物联网环境下端到端安全机制的研究
发布时间:2019-02-18 20:56
【摘要】:物联网应用大多都涉及用户的隐私数据传输,所以保护物联网应用安全成为物联网发展中的首要问题。而且目前的许多物联网应用是处于移动环境中的,传统的借助安全网关保证数据传输安全性的方法就不太适用,所以文章以物联网端到端安全为切入点,研究轻量化端到端安全机制。文章首先基于现存的物联网标准协议和DTLS(Datagram Transport Layer Security)安全协议提出了物联网环境下的端到端安全机制。该安全机制可以实现数据传输的机密性、完整性和可靠性保护,也可以在客户端和服务器之间进行双向认证。文章在传感节点平台上实现该安全机制,并进行了验证,结果表明基于DTLS的端到端安全机制确实具有低开销和高互操作性。针对物联网中的传感节点一般均为资源限制型、部署较庞大的DTLS安全协议略显低效的问题,文章在比较了现有的几种压缩方法后,选用了6LoWPAN报头压缩法对DTLS的报头和握手消息进行压缩,并给出了在资源受限型节点上实现轻量化DTLS的方法。文章最后在传感节点平台上实现轻量化的端到端安全机制,并进行验证。结果表明轻量化的安全机制可以有效缩小数据包长度,内存占用和能源消耗等均大幅减少,可以适应传感节点资源限制的特点。
[Abstract]:The Internet of things applications mostly involve the user's privacy data transmission, so protecting the security of Internet of things application becomes the most important problem in the development of the Internet of things. And many of the Internet of things applications are in the mobile environment, the traditional way to ensure the security of data transmission by means of security gateway is not very suitable, so this paper takes the end-to-end security of the Internet of things as the breakthrough point. The end-to-end security mechanism of lightweight is studied. Based on the existing standard protocol of Internet of things and DTLS (Datagram Transport Layer Security) security protocol, the end-to-end security mechanism in the Internet of things environment is proposed in this paper. The security mechanism can protect the confidentiality, integrity and reliability of data transmission, and can be authenticated between client and server. The security mechanism is implemented on the sensor node platform and verified. The results show that the end-to-end security mechanism based on DTLS does have low overhead and high interoperability. In order to solve the problem that sensor nodes in the Internet of things are generally resource-constrained and slightly inefficient in deploying large DTLS security protocols, this paper compares several existing compression methods. The 6LoWPAN header compression method is used to compress the header and handshake message of DTLS, and the method of implementing lightweight DTLS on resource-constrained nodes is given. Finally, the light end-to-end security mechanism is implemented on the sensor node platform and verified. The results show that the lightweight security mechanism can effectively reduce the packet length, memory consumption and energy consumption, and can adapt to the characteristics of sensor node resource constraints.
【学位授予单位】:南京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TN929.5;TP391.44
本文编号:2426201
[Abstract]:The Internet of things applications mostly involve the user's privacy data transmission, so protecting the security of Internet of things application becomes the most important problem in the development of the Internet of things. And many of the Internet of things applications are in the mobile environment, the traditional way to ensure the security of data transmission by means of security gateway is not very suitable, so this paper takes the end-to-end security of the Internet of things as the breakthrough point. The end-to-end security mechanism of lightweight is studied. Based on the existing standard protocol of Internet of things and DTLS (Datagram Transport Layer Security) security protocol, the end-to-end security mechanism in the Internet of things environment is proposed in this paper. The security mechanism can protect the confidentiality, integrity and reliability of data transmission, and can be authenticated between client and server. The security mechanism is implemented on the sensor node platform and verified. The results show that the end-to-end security mechanism based on DTLS does have low overhead and high interoperability. In order to solve the problem that sensor nodes in the Internet of things are generally resource-constrained and slightly inefficient in deploying large DTLS security protocols, this paper compares several existing compression methods. The 6LoWPAN header compression method is used to compress the header and handshake message of DTLS, and the method of implementing lightweight DTLS on resource-constrained nodes is given. Finally, the light end-to-end security mechanism is implemented on the sensor node platform and verified. The results show that the lightweight security mechanism can effectively reduce the packet length, memory consumption and energy consumption, and can adapt to the characteristics of sensor node resource constraints.
【学位授予单位】:南京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TN929.5;TP391.44
【参考文献】
相关期刊论文 前3条
1 赵敏;江凌云;李占军;;基于DTLS的物联网端到端安全机制研究[J];南京邮电大学学报(自然科学版);2016年05期
2 任伟;;物联网安全架构与技术路线研究[J];信息网络安全;2012年05期
3 詹静;张焕国;;可信平台模块自动化测试研究[J];计算机研究与发展;2009年11期
相关博士学位论文 前1条
1 张俊松;物联网环境下的安全与隐私保护关键问题研究[D];北京邮电大学;2014年
,本文编号:2426201
本文链接:https://www.wllwen.com/kejilunwen/xinxigongchenglunwen/2426201.html
