物联网安全技术发展及防护手段的探究

随着物联网技术的发展,物联网安全问题也逐渐受到重视。文中首先介绍了物联网安全技术的发展现状,包括安全协议、安全机制和安全服务等。然后,介绍了物联网防护手段,包括安全策略、认证机制、安全机制和安全管理等。最后,提出了未来物联网安全技术的发展趋势和建议,希望能提升物联网的安全性。     

A blockchain-enabled security management framework for mobile edge computing

Mobile edge computing (MEC) integrates mobile and edge computing technologies to provide efficient computing services with low latency. It includes several Internet of Things (IoT) and edge devices that process the user data at the network's edge. The architectural characteristic of MEC supports many internet-based services, which attract more number of users, including attackers. The safety and privacy of the MEC environment, especially user information is a significant concern. A lightweight accessing and sharing protocol is required because edge devices are resource constraints. This paper addresses this issue by proposing a blockchain-enabled security management framework for MEC environments. This approach provides another level of security and includes blockchain security features like temper resistance, immutable, transparent, traceable, and distributed ledger in the MEC environment. The framework guarantees secure data storage in the MEC environment. The contributions of this paper are twofold: (1) We propose a blockchain-enabled security management framework for MEC environments that address the security and privacy concerns, and (2) we demonstrate through simulations that the framework has high performance and is suitable for resource-constrained MEC devices. In addition, a smart contract-based access and sharing mechanism is proposed. Our research uses a combination of theoretical analysis and simulation experiments to demonstrate that the proposed framework offers high security, low latency, legitimate access, high throughput, and low operations cost.     

A secure multifactor remote user authentication scheme for Internet of Multimedia Things environment

To attain ubiquitous connectivity of everything, Internet of Things (IoT) systems must include “multimedia things.” Internet of Multimedia Things (IoMT) is a heterogeneous network of smart multimedia things connected together and with other physical devices to the Internet so as to achieve globally available multimedia services and applications. Due to the ever increasing amount of multimedia data in IoT environments, securing these systems becomes crucial. This is because these systems are easily susceptible to attacks when information or any service is accessed by the users. In this paper, we propose a secure three‐factor remote user authentication scheme for IoMT systems using ECC. The formal security proof performed using ROR model and BAN logic confirms that an attacker will not be able to extract sensitive user information. Through informal security analysis, we justify the resistance of the scheme against several security attacks. The performance comparison shows that the scheme is efficient in terms of computational cost, security features, and attack resistance. Furthermore, simulation of the scheme using AVISPA and Proverif proves that the scheme is secure against all active and passive attacks.     

Secure multi‐factor remote user authentication scheme for Internet of Things environments

Because of the exponential growth of Internet of Things (IoT), several services are being developed. These services can be accessed through smart gadgets by the user at any place, every time and anywhere. This makes security and privacy central to IoT environments. In this paper, we propose a lightweight, robust, and multi‐factor remote user authentication and key agreement scheme for IoT environments. Using this protocol, any authorized user can access and gather real‐time sensor data from the IoT nodes. Before gaining access to any IoT node, the user must first get authenticated by the gateway node as well as the IoT node. The proposed protocol is based on XOR and hash operations, and includes: (i) a 3‐factor authentication (ie, password, biometrics, and smart device); (ii) mutual authentication ; (iii) shared session key ; and (iv) key freshness . It satisfies desirable security attributes and maintains acceptable efficiency in terms of the computational overheads for resource constrained IoT environment. Further, the informal and formal security analysis using AVISPA proves security strength of the protocol and its robustness against all possible security threats. Simulation results also prove that the scheme is secure against attacks.     

DTLS based security and two-way authentication for the Internet of Things

In this paper, we introduce the first fully implemented two-way authentication security scheme for the Internet of Things (IoT) based on existing Internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol. By relying on an established standard, existing implementations, engineering techniques and security infrastructure can be reused, which enables easy security uptake. Our proposed security scheme is therefore based on RSA, the most widely used public key cryptography algorithm. It is designed to work over standard communication stacks that offer UDP/IPv6 networking for Low power Wireless Personal Area Networks (6LoWPANs). Our implementation of DTLS is presented in the context of a system architecture and the scheme’s feasibility (low overheads and high interoperability) is further demonstrated through extensive evaluation on a hardware platform suitable for the Internet of Things.     

