物联网通信协议的安全研究综述

doi:10.11896／j.issn.1002-137X.2018.12.005

摘要/Abstract

摘要： 国际标准化组织IEEE和IETF正携手为物联网制定一套高可靠、低功耗、可接入互联网的无线通信协议栈。IEEE主要负责制定物联网通信协议的物理层和链路层的标准,如IEEE802.15.4-2006标准,其中IEEE802.15.4e是最新的链路层的标准。IETF主要负责制定物联网通信协议的网络层及以上标准,如6LoWPAN,RPL和CoAP标准,其可以将资源受限的传感器节点接入互联网。网络安全是物联网大规模发展的基础,必须设计一套安全高效的机制保障通信协议的正常运行。文中详细介绍了物联网通信协议栈,重点分析和讨论了其安全方面的最新研究进展。最后总结和展望了物联网安全通信协议的研究方向。

关键词: IEEE802.15.4e, RPL, 安全, 物联网

Abstract: The IEEE and IETF standardization bodies are working together to develop a framework for the communication protocols of the Internet of Things (IoT).The communication protocols can meet the important criteria of reliability,power-efficiency and Internet connectivity.The IEEE defines the physical layer and medium access control (MAC)layer standard such as IEEE802.15.4-2006,and IEEE802.15.4e is the latest MAC layer standards for the IoT.The IETF defines the network layer and above standards,such as 6LoWPAN,RPL and CoAP,which can connect the resource constrained sensor nodes to the Internet.Network security is the fundamental of large-scale development of IoT,so it is necessary to design some secure and efficient mechanisms to protect the communication protocols.This paper reviewed the communication protocols in the IoT,then analyzed and discussed the latest research progress of secure technologies for them.Finally,it summerized and looked ahead some important directions of secure communication protocols for IoT.

Key words: IEEE802.15.4e, Internet of Things, RPL, Secure

中图分类号:

TP393

杨伟, 何杰, 万亚东, 王沁. 物联网通信协议的安全研究综述[J]. 计算机科学, 2018, 45(12): 32-41. https://doi.org/10.11896／j.issn.1002-137X.2018.12.005

YANG Wei, HE Jie, WAN Ya-dong, WANG Qin. Security for Communication Protocols in Internet of Things:A Survey[J]. Computer Science, 2018, 45(12): 32-41. https://doi.org/10.11896／j.issn.1002-137X.2018.12.005

