物联网安全：架构、挑战与保障策略

需积分: 9 120 浏览量更新于2023-03-16 收藏 7.03MB PDF 举报

物联网安全：现代挑战与解决方案随着互联网的普及和智能化设备的日益增长，物联网(IoT)已经成为连接物理世界与数字世界的桥梁。然而，随着万物互联的便利性，其安全性问题也日益凸显。本书《物联网安全》由李山苍、李大旭以及伊迈德·罗马丹尼共同编著，探讨了在这样一个复杂网络环境中保障物联网安全的重要性。第一章“Introduction: Securing the Internet of Things”介绍了物联网安全的基本概念，强调了保护物联网免受潜在威胁的关键性。它阐述了为什么在物联网环境下确保数据隐私、设备安全以及通信链路的完整性至关重要。第二章“Security Architecture in the Internet of Things”深入探讨了物联网的安全架构，包括层次化的防护措施，如边缘安全、网关管理和中心化控制，以构建多层次的安全屏障。第三章“Security and Vulnerability in the Internet of Things”着重分析了物联网设备的脆弱性，例如硬件漏洞、软件缺陷和恶意软件攻击的可能性，以及这些威胁如何影响整体系统的安全性。第四章“IoT Node Authentication”详细讨论了节点认证在物联网中的实施，包括加密技术和身份验证协议，以防止未经授权的访问和数据篡改。第五章“Security Requirements in IoT Architecture”列举了物联网系统设计时必须考虑的核心安全需求，包括数据完整性、可用性、保密性和可追溯性等，并提供了如何满足这些需求的策略。第六章“Security in Enabling Technologies”涵盖了关键技术如云计算、区块链、物联网协议（如LoRaWAN或Zigbee）等在提供安全保障方面的最新进展和挑战。第七章“Existing Security Scheme for IoT”对比了现有的物联网安全方案，包括基于密码学的方法、信任模型和机器学习在防御攻击中的应用，以评估它们的有效性和局限性。第八章“Security Concerns in Social IoT”关注社交物联网中的安全问题，如用户隐私泄露、数据共享风险以及智能设备在社交网络中的潜在滥用，这章节提出了相应的对策和建议。第九章“Confidentiality and Security for IoT Based Healthcare”专攻医疗保健领域的物联网安全，探讨了如何保护患者的健康数据，同时保持医疗服务的高效和透明。本书不仅对物联网安全的理论进行了深入剖析，还提供了实用的策略和案例研究，帮助读者理解和应对物联网时代所面临的复杂安全挑战。随着技术的发展和应用扩展，持续关注并更新安全措施将愈发关键。

antivirus or attacks. In Table 1.1, the most important security concerns in

IoT are summarized.

The security requirements depend on each of these particularly sensing

technology, networks, layers, and have been identified in the following

sections.

Data Confidentiality Privacy

Trust

• Insufficient authentication/authorization

• Insecure interfaces (web, mobile, cloud, etc.)

• Lack of transport encryption

• Confidentiality preserving

• Access control

• Privacy, data protection, and information

security risk management

• Privacy by design and privacy by default

• Data protection legislation

• Traceability/profiling/unlawful processing

• Identity management system

• Insecure software/firmware

• Ensuring continuity and availability of services

• Realization of malicious attacks against IoT

devices and system

• Loss of user control/difficult in making

decision

FIGURE 1.1

Security issues in IoT.

Table 1.1 Top Ten Vulnerabilities in IoT

Security Concerns

Interface

Layer

Service

Layer

Network

Layer

Sensing

Layer

Insecure web interface OOO

Insufficient authentication/

authorization

OOOO

Insecure network services OO

Lack of transport encryption OO

Privacy concerns OO O

Insecure Cloud interface O

Insecure mobile interface OOO

Insecure security

configuration

OOO

Insecure software/firmware OO

Poor physical security OO

1.1 Introduction 5

1.2 SECURITY REQUIREMENTS IN IoT ARCHITECTURE

A critical requirement of IoT is that the devices must be interconnected,

which makes it be able to perfor m specific tasks, such as sensing, communi-

cating, information processing, etc. The IoT is able to acquire, transmit, and

process the information from the IoT end-nodes (such as RFID devices, sen-

sors, gateway, intelligent devices, etc.) via network to accomplish highly com-

plex tasks. The IoT should be able to provide applications with strong

security protection (e.g., for online payment application, the IoT should be

able to protect the integrity of payment information).

The system architecture must provide operational guarantees for the IoT,

which bridges the gap between the physical devices and the virtual worlds. In

designing the framework of IoT, following factors should be taken into con-

sideration: (1) technical factors, such as sensing techniques, communic ation

methods, network technologies, etc.; (2) security protection, such as informa-

tion confidentiality, transmission security, privacy protection, etc.; (3) busi-

ness issue s, such as business models, business processes, etc. Currently, the

SoA has been successfully applied to IoT design, where the applications are

moving towards service-oriented integration technologies. In busin ess

domain, the complex application s among diverse services have been appear-

ing. Services reside in different layers of the IoT such as: sensing layer, net-

work layer, services layer, and applicationinterface layer. The services-based

application will heavily depend on the architecture of IoT .

