外文文献翻译:
- 选自Adjustable Security for RFID-Equipped IoT Devices
作者:Thomas Ha ̈nelbull;, Alexander Bothebull;, Rene ́ Helmkebull;, Christoph Gericke◦, and Nils Aschenbruckbull;
原文:
I. INTRODUCTION
Recently discovered botnets turned out to be a serious threat to several web services. Mirai [4], especially known for its powerful Distributed Denial-of-Service (DDoS) attacks, expanded rapidly by exploiting the rather weak security features commonly used in various IoT devices. This weakness may be attributed to the fact that a key benefit of IoT devices, the quick and easy setup, often gets lost if security is added. Therefore, we identify making security usable and scalable as one of the key challenges for the IoT. This becomes even more relevant and important in industrial applications. However, in the emerging industrial IoT, devices often come equipped with RFID tags [11]. Using a suitable micro controller, the I2C interface provided by selected tags can be directly accessed from software. Thereby, sensing devices can be configured offline via RFID and read their own configuration, once powered. This also opens up promising ways to add security which we utilize in this paper.
Considering the need for a combination of usability, scalability, and security, we present our security system: Adjustable Security for RFID-equipped IoT devices (ASREID). Its adjustability allows different trade-offs between usability and security in order to adjust for requirements of a specific application.
The remaining part of this paper is structured as follows: In section II, we give an overview of existing security solutions specialized on the IoT. Then, we specify the general scenario, describing the unsecured system (Sec. III). After analyzing potential attacks in section IV, we introduce ASREID (Sec. V). Finally, we describe our implementation (Sec. VI) and draw a conclusion in section VII.
II. RELATED WORK
Although, security has proven to be a major concern for the IoT in the recent past, comprehensive and applicable solutions are still scarce. MQTT [1], a common protocol frequently used in IoT applications, contains barely any inherent security features. However, the protocol specification recommends to use standard technologies, e.g., encrypted connections using Transport Layer Security (TLS) and Access-Control-Lists (ACLs). Widely used software such as Paho1, HiveMQ2, and Mosquitto3 support these external security features. In addition, the authors of [3] concentrated on enhancing the protocol with privacy assuring packet manipulation. Nevertheless, a vital core challenge pointed out in [2] remains unaddressed: all devices need to be provided with unique certificates, keys, or credentials. In previous work, it has been addressed with regard to Wireless Sensor Networks (WSNs) [5], [7], [8], which consist of many resource constrained nodes with low processing power that communicate using a low-bandwidth wireless network. An individual node is usually not directly accessible as there is no form of user in- and output, e.g., keyboard and monitor. Therefore, the proposed approaches mainly concentrate on making the initial credential exchange more lightweight and fully automatic. This raises another issue: there is no way to validate the affiliation of a new device unless it is pre-equipped with information usable for authentication. One may expect a solution for this problem in two-factor authentication methods for WSNs, e.g., those considered in [9] and [10]. But, in contradiction to the WSN- context, these methods widely assume the two factors to be passwords and smart cards, which seems impractical due to the lack of in-/output on individual nodes. Therefore, both factors usually still need to be pre-installed on the nodes, which renders buying devices off-the-shelf and immediately deploying them impossible.
Therefore, we propose an RFID-based system that drastically reduces the overhead of pre-equipping the devices with security information. It fills the gap between having a lot of devices getting equipped with certificates (completely automatically and insecure) and having few devices that require a lot of pre-configuration for high security. At the same time, the system may be adjusted to work in these other modes: having completely automatic configuration and achieving a higher system security via full pre-equipping or two-factor authentication.
III. GENERAL SCENARIO
The general system structure of ASREID is depicted in figure 1. At the core of the system is a device that contains the MQTT Broker and, with the augmentations of this paper, an Authentication Manager (AM). This core device is responsible for forwarding data and managing the other devices. The majority of the remaining devices consists of a potentially high number of sensor modules. These sensor modules typically contain a small and cheap computer. Although, they have sufficient energy supply and computation capabilities in contrast to typical sensor nodes in a WSN. The sensor modules publish sensor readings via MQTT either over a wired or a wireless connection. There may also be actors that subscribe to some command topics which may be handled just like the sensor modules. However, subscribing will mainly occur at a few diagnostic service stations where the data is stored and further evaluated. Whereas those few stations may be easily configured and supplied with certificates manually, especially for the sensor modules, an automatic system is required which we present in this paper.
While the general mechanism of reading and sending the data may be built into the sensor modules during production, when deploying them, it is desirable to somehow make sure that one knows where each sensor module is placed. Imagine for example a production hall with multiple machines of the same kind. When retrofitting each
全文共54678字,剩余内容已隐藏,支付完成后下载完整资料
英语原文共 9 页,剩余内容已隐藏,支付完成后下载完整资料
资料编号:[14222],资料为PDF文档或Word文档,PDF文档可免费转换为Word
以上是毕业论文外文翻译,课题毕业论文、任务书、文献综述、开题报告、程序设计、图纸设计等资料可联系客服协助查找。
