绿色物联网:需求、发展现状和关键技术

从物联网的概念提出至今,政产学研用各界大力投入物联网的研究和建设工作中.当前,物联网主要集中在传统的技术设计和行业应用方面,作为信息技术产业的重要组成部分,其建设和发展必然受到能源和成本问题的制约,绿色节能也是目前关注较少的一个领域.为从根本上理清物联网目前存在的能耗问题,为建设高能效的绿色物联网提供理论依据,本文首先介绍了绿色物联网的基本概念,对绿色物联网的发展进行了分析,然后根据物联网的发展需求,结合我国物联网的发展现状,对当前绿色物联网各层的能耗构成进行了具体分析,总结了产业界和学术界在绿色物联网方面的推动工作;同时以物联网的层次关系为出发点,对绿色物联网各层的绿色节能和能效优先设计技术进行了深入分析和梳理,然后结合物联网层次关系给出了当前研究界对绿色物联网研究的各个环节的主要技术,最后对绿色物联网的未来发展进行了总结和展望.     

物联网标准体系及国际标准化最新进展

给出了物联网标准化体系,基于物联网技术体系和行业应用特殊性,将物联网标准分成4类,即物联网总体性标准、通用共性技术标准、公共物联网(M2M)标准、行业专属物联网标准。在此基础上,重点对ITU-T、OneM2M、3GPP以及传感器网络相关的标准化最新进展情况进行了介绍。     

基于扩展传染病模型和马尔可夫链的物联网可用度评估方法

为反映恶意程序传播环境下物联网可用的状态,基于扩展的SEIRD传染病模型和马尔可夫链提出一种物联网可用度评估方法。根据物联网节点的实际状态,扩展经典传染病模型SIR建立SEIRD物联网节点状态转换模型。由物联网节点各个状态之间的动态变化过程,构建物联网节点处于5种状态的概率动力学方程,得到反映各状态转换的马尔可夫矩阵,进一步得到物联网节点的可用度计算方法。以典型的星形和簇形物联网拓扑结构为例,给出整个物联网可用度的评估方法。通过实验,为管理员如何合理部署正常工作节点数、路由数提供建议。研究成果对提高物联网可用度、促进物联网成功应用具有理论指导意义。     

Modeling and verifying based on timed automata of Internet of things gateway security system

The Internet of things (IoT) is a multiple heterogeneous network,and its perception layer is often faced with various security threats.As the bridge between the perception layer and the network layer,the IoT gateway should have the security management function to prevent the security issue from spreading to the upper layer.According to the current security deficiencies in IoT gateway,a universal IoT gateway security system was proposed based on the IoT gateway middleware technology.Various security protocols or algorithms can be embedded in IoT gateway security system,and the modeling and analysis can help the design and implementation of IoT gateway.The formal modeling and verification of the IoT gateway security system was performed by timed automata.The results show that the IoT gateway security system satisfies the security properties of confidentiality,availability,authenticity,robustness,integrity and freshness.     

低速率物联网蜂窝通信技术应用展望

在物联网体系中低速率物联网的应用比例较大。低速率物联网具有成本低和消耗低优势。物联网技术人员为满足低速率物联网的应用要求,陆续研发了Cat.M和NB-Iot等系统,推动了低速率物联网的可持续发展,帮助人们深刻理解低速率物联网技术。     

物联网公共服务平台和测试

物联网公共服务平台是为种类繁多的物联网应用提供公共服务的业务运营和管理系统,它担负着提升物联网跨领域服务规模化与协同化的使命,是未来物联网应用的发展方向。本文探讨了目前物联网公共服务平台的现状,以及与公共服务特性紧密相关的平台测试方法。     

HIoTPOT: Surveillance on IoT Devices against Recent Threats

Honeypot Internet of Things (IoT) (HIoTPOT) keep a secret eye on IoT devices and analyzes the various recent threats which are dangerous to IoT devices. In this paper, implementation of a research honeypot is presented which is used to learn the recent tactics and ethics used by black hat community to attack on IoT devices. As IoT is open and easy for accessing, all the intruders are highly attracted towards IoT. Recently Telnet based attacks are very famous on IoT devices to get easy access and attack on other devices. To reduce these kinds of threats, it is necessary to know in details about intruder, therefore the aim of this research work is to implement novel based secret eye server known as HIoTPOT which will make the IoT environment more safe and secure.     

