可信物联网架构模型

doi:10.11959/j.issn.1000-0801.2017270

摘要/Abstract

摘要：

物联网已经在世界范围内得到了广泛的关注和发展，其安全性也面临严重威胁。然而由于物联网本身的特性，很多在互联网领域的安全措施不能直接照搬过来。目前的安全策略主要是针对物联网受到的威胁逐一寻找解决方案，协同机制分散。面对日益智能化、系统化、综合化的安全威胁，提出一种三元两层的可信物联网架构，根据物联网的功能设计一种全程可信安全机制，从传感器设备的软件及硬件的完整性和安全性检查开始，将可信链依次传递，直到应用层，并在应用层根据行为可信实现数据的处理和应用。同时将控制功能和数据功能分开，不同的安全策略之间相互协作、相互检验，从而有效提高物联网应对安全威胁的能力。

关键词: 物联网, 可信, 架构

Abstract:

The internet of things (IoT) has been widely concerned and developed in the world,and its security has been paid more and more attention.However,due to the characteristics of the IoT itself,a lot of security measures in the internet field can’t be applied directly.The current security strategy mainly provide solutions according to the threat of the IoT one by one.In face of increasingly intelligent,systematic,integrated security threats,a trusted IoT architecture of two layers and tri-elements,which brought about a whole trusted security mechanism according to the function of IoT.Starting with the integrity and safety inspection of hardware and software of sensor devices,the trusted chain was transmitted until the application layer,and data was processed according to behavior trusted value in application layer.At the same time,the control function and the data function were separated,and the security strategies cooperated and verified with each other,therefore improving the ability of the IoT to deal with security threats effectively.

Key words: internet of things, trusted, architecture

中图分类号:

TP393

殷安生,张世君. 可信物联网架构模型[J]. 电信科学, 2017, 33(10): 10-18.

Ansheng YIN,Shijun ZHANG. A trusted IoT architecture model[J]. Telecommunications Science, 2017, 33(10): 10-18.

