| M2M(Machine to Machine)is a major application mode of the Internet of Things system,and it is also the common application form of the Internet of Things.China is fully expanding the overall Internet of Things industry scale,setting up public M2M network connection comprehensively and widely at present.The era of interconnection is accelerating,and the importance of M2M network security is also increasing.M2M terminal equipments are widely distributed,lacking of physical protection,limiting of computing,energy and bandwidth resources and because of these features,a secure and efficient security system for M2M communication network systems is badly required.In recent years,a variety of security access schemes for M2M communication network were proposed,but these schemes were not perfect,some of which lacked of rigorous security model,some of which even had significant flaws,and efficiency of some schemes was low.In this paper,in order to establish an effective security system in the M2M communication network,the trusted computing system and the M2M communication network is combined.Firstly,how to construct a trusted platform in M2M terminal equipment by using the concept of trusted root and trusted chain is described.It provides the basis for solving the problems such as identity authentication,remote platform trusted certification and integrity verification in M2M network.With the truested platform as the starting point,the truested remote access scheme of M2M terminal equipment and the whole architecture of truested security model for M2M communication network is proposed.With this security architecture,an effective security system can be established in the M2M communication network to ensure the authentication between the network and the device,which can preventing the access of the illegal terminal equipments,preventing legal terminal equipments from being cheated.In addition,a direct anonymous attestation scheme UC-DAA in single trust domain for M2M communication network under the Universally Composable Security Framework(UC Security Framework)is proposed.The design of the scheme takes full account of the characteristics of the M2M system and is applicable to the proposed trusted security architecture for the M2M communication network.The Batch and other technologies are used to reduce the amount of calculation of the terminal equipment under the premise of ensuring the security.Besides,the operation and security are taken into account,insensitive operation is transferred to servers to further reduce the amount of calculation of the terminal equipments.A detailed comparison between length of the certificate and amount of caclulation of UC-DAA and the mainstream DAA schemes is given,demonstrating the advantages of UC-DAA in terms of efficiency and these advantages are verified through the experiment.In security,the security flaws of some DAA schemes are pointed out and repaired,and the security of the proposed DAA scheme is proved under the UC security framework with random oracle model.Considering that the data collected by the M2M terminal device is sensitive and the existing DAA schemes can not provide the verification for the identity of the verifier,a mutual authentication is introduced into the DAA scheme so that the terminal device can also authenticate the identity of the network access gateway and thus,sensitive data will not be achieved by adversary.Finally,in order to solve the problem of crossing domain M2M authentication,a crossing trusted domain direct anonymous attestation scheme CD-DAA based on UC-DAA is proposed.CD-DAA takes full advantage of the UC-DAA security module features,inheriting the UC-DAA universally composable security features,greatly simplifing the signature and verification operations.This simplicity makes the exotic verifier use the original verifing protocol to verify signatures without any changes,greatly enhancing the efficiency of the scheme when ensuring the security. |
PDF Full Text Request