Future IoT‐enabled threats and vulnerabilities: State of the art,challenges, and future prospects

In the recent era, the security issues affecting the future Internet‐of‐Things (IoT) standards has fascinated noteworthy consideration from numerous research communities. In this view, numerous assessments in the form of surveys were proposed highlighting several future IoT‐centric subjects together with threat modeling, intrusion detection systems (IDS), and various emergent technologies. In contrast, in this article, we have focused exclusively on the emerging IoT‐related vulnerabilities. This article is a multi‐fold survey that emphasizes on understanding the crucial causes of novel vulnerabilities in IoT paradigms and issues in existing research. Initially, we have emphasized on different layers of IoT architecture and highlight various emerging security challenges associated with each layer along with the key issues of different IoT systems. Secondly, we discuss the exploitation, detection, and defense methodologies of IoT malware‐enabled distributed denial of service (DDoS), Sybil, and collusion attack capabilities. We have also discussed numerous state‐of‐the‐art strategies for intrusion detection and methods for IDS setup in future IoT systems. Third, we have presented a brief classification of existing IoT authentication protocols and a comparative analysis of such protocols based on different IoT‐enabled cyber attacks. For conducting a real‐time future IoT research, we have presented some emerging blockchain solutions. We have also discussed a comparative examination of some of the recently developed simulation tools and IoT test beds that are characterized based on different layers of IoT infrastructure. We have also outlined some of the open issues and future research directions and also facilitate the readers with broad classification of existing surveys in this domain that addresses several scopes related to the IoT paradigm. This survey article focuses in enabling IoT‐related research activities by comparing and merging scattered surveys in this domain.     

基于可信计算构筑物联网安全边界

近年来，中国物联网政策支持力度不断加大，技术创新成果接连涌现，各领域应用持续深化，产业规模保持快速增长。本论文以物联网接入边界为切入点，探讨了物联网安全接入问题的解决方案。设计了基于可信计算3.0的物联网可信网关，以及安全管理中心，构建了可信的物联网安全边界接入系统。为各种异构物联网终端设备提供了安全屏障，隔绝了针对于物联网设备的网络安全威胁。     

A Self-Optimizing QoS-Based Access for IoT Environments

Nowadays, providing Internet of Things (IoT) environments with service level guarantee is a challenging task. Moreover, IoT services should be autonomous in order to minimize human intervention and thus to reduce the operational management cost of the corresponding big scale infrastructure. We describe in this paper a service level-based IoT architecture enabling the establishment of an IoT Service Level Agreement (iSLA) between an IoT Service Provider (IoT-SP) and an IoT Client (IoT-C). The proposed iSLA specifies the requirements of an IoT service, used in a specific application domain (e-health, smart cities, etc.), in terms of different measurable Quality of Service (QoS) parameters. In order to achieve this agreement, several QoS mechanisms are to be implemented within each layer of the IoT architecture. In this context, we propose an adaptation of the IEEE 802.15.4 slotted CSMA/CA mechanism to provide different IoT services with QoS guarantee. Our proposal called QBAIoT (QoS-based Access for IoT) creates different Contention Access Periods (CAP) according to different traffic types of the IoT environment. These CAPs are QoS-based and enable traffic differentiation. Thus, a QoS CAP is configured with several slots during which only IoT objects belonging to the same QoS class can send their data. Furthermore, we specify a self-management closed control loop in order to provide our IoT architecture with a self-optimizing capability concerning QoS CAPs slots allocation. This capability takes into account the actual usage of QoS CAPs as well as the characteristics of the corresponding traffic class.

     

物联网技术与应用研究

 在解析物联网两层基本涵义的基础上,提出了包括底层网络分布、汇聚网关接入、互联网络融合、终端用户应用四部分的物联网系统架构;设计了由网络通信协议、网络控制平台、应用终端平台组成的面向物联网的网络协议体系,并从硬件和软件两个层面讨论了实现物联网的关键技术;在分析当前物联网标准、技术、安全以及应用方面存在问题的基础上提出了未来物联网发展的六个重要理念.     

物联网关键技术及其发展

阐述了物联网的概念发展,给出了一种被普遍认可的物联网概念,分别辨析了泛在网、传感网、M2M等与物联网密切相关的几个网络概念,并基于已有的物联网体系架构,将几种物联网体系架构进行了对比,分析了物联网的关键技术与标准现状     

Analysis of identifiers in IoT platforms

The Internet of Things (IoT) provides new opportunities for different IoT platforms connecting various devices together. The need to identify those devices is the foremost important to perform any kind of operation. Many organizations and standard bodies that provide specifications and frameworks for the IoT currently have their own identification mechanisms. Some existing industrial identification mechanisms can also be used in the IoT. There is no common Identification Scheme (IS) for the IoT as yet, because of the political and commercial differences amongst the standard bodies. The unavailability of a unified IS method makes the inter-working among IoT platforms challenging. This paper analyses and compares ISs used by several selected IoT platforms. This work will help in understanding the need for a common identification mechanism to provide inter-working among different IoT platforms.     

