An Access Control System Based On Device Fingerprint And Behavior Trust For Iot

As mass devices access to network in the era of the Internet of Things(IoT),device attacks have become an important issue for IoT security.It is difficult to unify the mechanism of access control due to the diversity of IoT devices.And traditional authentication mechanisms based on complex encryption protocol and installing authentication agents are no longer suitable for IoT devices with limited computing and storage resources.Furthermore,some historical legacy devices are difficult to update or upgrade to support authentication.Therefore,an IoT access control scheme based on device fingerprint and behavioral trust is proposed in this thesis.Firstly,the scheme extracts network traffic features as devices starting and uses these features to identify device types by machine learning algorithms.The information of device types will be used for assigning privileges initially.It is not only applicable to a wide variety of device types,but also reduces the requirement for device's computing and storage resources and avoids updates to historical legacy devices.Then,for adjusting dynamically the assignment relationship between devices and privileges,the scheme introduces the device behavioral truth which describes the deviation degree of the current behavior and historical behavior of a device.It is used to achieve differentiated management of access control policies for devices within same type.The main work and innovations of this thesis are as follows:1.The traditional access control technologies based on complex encryption protocol and authentication mechanism are no longer suitable for IoT devices with limited computing and storage resources.Therefore,a novel access control scheme based on device fingerprint and behavioral truth for IoT is proposed in this thesis.Firstly,the scheme identifies device types based on network traffic features as devices starting,which for assigning privileges initially.Then,for adjusting dynamically the assignment relationship between devices and privileges,the scheme introduces the device behavioral truth which describes the deviation degree of the current behavior and historical behavior of a device.2.The TSMC-SVM,a two-stage classification algorithm,is proposed for solving the problem that existing device fingerprint identification algorithm can not effectively identify devices' type from the same manufacturer which equips these devices with similar hardwares,firmwares and sofwares.The algorithm introduces the adjustment cosine similarity into the multi-classification model,which improves the recognition accuracy of these similar device types.Experiments illustrate that the average identification accuracy of the TSMC-SVM reaches 93.2%.Furthermore,samples are processed in advanced,which reduces the time complexity of similarity matching from O(nm)to O(n).3.An access control model based on the device behavioral trust is proposed for Fine-grained management of access control policies for devices within same type.The model introduces device behavioral truth and truth threshold into the role-based access control model.For the device behavioral truth,the model extracts evaluation factors by observing the deviation degree between the current network behavior and historical network behavior of devices from multiple dimensions.And then calculating the behavioral trust through the fuzzy comprehensive method.The truth threshold can be set dynamically according to the environmental context of the resource.4.For realizing the traffic-based device fingerprint and behavior-based trusted access control mechanism above in IoT,this thesis proposed a VLAN-based bypass access control implementation.The resource management policy first divides the resources into different VLANs.And then adjusts the membership relationship between the device and the VLAN according to the device fingerprint and the device behavior trust.5.Based on work above,this thesis implements an IoT access control system based on device fingerprint and behavioral trust.And the process of design and implementation for the system are fully described with logical view,process view,implementation view,physical view and scene view.