摘要
物联网的安全与隐私对参与方有着较大的影响,需要建立相应的安全框架实现数据保密、访问控制、客户端隐私保护等功能以抵抗复杂攻击.论文利用可信计算技术和双线性对的签密方法提出了一个物联网安全传输模型,满足了物联网的ONS查询及物品信息传输两个环节的安全需求.模型包括了EPC物联网中ONS查询服务的安全体系及相应的安全协议,ONS根服务机构利用可信认证服务器对申请查询的本地ONS服务器(L-ONS)的合法身份及平台可信性进行验证,对通过验证的L-ONS签发临时证书,在证书有效时间内L-ONS可持证书多次申请查询服务.安全ONS查询服务实现了匿名认证功能,仅对授权且可信的L-ONS提供查询服务,阻止了非法ONS查询物品信息;在传输过程中,远程物品信息服务器按响应路径中各节点的顺序从后至前用公钥对物品信息嵌套加密.加密后的数据每经过一个路由节点被解密一层,直到本地信息服务器时物品信息才被还原成明文,传输过程中每个路由节点可以验证收到数据的完整性及转发路径的真实性.分析表明,新的传输模型具有安全性、匿名性、可信性和抗攻击性等特点.
The security and privacy of the Internet of Things has an impact on the involved stake- holders. Measures ensuring the architecture's resilience to attacks, data confidentiality, access control and client privacy need to be established. A novel transmission model of IoT is proposed with trusted computing technology. And signcryption schemes from bilinear pairings, which real- izes the security requirement of IoT in ONS query and object information transmission. A securi- ty architecture and security protocols in the EPC ONS query system have been designed in this model. Root-ONS can authenticate the identities and platform creditability of local ONS servers (L-ONS) by trusted authentication server (TAS), and the TAS give a temporary certificate to validated L-ONS who can apply for enquiry services many times with the certificate in the valida- ted time. A security ONS query service with anonymous authentication provides only to those au- thorized and trusted L-ONS, which prevents the illegal ONS to enquire information of things. In the transmission process, Remote Information Server of Things (R-TIS) wraps the information of things into multiple encryption layers with the routing node's public key according the order of responded nodes from the end to the start. The encryption data is decrypted the outer layer at each routing node, until the Local Information Server of Things (L-TIS) receives the plain text. Meanwhile, the responded nodes can check the integrity of received data and the creditability of routing path in the transmitting procedure. The analysis shows that the novel transmission model of IoT has many properties, such as security, anonymity, trustworthy and attack-resistant.
出处
《计算机学报》
EI
CSCD
北大核心
2011年第8期1351-1364,共14页
Chinese Journal of Computers
基金
国家"八六三"高技术研究发展计划项目基金(2007AA01Z438200)
国家自然科学基金重点项目(60633020)资助~~
关键词
物联网
ONS查询
可信计算
匿名认证
匿名传输
Internet of Things
ONS query
trusted computing
anonymous authentication
anonymous transmission