图/表 2

参考文献 43

[1]	STANKOVIC J A . Research directions for the internet of things[J]. Internet of Things Journal IEEE, 2014,1(1): 3-9.
[2]	WEBER R H . Internet of things-new security and privacy challenges[J]. Computer Law ＆ Security Review, 2010,26(1): 23-30.
[3]	VUPPUTURI S , RACHURI K K , MURTHY C S R . Using mobile data collectors to improve network lifetime of wireless sensor networks with reliability constraints[J]. Journal of Parallel ＆ Distributed Computing, 2010,70(7): 767-778.
[4]	ZHANG J , LI X , MA J ,et al. Secure and efficient authentication scheme for mobile sink in WSNs based on bilinear pairings[J]. International Journal of Distributed Sensor Networks, 2014(1): 84-88.
[5]	王良民, 姜顺荣, 郭渊博 . 物联网中移动 Sensor 节点漫游的组合安全认证协议[J]. 中国科学:信息科学, 2012,42(7): 815-830.
	WANG L M , JIANG S R , GUO Y B . Composable-secure authentication protocol for mobile sensors roaming in the internet of things[J]. Scientia Sinica, 2012,42(7): 815-830.
[6]	周彦伟, 杨波 . 物联网移动节点直接匿名漫游认证协议[J]. 软件学报, 2015,26(9): 2436-2450.
	ZHOU Y W , YANG B . Provable secure authentication protocol with direct anonymity for mobile nodes roaming service in Internet of things[J]. Journal of Software, 2015,26(9): 2436-2450.
[7]	CHEN T H . A robust mutual authentication protocol for wireless sensor networks[J]. Etri Journal, 2010,32(5): 704-712.
[8]	杨力, 马建峰, 朱建明 . 可信的匿名无线认证协议[J]. 通信学报, 2009,30(9): 29-35.
	YANG L , MA J F , ZHU J M . Trusted and anonymous authentication scheme for wireless networks[J]. Journal on Communications, 2009,30(9): 29-35.
[9]	周彦伟, 杨波, 张文政 . 可证安全的移动互联网可信匿名漫游协议[J]. 计算机学报, 2015,38(4): 733-748.
	ZHOU Y W , YANG B , ZHANG W Z . Provable secure trusted and anonymous roaming protocol for mobile internet[J]. Chinese Journal of Computers, 2015,38(4): 733-748.
[10]	SARMA S E , WEIS S A , ENGELS D W . Radio-frequency identification:secure risks and challenges[J]. RSA Laboratories Cryptography, 2003,6(1): 2-9.
[11]	KORKMAZ E , USTUNDAG A . Standards,security ＆ privacy issues about radio frequency identification (RFID)[C]// 2007 1st Annual RFID Eurasia,Sept 5-6,2007,Istanbul,Turkey. New Jersey:IEEE Press, 2007: 1-10.
[12]	CONTI M , PIETRO R D , MANCINI L V ,et al. Mobility and cooperation to thwart node capture attacks in MANETs[J]. EURASIP Journal on Wireless Communications and Networking, 2009(1):8.
[13]	SAVRY O , VACHERAND F . Security and privacy protection of contactless devices[M]. Berlin: SpringerPress, 2009.
[14]	WANDER A S , GURA N , EBERLE H ,et al. Energy analysis of public-key cryptography for wireless sensor networks[C]// IEEE International Conference on Pervasive Computing and Communications,March 8-12,2005,Kauai Island,HI,USA. New Jersey:IEEE Press, 2005: 324-328.
[15]	ESCHENAUER L , GLIGOR V D . A key-management scheme for distributed sensor networks[C]// ACM Conference on Computer and Communications Security,November 18-22,2002,Washington,DC,USA.[S.l.:s.n], 2002: 41-47.
[16]	WANG K , BAO J , WU M ,et al. Research on security management for internet of things[C]// International Conference on Computer Application and System Modeling,Oct 22-24,2010,Taiyuan,China. New Jersey:IEEE Press, 2010.
[17]	MEDAGLIA C M , SERBANATI A . An overview of privacy and security issues in the internet of things[M]. Berlin: SpringerPress, 2010: 389-395.
[18]	DOMINGO-FERRER J , . A provably secure additive and multiplicative privacy homomorphism[C]// Information Security,International Conference,ISC 2002,September 30-October 2,2002,Sao Paulo,Brazil. New York:ACM Press, 2002: 471-483.
[19]	The 12th information hiding conference[EB/OL].(2010-06-30)[2017-08-20]. .
[20]	CONTI M , ZHANG L , ROY S ,et al. Privacy-preserving robust data aggregation in wireless sensor networks[J]. Security ＆Communication Networks, 2009,2(2): 195-213.
[21]	Cisco lightweight extensible authentication protocol[EB/OL].(2015-12-13)[2017-08-20]. .
[22]	WATRO R , KONG D , CUTI S F ,et al. TinyPK:securing sensor networks with public key technology[C]// The 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks,October 25,2004,Washington DC,USA. New York:ACM Press, 2004: 59-64.
[23]	HSIEH W B , LEU J S . A robust user authentication scheme using dynamic identity in wireless sensor networks[J]. Wireless Personal Communications, 2014,77(2): 979-989.
