3 信息物理系统安全措施

3.1 感知执行层安全措施

信息物理系统感知执行层主要涉及各节点基础设施的物理安全、感知数据的采集以及控制命令的执行。需要保障传感器、执行器、RFID装置、图像捕捉装置等设备的安全,是信息物理系统安全的基础。以下是针对感知执行层安全威胁的一些安全措施:

1) 对节点的身份进行一定的管理和保护。这会在一定程度上延长节点认证时间,实际应用中可以权衡系统的安全性和效率,制定较为平衡的节点认证策略。

2) 通过生物识别和近场通信等技术,更好的保护节点感知数据的安全性。

3) 加强立法,对利用信息物理系统威胁用户或者系统安全的行为立法,明确违法行为及其代价。

4) 应结合信息物理系统,对密码与密钥技术[10-11]、隐私保护技术[12-16] 、安全路由技术[17-18]、安全数据融合技术[19-21]和安全定位技术[22-23]等方面进行深入研究。

3.2 数据传输层安全措施

数据传输层的安全措施主要是为了保障系统中的通信数据安全,包括数据的完整性、机密性和一致性等。数据传输层安全机制可综合利用点到点加密机制和端到端加密机制[24]

1) 点对点加密机制保证数据在逐跳传输过程中的安全性,但由于每个节点都可以得到明文数据,因此对节点的可信性要求较高。安全机制包括节点认证、逐跳加密以及跨网认证等。

2) 端对端加密机制主要实现端到端的数据机密性,并可以提供不同安全等级的灵活安全策略。但端到端加密方式无法隐藏数据源和目的,存在被攻击者利用的安全隐患。安全机制包括端到端的身份认证、密钥协商以及密钥管理等。

3.3 应用控制层安全措施

应用控制层是信息物理系统做出决策的核心部分,系统中的海量数据要求应用控制层具有较强的数据智能处理能力,同时必须对数据的安全性和用户隐私数据进行保护[25]

针对信息物理系统应用控制层的安全措施包括:

1) 加强系统的访问控制策略;

2) 加强不同应用场景的身份认证机制和加密机制;

3) 完善网络取证机制,加强网络取证能力;

4) 在不影响各应用的同时为信息物理系统建立起一个统一高效的安全管理平台。

4  结  论

信息物理系统是一个在探索中的,非常有前景的研究领域,国内外对信息物理系统的研究也都刚刚起步。信息物理系统的研究,需要在现有科学技术的基础上,结合计算机技术、网络技术、控制技术、通信技术和物理学、生命科学、社会学等相关领域的知识,来完善信息物理系统理论,开展对信息物理系统的实时性、安全性、自治性和高性能的研究[2]。本文对信息物理系统的定义进行了概述,并分析了信息物理系统的体系架构。信息物理系统的体系架构主要分为感知执行层、数据传输层和应用控制层,在各层都存在着相应的安全威胁。本文详细分析了信息物理系统各层中可能存在的安全威胁,并提出了相应的安全措施。信息物理系统的发展一方面能够带来巨大的经济发展机遇,另一方面又会带来许多信息安全方面新的问题。因此需要学术界和工业界的协同合作,对其进行深入的研究,共同促进信息物理系统的发展。

参考文献 (References)

[1]

Lee E. Computing foundations and practice for cyber-physical systems: A preliminary report, technical report,UCB/EECS-2007-72 [R]. Berkeley, USA: University of California at Berkeley, 2007.

[3]

Baheti R, Gill H. Cyber-physical systems [C]// The Impact of Control Technology. Washington DC, USA: IEEE, 2011: 161-166.

[4]

CPS Steering Group. Cyber-physical systems executive summary [R/OL]. (2008-03-06,). http://precise.seas. upenn.edu/events/iccps11/doc/CPS-Executive-Summary.pdf.

[5]

Lin J, Sedigh S, Miller A. A general framework for quantitative modeling of dependability in cyber-physical systems: A proposal for doctoral research [C]// Proceedings of the 33rd Annual IEEE International Computer Software and Applications Conference. Seattle, USA: IEEE, 2009: 668-671.

[6]

Sastry S S. Networked embedded systems: from sensor websto cyber-physical systems [C]// Proceedings of the 10th International Conference on Hybrid Systems: Computation and Control. Berlin, Germany: Springer, 2007: 1.

[7]

Branicky M. CPS initiative overview [C]// Proceedings of the IEEE/RSJ International Conference on Robotics and Cyber-Physical Systems. Washington DC, USA: IEEE, 2008.

[8]

Krogh B, Ilic M D, Sastry S S. Networked Embedded Control for Cyber-Physical Systems: Research Strategies and Roadmap, Technical Report [R]. Pittsburgh, Pennsylvania, USA: Team for Research in Ubiquitous Secure Technology, 2007.

[9]

马文方. CPS: 从感知网到感控网 [N]. 中国计算机报, 2010-03-01, 025.

