Design And Implementation Of Lightweight Machine-to-Machine Security Capability In Constrained Environment

The constrained environment is a common application scenario in IoT.It mainly refers to a network environment consisting of limited devices with small memory,weak computing power,and poor communication bandwidth.In order to resolve the problem of the application layer data interaction of the constrained device,the IETF proposes a CoAP protocol,by which the constrained device can implement the same resource access service as the Internet.But in the constrained environment,security is a more serious problem.In the protocol stack defined by CoAP,the DTLS protocol similar to TLS can be used to ensure data security.However,there are two problems with this approach:one is the efficiency problem,and the other is the application layer data security problem in the cross-agent scenario.The efficiency problem mainly refers to the fact that DTLS is originally designed for UDP3 and does not consider the constrained environment.Therefore,the DTLS protocol itself needs to be optimized.The application layer data security problem in the cross-agent scenario mainly means that the CoAP proxy cuts the original end-to-end transport layer security protocol into two segments,and all application layer data forwarded through the CoAP proxy must be decrypted by the proxy,and the CoAP proxy It is vulnerable to hacking,so the application layer of the user and server interaction is easily intercepted by the agent.Therefore,a solution is needed to ensure application layer data security in a cross-agent scenario.In order to solve the two problems above,this paper proposes a lightweight M2M security mechanism.The mechanism consists of two parts.one is the lightweight DTLS protocol,and the other is the ATLS mechanism,which is the application layer TLS.The proposal of lightweight M2M security mechanism is mainly to ensure end-to-end data transmission more efficiently and safely.In the design and implementation of the lightweight DTLS protocol,this paper mainly uses the PSK(Pre-Shared Key)algorithm with less resources,deletes the code logic based on ECC encryption algorithm and certificate-based exchange.And optimizing the PSK-based DTLS handshake process,which means the negotiation of the key suite is omitted,the generation of the session key is advanced,and the amount of handshake data transmission is reduced.Based on SMS and BLE,this paper realizes the performance test of long-distance communication and short-range communication in a restricted environment,and proves the high efficiency of lightweight DTLS.In addition,this paper is aimed at the problem that the CoAP proxy can intercept the plaintext of the application layer data.With reference to the design method of the transport layer security,the ATLS mechanism is designed.The mechanism uses the application layer message to transmit the handshake message,and establishes an ATLS session over the application layer by handshaking.The session key for the application layer clear text encryption is stored in the session,and then the application layer data can be encrypted by using the session key.At this time,the application layer data intercepted by the CoAP proxy is encrypted ciphertext.Since the CoAP proxy does not deploy ATLS,the ciphertext cannot be decrypted.At the end of this paper,the CoAP proxy data interception experiment and stress test were performed on ATLS.In the data interception experiment,the application layer data passing through the CoAP proxy is intercepted.It is found that the intercepted data is the application layer ciphertext that cannot be decrypted,which proves the security of the ATLS mechanism.The stress test tests ATLS performance in high concurrency situations.The experimental results demonstrate that ATLS based on lightweight PSK encryption has higher throughput in high concurrency situations.