参考文献

[1]DA XU L,HE W,LI S.Internet of things in industries:A survey[J].IEEE Transactions on Industrial Informatics,2014,10(4):2233-2243.
[2]MIORANDI D,SICARI S,DE PELLEGRINI F,et al.Internet of things:vision,applications and research challenges[J].Ad Hoc Networks,2012,10(7):1497-1516.
[3]BOTTA A,DE DONATO W,PERSICO V,et al.Integration of cloud computing and internet of things:a survey[J].Future Generation Computer Systems,2016,56(C):684-700.
[4]BELLO O,ZEADALLY S.Intelligent device-to-device communication in the internet of things[J].IEEE Systems Journal,2016,10(3):1172-1182.
[5]CHI Q,YAN H,ZHANG C,et al.A reconfigurable smart sensor interface for industrial WSN in IoT environment[J].IEEE Transactions on Industrial Informatics,2014,10(2):1417-1425.
[6]ROBERT F,JAMES D,PATRICK W,et al.IEEE Standard for Local and Metropolitan Area Networks-Part 15.4:Low-Rate Wireless Personal Area Networks (LR-WPANs) .New York:LAN/MAN Standards Committee,2006.
[7]ROBERT F,RICK A,PATRICK W,et al.802.15.4e-2012:IEEE Standard for Local and Metropolitan Area Networks－Part 15.4:Low-Rate Wireless Personal Area Networks (LR-WPANs) Amendment 1 .New York:LAN/MAN Standards Committee,2012.
[8]KUSHALNAGAR N,MONTENEGRO G,SCHUMACHER C.IPv6 over low-power wireless personal area networks (6LoW-PANs):Overview,assumptions,problem statement,and goals,RFC 4919 .New York:Internet Engineering Task Force,2007.
[9]THUBERT P,WINTER T,BRANDT A,et al.RPL:IPv6 routing protocol for low power and lossy networks .New York:Internet Engineering Task Force,2012.
[10]BORMANN C,CASTELLANI A P,SHELBY Z.Coap:An application protocol for billions of tiny internet nodes.IEEE Internet Computing,2012,16(2):62-67.
[11]SAJJAD S M,YOUSAF M.Security analysis of IEEE 802.15.4 MAC in the context of Internet of Things (IoT)[C]∥Information Assurance and Cyber Security.IEEE,2014:9-14.
[12]YANG W,WANG Q,QI Y,et al.Time Synchronization Attacks in IEEE802.15.4e Networks[C]∥International Conference on Identification,Information and Knowledge in the Internet of Things.IEEE,2014:166-169.
[13]SALEEM S,ULLAH S,KWAK K S.A study of IEEE 802.15.4security framework for wireless body area networks[J].Sensors,2011,11(2):1383-1395.
[14]JO M,HAN L,TAN N D,et al.A survey:energy exhausting attacks in MAC protocols in WBANs[J].Telecommunication Systems,2015,58(2):153-164.
[15]LE A,LOO J,LASEBAE A,et al.The impact of rank attack on network topology of routing protocol for low-power and lossy networks[J].IEEE Sensors Journal,2013,13(10):3685-3692.
[16]WALLGREN L,RAZA S,VOIGT T.Routing Attacks andCountermeasures in the RPL-Based Internet of Things.International Journal of Distributed Sensor Networks,2013,2013(2):167-174.
[17]LE A,LOO J,LUO Y,et al.The impacts of internal threats towards Routing Protocol for Low power and lossy network performance[C]∥Computers and Communications.IEEE,2013:789-794.
[18]KIM T,KIM S H,YANG J,et al.Neighbor table based shortcut tree routing in ZigBee wireless networks[J].IEEE Transactions on Parallel and Distributed Systems,2014,25(3):706-716.
[19]HART Communication Foundation.wirelessHART7.1 Specifi-cation [EB/OL].
[2009-04-02].http://www.hartcomm2.org/hart_protocol/protocol/protocol_specs_popup.html.
[20]MONTERO S,GOZALVEZ J,SEPULCRE M,et al.ISA-100.11a-2011:Wireless Systems for Industrial Automation:Process Control and Related Applications .New York:International Society of Automation (ISA) Standards Committee,2011.
[21]IEC/PAS 62601.Industrial communication network-fieldbusspecifications WIA-PA communication network and communication profile[EB/OL].http://www.iec.ch.
[22]PISTER K S J,DOHERTY L.TSMP:Time Synchronized Mesh Protocol[C]∥Proceedings of the IASTED International Symposium on Distributed Sensor Networks (DSN08).IEEE,2008:391-398.
[23]WATTEYNE T,LANZISERA S,MEHTA A,et al.Mitigating Multipath Fading through Channel Hopping in Wireless Sensor Networks[C]∥IEEE International Conference on Communications (ICC).2010:1-5.
[24]DUJOVNE D,WATTEYNE T,VILAJOSANA X,et al.6TiSCH:deterministic IP-enabled industrial internet (of things)[J].IEEE Communications Magazine,2014,52(12):36-41.
[25]RAZA S,TRABALZA D,VOIGT T.6LoWPAN compressedDTLS for CoAP[C]∥2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems (DCOSS).IEEE,2012:287-289.
[26]KOTHMAYR T,SCHMITT C,HU W,et al.DTLS based security and two-way authentication for the Internet of Things[J].Ad Hoc Networks,2013,11(8):2710-2723.
[27]SEITZ L,GERDES S,SELANDER G,et al.Use Cases for Authentication and Authorization in Constrained Environments .New York:Internet Engineering Task Force,2016.
