摘要
随着智能联网设备的普及,其安全问题日益凸显.目前,智能联网设备与局域网内的控制器之间的通信过程普遍存在身份认证风险,使得攻击者可以冒充控制器,控制智能联网设备执行恶意指令,对智能联网设备的安全性构成了严重的威胁.提出了一种智能联网设备的身份认证脆弱性识别方法,并以2家厂商的智能联网设备为例,对其存在的身份认证脆弱性进行了识别.进一步地,还提出了一种简单的身份认证方法,用以有效规避目前智能联网设备存在的身份认证风险.
With the popularity of intelligent networking device (IND), its security issues have become increasingly prominent. Currently, there is an identity authentication risk between IND and its controller in LANs in general. Attackers can irupersonate a controller and control IND to execute malicious instructions, which poses a serious threat to the security of IND. In this paper, we propose a recognition method for identity authentication vulnerabilities of IND. Taking the INDs of two vendors as examples, we recognize their identity authentication vulnerabilities with this method. Furthermore, a simple identity authentication method is proposed to protect IND from identity authentication risk effectively.
作者
周荆
李青山
陈钟
Zhou Jing;Li Qingshan;and Chen Zhong(Key Laboratory of Network and So free,are Security Assurance(Peking University),Ministry of Education,Beij ing 100871)
出处
《信息安全研究》
2018年第10期881-888,共8页
Journal of Information Security Research
关键词
智能联网设备
局域网控制器
身份认证
脆弱性识别
认证方法
intelligent networking devices
controller in LANs
identity authentication
vulnerabilityidentification
authentication method
