摘要
随着物联网的迅速发展,巨量的嵌入式设备广泛应用于现代生活,安全和隐私成为了物联网发展的重要挑战.物联网设备互联构成集群网络,设备集群证明是验证集群环境内所有设备的可信状态的一种安全技术,也是物联网安全研究需要解决的一个重要问题.传统证明技术主要针对单一证明者的场景,无法满足大规模集群的全局证明需求;而简单扩展的集群证明机制通常难以抵抗合谋攻击,且效率低下.为了解决这些问题,本文提出了一种基于设备分组的高效集群证明方案.该方案将同构设备分组,并于每组设立一个管理节点负责该组的组内节点验证.当进行远程证明时,由于每个管理节点已经预先获悉该组节点可信性状态,所以只需要对全局集群环境内所有管理节点进行验证,从而提高了效率.该方案不仅高效,还具有较高的安全性,能够抵抗合谋攻击等.我们实现的原型系统实验测试结果表明,当同构设备越多,管理节点越少的时候,本文方案的证明效率更高.
With the rapid development of the Internet of Things(IoT), a huge number of embedded devices are widely used in modern life. Security and privacy have become an important challenge in IoT. Interconnected devices in IoT constitute swarm network. The state trust of swarm devices, or swarm attestation is the key issue for the security of IoT.Traditional remote attestation schemes mainly concentrates on single prover scenario and are lack of large-scale device swarm attestation technology. Targeting at the low efficiency and vulnerability to collusion attack in existing device swarm attestation, in this study, we propose an efficient swarm attestation scheme based on devices grouping. This scheme groups homogeneous devices and sets up a management node in each group to verify the rest of nodes in the same group. When the swarm executing the swarm attestation scheme, the remote verifier only need to verify the management node, because each management node has known its own group's trust state. By this way, this scheme improve the efficiency. It also has high security and is able to resist collusion attack. The prototype system experiment results show that the more homogeneous devices and the less management nodes, the efficiency of the proposed scheme is higher.
作者
杜变霞
秦宇
冯伟
初晓博
DU Bian-Xia;QIN Yu;FENG Wei;CHU Xiao-Bo(Trusted Computing and Information Assurance Laboratory,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China)
出处
《计算机系统应用》
2018年第10期22-32,共11页
Computer Systems & Applications
基金
国家自然科学基金(61602455)~~