物联网的安全威胁及需求分析

物联网分布范围的广泛性、节点的移动性以及业务应用的复杂性给物联网的安全带来严峻挑战。根据物联网的架构和特点,划分物联网的安全体系,并分析了不同层面所面临的多种安全问题。分别从物联网末端节点、感知层、网络层、应用层、管理控制五个层面全面分析了物联网可能面临的多种安全威胁,并在此基础上提出了物联网面临的安全需求。     

互联网数据中心安全管理

文章认为互联网数据中心面临的主要安全威胁包括侵入攻击、拒绝服务攻击和分布式拒绝服务攻击、蠕虫病毒等。在数据中心网络安全建设和管理中,文章建议从网络架构、安全设备、安全管理多方面保障互联网数据中心安全。具体手段上建议采取网络多层多区域设计原则,建立安全边界,实施不同等级的安全措施和防护办法,以形成多层次的网络架构;部署多方面的网络安全设备,形成全方位一体化安全防护体系;制订健全的安全管理和运维制度,建设系统的安全管理体系。摘要:     

物联网网络攻击风险及安全防护技术浅析

本文通过物联网存在的安全风险,从感知层、网络层、应用层三个技术层面,分析了物联网的网络攻击技术及相应的安全防护技术。     

物联网安全问题分析

随着物联网的快速发展,其安全问题渐渐被重视起来。本文根据物联网的基本概念、特点,分析了物联网的三层体系结构分布情况及各层面临的安全威胁,提出了物联网各层的安全架构,对今后物联网的研究和发展有重要的借鉴和参考价值。     

软刀片改变安全

如今，不仅网络应用日益普及，安全威胁的类型也不断的增加，这让企业的安全投入不断的增加，企业不停地购买新的安全设备，管理、维护越来越庞杂的安全体系架构，以保障自身的信息安全。     

物联网发展中的安全风险及对策研究

分析了国内外物联网安全政策、技术、标准、产业等形势,重点强调了当前我国物联网发展中存在的安全风险,包括大连接环境下的设备风险、物联网网络本身安全风险以及物联网上承载的各类应用安全风险,提出了打造以密码为核心的物联网安全体系,加速新技术在物联网安全的应用,以新基建为契机建立物联网领域安全设备泛在化部署新体系,以多层次立体式理念确保物联网安全,呼吁供给侧需求侧建立安全协同新机制,共同促进物联网产业安全可持续发展。     

移动互联网安全框架

文章认为应当采用物理与信息安全分层,依据移动互联网网络结构,构建移动互联网安全架构。按照网络特征,移动互联网可以分终端、网络以及业务系统3个部分;网络与信息安全分设备/环境安全、业务应用安全、信息自身安全以及信息内容安全4个层面。移动互联网安全应将终端、网络以及业务系统分别在设备/环境、业务应用、信息自身以及信息内容安全层面加以研究。     

运营商物联网安全防护体系研究

针对物联网安全需求,对物联网安全防护体系架构进行研究,提出"4+1"物联网安全防护体系,并详述各层安全防护技术和措施,给出物联网安全生态建设建议。     

智能终端安全防护体系设计

本文通过对智能终端技术架构的安全梳理和分析,找出智能终端存在的安全问题,从技术角度提出一个合理的安全体系,分别从安全管理、固件安全、网络安全、操作系统、应用安全等几个层面给出了防护建议。对中国移动智能终端的安全管理有很强的指导意义。     

物联网中安全问题研究

物联网作为一种新型的网络架构,被称为继计算机和互联网后信息产业界的第三次革命浪潮。但传统的物联网中没有很好的将安全机制进行阐述和定义,因此,本文通过研究和分析现有的物联网中存在的安全问题,将保护层的概念引入到传统意义的物联网架构中,并对保护层的工作原理和机制进行深入的分析和研究。     

物联网中信任管理机制(英)

Trust management has been proven to be a useful technology for providing security service and as a consequence has been used in many applications such as P2P,Grid,ad hoc network and so on.However,few researches about trust mechanism for Internet of Things(IoT) could be found in the literature,though we argue that considerable necessity is held for applying trust mechanism to IoT.In this paper,we establish a formal trust management control mechanism based on architecture modeling of IoT.We decompose the IoT into three layers,which are sensor layer,core layer and application layer,from aspects of network composition of IoT.Each layer is controlled by trust management for special purpose:self-organized,affective routing and multi-service respectively.And the final decision-making is performed by service requester according to the collected trust information as well as requester' policy.Finally,we use a formal semantics-based and fuzzy set theory to realize all above trust mechanism,the result of which provides a general framework for the development of trust models of IoT.     

Modeling and verifying based on timed automata of Internet of things gateway security system

The Internet of things (IoT) is a multiple heterogeneous network,and its perception layer is often faced with various security threats.As the bridge between the perception layer and the network layer,the IoT gateway should have the security management function to prevent the security issue from spreading to the upper layer.According to the current security deficiencies in IoT gateway,a universal IoT gateway security system was proposed based on the IoT gateway middleware technology.Various security protocols or algorithms can be embedded in IoT gateway security system,and the modeling and analysis can help the design and implementation of IoT gateway.The formal modeling and verification of the IoT gateway security system was performed by timed automata.The results show that the IoT gateway security system satisfies the security properties of confidentiality,availability,authenticity,robustness,integrity and freshness.     

