Distributed Security Mechanisms And Key Technologies For The Internet Of Things

The rapid growth of communication and computing technology has established the Internet of Things(IoT)as a fundamental infrastructure for connecting people,machines,and the environment ubiquitously.Various IoT applications have not only promoted the upgrading of traditional industries,but also reshaped the way of production and life.However,due to the surge in the scale of IoT devices and the complexity of application scenarios,the security of IoT is facing more severe tests.The continuous emergence of security incidents exposes the inadequacy of the existing IoT protection system,especially the solutions implemented under a centralized architecture struggle to meet the application requirements efficiently and accurately.Therefore,it is crucial to investigate distributed security mechanisms that are adapted to the characteristics of the IoT to ensure the effectiveness and reliability of IoT services.To analyze the security challenges facing IoT,the dissertation explores the progression of IoT security architecture,condenses the security requirements of IoT applications,and outlines security vulnerabilities and attack models.Based on this foundation,the dissertation focuses on distributed security mechanisms and key technologies for the IoT.First,we investigate the distributed network service system and attack protection mechanism for Low-Power Wide-Area Network(LPWAN)to alleviate security concerns in centralized architectures.Then,we present a distributed trust management mechanism and decisionmaking scheme based on blockchain technology and Reinforcement Learning(RL)methods for the specified IoT application scenario.Finally,we investigate the security of blockchain technology in IoT applications and conduct research on vulnerability detection methods for smart contracts.The main research contents and innovative work of this dissertation are summarized as follows.(1)Security-oriented Distributed Network Service Systems for the IoTEnsuring secure and reliable services for IoT devices is essential for the seamless functioning of IoT applications.However,traditional centralized service architectures have faced multiple challenges,including single-point failures and limited scalability.To address this issue,this section proposes a security-oriented distributed network service system and its implementation solution,taking LoRa network in LPWAN as the research scenario.The system employs a modular design that segregates the LoRa network service layer into four independent function modules.A publish-subscribe messaging system serves as middleware to manage service calls,enabling the distributed deployment of parallel modules.Function decoupling enables the LoRa gateway to selectively deploy necessary modules for scalability based on edge computing.In addition,this section proposes a blockchain-based protection mechanism in response to potential Denial of Service(DoS)attacks on the network service system.Anomaly data is analyzed by the smart contract,which automatically updates the restriction policy for corresponding devices.Distributed functional modules are collectively responsible for maintaining and storing decision information through a blockchain network to facilitate reliable,secure,and consistent policy sharing.Finally,on-site tests and simulation experiments demonstrate that the proposed system has the ability to scale in a distributed manner to manage enormous service requests and successfully prohibit DoS attacks.(2)Blockchain Based Distributed Trust Management and Decision MechanismIdentifying potentially harmful entities in IoT applications can be achieved through trust management,despite encountering specific challenges.The reliability of centralized trust management mechanisms can be compromised by security issues like data tampering and privacy breaches.Furthermore,it is critical to determine the establishment of protection strategies by relying on trust-related information to ensure efficiency.This section presents solutions for IoT-based car-sharing applications addressing identified challenges.The proposed solutions entail two phases:evaluation and decision.The evaluation phase applies Bayesian statistical methods to create a trust model that estimates user behavior trustworthiness based on historical interaction records.Distributed gateways constitute the blockchain network for storing trust information and executing trust updates through smart contracts.Building upon trust evaluation,this section proposes a defense decision mechanism based on Deep Reinforcement Learning(DRL).The car-sharing service flow and user behavior are modeled as a Markov decision process.The optimal strategy for evaluating service requests from users with varying levels of trust is obtained using the Deep Q Network(DQN)algorithm.Results from security analysis and simulation demonstrate that the blockchain-based distributed trust management offers advantages in terms of tamper-proofing,privacy,and reliability.Compared with other benchmark strategies,the decision-making method we propose diminishes the negative impact of malicious conduct across various environments,enhancing the benefits of the system while displaying exceptional efficacy.(3)Machine Learning Based Vulnerability Detection Method for Smart Contracts of IoT ApplicationsBlockchain technology has ushered in a new age for distributed IoT applications.Nevertheless,its security concerns,especially concerning smart contracts,have been under intense scrutiny.Smart contracts define service functionality and business logic for IoT applications,implementing automatic execution and immutability features.The inherent vulnerabilities in smart contracts could pose systemic risks.Therefore,this section explores three challenges confronting smart contracts in IoT applications,including the constraints of IoT scenarios,the limitations of blockchain technology,and the vulnerabilities of smart contracts.Furthermore,to address programming vulnerabilities in smart contracts,this section proposes a Tree-based Machine Learning Vulnerability Detection(TMLVD)method.This method first compiles smart contracts into abstract syntax trees and transforms them into tree-structured intermediate representations.The resulting representations are then embedded with keywords and fed into a tree-based convolutional neural network,which has been improved for feature extraction and prediction model training.During the detection phase,the prediction model systematically identifies and categorizes specific vulnerabilities existing within smart contracts.Finally,the dataset is created through the deployment of smart contracts on the Ethereum platform.Experimental results demonstrate that the proposed TMLVD method has greater efficiency and accuracy in detecting vulnerabilities compared to other existing methods.