工业互联网边缘终端初始接入可信度量方法研究

doi:10.11959/j.issn.2096-3750.2022.00292

Abstract

Abstract:

The development of the discrete manufacturing shows a trend of intelligence, openness and collaboration.As a result, many heterogeneous devices are connected to the industrial internet, which brings serious challenges to the security.Therefore, it is particularly important to introduce trust management and trusted access to devices for trusted measurement.In order to more timely and accurately evaluate the trustworthiness of the edge terminal initially accessing the system, a trustworthiness measurement method based on the device vulnerability database was innovatively proposed.This method adopted the architecture of cloud-edge collaboration, established a device information database and a vulnerability database in the central cloud, and then calculated the terminal risk factor at the edge.Finally, the trust initialization of the access terminal was completed.The simulation results show that the method can well balance the efficiency and security of the system.

Key words: industrial internet, device access, security, trust management, trust measurement, vulnerability assessment

CLC Number:

TN915.08

Ya YU, Yusun FU. Research on trust measurement method for initial access of industrial internet edge terminals[J]. Chinese Journal on Internet of Things, 2022, 6(4): 149-157.

Figures/Tables 11

References 32

[1]	陶永, 蒋昕昊, 刘默 ,等. 智能制造和工业互联网融合发展初探[J]. 中国工程科学, 2020,22(4): 24-33.
	TAO Y , JIANG X H , LIU M ,et al. A preliminary study on the integra-tion of intelligent manufacturing and industrial internet[J]. Strategic Study of CAE, 2020,22(4): 24-33.
[2]	陶利民 . 开放网络环境下基于不确定性理论的主观信任管理研究[D]. 杭州:浙江工业大学, 2013.
	TAO L M . Research on subjective trust management based on uncer-tainty theory under open network environment[D]. Hangzhou:Zhe-jiang University of Technology, 2013.
[3]	冯玉翔 . 大规模分布式环境下动态信任管理机制的研究[D]. 广州:华南理工大学, 2013.
	FENG Y X . Research on dynamic trust management for large scale distributed environment[D]. Guangzhou:South China University of Technology, 2013.
[4]	边缘计算产业联盟,工业互联网产业联盟. 边缘计算与云计算协同白皮书2.0[R]. 2007.
	Edge Computing Consortium (ECC),Alliance of Industrial Internet (AII). Edge computing and cloud computing collaboration white paper 2.0[R]. 2007.
[5]	董悦, 王志勤, 田慧蓉 ,等. 工业互联网安全技术发展研究[J]. 中国工程科学, 2021,23(2): 65-73.
	DONG Y , WANG Z Q , TIAN H R ,et al. Development of industrial internet security technology in China[J]. Strategic Study of CAE, 2021,23(2): 65-73.
[6]	CLEMENS J , PAL R , PHILIP P . Poster abstract:extending trust and attestation to the edge[C]// Proceedings of 2016 IEEE/ACM Symposium on Edge Computing (SEC). Piscataway:IEEE Press, 2016: 101-102.
[7]	SHAPSOUGH S , ALOUL F , ZUALKERNAN I A . Securing low-resource edge devices for IoT systems[C]// Proceedings of 2018 International Symposium in Sensing and Instrumentation in IoT Era (ISSI). Piscataway:IEEE Press, 2018: 1-4.
[8]	张鑫, 杨晓元, 朱率率 ,等. 物联网环境下移动节点可信接入认证协议[J]. 计算机应用, 2016,36(11): 3108-3112.
	ZHANG X , YANG X Y , ZHU S S ,et al. Trusted access authentication protocol for mobile nodes in Internet of Things[J]. Journal of Comput-er Applications, 2016,36(11): 3108-3112.
[9]	张玉婷, 严承华, 魏玉人 . 基于节点认证的物联网感知层安全性问题研究[J]. 信息网络安全, 2015(11): 27-32.
	ZHANG Y T , YAN C H , WEI Y R . Research on security of IoT per-ception layer based on node authentication[J]. Netinfo Security, 2015(11): 27-32.
[10]	钱明茹 . 物联网中基于属性的安全访问控制研究[D]. 沈阳:辽宁大学, 2013.
	QIAN M R . Research on security attribute-based access control in the Internet of Things[D]. Shenyang:Liaoning University, 2013.
[11]	GUIN U , CUI P C , SKJELLUM A . Ensuring proof-of-authenticity of IoT edge devices using blockchain technology[C]// Proceedings of 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data. Piscataway:IEEE Press, 2018: 1042-1049.
[12]	向宏, 夏晓峰 . 轻量级密码在资源受限设备安全中的应用简析[J]. 自动化博览, 2018,35(S2): 72-75.
	XIANG H , XIA X F . Overview on the application of lightweight cryptography in resource-constrained system security[J]. Automation Panorama, 2018,35(S2): 72-75.
