###

计算机系统应用英文版:2022,31(9):183-191

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

面向物联网设备的安全集群证明及修复协议

林江南¹, 吴秋新¹, 冯伟²

(1.北京信息科技大学理学院, 北京 100192;2.中国科学院软件研究所可信计算与信息保障实验室, 北京 100190)

Secure Swarm Attestation and Recovery Scheme for IoT Devices

LIN Jiang-Nan¹, WU Qiu-Xin¹, FENG Wei²

(1.School of Applied Science, Beijing Information Science and Technology University, Beijing 100192, China;2.Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 562次下载 1348次
Received:December 01, 2021 Revised:December 29, 2021

中文摘要: 由于物联网设备本身缺少安全机制, 物联网环境面临着严峻的安全挑战. 而远程证明能够认证设备真实性和完整性, 可以通过远程方式建立对物联网设备的信任. 集群证明是远程证明技术的扩展, 可以适用于大量设备构成的集群. 相较于传统的远程证明, 集群证明解放了验证设备, 提高了验证的效率. 目前, 集群证明方法主要是针对静态网络, 而且对于受损设备也缺乏高效的修复机制. 针对这些问题, 本文提出了一种基于信誉机制和Merkle树的安全集群证明及修复方法. 首先, 本文方法使用信誉机制实现了多对一的证明协议, 能有效解决单点故障, 从设备触发验证, 并且能够适用于半动态网络. 其次, 本文引入Merkle树进行度量, 能够快速地识别被感染的代码块, 并进行高效地恢复; 最后, 本文对提出的集群证明方法进行了安全性分析和性能评估, 结果表明, 本文集群证明在提高了安全性的同时导致的性能开销是可以接受的.

中文关键词: 物联网安全可信计算远程证明集群证明信誉机制默克尔树

Abstract:Owing to the lack of security mechanisms for Internet of Things (IoT) devices, the IoT environment faces serious security challenges. However, remote attestation can identify the authenticity and integrity of devices and can also establish trust in IoT devices through a remote mode. Swarm attestation is an extension of remote attestation technology, which can be applied to swarm composed of a large number of devices. Compared with the traditional remote attestation, the swarm attestation liberates the verifier and improves verification efficiency. At present, the swarm attestation is mainly used for static networks, and there is no efficient recovery mechanism for compromised devices. To solve these problems, this study proposes a secure swarm attestation and recovery scheme based on reputation mechanism and Merkle tree. Firstly, we use the reputation mechanism to achieve a many-to-one attestation scheme, which can effectively solve the single point of failure and also trigger the attestation from the device. In addition, the attestation scheme is suitable for semi-dynamic networks. Secondly, we introduce the Merkle tree for measurement, which can quickly and accurately identify the code blocks compromised by malicious software and efficiently recover them. Finally, the security analysis and performance evaluation of the swarm attestation scheme are presented. The results show that the swarm attestation in this study improves the security, and its performance overhead is acceptable.

keywords: InternetofThings (IoT) security trusted computing remote attestation swarm attestation reputation management Merkle tree

文章编号： 中图分类号： 文献标志码：

基金项目:国家重点研发计划(2020YFE0200600)

Author Name	Affiliation	E-mail
LIN Jiang-Nan	School of Applied Science, Beijing Information Science and Technology University, Beijing 100192, China	15611007977@163.com
WU Qiu-Xin	School of Applied Science, Beijing Information Science and Technology University, Beijing 100192, China
FENG Wei	Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

Author Name	Affiliation	E-mail
LIN Jiang-Nan	School of Applied Science, Beijing Information Science and Technology University, Beijing 100192, China	15611007977@163.com
WU Qiu-Xin	School of Applied Science, Beijing Information Science and Technology University, Beijing 100192, China
FENG Wei	Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

引用文本：
林江南,吴秋新,冯伟.面向物联网设备的安全集群证明及修复协议.计算机系统应用,2022,31(9):183-191
LIN Jiang-Nan,WU Qiu-Xin,FENG Wei.Secure Swarm Attestation and Recovery Scheme for IoT Devices.COMPUTER SYSTEMS APPLICATIONS,2022,31(9):183-191