高级检索
    马 骏, 郭渊博, 马建峰, 熊金波, 张 涛. 物联网感知层一种分层访问控制方案[J]. 计算机研究与发展, 2013, 50(6): 1267-1275.
    引用本文: 马 骏, 郭渊博, 马建峰, 熊金波, 张 涛. 物联网感知层一种分层访问控制方案[J]. 计算机研究与发展, 2013, 50(6): 1267-1275.
    Ma Jun, Guo Yuanbo, Ma Jianfeng, Xiong Jinbo, Zhang Tao. A Hierarchical Access Control Scheme for Perceptual Layer of IoT[J]. Journal of Computer Research and Development, 2013, 50(6): 1267-1275.
    Citation: Ma Jun, Guo Yuanbo, Ma Jianfeng, Xiong Jinbo, Zhang Tao. A Hierarchical Access Control Scheme for Perceptual Layer of IoT[J]. Journal of Computer Research and Development, 2013, 50(6): 1267-1275.

    物联网感知层一种分层访问控制方案

    A Hierarchical Access Control Scheme for Perceptual Layer of IoT

    • 摘要: 在物联网感知层中,用于信息采集的感知层节点需要根据隐私、安全或定制消费等需要,按不同级别提供授权用户的数据访问,这导致传统的访问控制方案无法满足用户安全高效的按需访问需求.为此,提出了一种分层访问控制方案.将同安全级别感知节点划分为一个层次节点,由层次节点之间形成的偏序关系构成一个分层的访问控制模型.本方案的优势体现在:每个用户和分层节点仅存储单个密钥材料,通过密钥推导获得访问当前及下层所有资源的密钥值,减少存储开销的同时提高了系统的安全强度;支持层次节点的动态扩展及密钥材料的动态更新;满足标准模型下的可证明安全及其他扩展安全.分析表明,方案能很好地满足物联网感知层的访问控制需求.

       

      Abstract: The perceptual layer is at the most front-end of information collection, which plays a fundamental role in the Internet of Things (IoT). In the perceptual layer, mass perceptual nodes are required to sense a vast range of different data types for authorized users in accordance with privacy, security, and customization. This leads to the problem that traditional access control schemes (IBAC, RBAC etc.) fail to meet the requirements of users who want secure and efficient access resources on-demand. In this paper, a hierarchical access control scheme for perceptual layer of the IoT is presented. In the scheme, every hierarchical node, representing a class in the access hierarchy, is composed of perceptual nodes which provide information with the same levels of security. More hierarchical nodes can be modeled as a set of partially ordered classes. Besides, the scheme considers the limited computational and storage capacity of mass perceptual nodes. Compared with previous proposals, the scheme has the following advantages: Every user and perceptual node possesses a single key material to get some keys by a deterministic key derivation algorithm, and obtains the resources at the presented class and all descendant classes in the hierarchy. This increases the security of hierarchical node and reduces much storage costs. Due to supporting full-dynamic changes to the access hierarchy and replacement of key material, the presented scheme not only provides security of hierarchical data access, but also efficiently reduces much communication cost greatly. Furthermore, the scheme is provably secure without random oracle model and meets other security features. Further analysis show that our scheme adapts to access control requirement of perceptive layer of the IoT.

       

    /

    返回文章
    返回