Research on Security Solutions of RFID Middleware for Internet of Things
chrispeng [ad_1]
1 Research on the security protocol of the middleware device layer
1.1 Introduction to Security Protocol
A security protocol is a communication protocol based on a cryptographic system. It is a high-level interoperability protocol that uses cryptographic algorithms to achieve key distribution, identity authentication, and securely complete electronic transactions. It runs in various communication systems, and has formulated a series of implementation steps for all parties with security requirements. Its security mainly involves authentication, confidentiality, integrity and non-repudiation. Because of the low-cost requirements of electronic tags, the focus of RFID security technology research is to develop a mechanism with a certain security strength under the condition of limited resources of the tag.
1.2 Introduction and analysis of security protocols
So far, many RFID security protocols have been proposed, such as Hash chain protocol based on Hash ID change protocol, digital library RFID protocol, distributed RFID query response authentication protocol, LCAP protocol, re-encryption mechanism, etc.
1.3 Device layer security protocol based on random sequence
The existing security protocols have been listed and analyzed in the previous chapter, and it can be found that they all have some flaws and insecure factors. The gradual application of current RFID middleware in mobile devices and distributed applications will bring new security issues and hidden dangers. In addition to traditional eavesdropping, it may also cause network-specific security risks. Therefore, the current security protocol must be improved, and a new security protocol suitable for RFID middleware must be developed.
2 Research on middleware authorization strategy
2.1 Introduction to middleware authorization strategy
The RFID tag data processed by the RFID middleware contains personal privacy information and company confidential information. To access this information, certain authorization mechanisms must be passed, because the RFID middleware sends the processed tag information to the enterprise information system in real time through the network. Those practices such as restricting user commands and tag data range can not only improve the security of RFID middleware, but also improve the performance of RFID middleware to a certain extent.
Based on the above objectives, we propose a policy-based access control method in RFID middleware. This access control strategy can express the access range of RFID tag data, the access range of RFID readers, the request authority of commands, and the notification address for obtaining reports through middleware. RFID middleware that uses access control policies can prevent illegal requests. When the attacker pretends to be a customer, because the attacker can only obtain the customer’s permission, the destructiveness of the attack can be minimized.
2.2 ALE-based access control strategy structure
The RFID middleware access control strategy is based on EPCGlobalApplicationLevelEventStandard, hereinafter referred to as ALE. specification. The ALE specification lies between the application business logic and the original label reading layer. It defines a set of standard interfaces that the RFID middleware should provide to the upper application system, as well as the most basic functions of the RFID middleware. The main purpose of collecting and filtering ALE specifications is to extract effective business logic from a large number of businesses.
The ALE specification defines a set of interfaces. It does not involve specific implementation, and whether in the planning of EPCGlobal or the design and implementation of our SJTU-RFID, supporting the ALE specification is one of the most basic functions of RFID middleware. Therefore, the standard way for users or application systems to access the SJTU-RFID middleware is mainly through the ALE layer. In this way, the access control strategy designed in this article is mainly based on the authority-based control of the content of the access request of the middleware ALE layer. In this way, it can be that the middleware system has the security to control user access, and it also complies with general standards.
2.3 Implementation of Access Control Strategy
In this section, we outline the implementation of access control strategies in RFID middleware. It is relatively simple to implement access control in permittedReaderspermittedAPIs and notificationURIs. The access control engine can determine the control access authority according to whether the pattern in the client request matches the pattern in the control strategy. In filter policy access control, it is relatively complicated to implement. Customers can use the inclusion mode and the removal mode in the FilterSpec of ECSpec. The middleware only reports mismatches to remove the label data in the pattern table and matches to include the label data in the pattern table. The middleware can determine whether to remove the matching tag of the pattern when the match contains the pattern is in compliance with the filtering access control policy.
3 RFID middleware security structure system language research
3.1 Language design of safety structure system
The security architecture language is a language that uses the Xml language to describe the security requirements of different application fields. The architecture of the security requirements of the software system is constructed through the combination of security components and security connectors.
Use the security structure system language to describe the user’s RFID security requirements, and graphical security components security connectors, users can drag in the mobile security components in the interface, the security connectors can be combined into the required security solutions after setting the connection restrictions . These graphical architecture diagrams are converted into Xml language through the parser, and transmitted to the security component library. Through the Xml parser, various components and attributes are parsed, and the security components and safety connectors are captured according to the analytical structure.
The advantage of the security architecture language is to provide users with a security display of the architecture level through a graphical interface. The user can think and design security requirements at the architecture level, and the Xml language it uses is easy to combine and analyze. A very versatile language.
3.2 Security structure system language for RFID middleware
The existing security architecture language cannot meet the requirements of the security toolbox of the field-oriented SJTURFID middleware, because SJTURFID middleware needs to evaluate the security scheme, so each security component should provide corresponding security level information. The user and the system make a selection decision. For the domain-oriented features, each security component should provide a corresponding domain identifier to facilitate the selection and assembly of users in the corresponding domain, and it can also effectively prevent unauthorized users from using it.
4 Middleware security level evaluation research
4.1 Brief introduction of safety comprehensive assessment method
The comprehensive safety assessment method uses a fuzzy analysis model, which is an evaluation method based on fuzzy sets. Its characteristic is that its evaluation method is very close to people’s normal thinking mode. Use degree language to describe the object. In the process of judging qualitative factors, many fuzzy phenomena cannot be expressed by ordinary simple numbers, so they can only be dealt with by fuzzy mathematics. Evaluation experts make a fuzzy selection of the index standards of each factor, and then calculate the selection results of the expert group on the evaluation factor index system, and then perform the final calculation according to the established mathematical model. The process of fuzzy evaluation method is to start with qualitative fuzzy selection, and then calculate the result through fuzzy transformation principle.
Security level assessment is of great necessity. It enables the security toolbox to be adjusted according to the evaluation level, and provides users with the most suitable solutions to improve user satisfaction. Most safety evaluation methods are directly scored by experts, and the evaluation results obtained are subjective. At the same time, the system is complex and the safety factors are many, making comprehensive evaluation difficult. We use fuzzy comprehensive evaluation method, which is a comprehensive evaluation method that uses fuzzy calculation to avoid subjectivity. This method must first determine various factors that affect safe operation, and the importance of various factors is measured by their weighting factors.
When evaluating the security solution submitted by the security component library, a variety of factors and attributes that have different effects on the business system are involved. When evaluating, we must take into account all aspects and reduce the impact of subjective factors. Therefore, we need to divide the security solution into layers, subdivide each factor in each layer, and assign corresponding weights to the factors and layers, and comprehensively The program is evaluated. In a complex security solution, due to the many factors that need to be considered, and there are levels between the factors, it is difficult to compare the order of the influencing factors using a single-level evaluation method, that is, it is difficult to determine a unified weight. At this time, a multi-level evaluation method section can be used.
[ad_2]
