期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向物联网的基于上下文和权能的访问控制架构 被引量:7

A Context-Aware Capability-Based Access Control Framework for the Internet of Things
原文传递
导出
摘要 针对物联网(Internet of Things,IoT)的安全和隐私问题,以及传统的访问控制方法不适应于IoT环境的现状,提出了一种分布式的基于上下文和权能的访问控制架构.该架构的授权决策过程由嵌入到设备中的授权决策模块PDP来实现,以达到分布式的授权目标;特别是权能令牌的特殊构造,不仅可方便实现基于设备上下文的访问控制,而且利用椭圆曲线密码体制来实现端到端的认证、完整性和不可抵赖性;消息传输机制采用更适合于物联网的受限应用协议CoAP(Constrained Application Protocol).实验结果表明,该架构是可行的. Because of the security and privacy problem of the Internet of Things (IoT), and the status of the traditional access control approaches not adapted to IoT environment, we proposed a distributed context-aware capabilitybased access control framework for IoT in this paper. In our proposed framework, devices themselves can make au- thorization decisions. Specifically, a capability token has been designed for CoAP (Constrained Application Protocol) resources, which is signed with the Elliptic Curve Cryptography(ECC) in order to carry out the access control based on devices local parameters and ensure end-to-end authentication, integrity and non-repudiation. We build the transport protocol upon the IETF CoAP which is specifically designed for constrained devices. In the end, the experiment results demonstrate the feasibility of the proposed framework.
作者 沈海波 刘少波
机构地区 广东第二师范学院计算机科学系 广东第二师范学院教育技术中心
出处 《武汉大学学报(理学版)》 CAS CSCD 北大核心 2014年第5期424-428,共5页 Journal of Wuhan University:Natural Science Edition
基金 国家自然科学基金资助项目(62370186)
关键词 物联网 基于权能的访问控制 上下文感知 椭圆曲线密码体制 受限应用协议 Internet of Things (IoT) capability-based access control context-aware elliptic curve cryptography (ECC) constrained application protocol (CoAP)
分类号 TP309.2 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1Roman R,Zhou J,Lopez J.On the features and challenges of security and privacy in distributed Internet of Things[J].Computer Networks,2013,57(10):2266-2279.
  • 2Mahalle P N,Anggorojati B,Prasad N R,et al.Identity establishment and capability based access control(iecac)scheme for Internet of Things[C]//Proceedings of the 15th International Symposium on Wireless Personal Multimedia Communication.New York:IEEE,2012:187-191.
  • 3Liu J,Xiao Y,Chen C L P.Authentication and access control in the Internet of Things[C]//Proceedings of the 32nd International Conference on Distributed Computing Systems Workshops.New York:IEEE,2012:588-592.
  • 4Gusmeroli S,Piccione S,Rotondi D.A capabilitybased security approach to manage access control in the Internet of Things[J].Mathematical and Computer Modelling,2013,58(5-6):1189-1205.
  • 5Hernandez-Ramos J L,Jara A J,Marin L,et al.Distributed capability-based access control for the Internet of Things[J].Journal of Internet Services and Information Secuity(JISIS),2013,3(3-4):1-16.
  • 6Seitz L,Selander G,Gehrmann C.Authorization framework for the Internet-of-Things[C]//Proceedings of the 14th IEEE International Symposium and Workshops on a World of Wireless,Mobile and Multimedia Networks.New York:IEEE,2013:1-6.
  • 7汪朝晖,陈建华,涂航,李莉.素域上椭圆曲线密码的高效实现[J].武汉大学学报(理学版),2004,50(3):335-338. 被引量:13
  • 8Shelby Z,Hartke K,Bormann C.Constrained Application Protocol(CoAP),IETF Internet-draft[EB/OL].[2014-02-15].http://tools.ietf.org/html/draft-ietf-core-coap-06.
  • 9Jones M,Bradley J,Sakimura N.JSON Web Token(JWT).IETF Internet-draft[EB/OL].[2014-02-20].http://tools.ietf.org/html/draft-ietf-oauthjson-web-token-19.
  • 10Li S,Hoebeke J,Van den Abeele F,et al.Conditional observe in CoAP.IETF Internet-draft[EB/OL].[2014-03-20].http://tools.ietf.org/html/draft-licore-conditional-observe-04.

二级参考文献8

  • 1Koblitz N. Elliptic Curve Cryptosystems[J]. Mathematics of Computation,1987,48:203-209.
  • 2Miller V. Uses of Elliptic Curves in Cryptography[A]. Advances in Cryptology-Crypto'85, LNCS218[C]. New York:Springer-Verlag, 1986, 417- 426.
  • 3Gordon D. A Survey of Fast Exponentiation Methods[J]. Journal of Algorithms, 1998,27:129-146.
  • 4Lim C, Lee P. More Flexible Exponentiation with Precomputation[A]. Advances in Cryptology-Crypto'94, LNCS839[C]. New York:Springer-Verlag, 1994, 95-107.
  • 5ElGamal T. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms[J]. IEEE Transactions on Information Theory, 1985,31:469-472.
  • 6National Institute of Standards and Technology. Digital Signature Standard[S]. FIPS Publication 186,1993.
  • 7Johnson D, Menezes A. The Elliptic Curve Digital Signature Algorithm (ECDSA)[R]. Waterloo:Dept. of C&O, University of Waterloo, 1999.
  • 8Nyberg K, Rueppel R A. A New Signature Scheme Based on the DSA Giving Message Recovery[A]. 1st ACM Conf. on Computer and Communication Security[C].New York:ACM Press, 1993.

共引文献12

同被引文献26

引证文献7

二级引证文献70

武汉大学学报(理学版)
2014年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部