CN108965321A - A kind of Security Architecture of Internet of Things - Google Patents

A kind of Security Architecture of Internet of Things Download PDF

Info

Publication number
CN108965321A
CN108965321A CN201810908503.7A CN201810908503A CN108965321A CN 108965321 A CN108965321 A CN 108965321A CN 201810908503 A CN201810908503 A CN 201810908503A CN 108965321 A CN108965321 A CN 108965321A
Authority
CN
China
Prior art keywords
node data
key
array
network layer
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810908503.7A
Other languages
Chinese (zh)
Inventor
宋苗
李波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Institute of Engineering
Original Assignee
Chongqing Institute of Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Institute of Engineering filed Critical Chongqing Institute of Engineering
Priority to CN201810908503.7A priority Critical patent/CN108965321A/en
Publication of CN108965321A publication Critical patent/CN108965321A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of Security Architectures of Internet of Things, including node data authentication module, node data encrypting module, node data memory module, node data sending module, network layer background data base, two-way be mutually authenticated is carried out using dynamic key array between network layer background data base and node data authentication module, after two-way authentication passes through, node data encrypting module carries out accidental enciphering to the data in node data memory module, is sent to network layer by node data sending module after encryption.The present invention realizes two-way authentication to sensing node and network layer using dynamic key array, to improve sensing layer to the resistivity of the attacks such as eavesdropping, tracking attack, unauthorized access and playback;After certification passes through, node data encrypting module is recycled to split data into several subdatas, accidental enciphering respectively is carried out to each subdata, even if having cracked certification, also can avoid information and stolen completely.

