【摘要】：物聯(lián)網(wǎng)是以互聯(lián)網(wǎng)為基礎(chǔ),延伸到物與物之間的通信,使設(shè)備之間的通信不需要通過人而直接交換信息的技術(shù)。物聯(lián)網(wǎng)的發(fā)展和廣泛應(yīng)用,使人們?cè)絹碓缴羁腆w會(huì)到物聯(lián)網(wǎng)所帶來的便利,但這種不需要人參與的技術(shù)也引入了新的安全隱患。在物聯(lián)網(wǎng)環(huán)境中,不斷增長(zhǎng)的終端設(shè)備給無線通信網(wǎng)絡(luò)帶來壓力和考驗(yàn)。當(dāng)大量設(shè)備同時(shí)或在相當(dāng)短的時(shí)間內(nèi)接入網(wǎng)絡(luò)時(shí),如果仍采用一對(duì)一的認(rèn)證機(jī)制,那么不僅會(huì)導(dǎo)致網(wǎng)絡(luò)繁忙,而且會(huì)占用大量網(wǎng)絡(luò)資源,從而給網(wǎng)絡(luò)承載能力帶來嚴(yán)峻考驗(yàn)。本文在對(duì)物聯(lián)網(wǎng)安全體系架構(gòu)、特點(diǎn)的研究基礎(chǔ)上,實(shí)現(xiàn)了一個(gè)組認(rèn)證系統(tǒng),主要是解決了大量物聯(lián)網(wǎng)終端設(shè)備同時(shí)接入網(wǎng)絡(luò)所帶來的網(wǎng)絡(luò)資源消耗和擁塞,以及實(shí)現(xiàn)物聯(lián)網(wǎng)環(huán)境中更安全更高效地進(jìn)行認(rèn)證。本文基于現(xiàn)有3GPP網(wǎng)絡(luò)中的AKA認(rèn)證方式,設(shè)計(jì)并實(shí)現(xiàn)對(duì)具有組特性的物聯(lián)網(wǎng)終端設(shè)備在接入網(wǎng)絡(luò)前的安全認(rèn)證。整個(gè)系統(tǒng)設(shè)計(jì)了服務(wù)端子系統(tǒng)和客戶端子系統(tǒng)等2個(gè)子系統(tǒng),分別獨(dú)立運(yùn)行并完成各自的主要職責(zé)。系統(tǒng)首先是實(shí)現(xiàn)物聯(lián)網(wǎng)網(wǎng)關(guān)與認(rèn)證服務(wù)器之間的雙向認(rèn)證,除了首個(gè)組內(nèi)終端通過物聯(lián)網(wǎng)網(wǎng)關(guān)與認(rèn)證服務(wù)器之間進(jìn)行雙向認(rèn)證,其他組內(nèi)的終端只需要和物聯(lián)網(wǎng)網(wǎng)關(guān)之間進(jìn)行雙向認(rèn)證即可。通過Eriksson-Penker業(yè)務(wù)擴(kuò)展模型方法進(jìn)行需求分析,對(duì)基礎(chǔ)框架和各個(gè)子系統(tǒng)進(jìn)行業(yè)務(wù)分析。通過Enterprise Architect工具進(jìn)行概要設(shè)計(jì),設(shè)計(jì)了組認(rèn)證系統(tǒng)總體結(jié)構(gòu)圖,以及各個(gè)子系統(tǒng)模塊的系統(tǒng)包圖和系統(tǒng)類圖。本系統(tǒng)的軟件開發(fā)環(huán)境選擇Visual Studio 2010 SP1,通過Socket通信建立通信連接,使用C++.NET實(shí)現(xiàn)Auth庫(kù)文件(authlibeay32.dll)的調(diào)用訪問和認(rèn)證接口的封裝。通過編寫模擬測(cè)試程序,構(gòu)建簡(jiǎn)易的測(cè)試環(huán)境對(duì)Socket通訊、客戶端子系統(tǒng)和服務(wù)端子系統(tǒng)進(jìn)行測(cè)試驗(yàn)證。本文在深入了解物聯(lián)網(wǎng)系統(tǒng)架構(gòu)、物聯(lián)網(wǎng)安全特征及安全體系架構(gòu)等背景知識(shí)的基礎(chǔ)上,全面分析和總結(jié)了現(xiàn)有安全認(rèn)證技術(shù)所存在的問題,提出組認(rèn)證解決方案,并加以設(shè)計(jì)實(shí)現(xiàn)。本系統(tǒng)基本上實(shí)現(xiàn)了大量具有組特性的物聯(lián)網(wǎng)終端設(shè)備同時(shí)接入網(wǎng)絡(luò)的安全認(rèn)證,相信在今后物聯(lián)網(wǎng)的安全認(rèn)證技術(shù)的研究和應(yīng)用中也會(huì)發(fā)揮作用。
[Abstract]:The Internet of things (IoT) is a technology based on the Internet which extends to the communication between objects so that the communication between devices does not need to be directly exchanged by people. With the development and wide application of the Internet of things, people are more and more aware of the convenience brought about by the Internet of things, but this technology, which does not require the participation of people, has also introduced a new security hazard. In the Internet of things (IoT) environment, the growing terminal equipment brings pressure and test to wireless communication network. When a large number of devices are connected to the network at the same time or in a relatively short time, if we still adopt one-to-one authentication mechanism, it will not only lead to the busy network, but also occupy a lot of network resources, thus bring a severe test to the carrying capacity of the network. Based on the research of the security architecture and characteristics of the Internet of things, this paper implements a group authentication system, which mainly solves the network resource consumption and congestion caused by a large number of terminal devices of the Internet of things connected to the network at the same time. And to achieve more secure and efficient authentication in the Internet of things environment. Based on the AKA authentication in the existing 3GPP network, this paper designs and implements the security authentication of the Internet of things terminal devices with group characteristics before accessing the network. The whole system designed two subsystems, such as server subsystem and client subsystem, which run independently and complete their main responsibilities. The system first realizes the bidirectional authentication between the Internet of things gateway and the authentication server, except for the first group terminal to carry on the bidirectional authentication between the Internet of things gateway and the authentication server. Other groups of terminals only need to be bidirectional authentication between the Internet of things gateway. The requirement analysis is carried out through the Eriksson-Penker service extension model method, and the service analysis of the basic framework and each subsystem is carried out. The overall structure diagram of the group authentication system, the system package diagram and the system class diagram of each subsystem module are designed by the Enterprise Architect tool. The software development environment of this system chooses Visual Studio 2010 SP1, to establish communication connection through Socket communication, and C. Net is used to realize the call access of Auth library file (authlibeay32.dll) and the encapsulation of authentication interface. A simple test environment is built to test and verify Socket communication, client subsystem and service terminal system. Based on the deep understanding of the Internet of things system architecture, the security characteristics of the Internet of things and the security architecture, this paper comprehensively analyzes and summarizes the problems existing in the existing security authentication technology, and puts forward a group authentication solution. And it is designed and realized. This system basically realizes a large number of Internet of things terminal devices with group characteristics to access the network security authentication at the same time, I believe in the future research and application of the Internet of things security authentication technology will also play a role.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP391.44;TN929.5

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 臧勁松;;物聯(lián)網(wǎng)安全性能分析[J];計(jì)算機(jī)安全;2010年06期

2 李文;;物聯(lián)網(wǎng)技術(shù)及其應(yīng)用[J];福建電腦;2010年09期

3 曹青林;;物聯(lián)網(wǎng)研究現(xiàn)狀綜述[J];軟件導(dǎo)刊;2010年05期

，

本文編號(hào)：2410841