Fig. 1.2 depicts a

generic SoA for IoT, which consists of four layers:

I Sensing layer is integrated with end components of IoT to sense and

acquire the information of devices;

Social

network

Mobile

network

WLAN

WSNs

Cloud

internetwork

Sensing layer

Network layer Service layer Interface layer

Application

frontend

Service

division

Data sensing

acquisition

protocols

RFID tags

Intelligent sensors

RFID readers

WSNs

BLE devices

Service

integration

Service

composition

Service

bus

Service

implementation

Business logic

Contract

Interfaces

Application

API

Service

repository

FIGURE 1.2

SoA for IoT (Bi et al., 2014).

6 CHAPTER 1: Introduction: Securing the Internet of Things

I Network layer is the infrastructure to support wireless or wired

connections among things;

I Service layer is to provide and manage services required by users or

applications;

I Applicationinterfaces layer consists of interaction methods with users or

applications.

The securit y requirements on each layer migh t be different due to its fea-

tures. In general, the security solution for t he IoT considers following

requirements: (1) sensing layer and IoT end-node security requirements,

(2) network layer security requirements, (3) service layer s ecurity require-

ments, (4) applic ationinterface layer security requirements, (5) the security

requirements between layers, and (6) security requirements for services

running and maintenance.

1.2.1 Sensing Layer and IoT End-Nodes

The IoT is a multilayer network that interconnects devices for information

acquisition, exchange, and processing. At the sensing layer, the intelligent

tags and sensor networks are able to automatically sense the environment

and exchange data among devices (

Li et al., 2014c). In determining the sens-

ing layer of an IoT, the main concerns are:

I Cost, size, resource,andenergy consumption. The things might be equipped

with sensing devices such as RFID tags, sensors, actuator, etc., which

should be designed to minimize required resources as well as cost.

I Deployment. The IoT end-nodes (such as RFID reader, tags, sensors, etc.)

can be deployed one-time, or in incremental or random ways

depending on application requirements.

I Heterogeneity. A variety of things or hybrid networks make the IoT very

heterogeneous.

I Communication. The IoT end-nodes should be designed in such a way

that it is able to communicate with each other.

I Networks. The IoT involves hybrid networks, such as Wireless Sensor

Networks (WSNs), WMNs, and supervisory control and data

acquisition (SCADA) systems.

The security is an important concern in sensing layer. It is expected that IoT

could be connected with industrial networks to provide users with smart ser-

vices. However, it may cause new concerns in devices controlling, such as who

can input authentication credentials or decide whether an application should

be trusted. The security model in IoT must be able to make its own judgments

and decision about whether to accept a command or execute a task. At sensing

layer, the devices are designed for low power consumption with constraints

1.2 Security Requirements in IoT Architecture 7

resources, which often have limited connectivity. The endless variety of IoT

applications poses an equally wide variety of security challenges.

I Devices authentication

I Trusted devices

I Leveraging the security controls and availability of infrastructures in

sensing layer.

I In terms of software update, how the sensing devices receive software

updates or security patches in a timely manner without impairing

functional safety or incurring significant recertification costs every time

a patch is rolled out.

In this layer, the security concerns can be classified into two main categories:

I The security requirements at IoT end-node: physically security

protection, access control, authentication, nonrepudiation,

confidentiality, integrity, availability, and privacy.

I The security requirements in sensing layer: confidentiality, data source

authentication, device authentication, integrity, availability, and

timeless.

Table 1.2 summarizes the potential security threats and security vulnerabil-

ities at IoT end-node and

Table 1.3 analyses the security threats and vulner-

abilities in sensing layer.

To secure devices in this layer before users are at risk, following actions

should be taken: (1) Implement security standards for IoT and ensure all

Table 1.2 Security Threats and Vulnerabilities at IoT End-Node

Security Threats Description

Unauthorized

access

Due to physically capture or logic attacked, the sensitive information

at the end-nodes is captured by the attacker

Availability The end-node stops to work since physically captured or attacked

logically

Spoofing attack With malware node, the attacker successfully masquerades as IoT

end-device, end-node, or end-gateway by falsifying data

Selfish threat Some IoT end-nodes stop working to save resources or bandwidth

to cause the failure of network

Malicious code Virus, Trojan, and junk message that can cause software failure

DoS An attempt to make a IoT end-node resource unavailable to its

users

Transmission

threats

Threats in transmission, such as interrupting, blocking, data

manipulation, forgery, etc.

Routing attack Attacks on a routing path

8 CHAPTER 1: Introduction: Securing the Internet of Things

剩余155页未读，继续阅读

blue2016sky

粉丝: 0
资源: 2

物联网安全：架构、挑战与保障策略

"物流管理专业文献翻译：物联网与传统数据库的变革

解决：利用基于TPM的可信网络连接技术规范构建20层雪堡城市。

"跨国战略：保护物联网生态系统

Security on the Industrial Internet of Things

Security and Privacy Challenges in the Internet of Things

Demystifying Internet of Things Security

Practical Industrial Internet of Things Security- Sravani Bhattacharjee

The Application and Challenges of SPI Protocol in the Internet of Things

The Role of uint8 in Cloud Computing and the Internet of Things: Exploring Emerging Fields, ...

Cybersecurity_in_the_Industrial_Internet_of_Things.pdf

最新资源