Securing multicast in DVB-RCS satellite systems

While TV broadcasting is probably the best known application of satellite technology, satellite service providers are now expanding their services to include Internet data transmission. Consequently, security of satellite data is becoming an important issue. This article examines the current DVB-RCS security standard and identifies the principal gaps in the provision of secure multicast over DVB-RCS. The main contribution of this article is a proposal for adapting the current DVB-RCS two-way satellite standard to provide secure multicast services over satellites.     

A Security Model Based on Relational Model for Semantic Sensor Networks

This paper proposes a novel security model for secure query processing in semantic sensor networks. A semantic sensor network (SSN) is a sensor network including semantics of sensory data and context information, and relationships between the semantics by using Semantic Web technologies. Even though much research has been activated on SSN, there is little activity on how to securely access data in semantic sensor networks. Most of storages have been developed based on relational database model and the relational database model provides a secure and robust security support. Therefore, we need to devise a security model considering such a real environment. This paper proposes a new access control model for secure query processing in semantic sensor networks. The proposed security model is based on relational database security model. This paper shows the overall framework and definitions of the proposal, and the experiment and evaluation is described to show validity of our proposal. With the experiment and evaluation, it is clear that the proposed model provides a secure access control support for SSNs.     

Interoperability in semantic Web of Things: Design issues and solutions

The significant improvement in processing power, communication, energy consumption, and the size of computational devices has led to the emergence of the Internet of Things (IoT). IoT projects raise many challenges, such as the interoperability between IoT applications because of the high number of sensors, actuators, services, protocols, and data associated with these systems. Semantics solves this problem by using annotations that define the role of each IoT element and reduces the ambiguity of information exchanged between the devices. This work presents SWoTPAD, a semantic framework that helps in the development of IoT projects. The framework is designer oriented and provides a semantic language that is more user‐friendly than OWL‐S and WSML and allows the IoT designer to specify devices, services, environment, and requests. Following this, it makes use of these specifications and maps them for RESTful services. Additionally, it generates an automatic service composition engine that is able to combine services needed to handle complex user requests. We validated this approach with two case studies. The former concerns a residential security system and the latter, the cloud application deployment. The average time required for service discovery and automatic service composition corresponds to 72.9% of the service execution time in the case study 1 and 64.4% in the case study 2.     

InternetVPN技术进展情况

虚拟专用网与Ｉｎｔｅｒｎｅｔ的结合形成了当前业界发展的一个热点－ＩＮＰＶ。ＩＶＰＮ通过加密、鉴定和隧道协议来实现,它把路由器交换机和传输线结合在一起,以实现安全保密的通信。ＩＥＴＦ的ＩＰｓｅｃ是隧道协议的一种,为ＶＰＮ之间的互操作提供了标准,目前已有一些ＩＰＳ提供了具有一定安全性的ＩＶＰＮ业务。     

卫星物联网混合随机接入技术

在卫星物联网(IoT)场景中,随着终端数量不断增加,频谱资源日益紧张。传统的随机接入技术频谱利用率较低,使得传统随机接入协议不适用于未来卫星IoT的高并发业务需求。同时,卫星通信链路长,开放性强,难以保证特种终端信号的安全性。对此,本文提出一种适用于卫星IoT的混合随机接入方案。该方案引入重叠传输的容量提升与安全性优势,利用扩频码对瞬时功率谱密度的控制能力,构造功率域非正交接入条件,并通过接收端的迭代分离实现稳健接收。对本文所提方案的吞吐量性能进行闭式解推导分析与计算机仿真,结果表明,与传统的随机接入协议相比,所提方案可提高系统吞吐量。同时,相较于常用信号隐藏方法,所提方法利用常规接入数据包的功率优势,强化了波形隐藏效果,提升了特种信息接入的安全性。     

Security in Internet of Things: issues,challenges, taxonomy,and architecture

Internet technology is very pervasive today. The number of devices connected to the Internet, those with a digital identity, is increasing day by day. With the developments in the technology, Internet of Things (IoT) become important part of human life. However, it is not well defined and secure. Now, various security issues are considered as major problem for a full-fledged IoT environment. There exists a lot of security challenges with the proposed architectures and the technologies which make the backbone of the Internet of Things. Some efficient and promising security mechanisms have been developed to secure the IoT environment, however, there is a lot to do. The challenges are ever increasing and the solutions have to be ever improving. Therefore, aim of this paper is to discuss the history, background, statistics of IoT and security based analysis of IoT architecture. In addition, we will provide taxonomy of security challenges in IoT environment and taxonomy of various defense mechanisms. We conclude our paper discussing various research challenges that still exist in the literature, which provides better understanding of the problem, current solution space, and future research directions to defend IoT against different attacks.     

