確保在受限閘道下的物聯網系統安全

Abstract

物聯網服務必須提供相關的安全機制，以避免服務受到非法的使用。然而在某些情形下，物聯網系統中的閘道是資源有限的設備以至於缺少足夠的資源，例如計算能力以及記憶體，來執行完整的認證流程。因此，常用的傳輸層安全協議(Transport Layer Security)無法完全適用於物聯網系統以確保其安全性。 此外，因為閘道資源受限，它並無法頻繁的更新以修補有漏洞的軟體，因此有可能遭受來自互聯網上的阻斷服務攻擊(DOS)。因此，必須要有一個保護機制來去阻擋這樣的攻擊。 我們的研究將著重在為資源受限閘道的物聯網系統提供其適用的安全機制。為了解決這樣的問題，我們在oneM2M標準中所定義的安全框架上設計了一個安全機制。同時，我們也設計了一個保護機制抵禦惡意使用者的攻擊以及非法閘道對於系統的存取。並將這個機制實作於OM2M的物聯網平台中，並針對資源成本以及效能方面進行評估。

The IoT/M2M service must provide security mechanisms to avoid illegal usage of the service. However, in some situation the gateways involved in the IoT/M2M systems are resource-constrained, and they do not have sufficient resources, such as computing power and memory, to perform full authentication procedure. Hence, the commonly used Transport Layer Security (TLS) protocol cannot be readily applicable to ensure the security of the IoT/M2M systems. Besides, because the gateway is resource-constrained and cannot be updated frequently to fix the vulnerability of the software, it may suffer the denial-of-service (DOS) attack from the Internet. Hence, there must be a protection mechanism to against the attack. Our research focuses on providing IoT/M2M system security under the limitation of constrained gateways. We design a security mechanism on top of the security framework defined in the oneM2M standard to address this problem. We also design a protection mechanism to defend the attack of the malicious users and to reject the access of the illegal gateways to our system. Furthermore, we implement this mechanism on the OM2M platform and evaluate it in terms of cost and performance.