引用本文
  • 张伟康,曾凡平,陶禹帆,李向阳.物联网无线协议安全综述[J].信息安全学报,2022,7(2):59-71    [点击复制]
  • ZHANG Weikang,ZENG Fanping,TAO Yufan,LI Xiangyang.A Survey for Security of IoT Wireless Protocols[J].Journal of Cyber Security,2022,7(2):59-71   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 7975次   下载 7307 本文二维码信息
码上扫一扫!
物联网无线协议安全综述
张伟康1,2, 曾凡平1,2, 陶禹帆1,2, 李向阳1,2
0
(1.中国科学技术大学 计算机科学与技术学院 合肥 中国 230027;2.中国科学院 无线光电通信重点实验室 合肥 中国 230027)
摘要:
近些年来, 随着物联网的快速发展, 其应用场景涵盖智慧家庭、智慧城市、智慧医疗、智慧工业以及智慧农业。相比于传统的以太网, 物联网能够将各种传感设备与网络结合起来, 实现人、电脑和物体的互联互通。形式多样的物联网协议是实现物联网设备互联互通的关键, 物联网协议拥有不同的协议栈, 这使得物联网协议往往能表现出不同的特性。目前应用较广的物联网协议有 ZigBee、 BLE、 Wi-Fi、 LoRa、 RFID 等, 这些协议能根据自身特性的不同应用在不同领域, 比如说 LoRa 被广泛应用于低功耗广域网、 RFID 被用于设备识别。然而, 由于物联网端设备只拥有受限的计算和存储资源, 无法在其上实施完备的安全算法, 许多物联网协议会在功耗和安全性之间进行取舍, 使得物联网协议的安全性得不到保障。物联网协议的安全性直接关系到物联网系统的安全性, 所以有必要对物联网协议的安全性进行分析。
本文阐述常见的几种物联网协议所具备的安全能力, 包括物联网协议在保护机密性、 完整性以及身份认证上所制定的规则。然后从常见的无线协议攻击出发, 包括窃听攻击、重放攻击、电池耗尽以及射频干扰, 分析了这几种协议在面对这些攻击时的表现。除此之外, 我们比较了常见的几种物联网协议, 总结他们的面对攻击时的不同, 并且总结物联网协议安全的相关研究工作。最后, 我们展望并总结了物联网协议安全的发展方向, 认为结合形式化验证、轻量级加密以及区块链技术是提高物联网协议安全性的有效方法。
关键词:  物联网  无线协议  ZigBee  BLE  攻击
DOI:10.19363/J.cnki.cn10-1380/tn.2022.03.04
投稿时间:2021-10-20修订日期:2021-12-24
基金项目:本课题得到科技部网络空间安全项目物联网与智慧城市安全保障关键技术研究(No.2018YFB080340)资助。
A Survey for Security of IoT Wireless Protocols
ZHANG Weikang1,2, ZENG Fanping1,2, TAO Yufan1,2, LI Xiangyang1,2
(1.School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China;2.Key Laboratory of Wireless-Optical Communications, Chinese Academy of Sciences, Hefei 230027, China)
Abstract:
In recent years, with the rapid development of the Internet of Things, its application scenarios have covered smart home, smart city, smart medical treatment, smart industry and smart agriculture. Compared with traditional Ethernet, the Internet of Things can combine various sensing devices with the network to realize the interconnection of people, computers and objects. Various IoT protocols are the keys to realize the interconnection of Internet of Things devices. IoT protocols occupy different protocol stacks, which make the IoT protocols show different characteristics. At present, ZigBee, BLE, Wi-Fi, LoRa, RFID and so on are widely used. These IoT protocols can be applied to different application scenarios according to their own characteristics. For example, LoRa is widely used in LPWAN and RFID is used for device recognition. However, as IoT end devices only occupy limited computing and storage resources, it is impossible to implement a complete security algorithm for them. Many IoT protocols balance their power consumption and security, so it is necessary to evaluate the security of IoT protocols.
This paper describes the security capabilities of these Internet of Things protocols, including the rules of IoT protocols implemented in protecting confidentiality, integrity and identity authentication. Then we analyze the security problems of each protocol from the common wireless protocol attacks, including eavesdropping attack, replay attack, battery depletion and RF interference. We analyze the IoT protocols’ behaviors while facing these wireless attacks. Besides, we compare some common IoT protocols on security properties and reactions while facing attacks and we conclude relevant research works about IoT protocols’ security. At the end of this paper, we prospect and summarize the development direction of Internet of Things protocol security, and believe that it is an effective method to improve the security of IoT protocols by combining formal verification, lightweight encryption technology and blockchain technology.
Key words:  the Internet of Things  wireless protocol  ZigBee  BLE  attack