Research And Implementation On Fine-Grained Access Control Based For IoT Device In SDN

With the rapid growth of the number of IoT devices,the flexible and high-speed configuration of the Internet of Things has become a major requirement.SDN(Software Defined Network)technology has been introduced into the Internet of Things to achieve network control and forwarding separation.Security issues are the key to IoT applications.Access control between devices is the key research direction of IoT security.How to solve the access control problem under the SDN architecture faces new challenges.This thesis designs a fine-grained access control mechanism between IoT devices based on SDN.The main research contents are as follows:1.This thesis analyzes the Internet of Things architecture based on SDN,summarizes the requirements and research status of IoT access control,and investigates the south and northbound protocols of SDN controllers based on software-defined network IoT architecture.Define the IoT access control needs and goals of the network.2.A fine-grained access control mechanism combining IoT environment and software-defined network is proposed.Combined with the characteristics of IoT devices,the subject,object and accessed data resources are associated with the rule action to generate decision-making strategies.PDP(Policy Decision Point)Set a fine-grained access control policy at the gateway.The SDN controller sends an access control rule to the SDN switch according to the access control decision generated by the PDP gateway,and can dynamically adjust the access control rule in real time.3.A software-defined network-based IoT access control functio n test platform is built.The Mininet simulation platform and the WIA-PA industrial wireless IoT system are combined to realize the fine-grained access control strategy on the simulation platform through virtual and real interconnection.Configure and implement the access control policy on the SDN switch.The test results show that the access control mechanism designed in this thesis can effectively filter the illegal access of different elements such as different device sources,request actions,access time,etc.,and only forward the data flow that meets the fine-grained access rights,effectively filter data flow for illegal permissions.