高级检索
    刘奇旭, 靳泽, 陈灿华, 高新博, 郑宁军, 方仪伟, 冯云. 物联网访问控制安全性综述[J]. 计算机研究与发展, 2022, 59(10): 2190-2211. DOI: 10.7544/issn1000-1239.20220510
    引用本文: 刘奇旭, 靳泽, 陈灿华, 高新博, 郑宁军, 方仪伟, 冯云. 物联网访问控制安全性综述[J]. 计算机研究与发展, 2022, 59(10): 2190-2211. DOI: 10.7544/issn1000-1239.20220510
    Liu Qixu, Jin Ze, Chen Canhua, Gao Xinbo, Zheng Ningjun, Fang Yiwei, Feng Yun. Survey on Internet of Things Access Control Security[J]. Journal of Computer Research and Development, 2022, 59(10): 2190-2211. DOI: 10.7544/issn1000-1239.20220510
    Citation: Liu Qixu, Jin Ze, Chen Canhua, Gao Xinbo, Zheng Ningjun, Fang Yiwei, Feng Yun. Survey on Internet of Things Access Control Security[J]. Journal of Computer Research and Development, 2022, 59(10): 2190-2211. DOI: 10.7544/issn1000-1239.20220510

    物联网访问控制安全性综述

    Survey on Internet of Things Access Control Security

    • 摘要: 近年来物联网安全事件频发,物联网访问控制作为重要的安全机制发挥着举足轻重的作用.但物联网与互联网存在诸多差异,无法直接应用互联网访问控制.现有的物联网访问控制方案并未重视其中的安全性问题,物联网访问控制一旦被打破,将造成隐私数据泄露、权限滥用等严重后果,亟需对物联网访问控制的安全性问题与解决方案进行综合研究.根据物联网架构复杂、设备多样且存储与计算性能较低的特性,梳理了物联网访问控制中的保护面和信任关系,形成信任链,并论述了信任链中的风险传递规律.围绕保护面和信任链,从感知层、网络层、应用层分别综述了现有的访问控制攻击面,分析了存在的安全风险.针对安全风险提出了应有的访问控制安全性要求,包括机制完善、应对攻击面、多级认证与授权、结合具体场景,基于这4个要求总结了现有的安全性解决方案和针对性的访问控制框架.最后讨论了物联网访问控制设计中所面临的挑战,指出了深入研究物联网云平台访问控制、物联网云对接标准化、引入零信任理念3个未来的研究方向.

       

      Abstract: In recent years, Internet of things (IoT) security incidents have occurred frequently. As an important security mechanism, IoT access control plays an important role. However, the existing Internet access control policies cannot be directly applied to the IoT scenarios because of the differences between IoT and Internet. At present, the IoT access control schemes have not paid attention to the security issues. Once the IoT access control is broken, it will cause serious consequences such as privacy data leakage and authority abuse. Thus, it is urgent to comprehensively study the security issues and solutions for access control of IoT. According to the complex architecture, the variety of devices, low storage and computing performance of IoT, the protection surface and trust relationship in IoT access control is combed, the trust chain is built and the risk transmission law in the trust chain is discussed. Around the protection surface and trust chain, we summarize the existing access control attack surface from the perception layer, network layer, and application layer, and analyze the existing security risks. In view of these security risks, we present the necessary access control security demand, including mechanism improvement, attack surface answer, multilevel authentication and authorization, and the combination with specific scenarios. Based on the requirements, the existing security solutions and targeted access control framework are summarized. Finally, we discuss the challenges faced in IoT access control and point out the future research direction that consists of an in-depth study on access control of the cloud platform of IoT, IoT cloud docking standardization, and the introduction of zero trust concept.

       

    /

    返回文章
    返回