本文为比利时鲁汶大学（作者：Dimitri Jonckers）的硕士论文，共108页。

物联网（IoT）将互联网的范围扩大到数百亿台设备。由于连接对象及其规范的异构性，很难为物联网及其安全性设计一个通用的框架。本文旨在为智能家居环境中的物联网设备提供安全和隐私保护。第一个也是核心贡献是开发一个网关，它位于智能家庭的边界，即，家庭设备和外部用户（如服务提供商）之间。它能够提供机密性、认证、授权和隐私，并且能够代表无法保护自己的受约束设备来处理这些问题。模块化体系结构为每个安全域包含多个提供者，并且可以很容易地扩展以支持更多机制。网关的另一个功能是通过查找提供请求服务的设备来发现服务。网关根据用户配置的策略实施安全性。

本文的第二个贡献是为此目的设计了一种策略描述语言。它允许用户指定其设备的要求以及与其他对象和参与方（可能位于智能家居外部）的通信通道。性能测试结果显示了对性能的影响有限，允许在一个会话中每秒交换数十个会话设置和数百条消息。因此，网关以高效的方式在物联网中提供安全性。支持多个安全提供者的灵活性和统一服务的可能性意味着网关将帮助开发人员安全地创建异构互联网的应用程序。

The Internet of Things (IoT) broadens thescope of the internet to tens of billions of devices. Because of theheterogeneity of the connected objects and their specifications, it becomesdifficult to craft a general framework for the IoT and its security. Thisthesis aims to provide security and privacy for Internet of Things devices in asmart home setting. The first and core contribution is the development of agateway which stands at the border of the smart home, between the home’sdevices and outside users such as service providers. It is capable of providingconfidentiality, authentication, authorisation and privacy and can take care ofthis on behalf of constrained devices which are incapable of securingthemselves. The modular architecture includes several providers for eachsecurity domain, and can easily be extended in order to support moremechanisms. Another capability of the gateway is service discovery by lookingup devices offering requested services. The gateway enforces security based onpolicies which the user configures. A second contribution of this thesis is apolicy description language designed for this purpose. It allows users tospecify requirements for their devices and communication channels with otherobjects and parties, possibly located outside of the smart home. Performancetest results show a limited impact on performance, allowing tens of sessionset-ups per second and several hundreds of messages per second to be exchangedwithin a session. Hence, the gateway provides security in the IoT in aperformant manner. The flexibility in supporting several security providers andthe possibility to address services uniformly imply that the gateway will aiddevelopers to securely create applications for the heterogeneous Internet ofThings.

1. 引言

2. 文献回顾

3. 项目场景

4. 网关设计

5. 策略定义语言

6. 具体实现

7. 评估与讨论

8. 结论

附录A 交换信息的语法

附录B IEEE文献

附录C 海报

更多精彩文章请关注公众号：