[24]	BOGDANOV A , KNUDSEN L R , LEANDER G ,et al. PRESENT:an ultra-lightweight block cipher[J]. Lecture Notes in Computer Science, 2007(4727): 450-466.
[25]	SHIRAI T , SHIBUTANI K , AKISHITA T ,et al. The 128-bit blockcipher CLEFIA[C]// The 14th International Conference on Fast Software Encryption,March 26-28,2007,Luxembourg. New York:ACM Press, 2007: 181-195.
[26]	ISO.Information technology-security techniques-lightweight cryptography-part 2:block ciphers[S/OL].(2012-01-31)[2017-08-20]. .
[27]	LEANDER G , PAAR C , POSCHMANN A ,et al. New lightweight DES variants[C]// 14th International Conference on Fast Software Encryption,March 26-28,2007,Luxembourg. New York:ACM Press, 2007: 196-210.
[28]	CANNIèRE C D , DUNKELMAN O,KNE?EVI? M . KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers[M]. Berlin: Springer Berlin HeidelbergPress, 2009: 272-288.
[29]	BELLOVIN S M , GENNARO R , KEROMYTIS A ,et al. Applied cryptography and network security[M]. Berlin: Springer Berlin HeidelbergPress, 2012.
[30]	殷安生, 张顺颐 . 基于终端可信度的路由策略设计与实现[J]. 电信科学, 2016,32(4): 1-8.
	YIN A S , ZHANG S Y . Design and implementation of routing strategy based on terminal trust[J]. Telecommunications Science, 2016,32(4): 1-8.
[31]	殷安生, 张顺颐 . 基于可信群划分及评估值波动性和一致性的可信评估模型[J]. 南京邮电大学学报:自然科学版, 2014,34(3): 101-105.
	YIN A S , ZHANG S Y . A trust model based on volatility and consistency in trusted groups[J]. Journal of Nanjing University of Posts and Telecommunications, 2014,34(3): 101-105.
[32]	SATHISHKUMAR J,R.PATEL D . A survey on internet of things:security and privacy issues[J]. International Journal of Computer Applications, 2014,90(11): 20-26.
[33]	丁洁, 吴汉炜, 林志阳 ,等. 增强型匿名RFID双向认证协议eARAP 的设计与分析[J]. 广西大学学报自然科学版, 2015,40(6): 1494-1500.
	DING J , WU H W , LIN Z Y ,et al. Design and analysis of an enhanced anonymous mutual RFID authentication protocol eARAP[J]. Journal of Guangxi University(Nat Sci Ed), 2015,40(6): 1494-1500.
[34]	HAO Y , CHENG Y , REN K . Distributed key management with protection against rsu compromise in group signature based VANETs[C]// 2008 Global Telecommunications Conference,Nov 30-Dec 4,New Orleans,LO,USA. New Jersey:IEEE Press, 2009: 1-5.
[35]	HE D , ZEADALLY S , XU B ,et al. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular Ad Hoc networks[J]. IEEE Transactions on Information Forensics ＆ Security, 2015,10(12): 2681-2691.
[36]	IBRAIMI L , ASIM M , PETKOVIC M . Secure management of personal health records by applying attribute-based encryption[C]// International Workshop on Wearable MICRO and Nano Technologies for Personalized Health,June 24-26,2009,Oslo,Norway. New Jersey:IEEE Press, 2009: 71-74.
[37]	SAHAI A , WATERS B . Fuzzy identity-based encryption[M]. Berlin: SpringerPress, 2005: 457-473.
[38]	IEN G M , OLESHCHUK V A . Location privacy for cellular systems; analysis and solution[C]// 5th International Conference on Privacy Enhancing Technologies,May 30-June 1,2005,Cavtat,Croatia. New York:ACM Press, 2005: 40-58.
[39]	XIAO X , SUN X , YANG L ,et al. Secure data transmission of wireless sensor network based on information hiding[C]// International Conference on Mobile and Ubiquitous Systems:Networking ＆ Services,Aug 6-10,2007,Philadelphia,PA,USA. New Jersey:IEEE Press, 2007: 1-6.
[40]	CURTMOLA R , GARAY J , KAMARA S ,et al. Searchable symmetric encryption:Improved definitions and efficient constructions[C]// The 13th ACM Conference on Computer and Communications Security (CCS 2006),October 30-November 3,2006,Alexandria,Virginia,USA. New York:ACM Press, 2006: 79-88.
[41]	KERSCHBAUM F , SORNIOTTI A . Searchable encryption for outsourced data analytics[C]// The 7th European Conference on Public Key Infrastructures,Services and Applications (EuroPKI’10),September 23-24,2010,Athens,Greece. New York:ACM Press, 2010: 61-76.
[42]	SAHAI A , WATERS B . Fuzzy identity based encryption[C]// 24th Annual International Conference on Theory and Applications of Cryptographic Techniques,May 22-26,2005,Aarhus,Denmark. New York:ACM Press, 2005: 674-651.
[43]	GOLDREICH O , OSTROVSKY R . Software protection and simulation on oblivious RAMs[J]. Journal of the ACM (JACM), 1996,43(3): 431-473.