[13]	LOU X , TELLABI A . Cybersecurity threats,vulnerability and analysis in safety critical industrial control system (ICS)[C]// Recent Developments on Industrial Control Systems Resilience. Cham:Springer, 2020: 75-97.
[14]	徐震, 周晓军, 王利明 ,等. PLC 攻防关键技术研究进展[J]. 信息安全学报, 2019,4(3): 48-69.
	XU Z , ZHOU X J , WANG L M ,et al. Recent advances in PLC attack and protection technology[J]. Journal of Cyber Security, 2019,4(3): 48-69.
[15]	荆琦, 唐礼勇, 陈钟 . 无线传感器网络中的信任管理[J]. 软件学报, 2008,19(7): 1716-1730.
	JING Q , TANG L Y , CHEN Z . Trust management in wireless sensor networks[J]. Journal of Software, 2008,19(7): 1716-1730.
[16]	夏辉, 张三顺, 孙运传 ,等. 车载自组网中基于信任管理的安全组播协议设计[J]. 计算机学报, 2019,42(5): 961-979.
	XIA H , ZHANG S S , SUN Y C ,et al. Design of trust-based secure multicast routing protocol in VANETs[J]. Chinese Journal of Comput-ers, 2019,42(5): 961-979.
[17]	JAYASINGHE U . Trust evaluation in the IoT environment[D]. Liverpool John Moores University. 2018.
[18]	梁洪泉, 吴巍 . 基于动态贝叶斯网络的可信度量模型研究[J]. 通信学报, 2013,34(9): 68-76.
	LIANG H Q , WU W . Research of trust evaluation model based on dynamic Bayesian network[J]. Journal on Communications, 2013,34(9): 68-76.
[19]	JAYASINGHE U , LEE G M , UM T W ,et al. Machine learning based trust computational model for IoT services[J]. IEEE Transactions on Sustainable Computing, 2019,4(1): 39-52.
[20]	WANG Y B , WEN J H , ZHOU W ,et al. A novel dynamic cloud service trust evaluation model in cloud computing[C]// Proceedings of 2018 17th IEEE International Conference on Trust,Security and Privacy In Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). Piscataway:IEEE Press, 2018: 10-15.
[21]	WU D X , SHEN G H , HUANG Z Q ,et al. A trust-aware task offloading framework in mobile edge computing[J]. IEEE Access, 2019,7: 150105-150119.
[22]	WANG T , LUO H , JIA W J ,et al. MTES:an intelligent trust evaluation scheme in sensor-cloud-enabled industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2020,16(3): 2054-2062.
[23]	LI W J , MENG W Z , KWOK L F ,et al. Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model[J]. Journal of Network and Computer Applications, 2017,77: 135-145.
[24]	JIA C H , LIN K , DENG J . A multi-property method to evaluate trust of edge computing based on data driven capsule network[C]// Proceedings of IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops. Piscataway:IEEE Press, 2020: 616-621.
[25]	蒋伟进, 许宇胜, 郭宏 ,等. 网络在线交易动态信任计算模型与信誉管理机制[J]. 中国科学:信息科学, 2014,44(9): 1084-1101.
	JIANG W J , XU Y S , GUO H ,et al. Dynamic trust calculation model and credit management mechanism of online trading[J]. Scientia Sini-ca (Informationis), 2014,44(9): 1084-1101.
[26]	FRIEDMAN E J , RESNICK P . The social cost of cheap pseudonyms[J]. Journal of Economics ＆ Management Strategy, 2001,10(2): 173-199.
[27]	胡建理, 周斌, 吴泉源 ,等. P2P 网络环境下基于信誉的分布式抗攻击信任管理模型[J]. 计算机研究与发展, 2011,48(12): 2235-2241.
	HU J L , ZHOU B , WU Q Y ,et al. A reputation-based attack-resistant distributed trust management model for P2P networks[J]. Journal of Computer Research and Development, 2011,48(12): 2235-2241.
[28]	付才, 洪帆, 洪亮 ,等. 基于信任保留的移动Ad Hoc网络安全路由协议TPSRP[J]. 计算机学报, 2007,30(10): 1853-1864.
	FU C , HONG F , HONG L ,et al. Mobile ad hoc secure routing proto-col based on trust preserving[J]. Chinese Journal of Computers, 2007,30(10): 1853-1864.
[29]	GAO Z P , ZHAO W S , XIA C X ,et al. A credible and lightweight multidimensional trust evaluation mechanism for service-oriented IoT edge computing environment[C]// Proceedings of 2019 IEEE International Congress on Internet of Things. Piscataway:IEEE Press, 2019: 156-164.
[30]	FIGUEROA L S , A?ORGA J , ARRIZABALAGA S . A survey of IIoT protocols:A measure of vulnerability risk analysis based on CVSS[J]. ACM Computing Surveys, 2021,53(2): 44.
[31]	陶耀东, 贾新桐, 吴云坤 . 一种工业控制系统漏洞风险评估方法[J]. 小型微型计算机系统, 2020,41(3): 603-609.
	TAO Y D , JIA X T , WU Y K . Industry control system vulnerability risk assessment method[J]. Journal of Chinese Computer Systems, 2020,41(3): 603-609.
[32]	魏志强, 周炜, 任相军 ,等. 普适计算环境中防护策略的信任决策机制研究[J]. 计算机学报, 2012,35(5): 871-882.
	WEI Z Q , ZHOU W , REN X J ,et al. A strategy-proof trust based decision mechanism for pervasive computing environments[J]. Chi-nese Journal of Computers, 2012,35(5): 871-882.

