value of S i requiring only 1 value, the space of NLS is much greater than PLS. As for the entire system space, the space of PLS is n, while the space of NLS is nðn À 1Þ. When a logic value is given, the probability of a successful PLS judgment is 1 n , while the probability of a successful NLS judgment is 1 nðnÀ1Þ . In the security attack and defense mechanisms based on NLS, the defense side knows the number of all the states as well as the scope of the whole system space. It is therefore that the information for the defense side is much more than the attack side, and the cost and expense that needed to take is much lower.
However, as for the attack side in the security attack and defense mechanisms based on NLS, objectively speaking, the whole system security space is greatly expanded at first. It is expanded to the second power relationship for NLS from the linear relationship for PLS. Secondly, in the actual attack and defense, the attack side doesn't know or cannot get known of the number of all states such as n, so that, even if the attacker obtains k kinds of different logical values, the attacker cannot know how many times it still needs to get the correct information he wants when he doesn't know n. Thus, the complexity and difficulty of the attack is greatly increased. It is therefore that the information for the attack side is less than the defense side, and the cost and expense required for the attack side is much higher and more.
From the viewpoint of the essence of security attack and defense, the essence of the attack lies in the cost and expense of taking attack, while the essence of the defense lies in the cost and expense of taking defense. From the above performance analysis, we can know that the security attack and defense mechanisms based on NLS can essentially increase the cost and expense required for the attack and reduce the cost and expense required for the defense. The security attack and defense mechanisms based on NLS are of important practical value and significance in the field of security.

Identity Authentication System and Method Based on Negative Logic System
Based on the proposed negative logic system, we propose NLS-based identity authentication. The NLS-based identity authentication system and method can be applied not only in the cloud environment but also in the Internet of Things environment, which is of great significance to secure accessing. Here we take cloud environment as a specific application scene. And we will give out the identity authentication system and method based on NLS in the cloud environment as well as the method of converters and distributed storage based on NLS, and the method of distributed detectors and authentication based on NLS. Firstly, we compare our NLS-based identity authentication system and method with the existing identity authentication system and method.
The existing identity authentication system and method are all based on positive logic system. It means that the user account authentication and other information are all stored in the identity authentication system based on positive logic system. Once the user's account is leaked or stolen, the attacker can make use of the acquired user information to access to the system and resources. Even worse, the attacker uses it as a springboard for taking deep cyber attack and penetration, which is a great security risk for the whole system. In addition, the security bottleneck of identity authentication lies in the selection of the authentication algorithm, which is the attacker's focused attack goal. If the authentication algorithm is attacked, the security of the entire cloud environment is hard to guarantee. Furthermore, the existing identity authentication method and system does not involve the elements of a distributed cluster in the cloud environment, which has certain limitations in adaptability and scalability. The identity authentication system and method based on negative logic system can break the situation of information equivalence between offensive and defensive sides from the essence. The information for both offensive and defensive sides of identity authentication system is not equal. It can increase the cost and expense of cyber attacks of the system, and meanwhile reduce the cost and expense of cyber defense of the system. Besides, this NLS-based identity authentication method can be applied not only in the cloud environment but also in the Internet of Things (IoT) environment, etc., which is of great significance to secure accessing. And according to the theoretical performance analysis in Sect. 4, it proves that it is feasible and effective.

Identity Authentication System Based on NLS in the Cloud Environment
The system structure of identity authentication system based on NLS in cloud environment is shown as follows, in Fig. 3.
As is illustrated in Fig. 3, the system structure is comprised of user end, cloud end, converter, distributed storage and detector. The procedure of the system mainly contains two periods, one of which is the period of user registering, the other of which is the period of login authenticating.  In user registering period, at first, the user end is used to send register information to the cloud end.
The cloud end receives the register information from the user end and obtains the set of user identity information based on the negative logic system through the negative logic converter, and then distributes the negative logic-based identity information set by the distributed storage.
The converter is used to receive the information from cloud end and transform the information to the negative logic presentation and then obtain the set of NLS-based identity information.
The distributed storage is used for receiving identity information from the converter and distributing them to storage.
(2) Login Authenticating Period In the login authenticating period, the user end is used for sending user's login information to the cloud end and receiving the authentication result from the cloud end.
The cloud end can receive the login information set sent from user end and then transport the login information set to the detector so as to take distributed detection and then get the authentication result. Besides, the cloud end receives the authentication result and then feedbacks the identity authentication result to the user end.
The detector is used to receive the login information from the cloud end and take distributed detection. The authentication result can be concluded according to the comparison of the number of matched detector with the maximum number of tolerances. After that, the authentication result is outputted to the cloud end.

