电信科学 ›› 2017, Vol. 33 ›› Issue (10): 10-18.doi: 10.11959/j.issn.1000-0801.2017270
殷安生1,张世君2
修回日期:
2017-09-22
出版日期:
2017-10-01
发布日期:
2017-11-13
作者简介:
殷安生(1982-),男,博士,南京邮电大学副研究员,主要研究方向为网络安全与评估。|张世君(1980-),男,中国电信股份有限公司连云港分公司网络操作维护中心主任、工程师,主要研究方向为电信大数据挖掘与应用。
基金资助:
Ansheng YIN1,Shijun ZHANG2
Revised:
2017-09-22
Online:
2017-10-01
Published:
2017-11-13
Supported by:
摘要:
物联网已经在世界范围内得到了广泛的关注和发展,其安全性也面临严重威胁。然而由于物联网本身的特性,很多在互联网领域的安全措施不能直接照搬过来。目前的安全策略主要是针对物联网受到的威胁逐一寻找解决方案,协同机制分散。面对日益智能化、系统化、综合化的安全威胁,提出一种三元两层的可信物联网架构,根据物联网的功能设计一种全程可信安全机制,从传感器设备的软件及硬件的完整性和安全性检查开始,将可信链依次传递,直到应用层,并在应用层根据行为可信实现数据的处理和应用。同时将控制功能和数据功能分开,不同的安全策略之间相互协作、相互检验,从而有效提高物联网应对安全威胁的能力。
中图分类号:
殷安生,张世君. 可信物联网架构模型[J]. 电信科学, 2017, 33(10): 10-18.
Ansheng YIN,Shijun ZHANG. A trusted IoT architecture model[J]. Telecommunications Science, 2017, 33(10): 10-18.
[1] | STANKOVIC J A . Research directions for the internet of things[J]. Internet of Things Journal IEEE, 2014,1(1): 3-9. |
[2] | WEBER R H . Internet of things-new security and privacy challenges[J]. Computer Law & Security Review, 2010,26(1): 23-30. |
[3] | VUPPUTURI S , RACHURI K K , MURTHY C S R . Using mobile data collectors to improve network lifetime of wireless sensor networks with reliability constraints[J]. Journal of Parallel & Distributed Computing, 2010,70(7): 767-778. |
[4] | ZHANG J , LI X , MA J ,et al. Secure and efficient authentication scheme for mobile sink in WSNs based on bilinear pairings[J]. International Journal of Distributed Sensor Networks, 2014(1): 84-88. |
[5] | 王良民, 姜顺荣, 郭渊博 . 物联网中移动 Sensor 节点漫游的组合安全认证协议[J]. 中国科学:信息科学, 2012,42(7): 815-830. |
WANG L M , JIANG S R , GUO Y B . Composable-secure authentication protocol for mobile sensors roaming in the internet of things[J]. Scientia Sinica, 2012,42(7): 815-830. | |
[6] | 周彦伟, 杨波 . 物联网移动节点直接匿名漫游认证协议[J]. 软件学报, 2015,26(9): 2436-2450. |
ZHOU Y W , YANG B . Provable secure authentication protocol with direct anonymity for mobile nodes roaming service in Internet of things[J]. Journal of Software, 2015,26(9): 2436-2450. | |
[7] | CHEN T H . A robust mutual authentication protocol for wireless sensor networks[J]. Etri Journal, 2010,32(5): 704-712. |
[8] | 杨力, 马建峰, 朱建明 . 可信的匿名无线认证协议[J]. 通信学报, 2009,30(9): 29-35. |
YANG L , MA J F , ZHU J M . Trusted and anonymous authentication scheme for wireless networks[J]. Journal on Communications, 2009,30(9): 29-35. | |
[9] | 周彦伟, 杨波, 张文政 . 可证安全的移动互联网可信匿名漫游协议[J]. 计算机学报, 2015,38(4): 733-748. |
ZHOU Y W , YANG B , ZHANG W Z . Provable secure trusted and anonymous roaming protocol for mobile internet[J]. Chinese Journal of Computers, 2015,38(4): 733-748. | |
[10] | SARMA S E , WEIS S A , ENGELS D W . Radio-frequency identification:secure risks and challenges[J]. RSA Laboratories Cryptography, 2003,6(1): 2-9. |
[11] | KORKMAZ E , USTUNDAG A . Standards,security & privacy issues about radio frequency identification (RFID)[C]// 2007 1st Annual RFID Eurasia,Sept 5-6,2007,Istanbul,Turkey. New Jersey:IEEE Press, 2007: 1-10. |
[12] | CONTI M , PIETRO R D , MANCINI L V ,et al. Mobility and cooperation to thwart node capture attacks in MANETs[J]. EURASIP Journal on Wireless Communications and Networking, 2009(1):8. |
[13] | SAVRY O , VACHERAND F . Security and privacy protection of contactless devices[M]. Berlin: SpringerPress, 2009. |
[14] | WANDER A S , GURA N , EBERLE H ,et al. Energy analysis of public-key cryptography for wireless sensor networks[C]// IEEE International Conference on Pervasive Computing and Communications,March 8-12,2005,Kauai Island,HI,USA. New Jersey:IEEE Press, 2005: 324-328. |
