| In recent years,driven by national strategies such as building Internet power and new infrastructure,China has accelerated the construction of NB-IoT and 5G networks.Correspondingly,the number of mobile Internet of Things(IoT)access devices has grown rapidly.The IoT can be large-scale,ubiquitous,heterogeneous and cross-domain connections,posing significant challenges for IoT security.In terms of device access and device authentication,IoT identifiers used by the enterprises are mostly based on MAC addresses,IMEI numbers,product serial numbers,etc.However,those identifiers cannot work in the situation when IoT devices are replaced and the associated device properties are faked.In addition,the existing researches on authentication through device fingerprint features do not analyze temporal information,which will affect the stability and robustness of device authentication in longtime and variable environments.This thesis proposes an IoT security identification generation,analysis and authentication mechanism based on sensor physical features.The mechanism combines active fingerprint,passive fingerprint,and timestamp technology.It can distinguish illegal devices that falsify hardware and software configurations to resist replay attacks,MAC address spoofing and other security threats.To address the access security issues of IoT devices,this thesis proposes a 3L1T(3 Limits 1 Time)authentication concept.3 Limits refer to Handle identifier header allocated,passive fingerprint(device communication characteristics and sensor characteristics obtained by packet sniffing)and active fingerprint(information obtained by API).1 Time refers to timestamp authentication.Considering cameras are widely distributed in IoT devices,this thesis deploys experiments on a typical IoT scenario with multiple cameras.The experimentcs focuses on widely used camera identification generation and authentication scenarios.The system design of this thesis is as follows:(1)Based on the mature Handle identification system,this thesis independently designs a HandleExtendedID identification mechanism to register,identify and authenticate IoT devices,including physical characteristics(such as device fingerprints,device status,communication protocols,etc.)and a trusted time stamp generated based on the features.This mechanism also proposes DTUM(Double Threshold Update Method),a method based on the time and similarity double threshold update,to deal with the time-varying phenomenon of fingerprints on a long time scale.(2)For the camera deployment in the camera identification generation and equipment verification system,this thesis firstly extracts the sensor fingerprint PRNU(PhotoResponse Non-Uniformity)as one of the features to complete the HandleExtendedID registration and generates a trusted timestamp based on the features.Furthermore,an adaptive calibration method is used to solve the position disturbance problem of the cruise camera.To verify the security and stability of the above mechanism,experiments has been conducted in two real scenarios with fixed camera deployment and cruise camera deployment in this thesis.Experimental results illustrate that compared with other methods,this mechanism can resist multiple attacks,and its verification speed is more than 10 times faster than baseline method,which is large scale camera identification.The rate of rogue connection detection is up to 95.6%and false rejection is below 2.8%. |
PDF Full Text Request