Design And Methodology Of Service Mesh Architecture For IoT

Large-scale Io T systems are composed of massive and heterogeneous microservices,and these systems provide ubiquitous services.The differentiated features of Io T services and the explosive growth of service scale make it a complex task to govern the interaction of massive heterogeneous microservices in Io T systems.For the current Io T architecture,there is a lack of a fundamental framework to connect,control and protect the widely and finely distributed Io T microservices.This paper focuses on the Io T-oriented service mesh architecture design and the research on the microservices’ secure communication methods,aiming to construct a mesh-based Io T architecture with microservices and service agents as the basic units,and to solve the governance and secure communication requirements of massive heterogeneous microservices in Io T.Aiming at the difficulty of service discovery and governance caused by service differentiation and inconsistent service models in Io T,the micro-service abstract model and ontology-based service description method of the Io T system are constructed so as to integrate the cloud-edge-thing services,provide a unified application development interface,and ensure accurate description of service resources;Based on the constructed model and method,a recommended service discovery method and an agent-based Service Mesh governance scheme are designed to realize the unified provision,discovery and efficient governance of services.The method and model are merged into the proposed Io T Service Mesh architecture,which provides a general framework for Io T system development and service governance.The system implementation and performance tests demonstrate the effectiveness of the Io T Service Mesh architecture.Aiming at the problem of high computation performance,high energy consumption and poor scalability in the existing TLS security communication scheme,a lightweight and scalable secure communication method is designed for heterogeneous microservice of the Io T based on the proposed security proxy model.For the different security communication requirements and resource availability of microservices,eighteen security configurations in six dimensions are designed to strike a balance between security assurance and resource consumption.For the authentication,authorization and encryption requirements of service communication,the identity,key and permission management scheme and the communication process based on key distribution and question-response handshake are designed to realize the access control of the communicator and the confidentiality and integrity protection of communication data.In response to the single point of failure and denial of service attacks faced by local authorization centers in the architecture,the failure migration strategy and process are designed to improve the availability of authorization services.The communication method supports one-to-many communication mode to cope with the increase of Io T data traffic,and supports the deployment of more authorized agents to cope with the large-scale expansion of Io T devices or services.The scalability of this method is proved through mathematical models and experiments.The energy cost experiment shows that the energy consumption of 16 secure connections is only 9.62% of TLS,and the energy consumption of 64 secure connections is only 5.09% of TLS.In the scenario of publish and subscribe,the cost of publishing secure messages does not change with the number of subscribers.The service availability comparison experiment demonstrates the significant resilience of an authorization service in the event of a denial of service attack.The Io T service platform based on the Io T service mesh architecture verifies the feasibility of the architecture,and the performance test verifies the system’s scalability and the quality of service.The proposed architecture has been applied to industry,agriculture,security,medical care,education,etc.,and it forms some example applications.