Description

A kind of Security Architecture of Internet of Things
Technical field
The invention belongs to internet of things field, are a kind of Security Architectures of Internet of Things specifically.
Background technique
In information-intensive society, Internet of Things as new industry have evolved into the ordinary life system of individual it is indispensable at Point.Internet of Things is construed as a kind of large-scale network system, usually by diversified information sensing device and internet The network system for being engaged togather and constituting.At this stage, great attention of the Internet of Things information security problem by the mankind, together When it is also associated with Internet of Things cause sustainable development.Safety problem has privacy maintenance to tie up with sensor network in Internet of Things Protect two parts content.
Internet of things concept was most proposed earlier than 1999 by Massachusetts Institute Technology, but there is no clear for industry all the time Unified definition.The Internet of Things of early stage refers to the logistics network of radio frequency identification (RFID) technology of support, with technology and application Development, the intension of Internet of Things have occurred that large change.It 2010, is taken the lead academia and industry by Chinese Academy of Engineering The numerous experts and scholars in boundary have held multiple meeting, study internet of things concept, architectural framework and related the connotation and extension It discusses, has unified the understanding of Internet of Things.
At this stage, Internet of Things refers to that deployment has certain sensing capability, computing capability and holds in the entity of physical world The various information sensing devices of row ability, by the network facilities realize information transmission, collaboration and processing, thus realize wide area or The interconnection of information exchange demand between large-scale people and object, object and object.Internet relies on much information acquiring technology, including Sensor, RFID, two dimensional code, multimedia collection technology etc..
Currently, Internet of Things network architecture is divided into sensing layer, network layer and application layer.
Sensing layer, including using sensor as the awareness apparatus of representative, using RFID as the identification equipment of representative, with GPS, Beidou Navigation system etc. is the positioning tracing equipment of representative, and may merge the intelligent terminal (mobile phone) of part or all of above-mentioned function Deng.Large-scale perception then constitutes wireless sensor network.In addition, the terminal device of M2M, intelligent object all can be considered sense Know the object in layer.Sensing layer is the source of Internet of Things information and data.
Network layer, including access net, core net and service end system (cloud computing platform, information network center, in data Heart etc.).Access net can be wireless short-distance access network, such as WLAN, Zigbee, Bluetooth.It can also be with It is wireless remote accessing, such as mobile communications network, WiMAX.May also for other access forms, as cable network access, Cable television access, fieldbus access, Satellite communication access etc..The carrying of network layer is core net.Network layer is Internet of Things The transport layer of information and data, in addition, network layer also includes the functions such as information storage inquiry, network management.Cloud computing platform is made Storage, analysis platform for magnanimity perception data are the important component and the numerous applications of application layer of Internet of Things network layer Basis.
Application layer provides special services abundant using the perception data handled by analysis for user, these services The function of usually being newly increased after having perception, identification, location tracking ability, such as smart grid, Intelligent logistics, long-range doctor Treatment, intelligent transportation, smart home, environmental monitoring etc..By the transmission of data and network layer that sensing layer provides, carry out corresponding Processing after, sensing layer may be fed back to again by network layer.Application layer be Internet of Things information and data fusion treatment and It utilizes, is the purpose of Internet of Things development.
The task of sensing layer is complete perception external information, and perception information is transmitted to network layer and is handled.It is perceiving Information enters before network layer, the sensing nodes to be connect by one or more with the external world, i.e. gateway node, in Sensor Network The communication of portion's node requires gateway node and contacts with the external world.Therefore the safety of emphasis consideration Sensor Network itself is needed in sensing layer Property.
Sensor is linked into network layer by gateway node, therefore the safety of gateway node is most easily controlled by the external world.Allusion quotation The control situation of type is divided into: 1, the gateway node of Sensor Network is completely controlled, and safety is all lost;2, the gateway of Sensor Network Node is controlled, and node code key is cracked;3, gateway node is controlled, but code key is not cracked;4, gateway node is by network DOS attack.
When the gateway node of Sensor Network is controlled, need to crack the code key communicated with Sensor Network internal node or with long-range letter The shared code key of processing platform is ceased, the information of gateway node transmitted could be obtained;When node is controlled, code key is not broken Xie Shi can only prevent the transmission of part or all information then information can not be tampered.
Summary of the invention
Object of the present invention is to be intended to provide a kind of Security Architecture of Internet of Things, using dynamic key array come to sense Know that node and network layer realize two-way authentication, eavesdropping, tracking attack, unauthorized access and playback etc. are attacked to improve sensing layer The resistivity hit;After certification passes through, node data encrypting module is recycled to split data into several subdatas, to each Subdata carries out accidental enciphering respectively, even if having cracked certification, also can avoid information and is stolen completely.
To realize the above-mentioned technical purpose, The technical solution adopted by the invention is as follows:
A kind of Security Architecture of Internet of Things, including node data authentication module, node data encrypting module, node data are deposited Store up module, node data sending module, network layer background data base, network layer background data base and node data authentication module Between using dynamic key array carry out it is two-way be mutually authenticated, after two-way authentication passes through, node data encrypting module is to number of nodes Accidental enciphering is carried out according to the data in memory module, network layer is sent to by node data sending module after encryption.
