IoT物联网轻量级安全解决方案

首页 » 物联网 » IoT物联网轻量级安全解决方案

IoT物联网轻量级安全解决方案

本文是瑞典梅拉德伦大学的博士论文(作者Shahid Raza),共256页。

未来的互联网将是IPv6网络,它将传统的计算机和大量的智能物体或网络互联成无线传感器网络(WSNs)。物联网将成为许多服务的基础,我们的日常生活将取决于它的可用性和可靠运行。因此,在许多其他问题中,必须解决在物联网中实现安全通信的挑战。传统互联网已经建立并测试了网络安全的方法。物联网是互联网和资源受限网络的混合网络,探索物联网中互联网标准化机制的选择是合理的。

物联网需要各种安全解决方案,其中通信受到机密性、完整性和认证服务的保护;保护网络免受入侵和干扰;节点中的数据以加密形式存储。使用标准化机制,可以在不同的层保护物联网中的通信:具有IEEE 802.15.4安全性的链路层,具有IP安全性(IPsec)的网络层,以及具有数据报传输安全性(DTLS)的传输层。即使物联网有加密认证保护,传感器节点也会受到无线传感器网络和互联网的攻击。因此,需要入侵检测系统(IDS)和防火墙。因为无线传感器网络中的节点可以被捕获和克隆,所以存储数据的保护也非常重要。

本文有三个主要贡献。它通过使用轻量级压缩但标准的IPsec、DTLS和IEEE 802.15.4链路层来实现物联网中的安全通信。讨论了每种解决方案的优缺点。所提出的安全解决方案已经在物联网的实际硬件上实现和评估。本文还介绍了物联网入侵检测系统IDS的设计、实现和评估。最后,提供了保护节点中数据的机制。

不同解决方案的实验评估表明,IPsec、DTLS和802.15.4安全能够有效保护物联网中资源受限的设备,防止恶意入侵;所提出的将安全与通信相结合的机制可以显著地减少与安全相关的操作和能量消耗。

The future Internet will be an IPv6 network interconnectingtraditional computers and a large number of smart objects or networks such asWireless Sensor Networks (WSNs). This Internet of Things (IoT) will be thefoundation of many services and our daily life will depend on its availabilityand reliable operations. Therefore, among many other issues, the challenge ofimplementing secure communication in the IoT must be addressed. The traditionalInternet has established and tested ways of securing networks. The IoT is ahybrid network of the Internet and resource-constrained networks, and it istherefore reasonable to explore the options of using security mechanismsstandardized for the Internet in the IoT.
The IoT requires multi-faceted security solutions where the communication issecured with confidentiality, integrity, and authentication services; the networkis protected against intrusions and disruptions; and the data inside a sensornode is stored in an encrypted form. Using standardized mechanisms, communicationin the IoT can be secured at different layers: at the link layer with IEEE802.15.4 security, at the network layer with IP security (IPsec), and at thetransport layer with Datagram Transport Layer Security (DTLS). Even when theIoT is secured with encryption and authentication, sensor nodes are exposed towireless attacks both from inside the WSN and from the Internet. Hence anIntrusion Detection System (IDS) and firewalls are needed. Since the nodesinside WSNs can be captured and cloned, protection of stored data is alsoimportant.
This thesis has three main contributions. (i) It enables secure communicationin the IoT using lightweight compressed yet standard compliant IPsec, DTLS, andIEEE 802.15.4 link layer security; and it discusses the pros and cons of eachof these solutions. The proposed security solutions are implemented andevaluated in an IoT setup on real hardware. (ii) This thesis also presents the design,implementation, and evaluation of a novel IDS for the IoT. (iii) Last but notleast, it also provides mechanisms to protect data inside constrained nodes.
The experimental evaluation of the different solutions shows that the resource constraineddevices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; canbe efficiently protected against intrusions; and the proposed combined securestorage and communication mechanisms can significantly reduce thesecurity-related operations and energy consumption.

本文章来源于互联网,如有侵权,请联系删除!

相关推荐: 工业智能网关BL110应用之38:实现台达 PLC Delta_DVP 接入亚马逊云平台

COM口采集台达 PLC Delta_DVP的配置 工业智能网关一共有四个COM 接口, 4个COM口的配置内容一样,COM1固定为RS232,COM2、COM3和COM4是RS232/RS485可选串口(默认为RS485)。因 台达 PLC Delta_DV…