【作者】 刘文懋；

【导师】 方滨兴；

【作者基本信息】 哈尔滨工业大学 ， 信息安全， 2013， 博士

【摘要】 近年来，随着RFID技术的成熟和移动智能终端的迅猛发展，物联网越来越受到重视，将成为继互联网之后的又一次革命。然而，与传统互联网应用相比，采用RFID设备和智能终端为支撑技术的物联网应用，存在更复杂更严重的安全问题。例如信任机制、隐私保护、可信路由和恶意行为检测，已经成为构建安全可信物联网需解决的关键问题，对其深入分析和研究对于提高物联网基础设施的安全性乃至整个物联网安全体系具有重要意义。本文在总结现有工作的基础上，针对物联网安全的若干关键技术问题进行了深入研究。首先，物联网环境下存在大规模、非集中且异构的服务，应用中各主体间（人与物，物与物，物与设施）的信任是条件的且环境依赖的。针对不同应用中多种主体之间的复杂信任关系，本文提出了一个通用的层次化物联网信任架构，为建立可信的物联网应用提供了基础理论和技术支持。在感知层和接入层，针对其动态性的特点，设计基于证据理论的事件推导规则，并改善了Dempster冲突，通过推导异常路由事件有效评估中继设施的路由信任；对于终端节点交互时的信任，使用缓存前次交互摘要的机制来检测终端设施恶意行为，解决了事件监听受RFID短距通信距离限制的缺点；并针对应用层机构稳定的特征，采用集中式的信誉机制维护机构信任。分层设计有效地隔离了异构环境下的信任差异，同时通过层间的信任流交互实现系统的信任快速收敛：对阅读器的动态授权需参考其所在机构的信誉，而底层阅读器的授权信任和路由信任向上层汇聚，反馈到机构信誉。接着，针对物联网中的物体定位应用，本文设计了一种通用的查询框架，可支持任意类型物体的精确和模糊位置查询；又针对现有位置服务难以抵御攻击者使用多身份持续查询的弱点，提出了一种基于匿名树和框结构的位置隐私保护机制，为面向智能终端的服务提供了位置隐私保护。在物理层使用多点协作定位计算物体的相对位置，从而确定最小匿名区域；在网络层上生成和维护匿名树拓扑结构，为多匿名组提供存储管理支持；在应用层中物体根据查询者的身份确定对应匿名度，使用框结构构造并返回与现有匿名组一致的新匿名组，可防止持续多精度查询攻击。与现有方法相比，基于匿名树的方法中匿名组的公共子集合更大，建组的时间开销更小。物联网的感知环境较为复杂，感知节点的所属机构、服务需求和可信度存在差异，本文提出一种基于团的路由方法，在保证数据路由的可信安全同时，维持路由协议的高效可靠。通过构造团结构，缩短路由的逻辑路径，减少因中继节点策略不兼容造成的路由失效，同时降低路由时间开销。最后，我们分析了一种恶意机构在动态感知环境中获得局部优势的攻击场景，并提出了一种节点协作的动态博弈方法，防止局部占优的恶意行为。首先将多个报告节点合并成一个博弈方，与检测节点建立两方动态博弈；然后在恶意节点占优的环境中，检测节点进行协作，通过报告节点的机构信誉值推测未知节点状态；使用高信任度的参考报告进行修正，降低了恶意节点在整体报告和节点合并中的权重，最后达到贝叶斯均衡。机构协作博弈可明显提高检测节点的事件监测成功率，大幅降低伪造报告数量。更多还原

【Abstract】 With maturation of the RFID technology and fast growth of smart terminals,Internet of Things is gaining more and more attention and is probably becominganother industrial revolution after the Internet. However, applications using RFIDdevices or smart terminals face more and severer security issues compared to thetraditional Internet applications: entity trust, privacy protection, securing routingand intrusion detection, for instance, which are the key problems when building asecure and trustworthy IoT environment. Analyses and researches of these keyissues is of important significance for reinforcing the infrastructures and the wholeIoT system. Based on the existing works and ideas, this dissertation conducts furtherresearches aiming to find effective and efficient solutions to the critical issues.First of all, there are distributed and decentralized services in the IoTenvironments, trust of entities(human-human, object-object and object-infrastructure)is conditional and environment-dependent. We build a general hierarchical IoT trustmodel for theoretical and practical support. Event deduction is employed in theaccess and sensing layers, the improved D-S deduction detects abnormal routingevents efficiently while a VICD schema is designed to detect terminal node trust andovercomes the RFID short range limitation. In the organization layer, a centralizedschema is employed to maintain organization reputation. The organizationreputation is calculated by node trust feedback, the layered design seperates trustheterogeneity of different entities, meanwhile the trust flow interacts between layers:node authorization refers to the organization reputation, and the authorization trustand routing trust converges upwards to the organization reputation.Secondly, in the object locating applications, we design a location update andquery architecture supporting precise and fuzzy queries for all kinds of objects, thenwe propose a tree and frame based location privacy protection schema, whichprevents possible multi-precision continuous attacks. An improved trilaterationmethod is used to identify objects’ relative locations on the physical layer, ananonymity-tree is maintained for topology stability and query efciency on thenetwork layer and a frame based group building approach is proposed to maximizeconsistency of existing anonymity groups. The proposed approach generates largercommon subset of built anonymity groups and protects location privacy efficiently.Thirdly, the belonging organizations, service required and trust of sensingnodes are heterogeneous since the IoT environment is complicated. We propose aclique-based routing approach, which guarantees the routing control security,meanwhile improves routing efficiency and reliability. Routing failure caused by incompatible strategy is reduced by constructing clique structure and shortening thelogical path.Finally, we introduce an possible attack scenario in which maliciousorganizations deploy numerous RFID readers in a partial region. We frst combinethe report nodes together and form a two-player dynamic game with a detectingnode in a regular network, then we propose an improved cooperative game in theattacker dominated network where detecting nodes cooperate to evaluate trust of anunknown node by its organization reputation, the node’s prior trust and nodecombination are updated according to a trustworthy reference report, thereforemalicious node weights are reduced meanwhile a new Bayes equilibrium is achieved.The cooperative game improves successful deduction rate and decreases forgedreports signifcantly.更多还原