CN108965321A - A kind of Security Architecture of Internet of Things - Google Patents
A kind of Security Architecture of Internet of Things Download PDFInfo
- Publication number
- CN108965321A CN108965321A CN201810908503.7A CN201810908503A CN108965321A CN 108965321 A CN108965321 A CN 108965321A CN 201810908503 A CN201810908503 A CN 201810908503A CN 108965321 A CN108965321 A CN 108965321A
- Authority
- CN
- China
- Prior art keywords
- node data
- key
- array
- network layer
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0457—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of Security Architectures of Internet of Things, including node data authentication module, node data encrypting module, node data memory module, node data sending module, network layer background data base, two-way be mutually authenticated is carried out using dynamic key array between network layer background data base and node data authentication module, after two-way authentication passes through, node data encrypting module carries out accidental enciphering to the data in node data memory module, is sent to network layer by node data sending module after encryption.The present invention realizes two-way authentication to sensing node and network layer using dynamic key array, to improve sensing layer to the resistivity of the attacks such as eavesdropping, tracking attack, unauthorized access and playback;After certification passes through, node data encrypting module is recycled to split data into several subdatas, accidental enciphering respectively is carried out to each subdata, even if having cracked certification, also can avoid information and stolen completely.
Description
Technical field
The invention belongs to internet of things field, are a kind of Security Architectures of Internet of Things specifically.
Background technique
In information-intensive society, Internet of Things as new industry have evolved into the ordinary life system of individual it is indispensable at
Point.Internet of Things is construed as a kind of large-scale network system, usually by diversified information sensing device and internet
The network system for being engaged togather and constituting.At this stage, great attention of the Internet of Things information security problem by the mankind, together
When it is also associated with Internet of Things cause sustainable development.Safety problem has privacy maintenance to tie up with sensor network in Internet of Things
Protect two parts content.
Internet of things concept was most proposed earlier than 1999 by Massachusetts Institute Technology, but there is no clear for industry all the time
Unified definition.The Internet of Things of early stage refers to the logistics network of radio frequency identification (RFID) technology of support, with technology and application
Development, the intension of Internet of Things have occurred that large change.It 2010, is taken the lead academia and industry by Chinese Academy of Engineering
The numerous experts and scholars in boundary have held multiple meeting, study internet of things concept, architectural framework and related the connotation and extension
It discusses, has unified the understanding of Internet of Things.
At this stage, Internet of Things refers to that deployment has certain sensing capability, computing capability and holds in the entity of physical world
The various information sensing devices of row ability, by the network facilities realize information transmission, collaboration and processing, thus realize wide area or
The interconnection of information exchange demand between large-scale people and object, object and object.Internet relies on much information acquiring technology, including
Sensor, RFID, two dimensional code, multimedia collection technology etc..
Currently, Internet of Things network architecture is divided into sensing layer, network layer and application layer.
Sensing layer, including using sensor as the awareness apparatus of representative, using RFID as the identification equipment of representative, with GPS, Beidou
Navigation system etc. is the positioning tracing equipment of representative, and may merge the intelligent terminal (mobile phone) of part or all of above-mentioned function
Deng.Large-scale perception then constitutes wireless sensor network.In addition, the terminal device of M2M, intelligent object all can be considered sense
Know the object in layer.Sensing layer is the source of Internet of Things information and data.
Network layer, including access net, core net and service end system (cloud computing platform, information network center, in data
Heart etc.).Access net can be wireless short-distance access network, such as WLAN, Zigbee, Bluetooth.It can also be with
It is wireless remote accessing, such as mobile communications network, WiMAX.May also for other access forms, as cable network access,
Cable television access, fieldbus access, Satellite communication access etc..The carrying of network layer is core net.Network layer is Internet of Things
The transport layer of information and data, in addition, network layer also includes the functions such as information storage inquiry, network management.Cloud computing platform is made
Storage, analysis platform for magnanimity perception data are the important component and the numerous applications of application layer of Internet of Things network layer
Basis.
Application layer provides special services abundant using the perception data handled by analysis for user, these services
The function of usually being newly increased after having perception, identification, location tracking ability, such as smart grid, Intelligent logistics, long-range doctor
Treatment, intelligent transportation, smart home, environmental monitoring etc..By the transmission of data and network layer that sensing layer provides, carry out corresponding
Processing after, sensing layer may be fed back to again by network layer.Application layer be Internet of Things information and data fusion treatment and
It utilizes, is the purpose of Internet of Things development.