物联网中安全问题研究

物联网作为一种新型的网络架构,被称为继计算机和互联网后信息产业界的第三次革命浪潮。但传统的物联网中没有很好的将安全机制进行阐述和定义,因此,本文通过研究和分析现有的物联网中存在的安全问题,将保护层的概念引入到传统意义的物联网架构中,并对保护层的工作原理和机制进行深入的分析和研究。     

NGN业务模型变化和电信变革

NGN(下一代网络)采用集中控制的统一的承载网提供综合业务,解决了QoS(服务质量)、安全性和可管理问题,但这种集中管理模式部分削弱和丧失了互联网无所不在的性能,不能有效地支持以P2P为代表的互联网新应用和机-机业务.此外,NGN按服务质量和使用量收费的业务模型,不适应目前消费类宽带业务的发展,以宽带接入包月为代表的互联网运营模式强烈冲击传统电信业务模式,动摇了NGN业务模型的基础.NGN需要并行发展具有分布管理能力的下一代互联网,利用互联网作为基层承载网,在其上应用层建立重叠网支持P2P应用和提供分布式管理,面向广大消费者提供固定和移动宽带互联网业务,支持机-机的各种应用,充分发挥互联网无所不在的优势.     

移动云计算安全问题及安全度量方法浅析

移动云计算安全度量是云计算安全中的一个研究领域,主要是研究采用手机等移动终端设备,通过移动互联网使用云计算服务过程中的安全问题及安全度量方法。本文分析了目前移动云计算行业发展过程中存在的安全问题,指出了这些安全问题是阻碍用户使用云计算服务的关键,分析了传统的安全度量方法在移动云计算中的应用的优缺点,并在此基础上提出了一种基于场景的移动云计算安全度量方法,该方法可以有效度量和展示用户正在使用的云计算服务的安全情况,可以解除用户对于安全的顾虑,让用户放心使用。     

基于电力物联网的安全防护技术

电力公司是一项利国利民的事业,为此将物联网融入电力公司是非常重要的举措,但是当前电力物联网安全问题一直以来是困扰其发展的重要因素,如何才能在信息传递中确保安全性就成为重点。文章针对电力物联网的安全防护技术进行了研究,首先对物联网进行概述;其次分析当前电力物联网安全防护技术应用情况;然后提出电力物联网面临的安全隐患;最后给予基于电力物联网的安全防护技术相关建议,以期能够通过此次研究为电力物联网安全运行寻求更好的路径。     

移动互联网环境下的云计算安全技术体系架构

文章在研究分析云计算安全风险和安全技术体系架构的基础上,结合移动互联网的特点,设计了一个多层次、多级别、弹性、跨平台和统一用户接口的移动互联网通用云计算安全技术体系架构。该架构可实现不同等级的差异化云安全服务,其中跨层的云安全管理平台可对整个系统的运维安全情况进行跨安全域和跨安全级别的监控。     

Group and hierarchical key management for secure communications in internet of things

Different devices with different characteristics form a network to communicate among themselves in Internet of Things (IoT). Thus, IoT is of heterogeneous in nature. Also, Internet plays a major role in IoT. So, issues related to security in Internet become issues of IoT also. Hence, the group and hierarchical management scheme for solving security issues in Internet of Things is proposed in this paper. The devices in the network are formed into groups. One of the devices is selected as a leader of each group. The communication of the devices from each group takes place with the help of the leader of the corresponding group using encrypted key to enhance the security in the network. Blom's key predistribution technique is used to establish secure communication among any nodes of group. The hierarchy is maintained such that the security can be increased further, but the delay is increased as it takes time to encrypt at every level of hierarchy. Hence, the numbers of levels of hierarchy need to be optimized such that delay is balanced. Hence, this algorithm is more suitable for delay‐tolerant applications. The performance of the proposed Algorithm is evaluated and is proved to perform better when compared with the legacy systems like Decentralized Batch‐based Group Key Management Protocol for Mobile Internet of Things (DBGK).     

物联网的安全威胁与应对策略

物联网被称为第三次信息革命,随着物联网技术的发展和应用的不断扩展,物联网的安全隐患受到人们的日益关注,安全问题已经成为制约其发展的重要因素。从剖析物联网的三层体系结构出发,分析了物联网受到的种种安全威胁,最后给出相应的安全策略。