可信物联网架构模型

殷安生; 张世君

doi:10.11959/j.issn.1000-0801.2017270

您当前的位置：

首页 >

文章列表页 >

可信物联网架构模型

专题：物联网技术与应用 | 更新时间：2024-06-05

- 可信物联网架构模型
- A trusted IoT architecture model
- 电信科学 2017年33卷第10期页码：10-18
- 作者机构：
  
  1. 南京邮电大学，江苏南京 210003
  2. 中国电信股份有限公司连云港分公司，江苏南京 210037
- 作者简介：
  
  [ "殷安生（1982-），男，博士，南京邮电大学副研究员，主要研究方向为网络安全与评估。" ]
  [ "张世君（1980-），男，中国电信股份有限公司连云港分公司网络操作维护中心主任、工程师，主要研究方向为电信大数据挖掘与应用。" ]
- 基金信息：
  
  江苏省教育厅高校自然科学研究面上项目;Natural Science Fund for Colleges and Universities in Jiangsu Province(17KJB520026)
- DOI：10.11959/j.issn.1000-0801.2017270
  中图分类号： TP393
- 网络出版日期：2017-10，
  
  纸质出版日期：2017-10-20
- 稿件说明：
移动端阅览
殷安生, 张世君. 可信物联网架构模型[J]. 电信科学, 2017,33(10):10-18.

Ansheng YIN, Shijun ZHANG. A trusted IoT architecture model[J]. Telecommunications science, 2017, 33(10): 10-18.
殷安生, 张世君. 可信物联网架构模型[J]. 电信科学, 2017,33(10):10-18. DOI： 10.11959/j.issn.1000-0801.2017270.

Ansheng YIN, Shijun ZHANG. A trusted IoT architecture model[J]. Telecommunications science, 2017, 33(10): 10-18. DOI： 10.11959/j.issn.1000-0801.2017270.

摘要

物联网已经在世界范围内得到了广泛的关注和发展，其安全性也面临严重威胁。然而由于物联网本身的特性，很多在互联网领域的安全措施不能直接照搬过来。目前的安全策略主要是针对物联网受到的威胁逐一寻找解决方案，协同机制分散。面对日益智能化、系统化、综合化的安全威胁，提出一种三元两层的可信物联网架构，根据物联网的功能设计一种全程可信安全机制，从传感器设备的软件及硬件的完整性和安全性检查开始，将可信链依次传递，直到应用层，并在应用层根据行为可信实现数据的处理和应用。同时将控制功能和数据功能分开，不同的安全策略之间相互协作、相互检验，从而有效提高物联网应对安全威胁的能力。

Abstract

The internet of things (IoT) has been widely concerned and developed in the world

and its security has been paid more and more attention.However

due to the characteristics of the IoT itself

a lot of security measures in the internet field can’t be applied directly.The current security strategy mainly provide solutions according to the threat of the IoT one by one.In face of increasingly intelligent

systematic

integrated security threats

a trusted IoT architecture of two layers and tri-elements

which brought about a whole trusted security mechanism according to the function of IoT.Starting with the integrity and safety inspection of hardware and software of sensor devices

the trusted chain was transmitted until the application layer

and data was processed according to behavior trusted value in application layer.At the same time

the control function and the data function were separated

and the security strategies cooperated and verified with each other

therefore improving the ability of the IoT to deal with security threats effectively.

关键词

Keywords

references

STANKOVIC J A . Research directions for the internet of things [J ] . Internet of Things Journal IEEE , 2014 , 1 ( 1 ): 3 - 9 .

WEBER R H . Internet of things-new security and privacy challenges [J ] . Computer Law ＆ Security Review , 2010 , 26 ( 1 ): 23 - 30 .

VUPPUTURI S , RACHURI K K , MURTHY C S R . Using mobile data collectors to improve network lifetime of wireless sensor networks with reliability constraints [J ] . Journal of Parallel ＆ Distributed Computing , 2010 , 70 ( 7 ): 767 - 778 .

ZHANG J , LI X , MA J , et al . Secure and efficient authentication scheme for mobile sink in WSNs based on bilinear pairings [J ] . International Journal of Distributed Sensor Networks , 2014 ( 1 ): 84 - 88 .

王良民 , 姜顺荣 , 郭渊博 . 物联网中移动 Sensor 节点漫游的组合安全认证协议 [J ] . 中国科学:信息科学 , 2012 , 42 ( 7 ): 815 - 830 .

WANG L M , JIANG S R , GUO Y B . Composable-secure authentication protocol for mobile sensors roaming in the internet of things [J ] . Scientia Sinica , 2012 , 42 ( 7 ): 815 - 830 .

周彦伟 , 杨波 . 物联网移动节点直接匿名漫游认证协议 [J ] . 软件学报 , 2015 , 26 ( 9 ): 2436 - 2450 .

ZHOU Y W , YANG B . Provable secure authentication protocol with direct anonymity for mobile nodes roaming service in Internet of things [J ] . Journal of Software , 2015 , 26 ( 9 ): 2436 - 2450 .

