基于物联网安全认证技术的研究与实现
发布时间:2019-01-18 15:01
【摘要】:物联网是以互联网为基础,延伸到物与物之间的通信,使设备之间的通信不需要通过人而直接交换信息的技术。物联网的发展和广泛应用,使人们越来越深刻体会到物联网所带来的便利,但这种不需要人参与的技术也引入了新的安全隐患。在物联网环境中,不断增长的终端设备给无线通信网络带来压力和考验。当大量设备同时或在相当短的时间内接入网络时,如果仍采用一对一的认证机制,那么不仅会导致网络繁忙,而且会占用大量网络资源,从而给网络承载能力带来严峻考验。本文在对物联网安全体系架构、特点的研究基础上,实现了一个组认证系统,主要是解决了大量物联网终端设备同时接入网络所带来的网络资源消耗和拥塞,以及实现物联网环境中更安全更高效地进行认证。本文基于现有3GPP网络中的AKA认证方式,设计并实现对具有组特性的物联网终端设备在接入网络前的安全认证。整个系统设计了服务端子系统和客户端子系统等2个子系统,分别独立运行并完成各自的主要职责。系统首先是实现物联网网关与认证服务器之间的双向认证,除了首个组内终端通过物联网网关与认证服务器之间进行双向认证,其他组内的终端只需要和物联网网关之间进行双向认证即可。通过Eriksson-Penker业务扩展模型方法进行需求分析,对基础框架和各个子系统进行业务分析。通过Enterprise Architect工具进行概要设计,设计了组认证系统总体结构图,以及各个子系统模块的系统包图和系统类图。本系统的软件开发环境选择Visual Studio 2010 SP1,通过Socket通信建立通信连接,使用C++.NET实现Auth库文件(authlibeay32.dll)的调用访问和认证接口的封装。通过编写模拟测试程序,构建简易的测试环境对Socket通讯、客户端子系统和服务端子系统进行测试验证。本文在深入了解物联网系统架构、物联网安全特征及安全体系架构等背景知识的基础上,全面分析和总结了现有安全认证技术所存在的问题,提出组认证解决方案,并加以设计实现。本系统基本上实现了大量具有组特性的物联网终端设备同时接入网络的安全认证,相信在今后物联网的安全认证技术的研究和应用中也会发挥作用。
[Abstract]:The Internet of things (IoT) is a technology based on the Internet which extends to the communication between objects so that the communication between devices does not need to be directly exchanged by people. With the development and wide application of the Internet of things, people are more and more aware of the convenience brought about by the Internet of things, but this technology, which does not require the participation of people, has also introduced a new security hazard. In the Internet of things (IoT) environment, the growing terminal equipment brings pressure and test to wireless communication network. When a large number of devices are connected to the network at the same time or in a relatively short time, if we still adopt one-to-one authentication mechanism, it will not only lead to the busy network, but also occupy a lot of network resources, thus bring a severe test to the carrying capacity of the network. Based on the research of the security architecture and characteristics of the Internet of things, this paper implements a group authentication system, which mainly solves the network resource consumption and congestion caused by a large number of terminal devices of the Internet of things connected to the network at the same time. And to achieve more secure and efficient authentication in the Internet of things environment. Based on the AKA authentication in the existing 3GPP network, this paper designs and implements the security authentication of the Internet of things terminal devices with group characteristics before accessing the network. The whole system designed two subsystems, such as server subsystem and client subsystem, which run independently and complete their main responsibilities. The system first realizes the bidirectional authentication between the Internet of things gateway and the authentication server, except for the first group terminal to carry on the bidirectional authentication between the Internet of things gateway and the authentication server. Other groups of terminals only need to be bidirectional authentication between the Internet of things gateway. The requirement analysis is carried out through the Eriksson-Penker service extension model method, and the service analysis of the basic framework and each subsystem is carried out. The overall structure diagram of the group authentication system, the system package diagram and the system class diagram of each subsystem module are designed by the Enterprise Architect tool. The software development environment of this system chooses Visual Studio 2010 SP1, to establish communication connection through Socket communication, and C. Net is used to realize the call access of Auth library file (authlibeay32.dll) and the encapsulation of authentication interface. A simple test environment is built to test and verify Socket communication, client subsystem and service terminal system. Based on the deep understanding of the Internet of things system architecture, the security characteristics of the Internet of things and the security architecture, this paper comprehensively analyzes and summarizes the problems existing in the existing security authentication technology, and puts forward a group authentication solution. And it is designed and realized. This system basically realizes a large number of Internet of things terminal devices with group characteristics to access the network security authentication at the same time, I believe in the future research and application of the Internet of things security authentication technology will also play a role.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP391.44;TN929.5
本文编号:2410841
[Abstract]:The Internet of things (IoT) is a technology based on the Internet which extends to the communication between objects so that the communication between devices does not need to be directly exchanged by people. With the development and wide application of the Internet of things, people are more and more aware of the convenience brought about by the Internet of things, but this technology, which does not require the participation of people, has also introduced a new security hazard. In the Internet of things (IoT) environment, the growing terminal equipment brings pressure and test to wireless communication network. When a large number of devices are connected to the network at the same time or in a relatively short time, if we still adopt one-to-one authentication mechanism, it will not only lead to the busy network, but also occupy a lot of network resources, thus bring a severe test to the carrying capacity of the network. Based on the research of the security architecture and characteristics of the Internet of things, this paper implements a group authentication system, which mainly solves the network resource consumption and congestion caused by a large number of terminal devices of the Internet of things connected to the network at the same time. And to achieve more secure and efficient authentication in the Internet of things environment. Based on the AKA authentication in the existing 3GPP network, this paper designs and implements the security authentication of the Internet of things terminal devices with group characteristics before accessing the network. The whole system designed two subsystems, such as server subsystem and client subsystem, which run independently and complete their main responsibilities. The system first realizes the bidirectional authentication between the Internet of things gateway and the authentication server, except for the first group terminal to carry on the bidirectional authentication between the Internet of things gateway and the authentication server. Other groups of terminals only need to be bidirectional authentication between the Internet of things gateway. The requirement analysis is carried out through the Eriksson-Penker service extension model method, and the service analysis of the basic framework and each subsystem is carried out. The overall structure diagram of the group authentication system, the system package diagram and the system class diagram of each subsystem module are designed by the Enterprise Architect tool. The software development environment of this system chooses Visual Studio 2010 SP1, to establish communication connection through Socket communication, and C. Net is used to realize the call access of Auth library file (authlibeay32.dll) and the encapsulation of authentication interface. A simple test environment is built to test and verify Socket communication, client subsystem and service terminal system. Based on the deep understanding of the Internet of things system architecture, the security characteristics of the Internet of things and the security architecture, this paper comprehensively analyzes and summarizes the problems existing in the existing security authentication technology, and puts forward a group authentication solution. And it is designed and realized. This system basically realizes a large number of Internet of things terminal devices with group characteristics to access the network security authentication at the same time, I believe in the future research and application of the Internet of things security authentication technology will also play a role.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP391.44;TN929.5
【参考文献】
相关期刊论文 前3条
1 臧劲松;;物联网安全性能分析[J];计算机安全;2010年06期
2 李文;;物联网技术及其应用[J];福建电脑;2010年09期
3 曹青林;;物联网研究现状综述[J];软件导刊;2010年05期
,本文编号:2410841
本文链接:https://www.wllwen.com/kejilunwen/wltx/2410841.html