[15] | ESCHENAUER L , GLIGOR V D . A key-management scheme for distributed sensor networks[C]// ACM Conference on Computer and Communications Security,November 18-22,2002,Washington,DC,USA.[S.l.:s.n], 2002: 41-47. |
[16] | WANG K , BAO J , WU M ,et al. Research on security management for internet of things[C]// International Conference on Computer Application and System Modeling,Oct 22-24,2010,Taiyuan,China. New Jersey:IEEE Press, 2010. |
[17] | MEDAGLIA C M , SERBANATI A . An overview of privacy and security issues in the internet of things[M]. Berlin: SpringerPress, 2010: 389-395. |
[18] | DOMINGO-FERRER J , . A provably secure additive and multiplicative privacy homomorphism[C]// Information Security,International Conference,ISC 2002,September 30-October 2,2002,Sao Paulo,Brazil. New York:ACM Press, 2002: 471-483. |
[19] | The 12th information hiding conference[EB/OL].(2010-06-30)[2017-08-20]. . |
[20] | CONTI M , ZHANG L , ROY S ,et al. Privacy-preserving robust data aggregation in wireless sensor networks[J]. Security &Communication Networks, 2009,2(2): 195-213. |
[21] | Cisco lightweight extensible authentication protocol[EB/OL].(2015-12-13)[2017-08-20]. . |
[22] | WATRO R , KONG D , CUTI S F ,et al. TinyPK:securing sensor networks with public key technology[C]// The 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks,October 25,2004,Washington DC,USA. New York:ACM Press, 2004: 59-64. |
[23] | HSIEH W B , LEU J S . A robust user authentication scheme using dynamic identity in wireless sensor networks[J]. Wireless Personal Communications, 2014,77(2): 979-989. |
[24] | BOGDANOV A , KNUDSEN L R , LEANDER G ,et al. PRESENT:an ultra-lightweight block cipher[J]. Lecture Notes in Computer Science, 2007(4727): 450-466. |
[25] | SHIRAI T , SHIBUTANI K , AKISHITA T ,et al. The 128-bit blockcipher CLEFIA[C]// The 14th International Conference on Fast Software Encryption,March 26-28,2007,Luxembourg. New York:ACM Press, 2007: 181-195. |
[26] | ISO.Information technology-security techniques-lightweight cryptography-part 2:block ciphers[S/OL].(2012-01-31)[2017-08-20]. . |
[27] | LEANDER G , PAAR C , POSCHMANN A ,et al. New lightweight DES variants[C]// 14th International Conference on Fast Software Encryption,March 26-28,2007,Luxembourg. New York:ACM Press, 2007: 196-210. |
[28] | CANNIèRE C D , DUNKELMAN O,KNE?EVI? M . KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers[M]. Berlin: Springer Berlin HeidelbergPress, 2009: 272-288. |
[29] | BELLOVIN S M , GENNARO R , KEROMYTIS A ,et al. Applied cryptography and network security[M]. Berlin: Springer Berlin HeidelbergPress, 2012. |
[30] | 殷安生, 张顺颐 . 基于终端可信度的路由策略设计与实现[J]. 电信科学, 2016,32(4): 1-8. |
YIN A S , ZHANG S Y . Design and implementation of routing strategy based on terminal trust[J]. Telecommunications Science, 2016,32(4): 1-8. | |
[31] | 殷安生, 张顺颐 . 基于可信群划分及评估值波动性和一致性的可信评估模型[J]. 南京邮电大学学报:自然科学版, 2014,34(3): 101-105. |
YIN A S , ZHANG S Y . A trust model based on volatility and consistency in trusted groups[J]. Journal of Nanjing University of Posts and Telecommunications, 2014,34(3): 101-105. | |
[32] | SATHISHKUMAR J,R.PATEL D . A survey on internet of things:security and privacy issues[J]. International Journal of Computer Applications, 2014,90(11): 20-26. |
[33] | 丁洁, 吴汉炜, 林志阳 ,等. 增强型匿名RFID双向认证协议eARAP 的设计与分析[J]. 广西大学学报自然科学版, 2015,40(6): 1494-1500. |
DING J , WU H W , LIN Z Y ,et al. Design and analysis of an enhanced anonymous mutual RFID authentication protocol eARAP[J]. Journal of Guangxi University(Nat Sci Ed), 2015,40(6): 1494-1500. | |