[28]STANISLOWSKI D,VILAJOSANA X,WANG Q,et al.Adaptive synchronization in IEEE802.15.4e networks[J].IEEE Transactions on Industrial Informatics,2014,10(1):795-802.
[29]WATTEYNE T,WEISS J,DOHERTY L,et al.IndustrialIEEE802.15.4e networks:Performance and trade-offs[C]∥2015 IEEE International Conference on Communications (ICC).IEEE,2015:604-609.
[30]VILAJOSANA X,WANG Q,CHRAIM F,et al.A realisticenergy consumption model for TSCH networks[J].IEEE Sen-sors Journal,2014,14(2):482-489.
[31]ROBERT F,RICK A,PATRICK W,et al.802.15.4-2011:IEEE Standard for Local and Metropolitan Area Networks-Part 15.4:Low-Rate Wireless Personal Area Networks (LR-WPANs) .New York:LAN/MAN Standards Committee,2011.
[32]SCIANCALEPORE S,PIRO G,VOGLI E,et al.LICITUS:Alightweight and standard compatible framework for securing layer-2 communications in the IoT[J].Computer Networks,2016,108(1):66-77.
[33]SCIANCALEPORE S,VUCˇINIC′ M,PIRO G,et al.Link-layer security in TSCH networks:effect on slot duration.Transactions on Emerging Telecommunications Technologies,2017,28(1):80-92.
[34]VILAJOSANA X,TUSET P,WATTEYNE T,et al.Open-Mote:Open-Source Prototyping Platform for the Industrial IoT[C]∥Eai International Conference on Ad Hoc Networks.2015:211-222.
[35]WATTEYNE T,VILAJOSANA X,KERKEZ B,et al.Open-WSN:a standards-based low-power wireless development environment[J].Transactions on Emerging Telecommunications Technologies,2012,23(5):480-493.
[36]SAJJAD S M,YOUSAF M.Security analysis of IEEE 802.15.4 MAC in the context of Internet of Things (IoT)[C]∥2014 Conference on Information Assurance and Cyber Security (CIACS).IEEE,2014:9-14.
[37]YANG W,WANG Q,WAN Y,et al.Security Vulnerabilitiesand Countermeasures for Time Synchronization in IEEE802.15.4e Networks[C]∥2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud).IEEE,2016:102-107.
[38]YANG W,HE J,WAN Y D,et al.Security Countermeasures for Time Synchronization in IEEE802.15.4e-Based Industrial IoT[J].Journal of Computer Research and Development,2017,54(9):2032-2043.(in Chinese)
杨伟,何杰,万亚东,等.基于IEEE802.15.4e标准的工业物联网安全时间同步策略[J].计算机研究与发展,2017,54(9):2032-2043.
[39]RAYMOND D R,MARCHANY R C,BROWNFIELD M I,etal.Effects of denial-of-sleep attacks on wireless sensor network MAC protocols[J].IEEE Transactions on Vehicular Technology,2009,58(1):367-380.
[40]PERRIG A,SZEWCZYK R,TYGAR J D,et al.SPINS:Security protocols for sensor networks[J].Wireless Networks,2002,8(5):521-534.
[41]KARLOF C,SASTRY N,WAGNER D.TinySec:a link layersecurity architecture for wireless sensor networks[C]∥Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems.ACM,2004:162-175.
[42]GUNGOR V C,HANCKE G P.Industrial wireless sensor networks:Challenges,design principles,and technical approaches[J].IEEE Transactions on Industrial Electronics,2009,56(10):4258-4265.
[43]QUANG P T A,KIM D S.Enhancing real-time delivery of gradient routing for industrial wireless sensor networks[J].IEEE Transactions on Industrial Informatics,2012,8(1):61-68.
[44]SALVADORI F,DE CAMPOS M,SAUSEN P S,et al.Monitoring in industrial systems using wireless sensor network with dynamic power management[J].IEEE Transactions on Instrumentation and Measurement,2009,58(9):3104-3111.
[45]MONTENEGRO G,KUSHALNAGAR N,HUI J,et al.Transmission of IPv6 Packets over IEEE 802.15.4 Networks∥2012 6th International Conference on Signal Processing and Communication Systems (ICSPCS).IEEE,2007:1-6.
[46]THUBERT P,HUI J,SELANDER G,et al.Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks .New York:Internet Engineering Task Force,2011.
[47]KUSHALNAGAR N,MONTENEGRO G,SCHUMACHER C,et al.IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs):Overview,Assumptions,Problem Statement,Goals .New York:Internet Engineering Task Force,2007.
[48]MONTENEGRO G,KUSHALNAGAR N,HUI J,et al.Transmission of IPv6 Packets Over IEEE 802.15.4 Networks .New York:Internet Engineering Task Force,2007.
[49]KIM E,KASPAR D,GOMEZ C,et al.Problem Statement and Requirements for IPv6 over Low-Power Wireless Personal Area Network(6LoWPAN) Routing.New York:Internet Engineering Task Force,2012.
[50]HUMMEN R,HILLER J,WIRTZ H,et al.6LoWPAN frag-mentation attacks and mitigation mechanisms[C]∥ACM Conference on Security and Privacy in Wireless and Mobile Networks.ACM,2013:55-66.
[51]RAZA S,DUQUENNOY S,HÖGLUND J,et al.Secure communication for the Internet of Things—a comparison of link-la-yer security and IPsec for 6LoWPAN[J].Security & Communication Networks,2014,7(12):2654-2668.
[52]ALEXANDER R,TSAO T,DAZA V,et al.A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs).New York:Internet Engineering Task Force,2015.