The task of sensing layer is complete perception external information, and perception information is transmitted to network layer and is handled.It is perceiving
Information enters before network layer, the sensing nodes to be connect by one or more with the external world, i.e. gateway node, in Sensor Network
The communication of portion's node requires gateway node and contacts with the external world.Therefore the safety of emphasis consideration Sensor Network itself is needed in sensing layer
Property.
Sensor is linked into network layer by gateway node, therefore the safety of gateway node is most easily controlled by the external world.Allusion quotation
The control situation of type is divided into: 1, the gateway node of Sensor Network is completely controlled, and safety is all lost;2, the gateway of Sensor Network
Node is controlled, and node code key is cracked;3, gateway node is controlled, but code key is not cracked;4, gateway node is by network
DOS attack.
When the gateway node of Sensor Network is controlled, need to crack the code key communicated with Sensor Network internal node or with long-range letter
The shared code key of processing platform is ceased, the information of gateway node transmitted could be obtained;When node is controlled, code key is not broken
Xie Shi can only prevent the transmission of part or all information then information can not be tampered.
Summary of the invention
Object of the present invention is to be intended to provide a kind of Security Architecture of Internet of Things, using dynamic key array come to sense
Know that node and network layer realize two-way authentication, eavesdropping, tracking attack, unauthorized access and playback etc. are attacked to improve sensing layer
The resistivity hit;After certification passes through, node data encrypting module is recycled to split data into several subdatas, to each
Subdata carries out accidental enciphering respectively, even if having cracked certification, also can avoid information and is stolen completely.
To realize the above-mentioned technical purpose, The technical solution adopted by the invention is as follows:
A kind of Security Architecture of Internet of Things, including node data authentication module, node data encrypting module, node data are deposited
Store up module, node data sending module, network layer background data base, network layer background data base and node data authentication module
Between using dynamic key array carry out it is two-way be mutually authenticated, after two-way authentication passes through, node data encrypting module is to number of nodes
Accidental enciphering is carried out according to the data in memory module, network layer is sent to by node data sending module after encryption.
One kind as a kind of Security Architecture of Internet of Things of the present invention preferably preserves several in the background data base
Key array, each key array have corresponding array number, each key value in key array have corresponding row,
Row number.
One kind as a kind of Security Architecture of Internet of Things of the present invention is preferred, the node data authentication module and the net
The verification process of network layers background data base includes:
(1) network layer background data base sends certification request to node data authentication module;
(2) after node data authentication module receives certification request, by key array array number, in the array number with
Row, column serial number corresponding at least two key values and key value that machine is chosen is sent to network layer background data base;
(3) network layer back-end data authenticates the information sent back, after certification passes through, the choosing of network layer background data base
At least two new key values in above-mentioned key array are taken, and choose new key array, by two key values, the new key values pair
Row, column number and new the key array array number corresponding with the key array answered are sent to node data authentication module;
(4) after node data authentication module receives information, the key value for comparing the row, column number under own key array is
No identical as key value that is receiving, identical, certification passes through, and key array is updated to new key array.
Preferably, network layer background data base is to sending back for another kind as a kind of Security Architecture of Internet of Things of the present invention
Authentification of message process includes:
(a) judge whether to be not present, then authentification failure, exist comprising the array number, then carry out in next step;
(b) exist, judge whether the key value under the row, column is identical, it is identical, then above-mentioned (3) step is carried out, it is not identical,
Then authentification failure terminates access.
Another as a kind of Security Architecture of Internet of Things of the present invention is preferred, and node data encrypting module is to be sent
Data are divided into several subdatas, carry out accidental enciphering respectively to each subdata.
The present invention is by realizing two-way authentication to sensing node and network layer using dynamic key array, to improve sense
Know layer to the resistivity of the attacks such as eavesdropping, tracking attack, unauthorized access and playback;After certification passes through, node data is recycled
Encrypting module splits data into several subdatas, carries out accidental enciphering respectively to each subdata, even if having cracked certification,
Also it can avoid information to be stolen completely.
Specific embodiment
In order to make those skilled in the art that the present invention may be better understood, below with reference to embodiment to the technology of the present invention
Scheme further illustrates.
