| In recent years,with the continuous development of IoT technology and the internet,the scale of data and devices in IoT has continuously expanded,and the risk factors have increased exponentially.Most IoT terminals did not consider too much security at the beginning of design,which caused problems such as weak identity authentication mechanism,poor access control effect,and easy intrusion.Moreover,IoT terminals are interconnected with the network cloud.Attackers may use the vulnerability of terminals to indirectly attack cloud service platforms and steal users’private data.Therefore,it is urgent to improve the security of IoT devices.However,most IoT devices are limited by insufficient memory and low computing power,making it impossible to configure better security protection strategies.Edge computing technology provides a solution to the above problems.Edge nodes have higher computing power,can directly process data generated by most terminals on the edge side,and can perform unified management on IoT devices and configure security management policies.However,edge computing nodes adopt a distributed architecture,which makes edge nodes in an untrusted environment.It is difficult for data security and privacy protection mechanisms in cloud computing environments to meet the security requirements of edge nodes.Once a security risk occurs,it may affect a large number of users and devices.Attackers can use the loopholes in node processing logic to control or monitor devices connected to edge nodes,or forge user identities to steal and tamper with data on edge nodes.Moreover,the edge node is a lightweight device,in order to make full use of its computing power,it is necessary to use an efficient access control method.Therefore,this thesis studies the access control mechanism of edge nodes,and the main work is as follows:(1)In view of the above problems of limited environment and weak security of edge nodes,an on-chain and off-chain authentication method for edge node data flow is proposed.By combining blockchain technology,access control methods based on attributes and rights,a fine-grained and efficient authentication method on the edge node side is realized by means of file grouping,attribute encryption,and capability token authentication.Additionally,deploying cloud storage services on edge nodes ensures that users can only remotely access data within their access rights,avoiding data secondary circulation.Meanwhile,it can monitor the entire life cycle of data usage actively and supervise data usage through active reporting mechanisms.(2)Aiming at problems such as node update,authority change,and private key leakage,a dynamic access authority update mechanism for edge nodes in multiple scenarios is proposed.By deploying the corresponding smart contract transactions,user’s access authority update mechanism is automatically implemented,and user’s access records are recorded in real time on the blockchain,and user’s reputation is evaluated according to the access behavior stored on the chain.Users will be punished to ensure the flexibility and security of the access control mechanism in the edge node,as well as the legitimacy and validity of user identities,so as to avoid the abuse of rights and difficult management problems.(3)Consortium chains are built on multiple edge nodes,trusted edge platforms are deployed,and the effectiveness of the proposed method is verified by designing comparative experiments.At the same time,experiments are carried out on several key contract execution processes of the system,and the experimental results prove that the access control system designed in this thesis can meet the application requirements in actual scenarios,and can provide higher quality services on the edge side than previous methods. |
PDF Full Text Request