[34] | HAO Y , CHENG Y , REN K . Distributed key management with protection against rsu compromise in group signature based VANETs[C]// 2008 Global Telecommunications Conference,Nov 30-Dec 4,New Orleans,LO,USA. New Jersey:IEEE Press, 2009: 1-5. |
[35] | HE D , ZEADALLY S , XU B ,et al. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular Ad Hoc networks[J]. IEEE Transactions on Information Forensics & Security, 2015,10(12): 2681-2691. |
[36] | IBRAIMI L , ASIM M , PETKOVIC M . Secure management of personal health records by applying attribute-based encryption[C]// International Workshop on Wearable MICRO and Nano Technologies for Personalized Health,June 24-26,2009,Oslo,Norway. New Jersey:IEEE Press, 2009: 71-74. |
[37] | SAHAI A , WATERS B . Fuzzy identity-based encryption[M]. Berlin: SpringerPress, 2005: 457-473. |
[38] | IEN G M , OLESHCHUK V A . Location privacy for cellular systems; analysis and solution[C]// 5th International Conference on Privacy Enhancing Technologies,May 30-June 1,2005,Cavtat,Croatia. New York:ACM Press, 2005: 40-58. |
[39] | XIAO X , SUN X , YANG L ,et al. Secure data transmission of wireless sensor network based on information hiding[C]// International Conference on Mobile and Ubiquitous Systems:Networking & Services,Aug 6-10,2007,Philadelphia,PA,USA. New Jersey:IEEE Press, 2007: 1-6. |
[40] | CURTMOLA R , GARAY J , KAMARA S ,et al. Searchable symmetric encryption:Improved definitions and efficient constructions[C]// The 13th ACM Conference on Computer and Communications Security (CCS 2006),October 30-November 3,2006,Alexandria,Virginia,USA. New York:ACM Press, 2006: 79-88. |
[41] | KERSCHBAUM F , SORNIOTTI A . Searchable encryption for outsourced data analytics[C]// The 7th European Conference on Public Key Infrastructures,Services and Applications (EuroPKI’10),September 23-24,2010,Athens,Greece. New York:ACM Press, 2010: 61-76. |
[42] | SAHAI A , WATERS B . Fuzzy identity based encryption[C]// 24th Annual International Conference on Theory and Applications of Cryptographic Techniques,May 22-26,2005,Aarhus,Denmark. New York:ACM Press, 2005: 674-651. |
[43] | GOLDREICH O , OSTROVSKY R . Software protection and simulation on oblivious RAMs[J]. Journal of the ACM (JACM), 1996,43(3): 431-473. |
[1] | 何耀宇, 张超. 面向无人机应用的低轨卫星通信技术适航分析[J]. 电信科学, 2023, 39(6): 96-104. |
[2] | 马天洋, 陈雄斌, 徐义武. 基于可见光通信的零能耗光标签[J]. 电信科学, 2023, 39(5): 20-27. |
[3] | 王晓云, 邓伟, 张龙, 孙奇. 多域协同的TDD大规模组网方法研究[J]. 电信科学, 2023, 39(4): 43-51. |
[4] | 葛雨明, 毛祺琦. 车联网新型基础设施跨域协同部署研究[J]. 电信科学, 2023, 39(3): 24-31. |
[5] | 王晓云, 段晓东, 孙滔. 平台化服务网络——新型移动通信系统架构研究[J]. 电信科学, 2023, 39(1): 20-29. |
[6] | 杜书, 马玫, 赵波, 曾琦, 刘星. 用于电力物联网随机接入的低碰撞跳频通信系统[J]. 电信科学, 2023, 39(1): 117-125. |
[7] | 马洪源, 周维, 付艳, 邵永平, 黎丹. 蜂窝物联网核心网目标架构演进探讨[J]. 电信科学, 2023, 39(1): 153-161. |
[8] | 郑师应, 李源, 杨博涵, 马帅, 肖善鹏. 5G+行业现场网技术与产业发展综述[J]. 电信科学, 2022, 38(Z1): 17-27. |
[9] | 汪晗, 刁磊, 王梦玲, 荣欣, 李佳珉, 尤肖虎. 工业物联网中URLLC的关键问题分析[J]. 电信科学, 2022, 38(Z1): 77-92. |
[10] | 王文哲, 安岗, 李忻, 张伟强, 刘振华, 郑念卿, 陈盛伟, 赵文东, 狄子翔, 顾照杰. 面向空天地一体化场景的5G卫星双模终端需求及应用探讨[J]. 电信科学, 2022, 38(Z1): 221-230. |
[11] | 王荣, 张剑寅, 宋月, 张昊, 魏彬. 5G电力虚拟专网架构及关键技术研究[J]. 电信科学, 2022, 38(Z1): 240-249. |
[12] | 曾子鸣, 董超, 朱小军, 贾子晔. 面向群体快速融合的仿生无人机集群架构[J]. 电信科学, 2022, 38(8): 17-27. |
[13] | 陈楠, 赵建军, 钟平, 黄勇军, 陈天. 基于云原生的分布式物联网操作系统架构研究[J]. 电信科学, 2022, 38(7): 146-156. |
[14] | 李昕, 孙君. 基于价值差异学习的多小区mMTC接入算法[J]. 电信科学, 2022, 38(6): 82-90. |
[15] | 虞志刚, 冯旭, 黄照祥, 陆洲. 通信、网络、计算融合的天地一体化信息网络体系架构研究[J]. 电信科学, 2022, 38(4): 11-29. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|