Research On The Security Of Service Oriented Network Of Internet Of Things

Represented by EPCglobal network, the Internet of Things(IoT) provides conveniencefor tracking and tracing products in supply chains. Through EPC information service，productinformation sharing in IoT makes people’s life more and more convenient. A service orientedarchitecture enables the information sharing to have a loose coupling, which is moreadaptable to the current Internet of things application requirements.The information shared inIoT is composed of commodity information and business behavior. This kind of information isvery sensitive, requiring a high degree of privacy for security.Based on service oriented EPCglobal network, this paper introduce WS-Securityarchitecture into IoT，realizing the EPCglobal network communication security and privacyprotection in the process of information sharing，through the mature Web services securitymechanism. This WS-Security based model gives a framework for further research of Internetof things in authentication and authorization mechanism of IoT.Single sign-on authentication mechanism is commonly used in a service-orientedenvironment. Based on analysis of the existing SAML SSO model and different trust types inauthentication in WS-Federation, this paper puts forward a SAML token basedWS-Federation cross-domain authentication model and analyzes the generation and crossdomain use of SAML assertion in different authentication models.Aiming at solving theproblem of SAML token validity, this paper proposes a adaptive algorithm based on dynamiccycle, showing how to decide SAML token cache cycles.Users simply own the legal identity to access information service after beingauthenticated. Facing different EPC information service requesters, EPC service provider willrestrict user access requests. Traditional access control for user’s access request can only resultin "yes or no". In the EPC application environment, EPC information server is supposed to beable to achieve fine-grained access control, protecting privacy of EPC information. This paper proposes an access control mechanism based on business relationship, which uses businessrelations for EPC attribute dynamic classification. The access control process is given with anexample. The result shows that this model can accomplish a fine grained access control.