Research On Hierarchical Access Control For Perceptual Layer Of IoT

With the continuous development of communication, internet and chip technology, the Internet of things (Abbr. IoT) has become a new strategic high ground of economic and technological development in the world. It is an information technology revolution following computer, mobile communication and Internet. IoT refers to a network of real-world objects linked by the Internet that connects each other through on-line services. It connects all the objects through kinds of sensing devices according to the agreed protocol, and enables the exchanges of information and communication to realize the intelligent identification, positioning, tracking and monitoring. As the "nerve" of IoT and the fundamental role in the internet of things, the perceptual layer is at the most front-end of information collection, which plays. Perception means access to information, which is a process to collect data for user to access, using RFID, Bluetooth, infrared and other sensors, and transfer data with wireless sensor networks. However, effective access control to mass perceptual nodes and vast range data of different types in perceptual networks is a particularly difficult task due to the limited power, computation capability and storage resource of perceptual nodes, which has received widespread attention from academic and industry.In this dissertation, we have completely and systematically studied characteristics of perceptual layer node and requirements of access control, and further researched on hierarchical access control for perceptual layer of IoT. Followings are the innovations and research findings:1. Previous hierarchical access control schemes have been studied, and divided into two categories:node-based hierarchical access control schemes (NHACS) and hierarchical access control schemes based on directed edge (DEHACS). From a performance-based perspective, NHACS and DEHACS are evaluated from key storage of node, massive public information, scalability of these schemes, and key storage of each user in a time sequence. Furthermore, in terms of security, NHACS and DEHACS are analyzed from key recovery and key indistinguishability. By comparing the advantages of the two kinds of schemes, and the analysis of characteristics of perceptual layer node, we proposed Hierarchical access control mechanism for perceptual layer of IoT.2. An access Control mechanism based on node hierarchies for perceptual layer is studied. According to the huge number, resource-constraints with respect to computational and storage ability of perceptual layer nodes, and requirements of user access the node information, a basic hierarchical access control scheme (b-HACS) is firstly proposed. However, b-HACS scheme may still has a potentially security risk for achieving stronger notions of security because the key associated with a class of hierarchy node is used to obtain access to objects, also is used for key derivation. For this, a security-enhanced hierarchical access control scheme called es-HACS is proposed. Compared with previous proposals, the two schemes has the following advantages:Every user and perceptual node possesses a single key or key material to get some keys by a deterministic key derivation algorithm, and obtains the resources at the presented class and all descendant classes in the hierarchy. This increases the security of hierarchical node and reduces much storage costs. Due to supporting full-dynamic changes to the access hierarchy and replacement of key material, the presented scheme not only provides security of hierarchical data access, but also efficiently reduces much communication cost. And then these schemes are provably secure without random oracle model and meet other security features. Additionally, to increase efficiency of key derivation time, a key derivation scheme based on tree centroid decomposition is proposed, which makes key derivation time decrease form O(logn) to O(loglogn).3. An access control mechanism based on resource hierarchies for perceptual layer is studied. According to the requirement of multiple user access to vast amounts of data resource collected by the perceptual layer node, a multi-user access control model is presented based on resources hierarchies. Moreover, in the access control mode, the paper firstly proposed multi-user hierarchy node’s key derivation scheme based on Merkle hash tree. The scheme of Merkle hash tree is used to guarantee secure and efficient multi-user key derivation by independent of each hash link. Secondly, an access control scheme based resource hierarchies for perceptual layer is presented, which makes every user and hierarchy node possesses a single key material to get some keys, and obtains the resources at the presented class and all descendant classes in the hierarchy. Meanwhile, the number of keys and public information in perceptual layer network maintained at a constant level. Finally, we propose two different constructions for time-based hierarchical access control schemes:TLPOS and TCDS. From the perspective of key derivation time optimization, TLPOS scheme makes less public information than previous proposals in same level key derivation. And TCDS scheme is more efficiency than other schemes in key derivation time, and makes less public information.4. A provable security scheme for private key protection of hierarchy node is presented for perceptual layer network of IoT. In the scheme, an improved security mechanism is incorporated, which includes password protection, key division and partial key retrieval from server of strong computing capability in order to protect private key security. Compared with previous proposals, our scheme has the following advantages:it reduces computation amount and storage of hierarchy node, and simplifies parameter setting for interaction processes. It takes time synchronization between hierarchy node and server into account. The latter characteristic not only provides better protection of scheme from replay attacks, but also offers a highly efficient mechanism of user private key disabling; it also avoids complex operation of user and extra storage of other device. Our investigation has indicated that improved private key protection to hierarchy node can be well achieved with this scheme. The scheme has also been proved to provide satisfactory security in the random oracle model.