Research On Key Technologies Of Control Security In The Internet Of Things

Nowadays, the Internet of Things (IoT) has become one of most hot issues in the world. IoT actually stands on the intersection of a variety of sciences and technologies, which non-doubtfully drawn a great attention from experts of both academic R&D and industrial application. IoT was also regarded as one of the most advanced technology in the21century to change the world. With the developments of technology, people tend to combine IoT with control systems efficiently so that it can be used in a variety of industries such as manufacturing, aerospace, rail transportation, health care, military, disaster emergency response and etc.Each coin has its two sides, so does IoT. While enjoying the benefits from IoT, people are becoming more and more concerned about its security. In the past, it was a closed and dedicated framework that was applied in control systems. When combining with IoT, however, the control system was challenged with an exposure to open environments rather than previous closed circumstance. For instance, Industrial Ethernet and real-time Ethernet may be linked with a remote internet in the control loop. The exposure risks become very high thanks to the hacker’s attack becomes easier in an open environment.Now that the traditional IT security technology can not be directly applied in IoT environment, here come the critical questions:How to protect the vast infrastructures and secure the strategic resources, How to reduce the exposure risks and the relevant impacts from IoT. Such issues must be highly addressed before IoT was widely used.The prevailing studies on IoT security issue mainly focused on two elements: system protection and privacy protection. The former protects the control system from being attacked. The latter protects user’s information from being attacked. For system protection, some traditional security technologies remain valuable with its attributes such as integrity, availability, confidentiality and etc. However, when control system was combined with IoT, not only the control system itself but also the target we want to control in IoT should be protected. That means a broad demand of control security became necessary.Based on above concepts, this article concentrates on the key technologies of control system under IoT’s environment. Considering the control security under IoT environment is a broad complex, any well-done existing technology might not be in perfect compliance with the IoT complexity. In another words, it is impractical to protect IoT from all possible types of attacks (includes unknown types of attacks). The effective defense measure is to set up reasonable security principles to avoid the system to be vulnerable. Prior to the specific study, let’s highlight the basic security principles as follows:1) comprehensive precaution principle,2) appropriate precaution principle,3) heterogeneous redundancy principle,4) moderate decentralization principle,5) loop truncation principle and6) the worst-scenario assumption principle.To study the key technologies of control security in IoT environment, a systematic troubleshooting is necessary. With a big picture well understood in mind as a whole, we can enter into the specific studies one by one. Starting from this logic, the paper firstly studies the universal control system security model of IoT’s environment. Based on this model, this paper studies the key technologies of control security in four aspects:source security, transmission security, algorithm security and system security. The innovative outcomes are as follows:(1) Sets up a universal control system security model "S-IoTC" in IoT’s environment to provide a strong fundamental theory support to security research of industrial control system. By analyzing the characters of IoT industrial control, we proposed the standard architecture for IoT industrial control. On the basis of the standard architecture, and from the aspect of the controlled system security, we analyzed the destructive factors in control system under IoT environment, formalized the process, and finally proposed the universal IoT control system model "IoTC" and the universal IoT control system security model "S-IoTC". Elaborations were made for "S-IoTC" contents, its typical implement process and algorithm.(2) Proposes the data source rejection method based on enhanced mutual authentication mechanism to effectively ensure data source security in the environment of IoT. Regarding to mutual authentication mechanism of the IoT control system, this article analyzed the shortages when the existing challenge-response Based RFID(Radio Frequency IDentification) authentication protocol under the special environment of IoT’s control system. With the improvement measures, we also gave a suitable mutual authentication mechanism for the control system of the IoT. The mechanism can be used either between device-to-device or between device-to-the device which was passively controlled. The article demonstrated the identification process, made the formal definition for authentication model, and made a mathematic description for the scenario of authentication process. In addition, the paper stretched its authentication scope to ensure system security by penetrating location information identification and control command contents recognition. As a case study based on the mutual authentication mechanism in this article, we worked out three solutions for Stuxnet virus prevention, verifying the validity of the proposed authentication mechanism.(3) Proposes a multi-level detection and early warning model based on the node response time for bandwidth consumption attack. The model can find the attacked node quickly and further effectively forecast data transmission situation of IoT. We studied the multi-level detection warning model for bandwidth consumption attack against transmission security issues in WSN. First of all, according to the node response time changes before and after the attack, the article raised a bandwidth consumption attack detection algorithm based on node response time to detect the node which was attacked by the bandwidth consumption. Secondly, guiding by the detection algorithm, we set up the analysis model for early warning and monitoring bandwidth consumption attacks. The relevant simulation was examined under the existing experimental environment, showing that the early warning detection model can efficiently detect bandwidth consumption attack and give the alarm information in time. Finally, the paper recommended one-on-one measures against the different alarm levels to reduce the impact caused by the attack.(4) Proposes a high-valence voting algorithm for IoT’s control system. Regarding to the algorithm security, we studied the algorithm redundancy design method for industrial control under IoT’s environment, highlighted the importance of the heterogeneous redundancy in algorithm level, and finally improved the majority-voting algorithm. An experiment was conducted to test the improved algorithm security. By comparing the improved voting algorithm to the standard majority-voting algorithm and the median-voting algorithm, the experiment showed that the improved voting algorithm has a better performance in both correction rate and output efficiency. Besides, the paper extended the improved voting algorithm to the high-valence voting algorithm of secondary heterogeneous voting. Such high-valence voting algorithm can further improve the correction rate of the voting results. Theoretically, it will provide the basis for the design of fault-tolerant arbitration module in the future. As case study, this paper applied the redundant design idea to work out the solution for Wenzhou Express Railway Collision Accident and Air France Flight Crash.(5) Proposes the security guarantee mechanism for complex system based on simulation. Regarding to system security, the paper studied the complex system simulation and the real-time assessment methods, and finally proposed the security guarantee mechanism under complex system based on simulation. The assessment process includes the status acquisition for both the actual system and the simulation system, the real-time evaluation for target status information, the assessment output determination, synchronization the simulation system and so on. For the real-time evaluation process, a dissimilarity coefficient measurement method was proposed to upgrade the original mature metric method. For the assessment output determination, two methods were discussed. One is to set a safety threshold, the other is to determine the security level of the assessment result. The synchronization importance was highlighted with the hope of preventing bias or error accumulation during the simulation process.In summary, from the perspective of control security in IoT’s environment, the paper studied five key technologies for control security in IoT’s environment. The innovative outcomes include:sets up a universal control system security model S-IOTC in IoT’s environment; proposes the data source rejection method based on mutual authentication mechanism; proposes a multi-level detection and early warning model based on the node response time in bandwidth consumption attack; proposes the high-valence voting algorithm for IoT’s control system; and proposes the security guarantee mechanism for complex system based on simulation. Those study outcomes can be used in the solutions of Stuxnet virus, Wenzhou Express Railway Collision Accident and Air France Flight Crash, proving the research has good performance in feasibility. In all, the research outcomes of this paper are highly valued theoretically and practically in both the field of scientific research and industrial engineering.