CHEN T H . A robust mutual authentication protocol for wireless sensor networks [J ] . Etri Journal , 2010 , 32 ( 5 ): 704 - 712 .

杨力 , 马建峰 , 朱建明 . 可信的匿名无线认证协议 [J ] . 通信学报 , 2009 , 30 ( 9 ): 29 - 35 .

YANG L , MA J F , ZHU J M . Trusted and anonymous authentication scheme for wireless networks [J ] . Journal on Communications , 2009 , 30 ( 9 ): 29 - 35 .

周彦伟 , 杨波 , 张文政 . 可证安全的移动互联网可信匿名漫游协议 [J ] . 计算机学报 , 2015 , 38 ( 4 ): 733 - 748 .

ZHOU Y W , YANG B , ZHANG W Z . Provable secure trusted and anonymous roaming protocol for mobile internet [J ] . Chinese Journal of Computers , 2015 , 38 ( 4 ): 733 - 748 .

SARMA S E , WEIS S A , ENGELS D W . Radio-frequency identification:secure risks and challenges [J ] . RSA Laboratories Cryptography , 2003 , 6 ( 1 ): 2 - 9 .

KORKMAZ E , USTUNDAG A . Standards,security ＆ privacy issues about radio frequency identification (RFID) [C ] // 2007 1st Annual RFID Eurasia,Sept 5-6,2007,Istanbul,Turkey . New Jersey:IEEE Press , 2007 : 1 - 10 .

CONTI M , PIETRO R D , MANCINI L V , et al . Mobility and cooperation to thwart node capture attacks in MANETs [J ] . EURASIP Journal on Wireless Communications and Networking , 2009 ( 1 ):8.

SAVRY O , VACHERAND F . Security and privacy protection of contactless devices [M ] . Berlin : SpringerPress , 2009 .

WANDER A S , GURA N , EBERLE H , et al . Energy analysis of public-key cryptography for wireless sensor networks [C ] // IEEE International Conference on Pervasive Computing and Communications,March 8-12,2005,Kauai Island,HI,USA . New Jersey:IEEE Press , 2005 : 324 - 328 .

ESCHENAUER L , GLIGOR V D . A key-management scheme for distributed sensor networks [C ] // ACM Conference on Computer and Communications Security,November 18-22,2002,Washington,DC,USA.[S.l.:s.n] , 2002 : 41 - 47 .

WANG K , BAO J , WU M , et al . Research on security management for internet of things [C ] // International Conference on Computer Application and System Modeling,Oct 22-24,2010,Taiyuan,China . New Jersey:IEEE Press , 2010 .

MEDAGLIA C M , SERBANATI A . An overview of privacy and security issues in the internet of things [M ] . Berlin : SpringerPress , 2010 : 389 - 395 .

DOMINGO-FERRER J , . A provably secure additive and multiplicative privacy homomorphism [C ] // Information Security,International Conference,ISC 2002,September 30-October 2,2002,Sao Paulo,Brazil . New York:ACM Press , 2002 : 471 - 483 .

The 12th information hiding conference [EB/OL ] .(2010-06-30)[2017-08-20 ] . https://ih2010.cpsc.ucalgary.ca/ https://ih2010.cpsc.ucalgary.ca/ .

CONTI M , ZHANG L , ROY S , et al . Privacy-preserving robust data aggregation in wireless sensor networks [J ] . Security ＆Communication Networks , 2009 , 2 ( 2 ): 195 - 213 .

Cisco lightweight extensible authentication protocol [EB/OL ] .(2015-12-13)[2 017-08-20 ] . http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1200-series/prod_qas0900aecd80 1764f1.html http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1200-series/prod_qas0900aecd80 1764f1.html .

WATRO R , KONG D , CUTI S F , et al . TinyPK:securing sensor networks with public key technology [C ] // The 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks,October 25,2004,Washington DC,USA . New York:ACM Press , 2004 : 59 - 64 .

HSIEH W B , LEU J S . A robust user authentication scheme using dynamic identity in wireless sensor networks [J ] . Wireless Personal Communications , 2014 , 77 ( 2 ): 979 - 989 .

BOGDANOV A , KNUDSEN L R , LEANDER G , et al . PRESENT:an ultra-lightweight block cipher [J ] . Lecture Notes in Computer Science , 2007 ( 4727 ): 450 - 466 .

SHIRAI T , SHIBUTANI K , AKISHITA T , et al . The 128-bit blockcipher CLEFIA [C ] // The 14th International Conference on Fast Software Encryption,March 26-28,2007,Luxembourg . New York:ACM Press , 2007 : 181 - 195 .

ISO.Information technology-security techniques-lightweight cryptography-part 2:block ciphers [S/OL ] .(2012-01-31)[2017-08-20 ] . http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_de tail.htm?csnumber=56552 http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_de tail.htm?csnumber=56552 .