A kind of Security Architecture of Internet of Things, including node data authentication module, node data encrypting module, node data are deposited
Store up module, node data sending module, network layer background data base, network layer background data base and node data authentication module
Between using dynamic key array carry out it is two-way be mutually authenticated, after two-way authentication passes through, node data encrypting module is to number of nodes
Accidental enciphering is carried out according to the data in memory module, network layer is sent to by node data sending module after encryption.
Several key arrays are preserved in the background data base, each key array has corresponding array number,
Each key value in key array has corresponding row, column number.
The verification process of the node data authentication module and the network layer background data base includes:
(1) network layer background data base sends certification request to node data authentication module;
(2) after node data authentication module receives certification request, by key array array number, in the array number with
Row, column serial number corresponding at least two key values and key value that machine is chosen is sent to network layer background data base;Such as
Shown in table one, the array number of the key array originated in node data authentication module in the present embodiment is A001, the two of selection
The row, column serial number of a key value is respectively 2,1,3,4, corresponding to key value be 123546,124635.
Table one
123456 | 123465 | 123654 | 123645 |
123546 | 124563 | 124653 | 125463 |
124356 | 124365 | 124536 | 124635 |
125436 | 125634 | 125346 | 125643 |
126354 | 126345 | 126435 | 126543 |
(3) network layer back-end data authenticates the information sent back, after certification passes through, the choosing of network layer background data base
At least two new key values in above-mentioned key array are taken, and choose new key array, by two key values, the new key values pair
Row, column number and new the key array array number corresponding with the key array answered are sent to node data authentication module;
The row, column serial number of new key value is respectively 2,3,2,4, value 124653,125463.New key array number is A105,
As shown in Table 2.
Table two
654321 | 654312 | 654123 | 654132 |
654132 | 653421 | 653412 | 653124 |
653142 | 652431 | 652341 | 652143 |
652413 | 652134 | 652314 | 651234 |
651432 | 651432 | 651243 | 651342 |
(4) after node data authentication module receives information, row, column number (the namely table under own key array is compared
2,3 in one, 2, whether key value 4) is identical as the key value received, identical, and certification passes through, and more by key array
It is newly new key array (table two).
Network layer background data base includes: to the authentification of message process sent back
(a) judge whether to be not present, then authentification failure, exist comprising the array number, then carry out in next step;
(b) exist, judge whether the key value under the row, column is identical, it is identical, then above-mentioned (3) step is carried out, it is not identical,
Then authentification failure terminates access.
Node data encrypting module data to be sent are divided into several subdatas, carry out respectively to each subdata
Accidental enciphering.
The present invention is by realizing two-way authentication to sensing node and network layer using dynamic key array, to improve sense
Know layer to the resistivity of the attacks such as eavesdropping, tracking attack, unauthorized access and playback;After certification passes through, node data is recycled
Encrypting module splits data into several subdatas, carries out accidental enciphering respectively to each subdata, even if having cracked certification,
Also it can avoid information to be stolen completely.
A kind of Security Architecture of Internet of Things provided by the invention is described in detail above.The explanation of specific embodiment
It is merely used to help understand method and its core concept of the invention.It should be pointed out that for the ordinary skill people of the art
, without departing from the principle of the present invention, can be with several improvements and modifications are made to the present invention for member, these improvement
It is also fallen within the protection scope of the claims of the present invention with modification.
Claims (5)
1. a kind of Security Architecture of Internet of Things, it is characterised in that: including node data authentication module, node data encrypting module,
Node data memory module, node data sending module, network layer background data base, network layer background data base and node data
It is mutually authenticated between authentication module using the progress of dynamic key array is two-way, after two-way authentication passes through, node data encrypting module
Accidental enciphering is carried out to the data in node data memory module, network is sent to by node data sending module after encryption
Layer.
2. a kind of Security Architecture of Internet of Things according to claim 1, it is characterised in that: saved in the background data base
There are several key arrays, each key array has corresponding array number, and each key value in key array has pair
The row, column number answered.
3. a kind of Security Architecture of Internet of Things according to claim 2, it is characterised in that: the node data authentication module
Verification process with the network layer background data base includes:
(1) network layer background data base sends certification request to node data authentication module;
(2) after node data authentication module receives certification request, by key array array number, select in the array number at random
Row, column serial number corresponding at least two key values and key value taken is sent to network layer background data base;
(3) network layer back-end data authenticates the information sent back, after certification passes through, in the selection of network layer background data base
At least two new key values in key array are stated, and choose new key array, two key values, the new key values are corresponding
Row, column number and new key array array number corresponding with the key array are sent to node data authentication module;
(4) after node data authentication module receives information, compare own key array under the row, column number key value whether with
The key value received is identical, identical, and certification passes through, and key array is updated to new key array.