One kind as a kind of Security Architecture of Internet of Things of the present invention preferably preserves several in the background data base Key array, each key array have corresponding array number, each key value in key array have corresponding row, Row number.
One kind as a kind of Security Architecture of Internet of Things of the present invention is preferred, the node data authentication module and the net The verification process of network layers background data base includes:
(1) network layer background data base sends certification request to node data authentication module;
(2) after node data authentication module receives certification request, by key array array number, in the array number with Row, column serial number corresponding at least two key values and key value that machine is chosen is sent to network layer background data base;
(3) network layer back-end data authenticates the information sent back, after certification passes through, the choosing of network layer background data base At least two new key values in above-mentioned key array are taken, and choose new key array, by two key values, the new key values pair Row, column number and new the key array array number corresponding with the key array answered are sent to node data authentication module;
(4) after node data authentication module receives information, the key value for comparing the row, column number under own key array is No identical as key value that is receiving, identical, certification passes through, and key array is updated to new key array.
Preferably, network layer background data base is to sending back for another kind as a kind of Security Architecture of Internet of Things of the present invention Authentification of message process includes:
(a) judge whether to be not present, then authentification failure, exist comprising the array number, then carry out in next step;
(b) exist, judge whether the key value under the row, column is identical, it is identical, then above-mentioned (3) step is carried out, it is not identical, Then authentification failure terminates access.
Another as a kind of Security Architecture of Internet of Things of the present invention is preferred, and node data encrypting module is to be sent Data are divided into several subdatas, carry out accidental enciphering respectively to each subdata.
The present invention is by realizing two-way authentication to sensing node and network layer using dynamic key array, to improve sense Know layer to the resistivity of the attacks such as eavesdropping, tracking attack, unauthorized access and playback;After certification passes through, node data is recycled Encrypting module splits data into several subdatas, carries out accidental enciphering respectively to each subdata, even if having cracked certification, Also it can avoid information to be stolen completely.
Specific embodiment
In order to make those skilled in the art that the present invention may be better understood, below with reference to embodiment to the technology of the present invention Scheme further illustrates.
A kind of Security Architecture of Internet of Things, including node data authentication module, node data encrypting module, node data are deposited Store up module, node data sending module, network layer background data base, network layer background data base and node data authentication module Between using dynamic key array carry out it is two-way be mutually authenticated, after two-way authentication passes through, node data encrypting module is to number of nodes Accidental enciphering is carried out according to the data in memory module, network layer is sent to by node data sending module after encryption.
Several key arrays are preserved in the background data base, each key array has corresponding array number, Each key value in key array has corresponding row, column number.
The verification process of the node data authentication module and the network layer background data base includes:
(1) network layer background data base sends certification request to node data authentication module;
(2) after node data authentication module receives certification request, by key array array number, in the array number with Row, column serial number corresponding at least two key values and key value that machine is chosen is sent to network layer background data base;Such as Shown in table one, the array number of the key array originated in node data authentication module in the present embodiment is A001, the two of selection The row, column serial number of a key value is respectively 2,1,3,4, corresponding to key value be 123546,124635.
Table one
123456 123465 123654 123645
123546 124563 124653 125463
124356 124365 124536 124635
125436 125634 125346 125643
126354 126345 126435 126543
(3) network layer back-end data authenticates the information sent back, after certification passes through, the choosing of network layer background data base At least two new key values in above-mentioned key array are taken, and choose new key array, by two key values, the new key values pair Row, column number and new the key array array number corresponding with the key array answered are sent to node data authentication module; The row, column serial number of new key value is respectively 2,3,2,4, value 124653,125463.New key array number is A105, As shown in Table 2.
Table two
654321 654312 654123 654132
654132 653421 653412 653124
653142 652431 652341 652143
652413 652134 652314 651234
651432 651432 651243 651342
(4) after node data authentication module receives information, row, column number (the namely table under own key array is compared 2,3 in one, 2, whether key value 4) is identical as the key value received, identical, and certification passes through, and more by key array It is newly new key array (table two).
Network layer background data base includes: to the authentification of message process sent back
(a) judge whether to be not present, then authentification failure, exist comprising the array number, then carry out in next step;
(b) exist, judge whether the key value under the row, column is identical, it is identical, then above-mentioned (3) step is carried out, it is not identical, Then authentification failure terminates access.
Node data encrypting module data to be sent are divided into several subdatas, carry out respectively to each subdata Accidental enciphering.
The present invention is by realizing two-way authentication to sensing node and network layer using dynamic key array, to improve sense Know layer to the resistivity of the attacks such as eavesdropping, tracking attack, unauthorized access and playback;After certification passes through, node data is recycled Encrypting module splits data into several subdatas, carries out accidental enciphering respectively to each subdata, even if having cracked certification, Also it can avoid information to be stolen completely.
A kind of Security Architecture of Internet of Things provided by the invention is described in detail above.The explanation of specific embodiment It is merely used to help understand method and its core concept of the invention.It should be pointed out that for the ordinary skill people of the art , without departing from the principle of the present invention, can be with several improvements and modifications are made to the present invention for member, these improvement It is also fallen within the protection scope of the claims of the present invention with modification.