MA Wenfang. CPS: sensor-net to sensor-acuator-net [N]. China Information World, 2010-03-01, 025. (in Chinese

[2]

王中杰, 谢璐璐. 信息物理融合系统研究综述 [J]. 自动化学报, 2011, 37(10): 1157-1166.

WANG Zhongjie, XIE Lulu. Cyber-physical systems: A survey [J]. ACTA Automatica Sinica, 2011, 37(10): 1157-1166. in Chinese

[10]

Eschenauer L, Gligor V. A key-management scheme for distributed sensor networks [C]// Proceedings of the 9th ACM Conference on Computer and Communications Security. New York, USA: Association for Computing Machinery, 2002: 41-47.

[11]

ZHANG Wensheng, Tran M. A random perturbation-based scheme for pairwise key establishment in sensor networks [C]// Proceedings of the 8th ACM International Symposium on Mobile ad Hoc Networking and Computing. New York, USA: Association for Computing Machinery, 2007: 90 – 99.

[12]

HE Wenbo, LIU Xue, Nguyen H, et al. PDA: Privacy preserving data aggregation in wireless sensor networks [C]// Proceedings of the 26th IEEE International Conference on Computer Communications. Anchorage, Alaska, USA: IEEE, 2007: 2045-2053.

[13]

ZHANG Wensheng, WANG Chuan, FENG Taiming. GP2S: Generic privacy-preservation solutions for approximate aggregation of sensor data (concise contribution) [C]// Proceedings of the 6th Annual IEEE Communications (PerCom). Hong Kong, China: IEEE, 2008: 179-184.

[14]

Kamat P, XU Wenyuan, Trappe W, et al. Temporal privacy in wireless sensor networks [C]// Proceedings of the 27th International Conference on Distributed Computing Systems (ICDCS). Toronto, Canada: IEEE, 2007: 23.

[15]

Kamat P, ZHANG Yanyong, Trappe W, et al. Enhancing source-Location privacy in sensor network routing [C]// Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDCS). Washington DC, USA: IEEE, 2005: 599-608.

[16]

Ganesan P, Venugopalan R, Peddabachagari P, et al. Analyzing and modeling encryption overhead for sensor encryption overhead for sensor network nodes [C]// Proceedings of the 2nd ACM International Conference on Wireless Sensor Networks and Applications. New York, USA: Association for Computing Machinery, 2003: 151-159.

[17]

Nasser N, CHEN Yunfeng. Secure multipath routing protocol for wireless sensor networks [C]// Proceedings of the 27th International Conference on Distributed Computing Systems Workshops. Toronto, Canada: IEEE, 2007: 12.

[18]

ZHANG Kun, WANG Cong, WANG Cuirong. A secure routing protocol for cluster-based wireless sensor networks using group key management [C]// Proceedings of the 4th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 08). Dalian, China: IEEE, 2008: 12-14.

[19]

SUN Bo, JIN Xing, WU Kui, et al. Integration of secure in network aggregation and system monitoring for wireless sensor networks [C]// Proceedings of IEEE International Conference on Communications (IEEE ICC 07). Politecnico di Milano, Italy: IEEE, 2007: 1466-1471.

[20]

ZHANG Wei, LIU Yonghe, Das S K, et al. Secure data aggregation in wireless sensor networks: A watermark based authentication supportive approach [J]. Pervasive Mobile Computing, 2008, 4(5): 658-680.

[21]

Ferrer J D. A provably secure additive and multiplicative privacy homomorphism [C]// Proceedings of the 5th International Conference on Information Security. London, UK: Springer, 2002: 471-483.

[22]

Chang C-C G, Snyder W E, Wang C. A new relaxation labeling architecture for secure localization in sensor networks [C]// Proceedings of the Communications (ICC 07). Glasgow, Scotland: IEEE, 2007: 3076-3081.

[23]

ZHONG Sheng, Jadliwala M, Upadhyaya S, et al. Towards a theory of robust localization against malicious beacon nodes [C]// Proceedings of the 27th Conference on Computer Communications. Phoenix, USA: IEEE, 2008: 1391-1399.

[24]

TANG Huang, TAN Feng, SONG Bin, et al. Cyber-physical system security studies and research [C]// Proceedings of the International Conference on Multimedia Technology (ICMT 2011). Hangzhou, China: IEEE, 2011: 4883-4886.

[25]

杨光, 耿贵宁, 都婧, . 物联网安全威胁与措施[J]. 清华大学学报:自然科学版,2011, 51(10)1335-1340.

YANG Guang, GENG Guining, DU Jing, et al. Security threats andmeasures for the Internet of Things [J]. Journal of Tsinghua UniversityScience and Technology, 2011, 51(10): 1335-1340. in Chinese

转载于:https://www.cnblogs.com/lizhaoabc/p/8424819.html