Metrics

Recommended 0

No Suggested Reading articles found!

物联网平台	支持协议	设备接入鉴权方式
腾讯云物联网平台	MQTT、HTTP	证书，密钥
	CoAP	DTLS协议+密钥
阿里云物联网平台	MQTT	X.509 证书、CA 证书、ID2 证书
百度智能云天工物联网平台	MQTT	密钥，证书
华为云物联网平台	LwM2M、CoAP	DTLS协议+密钥
	MQTT	X.509证书、CA证书，密钥
	HTTPS	证书

设备名称	漏洞编号	危害等级	CVSS评分	漏洞描述
ABB工业机器人示教器	CNVD-2020-49104	中	5	存在加密算法漏洞，攻击者可利用漏洞破解出ABB工业机器人的用户密码
ACSSpiiPlusEC-08运动控制器	CNVD-2020-75690	高	7.8	存在拒绝服务漏洞，攻击者可利用该漏洞发起拒绝服务攻击
CC-PCNT02控制器	CNVD-2020-62870	中	6.1	存在拒绝服务漏洞，攻击者可利用该漏洞造成拒绝服务
Siemens S7-200控制器	CNVD-2019-40162	中	6.6	攻击者可以通过伪造数据绕过身份认证从而任意篡改PLC寄存器的值
Bit defender BOX智能家居安全控制设备	CNVD-2020-15145	高	7.6	存在安全漏洞，源于网络系统或产品的代码开发过程中存在设计或实现不当的问题
Cisco 809 Industrial ISRs工业路由器	CNVD-2020-31825	高	10	存在缓冲区溢出漏洞，源于错误的边界检查。远程攻击者可通过发送恶意的数据包利用该漏洞造成系统崩溃并重新加载

指标	指标值	数值
攻击向量AV	网络	0.85
	局域	0.62
	本地	0.55
	物理	0.2
攻击复杂性AC	低	0.77
	高	0.44
未超出影响范围的所需权限PR	无	0.85
（ privileges required/unchanged scope）	低	0.62
	高	0.27
超出影响范围时的所需权限PR	无	0.85
（privileges required/changed scope）	低	0.68
	高	0.5
用户交互UI	无要求	0.85
（user interaction）	有要求	0.62
机密性影响CF、完整性影响I、可用	无	0
性影响 A、可见性影响 V、可控性影响CT	中	0.22
	高	0.56

等级	IVSS评分
低危	0.1～3.9
中危	4.0～6.9
高危	7.0～8.9
极危	9.0～10.0

参数	参数设置
终端	总数	1 000
	高性能终端占比	20%
	低性能终端占比	80%
恶意终端占比	10%
	20%
	40%
交互任务设置	复杂任务比例	10%
	中等任务比例	30%
	简单任务比例	60%
信任度要求	复杂任务	[0.7,1.0]
	中等任务	[0.4,0.7]
	简单任务	[0,0.4]