[53]TRIPATHI J,OLIVEIRA J,VASSEUR P,et al.Performanceevaluation of the routing protocol for low-power and lossy networks (RPL) .New York:Internet Engineering Task Force,2012.
[54]WINGET N,HUI J,POPA D,et al.Applicability Statement for the Routing Protocol for Low-Power and Lossy Networks (RPL) in Advanced Metering Infrastructure (AMI) Networks .New York:Internet Engineering Task Force,2017.
[55]WALLGREN L,RAZA S,VOIGT T.Routing Attacks andCountermeasures in the RPL-based Internet of Things.International Journal of Distributed Sensor Networks,2013,2013(2):167-174.
[56]WEEKLY K,PISTER K.Evaluating sinkhole defense tech-niques in RPL networks[C]∥2012 20th IEEE International Conference on Network Protocols (ICNP).IEEE,2012:1-6.
[57]LE A,LOO J,LUO Y,et al.The impacts of internal threats towards Routing Protocol for Low power and lossy network performance[C]∥2013 IEEE Symposium on Computers and Communications (ISCC).IEEE,2013:789-794.
[58]MAYZAUD A,BADONNEL R,CHRISMENT I.A Taxonomy of Attacks in RPL-based Internet of Things[J].International Journal of Network Security,2016,18(3):459-473.
[59]MEDJEK F,TANDJAOUI D,ABDMEZIEM M R,et al.Analytical evaluation of the impacts of Sybil attacks against RPL under mobility[C]∥2015 12th International Symposium on Programming and Systems (ISPS).IEEE,2015:1-9.
[60]DVIR A,BUTTYAN L.VeRA-version number and rank au-thentication in rpl[C]∥2011 IEEE 8th International Conference on Mobile Adhoc and Sensor Systems (MASS).IEEE,2011:709-714.
[61]LANDSMANN M,WAHLISCH M,SCHMIDT T.Topo-logy Authentication in RPL[C]∥Computer Communications Workshops.IEEE,2013:73-74.
[62]PERREY H,LANDSMANN M,UGUS O,et al.TRAIL:Topo-logy Authentication in RPL[C]∥International Conference on Embedded Wireless Systems and Networks.Junction Publi-shing,2015:59-64.
[63]ZHANG L,FENG G,QIN S.Intrusion detection system forRPL from routing choice intrusion[C]∥2015 IEEE Internatio-nal Conference on Communication Workshop (ICCW).IEEE,2015:2652-2658.
[64]LE A,LOO J,LASEBAE A,et al.The impact of rank attack on network topology of routing protocol for low-power and lossy networks[J].IEEE Sensors Journal,2013,13(10):3685-3692.
[65]DJEDJIG N,TANDJAOUI D,MEDJEK F.Trust-based RPL for the Internet of Things[C]∥2015 IEEE Symposium on Compu-ters and Communication (ISCC).IEEE,2015:962-967.
[66]DJEDJIG N,TANDJAOUI D,MEDJEK F,et al.New trust metric for the RPL routing protocol[C]∥2017 8th International Conference on Information and Communication Systems (ICICS).IEEE,2017:328-335.
[67]JIANG N,LIU J,XIAO W,et al.Routing attacks prevention mechanism for RPL based on micropayment scheme[C]∥International Conference on Wireless Communications,Signal Processing and Networking (WiSPNET).IEEE,2016:835-841.
[68]CHZE P L R,LEONG K S.A secure multi-hop routing for IoT communication[C]∥2014 IEEE World Forum on Internet of Things (WF-IoT).IEEE,2014:428-432.
[69]HUMMEN R,WIRTZ H,ZIEGELDORF J H,et al.Tailoring end-to-end IP security protocols to the Internet of Things[C]∥2013 21st IEEE International Conference on Network Protocols (ICNP).IEEE,2013:1-10.
[70]BLAKE-WILSON S,NYSTROM M,HOPWOOD D,et al.Transport layer security (TLS) extensions .New York:Internet Engineering Task Force,2006.
[71]SEO H,SHIM K A,KIM H.Performance enhancement of TinyECC based on multiplication optimizations[J].Security and Communication Networks,2013,6(2):151-160.
[72]KEOH S L,KUMAR S S,TSCHOFENIG H.Securing the internet of things:A standardization perspective[J].IEEE Internet of Things Journal,2014,1(3):265-275.
[73]GRANJAL J,MONTEIRO E,SILVA J S.Security in the integration of low-power Wireless Sensor Networks with the Internet:A survey[J].Ad Hoc Networks,2015,24:264-287.
[74]RAZA S,SHAFAGH H,HEWAGE K,et al.Lithe:Lightweight secure CoAP for the internet of things[J].IEEE Sensors Journal,2013,13(10):3711-3720.
[75]CAPOSSELE A,CERVO V,DE CICCO G,et al.Security as a CoAP resource:an optimized DTLS implementation for the IoT[C]∥2015 IEEE International Conference on Communications (ICC).IEEE,2015:549-554.
[76]COLESANTI U M,LO RUSSO A,PAOLI M,et al.Introducing the magonode platform[C]∥Proceedings of the 11th ACM Conference on Embedded Networked Sensor Systems.ACM,2013.
[77]AL-FUQAHA A,GUIZANI M,MOHAMMADI M,et al.Internet of things:A survey on enabling technologies,protocols,and applications[J].IEEE Communications Surveys & Tutorials,2015,17(4):2347-2376.
[78]KARAGIANNIS V,CHATZIMISIOS P,VAZQUEZ-GAL-LEGO F,et al.A survey on application layer protocols for the internet of things[J].Transaction on IoT and Cloud Computing,2015,3(1):11-17.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed