本文为瑞典皇家理工学院（作者：YUANJUN SONG）的硕士论文，共34页。

物联网（IoT）正在兴起，互联网和其它具有无线技术的网络使各种物理对象在线交互。近年来，随着无线通信和微电子技术的发展，物联网已成为一项有前途的技术，受到了广泛的研究关注。与其它尚未成熟的技术发明一样，虽然物联网将在不久的将来向用户承诺更好的生活，但这也是一个安全风险，尤其是现在，隐私越来越受到人们的关注。物联网的关键技术还不成熟，因此，物联网的研究和应用尚处于起步阶段。为了使物联网普及到人们的日常生活中，必须加强物联网的安全性。

本文首先对物联网与互联网进行了比较。虽然物联网是以互联网为基础的，但由于物联网的特点，互联网中成熟的端到端安全协议和保护措施不能通过感知层、传输层和应用层直接提供端到端的数据安全。针对物联网安全寻址问题（如互联网DNS攻击），本文提出了物联网寻址安全模型。传统的访问控制和身份认证只在同一层工作。本文设计的物联网寻址安全模型有效地解决了在不改变通信双方协议的情况下，在寻址过程中垂直传递认证结果的问题。此外，本文还从对象应用层寻址、DNS寻址和IP寻址阶段提供了对象访问控制和隐私保护。最后，结合物联网对象寻址安全模型和实际应用场景，设计了物联网对象的安全访问模型。在这个模型中，访问请求者可以通过单一登录访问不同域中的对象，该模型为访问请求者和对象之间的端到端通信提供了保护。

The Internet of Things (IoT) is emerging the Internet and other networks with wireless technologies to make physical objects interact online. The IoT has developed to become a promising technology and receives significant research attention in recent years because of the development of wireless communications and micro-electronics. Like other immature technological inventions, although IoT will promise their users a better life in the near future, it is a security risk, especially today the privacy is increasingly concerned by people. The key technologies of IoT are not yet mature. Therefore the researches and applications of the IoT are in the early stage. In order to make the IoT pervade people's everyday life, the security of the IoT must be strengthened. In this thesis, first, the IoT is compared with the Internet. Though the IoT is based on the Internet, due to the characteristics of the IoT, those mature end-to-end security protocols and protective measures in the Internet can not directly provide the end-to-end data security through the perceptual layer, the transport layer the and application layer. For the IoT security addressing issues (such as the Internet DNS attack), this thesis proposes the IoT addressing security model. The traditional access control and the identity authentication only works in the same layer. The IoT addressing security model designed in this thesis effectively solves the issues of vertically passing the authentication results in the addressing process without changing the protocols for two communication parties. Besides, this thesis provides the object access control and privacy protection from the object application layer addressing, DNS addressing and IP addressing phases. Finally, combining the IoT object addressing security model with practical application scenario, this thesis designs the IoT object security access model. In this model, the access requester can access objects in different domains through a single sign-on. This model provides the protection for the end-to-end communication between the access requester and object.

1 引言

1.1 项目背景

1.2 问题描述

1.3 研究目标

1.4 本文纲要

2 IoT安全架构

2.1 IoT安全架构分类

3 IoT寻址安全

3.1 IoT寻址的安全问题

3.2 IoT寻址的安全模型

4 IoT对象接入的安全性

4.1 安全接入模型

5 结论 

下载英文原文地址：

http://page2.dfpan.com/fs/5lcjb22102917659ca8/  

更多精彩文章请关注微信号：