面向物联网设备的安全集群证明及修复协议

由于物联网设备本身缺少安全机制,物联网环境面临着严峻的安全挑战.而远程证明能够认证设备真实性和完整性,可以通过远程方式建立对物联网设备的信任.集群证明是远程证明技术的扩展,可以适用于大量设备构成的集群.相较于传统的远程证明,集群证明解放了验证设备,提高了验证的效率.目前,集群证明方法主要是针对静态网络,而且对于受损设备也缺乏高效的修复机制.针对这些问题,本文提出了一种基于信誉机制和Merkle树的安全集群证明及修复方法.首先,本文方法使用信誉机制实现了多对一的证明协议,能有效解决单点故障,从设备触发验证,并且能够适用于半动态网络.其次,本文引入Merkle树进行度量,能够快速地识别被感染的代码块,并进行高效地恢复;最后,本文对提出的集群证明方法进行了安全性分析和性能评估,结果表明,本文集群证明在提高了安全性的同时导致的性能开销是可以接受的.

Secure Swarm Attestation and Recovery Scheme for IoT Devices

Owing to the lack of security mechanisms for Internet of Things (IoT) devices, the IoT environment faces serious security challenges. However, remote attestation can identify the authenticity and integrity of devices and can also establish trust in IoT devices through a remote mode. Swarm attestation is an extension of remote attestation technology, which can be applied to swarm composed of a large number of devices. Compared with the traditional remote attestation, the swarm attestation liberates the verifier and improves verification efficiency. At present, the swarm attestation is mainly used for static networks, and there is no efficient recovery mechanism for compromised devices. To solve these problems, this study proposes a secure swarm attestation and recovery scheme based on reputation mechanism and Merkle tree. Firstly, we use the reputation mechanism to achieve a many-to-one attestation scheme, which can effectively solve the single point of failure and also trigger the attestation from the device. In addition, the attestation scheme is suitable for semi-dynamic networks. Secondly, we introduce the Merkle tree for measurement, which can quickly and accurately identify the code blocks compromised by malicious software and efficiently recover them. Finally, the security analysis and performance evaluation of the swarm attestation scheme are presented. The results show that the swarm attestation in this study improves the security, and its performance overhead is acceptable.