Security of the Internet of Things: perspectives and challenges

Internet of Things (IoT) is playing a more and more important role after its showing up, it covers from traditional equipment to general household objects such as WSNs and RFID. With the great potential of IoT, there come all kinds of challenges. This paper focuses on the security problems among all other challenges. As IoT is built on the basis of the Internet, security problems of the Internet will also show up in IoT. And as IoT contains three layers: perception layer, transportation layer and application layer, this paper will analyze the security problems of each layer separately and try to find new problems and solutions. This paper also analyzes the cross-layer heterogeneous integration issues and security issues in detail and discusses the security issues of IoT as a whole and tries to find solutions to them. In the end, this paper compares security issues between IoT and traditional network, and discusses opening security issues of IoT.     

A lightweight IoT‐based security framework for inventory automation using wireless sensor network

Internet of things (IoT) has evolved as an innovation of next generation in this world of smart devices. IoT tends to provide services for data collection, data management, and data and device security required for application development. Things or devices in IoT communicate and compute to make our lives comfortable and safe. In inventory automation, real‐time check on items, their information management, and status management, monitoring can be carried out using IoT. The huge amount of data that flows among the devices in the network demands for a security framework that ensures authentication, authorization, integrity, and confidentiality of data. The existing security solutions like SIMON or SPECK offer lightweight security solutions but are vulnerable to differential attack because of their simplicity. Moreover, existing solutions do not offer inbuilt authentication. Therefore, this research work contributes a secure and lightweight IoT‐based framework using wireless sensor network (WSN) as a technology. The existing security solutions SPECK and SIMON are compared with the proposed security approach using COOJA simulator. The results show that proposed approach outstands others by 2% reduction in number of CPU cycles, 10% less execution time, 4% less memory requirements of security approach, and with minimum 10% more security impact.     

ECC-CoAP: Elliptic Curve Cryptography Based Constraint Application Protocol for Internet of Things

Constraint Application Protocol (CoAP), an application layer based protocol, is a compressed version of HTTP protocol that is used for communication between lightweight resource constraint devices in Internet of Things (IoT) network. The CoAP protocol is generally associated with connectionless User Datagram Protocol (UDP) and works based on Representational State Transfer architecture. The CoAP is associated with Datagram Transport Layer Security (DTLS) protocol for establishing a secure session using the existing algorithms like Lightweight Establishment of Secure Session for communication between various IoT devices and remote server. However, several limitations regarding the key management, session establishment and multi-cast message communication within the DTLS layer are present in CoAP. Hence, development of an efficient protocol for secure session establishment of CoAP is required for IoT communication. Thus, to overcome the existing limitations related to key management and multicast security in CoAP, we have proposed an efficient and secure communication scheme to establish secure session key between IoT devices and remote server using lightweight elliptic curve cryptography (ECC). The proposed ECC-based CoAP is referred to as ECC-CoAP that provides a CoAP implementation for authentication in IoT network. A number of well-known cryptographic attacks are analyzed for validating the security strength of the ECC-CoAP and found that all these attacks are well defended. The performance analysis of the ECC-CoAP shows that our scheme is lightweight and secure.

     

Wormhole Attack Detection System for IoT Network: A Hybrid Approach

Many errors in data communication cause security attacks in Internet of Things (IoT). Routing errors at network layer are prominent errors in IoT which degrade the quality of data communication. Many attacks like sinkhole attack, blackhole attack, selective forwarding attack and wormhole attack enter the network through the network layer of the IoT. This paper has an emphasis on the detection of a wormhole attack because it is one of the most uncompromising attacks at the network layer of IoT protocol stack. The wormhole attack is the most disruptive attack out of all the other attacks mentioned above. The wormhole attack inserts information on incorrect routes in the network; it also alters the network information by causing a failure of location-dependent protocols thus defeating the purpose of routing algorithms. This paper covers the design and implementation of an innovative intrusion detection system for the IoT that detects a wormhole attack and the attacker nodes. The presence of a wormhole attack is identified using location information of any node and its neighbor with the help of Received Signal Strength Indicator (RSSI) values and the hop-count. The proposed system is energy efficient hence it is beneficial for a resource-constrained environment of IoT. It also provides precise true-positive (TPR) and false-positive detection rate (FPR).

     

Secrecy Performance in the Internet of Things: Optimal Energy Harvesting Time Under Constraints of Sensors and Eavesdroppers

Mobile Networks and Applications - In this paper, we investigate the physical layer security (PLS) performance for the Internet of Things (IoT), which is modeled as an IoT sensor network (ISN). The...     

Integration of IoT and DRAGON-lab in cloud environment

Distributed research & academic gigabits open network lab (DRAGON-lab) is the only test-bed for research purpose related to next generation internct (NGI) which based on the confederation network using...     

可信物联网架构模型

物联网已经在世界范围内得到了广泛的关注和发展,其安全性也面临严重威胁。然而由于物联网本身的特性,很多在互联网领域的安全措施不能直接照搬过来。目前的安全策略主要是针对物联网受到的威胁逐一寻找解决方案,协同机制分散。面对日益智能化、系统化、综合化的安全威胁,提出一种三元两层的可信物联网架构,根据物联网的功能设计一种全程可信安全机制,从传感器设备的软件及硬件的完整性和安全性检查开始,将可信链依次传递,直到应用层,并在应用层根据行为可信实现数据的处理和应用。同时将控制功能和数据功能分开,不同的安全策略之间相互协作、相互检验,从而有效提高物联网应对安全威胁的能力。