物联网中的认证、授权、访问控制和密钥交换

IF 3.5 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS ACM Transactions on Internet of Things Pub Date : 2024-02-03 DOI:10.1145/3643867
I. Simsek
{"title":"物联网中的认证、授权、访问控制和密钥交换","authors":"I. Simsek","doi":"10.1145/3643867","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) is a dynamic network of devices and infrastructure supporting instances composed to platforms being based on cloud/fog and blockchain technologies. Its intervention in more and more sensitive areas requires IoT entities (devices and platform instances) to communicate with each other via secure channels generally established by using cryptographical methods. This needs an authentic key exchange which in turn requires an authentication process. Moreover, it has to be ensured that client entities can access only authorized services provided by authorized server entities. Additionally, requirements specifically introduced by IoT complicate realizing these security goals even more. This paper introduces a novel approach providing authentication, authorization, access control, and key exchange in instance-to-instance, device-to-instance, and device-to-device communications to handle cloud/fog-based and blockchain-based platforms. In contrast to related work, realizations of these security goals are not disjunct processes and are integrated with each other in our approach combining zero-knowledge and identity-based schemes while meeting the IoT security requirements. Thus, it does not require any public data pre-distribution or secret pre-sharing between communicating entities, and no entity has to hold any device-specific or instance-specific data to be used for authentication or authorization. While supporting the autonomous character of IoT, our approach is independent of application and platform types without requiring additional components or procedures. Moreover, it is resistant to active man in the middle attacks and does not include costly cryptographic operations. This paper also demonstrates the high performance of our approach with regard to multiple affecting factors.","PeriodicalId":29764,"journal":{"name":"ACM Transactions on Internet of Things","volume":null,"pages":null},"PeriodicalIF":3.5000,"publicationDate":"2024-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Authentication, Authorization, Access Control, and Key Exchange in Internet of Things\",\"authors\":\"I. Simsek\",\"doi\":\"10.1145/3643867\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Internet of Things (IoT) is a dynamic network of devices and infrastructure supporting instances composed to platforms being based on cloud/fog and blockchain technologies. Its intervention in more and more sensitive areas requires IoT entities (devices and platform instances) to communicate with each other via secure channels generally established by using cryptographical methods. This needs an authentic key exchange which in turn requires an authentication process. Moreover, it has to be ensured that client entities can access only authorized services provided by authorized server entities. Additionally, requirements specifically introduced by IoT complicate realizing these security goals even more. This paper introduces a novel approach providing authentication, authorization, access control, and key exchange in instance-to-instance, device-to-instance, and device-to-device communications to handle cloud/fog-based and blockchain-based platforms. In contrast to related work, realizations of these security goals are not disjunct processes and are integrated with each other in our approach combining zero-knowledge and identity-based schemes while meeting the IoT security requirements. Thus, it does not require any public data pre-distribution or secret pre-sharing between communicating entities, and no entity has to hold any device-specific or instance-specific data to be used for authentication or authorization. While supporting the autonomous character of IoT, our approach is independent of application and platform types without requiring additional components or procedures. Moreover, it is resistant to active man in the middle attacks and does not include costly cryptographic operations. This paper also demonstrates the high performance of our approach with regard to multiple affecting factors.\",\"PeriodicalId\":29764,\"journal\":{\"name\":\"ACM Transactions on Internet of Things\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.5000,\"publicationDate\":\"2024-02-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Internet of Things\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3643867\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3643867","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

物联网(IoT)是由基于云/雾和区块链技术的平台组成的设备和基础设施支持实例的动态网络。物联网介入越来越多的敏感领域,这就要求物联网实体(设备和平台实例)通过通常使用加密方法建立的安全渠道相互通信。这就需要进行真实的密钥交换,而这反过来又需要一个验证过程。此外,还必须确保客户端实体只能访问授权服务器实体提供的授权服务。此外,物联网特别引入的要求使这些安全目标的实现更加复杂。本文介绍了一种在实例到实例、设备到实例和设备到设备通信中提供身份验证、授权、访问控制和密钥交换的新方法,以处理基于云/雾和区块链的平台。与相关工作不同的是,在我们的方法中,这些安全目标的实现并不是相互割裂的过程,而是相互融合的,它结合了零知识和基于身份的方案,同时满足了物联网的安全要求。因此,它不需要在通信实体之间预先分发任何公共数据或共享任何秘密,也没有任何实体需要持有任何特定于设备或特定于实例的数据来进行身份验证或授权。在支持物联网自主特性的同时,我们的方法独立于应用程序和平台类型,无需额外的组件或程序。此外,它还能抵御主动中间人攻击,并且不包含昂贵的加密操作。本文还展示了我们的方法在多种影响因素方面的高性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Authentication, Authorization, Access Control, and Key Exchange in Internet of Things
The Internet of Things (IoT) is a dynamic network of devices and infrastructure supporting instances composed to platforms being based on cloud/fog and blockchain technologies. Its intervention in more and more sensitive areas requires IoT entities (devices and platform instances) to communicate with each other via secure channels generally established by using cryptographical methods. This needs an authentic key exchange which in turn requires an authentication process. Moreover, it has to be ensured that client entities can access only authorized services provided by authorized server entities. Additionally, requirements specifically introduced by IoT complicate realizing these security goals even more. This paper introduces a novel approach providing authentication, authorization, access control, and key exchange in instance-to-instance, device-to-instance, and device-to-device communications to handle cloud/fog-based and blockchain-based platforms. In contrast to related work, realizations of these security goals are not disjunct processes and are integrated with each other in our approach combining zero-knowledge and identity-based schemes while meeting the IoT security requirements. Thus, it does not require any public data pre-distribution or secret pre-sharing between communicating entities, and no entity has to hold any device-specific or instance-specific data to be used for authentication or authorization. While supporting the autonomous character of IoT, our approach is independent of application and platform types without requiring additional components or procedures. Moreover, it is resistant to active man in the middle attacks and does not include costly cryptographic operations. This paper also demonstrates the high performance of our approach with regard to multiple affecting factors.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
5.20
自引率
3.70%
发文量
0
期刊最新文献
FLAShadow: A Flash-based Shadow Stack for Low-end Embedded Systems CoSense: Deep Learning Augmented Sensing for Coexistence with Networking in Millimeter-Wave Picocells CASPER: Context-Aware IoT Anomaly Detection System for Industrial Robotic Arms Collaborative Video Caching in the Edge Network using Deep Reinforcement Learning ARIoTEDef: Adversarially Robust IoT Early Defense System Based on Self-Evolution against Multi-step Attacks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1