LEANDER G , PAAR C , POSCHMANN A , et al . New lightweight DES variants [C ] // 14th International Conference on Fast Software Encryption,March 26-28,2007,Luxembourg . New York:ACM Press , 2007 : 196 - 210 .

CANNIÈRE C D , DUNKELMAN O,KNEŽEVIĆ M . KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers [M ] . Berlin : Springer Berlin HeidelbergPress , 2009 : 272 - 288 .

BELLOVIN S M , GENNARO R , KEROMYTIS A , et al . Applied cryptography and network security [M ] . Berlin : Springer Berlin HeidelbergPress , 2012 .

殷安生 , 张顺颐 . 基于终端可信度的路由策略设计与实现 [J ] . 电信科学 , 2016 , 32 ( 4 ): 1 - 8 .

YIN A S , ZHANG S Y . Design and implementation of routing strategy based on terminal trust [J ] . Telecommunications Science , 2016 , 32 ( 4 ): 1 - 8 .

殷安生 , 张顺颐 . 基于可信群划分及评估值波动性和一致性的可信评估模型 [J ] . 南京邮电大学学报:自然科学版 , 2014 , 34 ( 3 ): 101 - 105 .

YIN A S , ZHANG S Y . A trust model based on volatility and consistency in trusted groups [J ] . Journal of Nanjing University of Posts and Telecommunications , 2014 , 34 ( 3 ): 101 - 105 .

SATHISHKUMAR J,R.PATEL D . A survey on internet of things:security and privacy issues [J ] . International Journal of Computer Applications , 2014 , 90 ( 11 ): 20 - 26 .

丁洁 , 吴汉炜 , 林志阳 , 等 . 增强型匿名RFID双向认证协议eARAP 的设计与分析 [J ] . 广西大学学报自然科学版 , 2015 , 40 ( 6 ): 1494 - 1500 .

DING J , WU H W , LIN Z Y , et al . Design and analysis of an enhanced anonymous mutual RFID authentication protocol eARAP [J ] . Journal of Guangxi University(Nat Sci Ed) , 2015 , 40 ( 6 ): 1494 - 1500 .

HAO Y , CHENG Y , REN K . Distributed key management with protection against rsu compromise in group signature based VANETs [C ] // 2008 Global Telecommunications Conference,Nov 30-Dec 4,New Orleans,LO,USA . New Jersey:IEEE Press , 2009 : 1 - 5 .

HE D , ZEADALLY S , XU B , et al . An efficient identity-based conditional privacy-preserving authentication scheme for vehicular Ad Hoc networks [J ] . IEEE Transactions on Information Forensics ＆ Security , 2015 , 10 ( 12 ): 2681 - 2691 .

IBRAIMI L , ASIM M , PETKOVIC M . Secure management of personal health records by applying attribute-based encryption [C ] // International Workshop on Wearable MICRO and Nano Technologies for Personalized Health,June 24-26,2009,Oslo,Norway . New Jersey:IEEE Press , 2009 : 71 - 74 .

SAHAI A , WATERS B . Fuzzy identity-based encryption [M ] . Berlin : SpringerPress , 2005 : 457 - 473 .

IEN G M , OLESHCHUK V A . Location privacy for cellular systems; analysis and solution [C ] // 5th International Conference on Privacy Enhancing Technologies,May 30-June 1,2005,Cavtat,Croatia . New York:ACM Press , 2005 : 40 - 58 .

XIAO X , SUN X , YANG L , et al . Secure data transmission of wireless sensor network based on information hiding [C ] // International Conference on Mobile and Ubiquitous Systems:Networking ＆ Services,Aug 6-10,2007,Philadelphia,PA,USA . New Jersey:IEEE Press , 2007 : 1 - 6 .

CURTMOLA R , GARAY J , KAMARA S , et al . Searchable symmetric encryption:Improved definitions and efficient constructions [C ] // The 13th ACM Conference on Computer and Communications Security (CCS 2006),October 30-November 3,2006,Alexandria,Virginia,USA . New York:ACM Press , 2006 : 79 - 88 .

KERSCHBAUM F , SORNIOTTI A . Searchable encryption for outsourced data analytics [C ] // The 7th European Conference on Public Key Infrastructures,Services and Applications (EuroPKI’10),September 23-24,2010,Athens,Greece . New York:ACM Press , 2010 : 61 - 76 .

SAHAI A , WATERS B . Fuzzy identity based encryption [C ] // 24th Annual International Conference on Theory and Applications of Cryptographic Techniques,May 22-26,2005,Aarhus,Denmark . New York:ACM Press , 2005 : 674 - 651 .

GOLDREICH O , OSTROVSKY R . Software protection and simulation on oblivious RAMs [J ] . Journal of the ACM (JACM) , 1996 , 43 ( 3 ): 431 - 473 .

浏览量

525

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

一种基于格的轻量级物联网群签密认证方案

基于移动捎带的5G广域物联网信息传输方法研究

反向散射通信技术的研究与发展

基于网络演进的人工智能技术方向研究

基于服务质量的层次化结构资源分配算法