Identity Authentication Method Based on NLS in the Cloud Environment
The following Fig. 4 describes the method of identity authentication based on NLS in the cloud environment. According to the above Fig. 4, the method of identity authentication based on NLS in the cloud environment includes the following steps.
Step 1: User's registration requesting. The user end sends request to the cloud end with the user's registration information.
Step 2: User's registration information obtaining. The cloud end obtains user's registration information.
Step 3: Identity information transforming. Extract corresponding information from registration information, and transform identity information based on NLS to obtain the corresponding NLS-based identity information set. For example, there are n kinds of NLS-based identity information. Concerning with the information, only when not less than m kinds of different identity information are obtained at the same time, then the identity information of the user can be authenticated. Here, m is the maximum number of tolerances to authenticate.
Step 4: Distributed storing. Distribute the n kinds of NLS-based identity information to distributed storage.
Step 5: User login requesting. The user end sends request to the cloud end with the user login information set.
Step 6: User login information obtaining. The cloud end obtains user login information set.
Step 7: Identity authenticating. The cloud end begins identity authenticating procedure.
Step 8: Distributed authentication detecting. Distributed detect the user login information set. Assuming that user login information set contains t kinds of different identity information. By detecting based on NLS, the number of matched detectors will be figured out, e.g. the number is k. Then compare k with the maximum number of tolerances m. Only when k ! m, the user information can be gotten, otherwise the user information cannot be gotten.
Step 9: Identification. According to the result of Step 8, the identification is taken out.

Method of Converters and Distributed Storage Based on NLS
As in the above, we can know that, the method of converters and distributed storage is of great importance to the identity authentication based on NLS. So Fig. 5 shows the specific method of converters and distributed storage based on NLS.  We can see from Fig. 5 that the method procedure of converters and distributed storage based on NLS includes five components. For the first thing, input the user's registration information, for example the user's registration information is written as ID i . For the second thing, obtain the user's original identity information, which is written as P i .
For the third thing, the conversion center, which is based on NLS, is the main function and component. Assuming that the user's registration information is ID i and the related original real identity information is 1 kind, denoted as P i , the corresponding non-real identity information is n kinds, written as S 1 ; S 2 ; S 3 ; . . .. . .; S n . Let T ¼ fP i ; S 1 ; S 2 ; S 3 ; . . .. . .; S n g, then as for user's registration information ID i , the corresponding NLS-based identity information set is T 0 ¼ T À fP i g, i.e. T 0 ¼ fS 1 ; S 2 ; S 3 ; . . .. . .; S n g. The conversion result will be outputted to the next component, receiving the identity information set T 0 based on NLS of ID i , that is fS 1 ; S 2 ; S 3 ; . . .. . .; S n g.
And for the last thing, the identity information set T 0 based on NLS of ID i is distributed to different storage area, such as storage area 1; 2; Á Á Á ; i; i þ 1; Á Á Á ; n:

Method of Distributed Detectors and Authentication Based on NLS
The procedure of distributed detectors and authentication based on NLS is shown in Fig. 6. It is the distributed detecting and authenticating based on negative logic system, in which, the maximum number of tolerances is m, that is to say, the identity information of the user can be authenticated with at least m kinds of different identity information.  Fig. 6, we get the user's login information set and extract different elements as I 1 ; I 2 ; Á Á Á ; I i ; I i þ 1 ; Á Á Á ; I t . Then we transfer them to distributed detectors.
In the detectors, let the obtained value and elements correspond to different distributed detectors, such as detector 1; 2; Á Á Á ; i; i þ 1; Á Á Á ; n: Meanwhile, take the detection of the t kinds of different identity information I 1 ; I 2 ; Á Á Á ; I i ; I i þ 1 ; Á Á Á ; I t based on NLS and judge whether it belongs to the corresponding NLS-based identity information set T 0 of user's registration information ID i , for which T 0 ¼ T À fP i g, and at the same time, T 0 ¼ fS 1 ; S 2 ; S 3 ; . . .. . .; S n g. Simply speaking, judge whether it belongs to the element of set T 0 . After that, feedback the result to the mach center. Then the match center calculates the number of matched detectors, denoted as k. And compare k with the maximum number of tolerances m. Finally, according to the result of the comparison, we take identity authentication, judging whether the user is a legal user. Only when k ! m, the user's real original information can be gotten and the user begins to access to the resource in the cloud and use the resource, otherwise the user's real original information cannot be gotten, hence the user can't login and can't access to the resource in the cloud.

Conclusion
In this paper, identity authentication system and method based on negative logic system is proposed to solve the problem of identity authentication, NLS is introduced to improve security in the essence of attack and defense. Security mechanisms based on NLS are proved effective to increase attack cost and strengthen defense ability. So NLS-based identity authentication system and method in the cloud environment are designed. Meanwhile, the corresponding converters, distributed storage, distributed detectors and authentication are proposed. The proposed method can improve security and provide identity authentication for cloud, IoT, etc. The theoretical performance analysis proves that it is feasible and effective.