Research on trust measurement method for initial access of industrial internet edge terminals

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 32

Related Articles 15

Metrics

Recommended 0

对比项	恶意终端占比为10%的交互成功率		恶意终端占比为20%的交互成功率		恶意终端占比为40%的交互成功率
对比项	平均值	方差(×10^-3)	平均值	方差(×10^-3)	平均值	方差(×10^-3)
本文方法	75.9%	8.2	70.1%	1.19	59.0%	1.63
最小值	24.4%	44	18.9%	23.42	28.8%	19.15
平均值	81.1%	325	82.8%	9.03	79.1%	55
最大值	100%	0	100%	0	100%	0

[1]	Lin HU, Jiabing FAN, Hong WEN, Jie TANG, Qianbin CHEN. Interference alignment based secure transmission scheme in multi-user interference networks [J]. Chinese Journal on Internet of Things, 2023, 7(2): 98-108.
[2]	Weijin JIANG, Tiantian LUO, Ying YANG, En LI, Wenying ZHOU. Private data access control model based on block chain technology in the internet of things environment [J]. Chinese Journal on Internet of Things, 2022, 6(4): 169-182.
[3]	Jun SUN, Shangweikang ZHAO. Energy-saving computation offloading scheme based on Sarsa algorithm in industrial internet of things [J]. Chinese Journal on Internet of Things, 2022, 6(3): 82-90.
[4]	Nuo HUANG, Weijie LIU, Chen GONG. Industrial IoT oriented petahertz communication [J]. Chinese Journal on Internet of Things, 2022, 6(3): 37-46.
[5]	Jin QI, Wei WANG, Mengxi CHEN, Bin XU, Zhenjiang DONG, Yanfei SUN. Concept, architecture and key technologies of industrial internet [J]. Chinese Journal on Internet of Things, 2022, 6(2): 38-49.
[6]	Yangqun LI, Dengyin ZHANG. Research and application of Web of things resource management framework [J]. Chinese Journal on Internet of Things, 2022, 6(2): 50-64.
[7]	Yigong ZHANG, Qian YI, Jian LI, Congbo LI, Aijun YIN, Shuping YI. User authentication of industrial internet based on HHT transform of mouse behavior [J]. Chinese Journal on Internet of Things, 2022, 6(2): 77-87.
[8]	Wei WANG, Renqian GU, Li3 PENG, Jijun ZHAO, Zhongcheng WEI, Cunxi CHANG. Robust optimization of air based relay for internet of things based on UAV [J]. Chinese Journal on Internet of Things, 2022, 6(1): 101-112.
[9]	Yu JIANG, Siqing CHEN, Wen SUN. Research on LoRa network security schemes based on RF fingerprint [J]. Chinese Journal on Internet of Things, 2021, 5(4): 17-25.
[10]	Jinying CAI, Feng XIANG, Ying ZUO, Lei ZHONG, Ping ZHOU. Research on a lightweight framework of industrial Internet-oriented manufacturing service collaboration level agreement [J]. Chinese Journal on Internet of Things, 2021, 5(3): 49-55.
[11]	Manzhu WANG, Ziqi LI, Yifei CHEN, Gaofeng HONG, Wei SU. Research and implementation of safety authentication technology in Internet of vehicles [J]. Chinese Journal on Internet of Things, 2021, 5(3): 106-114.
[12]	Siqi SUN. Analysis and prospects of the development of the industrial Internet in the petrochemical industry [J]. Chinese Journal on Internet of Things, 2021, 5(3): 126-132.
[13]	Meng LI,Chengxiang SI,Liehuang ZHU. Secure vehicular digital forensics system based on blockchain [J]. Chinese Journal on Internet of Things, 2020, 4(2): 49-57.
[14]	Shipeng CHEN,Bin CHEN,Mingjun DAI,Hui WANG. Blockchain-based IoT architecture [J]. Chinese Journal on Internet of Things, 2020, 4(2): 78-83.
[15]	Peng ZHOU,Jincheng XU,Bo YANG. Cross-domain task offloading and computing resource allocation for edge computation in industrial Internet of things [J]. Chinese Journal on Internet of Things, 2020, 4(2): 96-104.