4. a kind of Security Architecture of Internet of Things according to claim 3, it is characterised in that: network layer background data base is to biography
Authentification of message process back includes:
(a) judge whether to be not present, then authentification failure, exist comprising the array number, then carry out in next step;
(b) exist, judge whether the key value under the row, column is identical, it is identical, then above-mentioned (3) step is carried out, it is not identical, then recognize
Card failure, terminates access.
5. a kind of Security Architecture of Internet of Things according to claim 1, it is characterised in that: node data encrypting module will
The data of transmission are divided into several subdatas, carry out accidental enciphering respectively to each subdata.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810908503.7A CN108965321A (en) | 2018-08-10 | 2018-08-10 | A kind of Security Architecture of Internet of Things |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810908503.7A CN108965321A (en) | 2018-08-10 | 2018-08-10 | A kind of Security Architecture of Internet of Things |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108965321A true CN108965321A (en) | 2018-12-07 |
Family
ID=64469163
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810908503.7A Pending CN108965321A (en) | 2018-08-10 | 2018-08-10 | A kind of Security Architecture of Internet of Things |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108965321A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103166919A (en) * | 2011-12-13 | 2013-06-19 | 中国移动通信集团黑龙江有限公司 | Method and system for internet of things information transmission |
CN104468570A (en) * | 2014-12-04 | 2015-03-25 | 广东工业大学 | Safety authentication method for sensing layer in internet of things for manufacture |
CN106789946A (en) * | 2016-11-30 | 2017-05-31 | 平顶山学院 | A kind of Internet of Things security evaluation method |
-
2018
- 2018-08-10 CN CN201810908503.7A patent/CN108965321A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103166919A (en) * | 2011-12-13 | 2013-06-19 | 中国移动通信集团黑龙江有限公司 | Method and system for internet of things information transmission |
CN104468570A (en) * | 2014-12-04 | 2015-03-25 | 广东工业大学 | Safety authentication method for sensing layer in internet of things for manufacture |
CN106789946A (en) * | 2016-11-30 | 2017-05-31 | 平顶山学院 | A kind of Internet of Things security evaluation method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Xiaohui | Study on security problems and key technologies of the internet of things | |
CN101771535B (en) | Mutual authentication method between terminal and server | |
CN101488854B (en) | Wireless RFID system authentication method and apparatus | |
CN102801722B (en) | Internet of Things authentication method and system | |
US11778458B2 (en) | Network access authentication method and device | |
CN101853369B (en) | Random Harsh based two-way authentication method | |
CN103281189A (en) | Light weight class safe protocol certification system and method for radio frequency identification equipment | |
CN104270244A (en) | NFC encryption method and system | |
CN103067161A (en) | Secret key distribution method and system | |
CN103297224A (en) | Encryption key information distribution method and related device | |
CN107040363B (en) | Lightweight RFID ownership transfer method and system based on chaotic encryption | |
KR20200042896A (en) | Information interaction method and system | |
CN102983979B (en) | Based on the Quick RFID authentication method of shared secret information between label | |
CN108183553A (en) | A kind of data test and acquisition monitoring device, intelligent grid and its user terminal | |
CN106936571A (en) | Synthesize computing using word to realize the method that single label key is wirelessly generated | |
CN104349311A (en) | Key establishment method and system used for small-data transmission of machine-type communication | |
CN103024745A (en) | Replication node detection method of wireless sensor network | |
CN102833243B (en) | A kind of communication means utilizing finger print information | |
CN102523239B (en) | A kind of secure sharing method for resource information of Internet of things | |
CN109788465B (en) | Bidirectional identity authentication method based on radio frequency identification for block chain | |
CN108965321A (en) | A kind of Security Architecture of Internet of Things | |
CN104468570A (en) | Safety authentication method for sensing layer in internet of things for manufacture | |
Yang et al. | An improved hash-based RFID two-way security authentication protocol and application in remote education | |
Liu et al. | The research on IOT security architecture and its key technologies | |
CN103457915A (en) | Military Internet of Things security protocol capable of being proved in formalized mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181207 |
|
RJ01 | Rejection of invention patent application after publication |