Claims (5)

1. a kind of Security Architecture of Internet of Things, it is characterised in that: including node data authentication module, node data encrypting module, Node data memory module, node data sending module, network layer background data base, network layer background data base and node data It is mutually authenticated between authentication module using the progress of dynamic key array is two-way, after two-way authentication passes through, node data encrypting module Accidental enciphering is carried out to the data in node data memory module, network is sent to by node data sending module after encryption Layer.
2. a kind of Security Architecture of Internet of Things according to claim 1, it is characterised in that: saved in the background data base There are several key arrays, each key array has corresponding array number, and each key value in key array has pair The row, column number answered.
3. a kind of Security Architecture of Internet of Things according to claim 2, it is characterised in that: the node data authentication module Verification process with the network layer background data base includes:
(1) network layer background data base sends certification request to node data authentication module;
(2) after node data authentication module receives certification request, by key array array number, select in the array number at random Row, column serial number corresponding at least two key values and key value taken is sent to network layer background data base;
(3) network layer back-end data authenticates the information sent back, after certification passes through, in the selection of network layer background data base At least two new key values in key array are stated, and choose new key array, two key values, the new key values are corresponding Row, column number and new key array array number corresponding with the key array are sent to node data authentication module;
(4) after node data authentication module receives information, compare own key array under the row, column number key value whether with The key value received is identical, identical, and certification passes through, and key array is updated to new key array.
4. a kind of Security Architecture of Internet of Things according to claim 3, it is characterised in that: network layer background data base is to biography Authentification of message process back includes:
(a) judge whether to be not present, then authentification failure, exist comprising the array number, then carry out in next step;
(b) exist, judge whether the key value under the row, column is identical, it is identical, then above-mentioned (3) step is carried out, it is not identical, then recognize Card failure, terminates access.
5. a kind of Security Architecture of Internet of Things according to claim 1, it is characterised in that: node data encrypting module will The data of transmission are divided into several subdatas, carry out accidental enciphering respectively to each subdata.
CN201810908503.7A 2018-08-10 2018-08-10 A kind of Security Architecture of Internet of Things Pending CN108965321A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810908503.7A CN108965321A (en) 2018-08-10 2018-08-10 A kind of Security Architecture of Internet of Things

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810908503.7A CN108965321A (en) 2018-08-10 2018-08-10 A kind of Security Architecture of Internet of Things

Publications (1)

Publication Number Publication Date
CN108965321A true CN108965321A (en) 2018-12-07

Family

ID=64469163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810908503.7A Pending CN108965321A (en) 2018-08-10 2018-08-10 A kind of Security Architecture of Internet of Things

Country Status (1)

Country Link
CN (1) CN108965321A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166919A (en) * 2011-12-13 2013-06-19 中国移动通信集团黑龙江有限公司 Method and system for internet of things information transmission
CN104468570A (en) * 2014-12-04 2015-03-25 广东工业大学 Safety authentication method for sensing layer in internet of things for manufacture
CN106789946A (en) * 2016-11-30 2017-05-31 平顶山学院 A kind of Internet of Things security evaluation method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166919A (en) * 2011-12-13 2013-06-19 中国移动通信集团黑龙江有限公司 Method and system for internet of things information transmission
CN104468570A (en) * 2014-12-04 2015-03-25 广东工业大学 Safety authentication method for sensing layer in internet of things for manufacture
CN106789946A (en) * 2016-11-30 2017-05-31 平顶山学院 A kind of Internet of Things security evaluation method

Similar Documents

Publication Publication Date Title
Xiaohui Study on security problems and key technologies of the internet of things
CN101771535B (en) Mutual authentication method between terminal and server
CN101488854B (en) Wireless RFID system authentication method and apparatus
CN102801722B (en) Internet of Things authentication method and system
US11778458B2 (en) Network access authentication method and device
CN101853369B (en) Random Harsh based two-way authentication method
CN103281189A (en) Light weight class safe protocol certification system and method for radio frequency identification equipment
CN104270244A (en) NFC encryption method and system
CN103067161A (en) Secret key distribution method and system
CN103297224A (en) Encryption key information distribution method and related device
CN107040363B (en) Lightweight RFID ownership transfer method and system based on chaotic encryption
KR20200042896A (en) Information interaction method and system
CN102983979B (en) Based on the Quick RFID authentication method of shared secret information between label
CN108183553A (en) A kind of data test and acquisition monitoring device, intelligent grid and its user terminal
CN106936571A (en) Synthesize computing using word to realize the method that single label key is wirelessly generated
CN104349311A (en) Key establishment method and system used for small-data transmission of machine-type communication
CN103024745A (en) Replication node detection method of wireless sensor network
CN102833243B (en) A kind of communication means utilizing finger print information
CN102523239B (en) A kind of secure sharing method for resource information of Internet of things
CN109788465B (en) Bidirectional identity authentication method based on radio frequency identification for block chain
CN108965321A (en) A kind of Security Architecture of Internet of Things
CN104468570A (en) Safety authentication method for sensing layer in internet of things for manufacture
Yang et al. An improved hash-based RFID two-way security authentication protocol and application in remote education
Liu et al. The research on IOT security architecture and its key technologies
CN103457915A (en) Military Internet of Things security protocol capable of being proved in formalized mode

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181207

RJ01 Rejection of invention patent application after publication