摘要
电力物联网数据涉及广泛,LwM2M协议受限于电力设备本身和安全层的设计,安全能力无法满足双向通信请求的安全需求,存在数据泄露的风险。文中引入零信任中软件定义边界的理念,提出将软件定义边界和LwM2M协议结合成新的安全架构,通过单包授权机制对访问实体进行身份认证,通过网关和控制器从主体、对象、环境、行为、操作五个维度对访问实体进行信任持续评估,并对其访问权限进行动态调整,从而实现设备和服务器之间的安全通信。实验结果证明,提出的安全架构能够通过控制器和网关对请求方进行数据包分析并作出响应,提高了电力物联网在该协议下电力设备和边缘服务器双向通信的安全性。
The data of the power Internet of Things covers a wide range.The LwM2M protocol is limited by the design of the power equipment itself and the security layer,so its security capability cannot meet the security requirements of two⁃way communication requests,and there is a risk of data leakage.In this paper,the concept of software definition perimeter in zero trust is introduced,and a new security architecture combining software definition perimeter with LwM2M protocol is proposed.The identity authentication of the access entity is performed by means of a single package authorization mechanism.The gateways and controllers is utilized to carry out trust evaluation for access entity continuously in the five dimensions of subject,object,environment,behavior and operation,and adjust its access permissions dynamically,so as to realize the safe communication between the device and the server.The experimental results show that the proposed security architecture can achieve data package analysis and respond to the requester by the controller and gateway to improve the security of two⁃way communication between power equipment and edge server under the power IoT protocol.
作者
罗威
蒋政
王宝海
王斌
顾辉
LUO Wei;JIANG Zheng;WANG Baohai;WANG Bin;GU Hui(Nanjing Nari Information&Communication Technology Co.,Ltd.,Nanjing 210008,China)
出处
《现代电子技术》
2023年第13期78-84,共7页
Modern Electronics Technique
关键词
电力物联网
软件定义边界
身份认证
双向通信
信任评估
权限调整
安全通信
数据包分析
power IoT
software⁃defined perimeter
identity authentication
two⁃way communication
trust assessment
permission adjustment
secure communication
data package analysis