博文
[转载]【电信学】物联网中的访问控制
||
本文为SICS(作者:Denis Sitenkov)的硕士论文,共44页。
新一代的无线传感器网络,即物联网,能够使用微控制器将物理对象直接连接到互联网。在大多数情况下,这些微控制器的计算资源非常有限。全球互连为数据收集、分析以及无法连接到同一局域网的对象之间的交互提供了巨大的机会。许多应用场景对传输数据的安全性和隐私性都有很高的要求。同时,用于通用计算机的安全解决方案并不总是适用于受限制的设备,这为考虑物联网技术方面的崭新解决方案留出了更多空间。
在本文中,我们研究了IETF标准草案约束应用协议的访问控制解决方案,使用数据报传输层安全协议实现安全的数据传输。我们使用集中的方法在此框架下保存访问控制信息。对于受限制的设备来说,由于公钥加密操作的计算成本可能过高,因此,我们基于对称加密构建了解决方案。评估结果表明,访问控制框架使得握手计算量增大了6.0%,数据报传输层安全实现的代码占用量增大了7.9%,但对整个握手时间没有影响。我们的新协议不易受到拒绝服务(Denial of Service)或耗尽电池攻击(Drain Battery Attack)。
The new generation of Wireless SensorNetworks, that is known as the Internet of Things enables the direct connectionof physical objects to the Internet using microcontrollers. In most cases thesemicrocontrollers have very limited computational resources. The global connectivityprovides great opportunities for data collection and analysis as well as forinteraction of objects that cannot be connected to the same local area network.Many of application scenarios have high requirements to security and privacy oftransmitted data. At the same time security solutions that are utilized forgeneral purpose computers are not always applicable for constrained devices.That leaves a room for new solutions that takes into account the technologicalaspects of the Internet of Things. In this thesis we investigate the accesscontrol solution for the IETF standard draft Constrained Application Protocol,using the Datagram Transport Layer Security protocol for transport security. Weuse the centralized approach to save access control information in theframework. Since the public key cryptography operations might becomputationally too expensive for constrained devices we build our solutionbased on symmetric cryptography. Evaluation results show that the accesscontrol framework increases computational effort of the handshake by 6.0%,increases the code footprint of the Datagram Transport Layer Securityimplementation by 7.9% and has no effect on the overall handshake time. Ournovel protocol is not vulnerable to Denial of Service or Drain Battery Attack.
1 引言
2 理论背景
3 问题描述
4 相关工作
5 解决方案概述
6 实现的具体细节
7 设计评估
8 结论
下载英文原文地址:
http://page2.dfpan.com/fs/alcdj2621229416ed37/
更多精彩文章请关注微信号:
https://blog.sciencenet.cn/blog-69686-1163488.html
上一篇:[转载]【新书推荐】【2019.11】数据激活:利用数据的变革能力实现创新的产品和服务
下一篇:[转载]【读书2】【2014】基于MATLAB的雷达信号处理基础(第二版)——目标起伏模型(4)
