Research And Design Of Security Guarantee Scheme For Iot Service System With Blockchain

With the widely used of IoT(Internet of Things)technology,it is necessary to expand its service system by combining it with the blockchain to provide trusted and secure IoT services.This is not only the technology trend of various industries in our country,but also the research content of my laboratory project.This paper proposes a trusted security solution for the IoT service system,which mainly involves:Firstly,unified identity management of IoT services as well as blockchain.Secondly,business process permission management across IoT services and blockchain smart contracts and thirdly,boundary protection of IoT communication facilities based on SDN(Software Defined Network),it includes:(1)Unified identity management of IoT services and blockchain.In this paper,the digital identities of the system users in the IoT service and of blockchain participants are generated,assigned and stored uniformly;A unified-management Hyperledger Fabric CA-based digital-certificate is registered,installed and cancelled;Finally,the cross-domain access is achieved by single-point authentication,which provides unified identity login for IoT users and blockchain participants.(2)Business process permission management across IoT services and blockchain smart contracts.This paper focuses on the management of IoT service system resources and blockchain resources.Multiple access control models can be used to integrate heterogeneous IoT service access control and blockchain smart contract access control.Executable verification is performed during the design of business processes across IoT services and blockchain smart contracts,detecting whether the assignment of permissions will cause the program to terminate abnormally and ensuring that the program ends normally.Policy conflicts during the execution of business process functions are resolved,that is,the final decision result is obtained if and only if multiple policy rules are matched,which ensures the correct execution of business processes;(3)Boundary protection scheme of IoT communication facilities based on SDN.Refers to the DDS Security specification,this paper proposes a boundary protection scheme for IoT communication facilities based on publishing and subscribing.including:?.Publish/subscribe network security organization,divide the message exchange space according to the topic,assign client-proxy-servers to proxy user permissions and manage the identity of users on the network based on the proxy;?.Publish/subscribe network user authority management,client-proxy-servers assigns user authority on behalf of publishers or subscribers,the publisher or subscriber can read and write topic data,join the network,etc.Access control policy for route calculation to ensure that sensitive data do not pass through unauthorized areas;?.Boundary protection enforcement,control the reading and writing of subject data based on aspects,using homomorphic encryption technology to ensure data confidentiality and integrity,achieve transparent routing operations and use security diagnostic and analysis tools to ensure the normal operation of the publish/subscribe network program.The experiments and tests have proved that the security guarantee scheme of the IoT service system with blockchain proposed in this paper can effectively ensure the security and reliability of the IoT communication facilities,The security guarantee scheme proposed in this paper has been applied in the project of national major scientific and technological infrastructure High Precision Ground-based Time Service System(GTSS).