Survey of the Internet of things operating system security

With the rapid popularization and wide application of the Internet of things (IoT),the security problems of IoT operating system,which is the essential part,become more and more urgent.Firstly,the famous IoT operating systems and their different features were introduced,then it was compared with present embedded systems.Secondly,On the basis of the survey of research related to IoT operating system,the research was discussed and analyzed from the view of building a comprehensive security system,then security challenges and opportunities which the IoT system faced were pointed out,and the research status of the security of the IoT operating system was summarized.Finally,the promising future study directions in the IoT operating system security field were discussed based on the drawbacks of the existing researches,particularly,the IoT system survival technology as a new research direction was pointed out.     

基于物联网的网络信息安全体系

物联网是计算机、互联网与移动通信网等相关技术的演进和延伸,其核心共性技术、网络与信息安全技术以及关键应用是物联网的主要研究内容。物联网感知节点大都部署在无人监控环境,并且由于物联网是在现有的网络基础上扩展了感知网络和应用平台,传统网络安全措施不足以提供可靠的安全保障。物联网安全研究将主要集中在物联网安全体系、物联网个体隐私保护模式、终端安全功能、物联网安全相关法律的制订等方面。     

一种物联网教学实验系统的设计与实现

本文介绍了物联网的技术原理和应用方向,设计并实现了一种物联网教学实验系统。本系统基于无线传感器网络和射频识别技术,实现了物联网在物流、家居和医护等方面的典型应用案例。该实验系统有助于实验者深入学习物联网基本技术,并理解物联网在各种典型应用行业中的功能和系统设计方法。     

两阶段二进制物联网固件漏洞检测方法研究

物联网(internet of things, IoT )设备漏洞带来的安全问题引发了研究人员的广泛关注,出于系统稳定性的考虑,设备厂商往往不会及时更新IoT固件中的补丁,导致漏洞对设备安全性影响时间更长;同时,大部分IoT固件文件源码未知,对其进行漏洞检测的难度更大。基于机器学习的代码比较技术可以有效应用于IoT设备的漏洞检测,但是这些技术存在因代码特征提取粒度粗、提取的语义特征不充分和代码比较范围未进行约束而导致的高误报问题。针对这些问题,提出一种基于神经网络的两阶段IoT固件漏洞检测方法。基于代码的多维特征缩小代码比较范围,提高比较的效率和精确度;再基于代码特征,用神经网络模型对代码相似程度进行学习,从而判断二进制IoT固件的代码与漏洞代码的相似程度,以检测IoT固件中是否存在漏洞,最后实验证明了所提方法在IoT固件检测中的有效性。     

定量和定性相结合的物联网漏洞分类方法研究

为解决物联网漏洞数量规模巨大、分类方法欠缺问题,针对已有漏洞分类方法应用于物联网漏洞存在覆盖不完全、交叉重叠现象严重的现状,提出从物联网设备、同源跨平台漏洞以及漏洞的影响效果和漏洞利用复杂度3个维度对物联网漏洞进行科学分类的方法——VCECI。首先研究传统漏洞分类方法的特点和物联网产品研发固有特点,分析物联网漏洞分类不完善的原因。其次,对VCECI方法定量和定性相结合的分类过程进行深入论述。最后,结合实验分析该方法的应用效果。实验结果表明,VCECI方法对物联网漏洞具有较好的标识和去重能力,能够有效表示物联网漏洞的异构多样性特点。     

A blockchain future for internet of things security: a position paper

Internet of Things (IoT) devices are increasingly being found in civilian and military contexts, ranging from smart cities and smart grids to Internet-of-Medical-Things, Internet-of-Vehicles, Internet-of-Military-Things, Internet-of-Battlefield-Things, etc. In this paper, we survey articles presenting IoT security solutions published in English since January 2016. We make a number of observations, including the lack of publicly available IoT datasets that can be used by the research and practitioner communities. Given the potentially sensitive nature of IoT datasets, there is a need to develop a standard for sharing IoT datasets among the research and practitioner communities and other relevant stakeholders. Thus, we posit the potential for blockchain technology in facilitating secure sharing of IoT datasets (e.g., using blockchain to ensure the integrity of shared datasets) and securing IoT systems, before presenting two conceptual blockchain-based approaches. We then conclude this paper with nine potential research questions.     

基于云原生的分布式物联网操作系统架构研究

物联网面临应用开发复杂、终端碎片化、网络制式多样、边缘形态多样等难题，在对物联网行业及技术演进趋势分析的基础上，将物联网操作系统的概念从传统物联网终端操作系统延伸至边缘和云侧，创新地提出基于云原生的分布式物联网操作系统定义及功能架构，并分析了云原生等 8 个核心特征，该系统可屏蔽智能物联网应用所涉及的云（平台）、边缘网关、终端等海量异构资源的复杂性和差异性，为智能物联网应用开发、部署、托管提供一站式全生命周期支撑。最后给出基于云原生的分布式物联网操作系统CTWing OS研发、测试与应用情况。