[go: up one dir, main page]

CN113382076A - Internet of things terminal security threat analysis method and protection method - Google Patents

Internet of things terminal security threat analysis method and protection method Download PDF

Info

Publication number
CN113382076A
CN113382076A CN202110660755.4A CN202110660755A CN113382076A CN 113382076 A CN113382076 A CN 113382076A CN 202110660755 A CN202110660755 A CN 202110660755A CN 113382076 A CN113382076 A CN 113382076A
Authority
CN
China
Prior art keywords
internet
terminal
things
security
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110660755.4A
Other languages
Chinese (zh)
Inventor
崔涛
杨刚
王竹欣
杨汝宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Information and Communications Technology CAICT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Information and Communications Technology CAICT filed Critical China Academy of Information and Communications Technology CAICT
Priority to CN202110660755.4A priority Critical patent/CN113382076A/en
Publication of CN113382076A publication Critical patent/CN113382076A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明涉及一种物联网终端安全威胁分析方法及防护方法。所述物联网终端安全威胁分析方法包括步骤有对物联网的业务流程及实现原理进行分析,建立物联网应用系统模型;基于建立的物联网应用系统模型分析物联网安全风险主要的风险点,归纳风险点的特点,将物联网终端安全风险进行分类;通过分析确定物联网终端安全风险。所述物联网终端安全防护方法包括硬件安全、接入安全、操作系统安全和应用安全四个步骤,通过上述物联网终端安全威胁分析方法及防护方法,能够详细的分析出物联网终端面临的安全威胁以及制定相应的防护方案。

Figure 202110660755

The invention relates to a security threat analysis method and a protection method for an Internet of Things terminal. The method for analyzing the security threat of the Internet of Things terminal includes the steps of: analyzing the business process and implementation principle of the Internet of Things, and establishing an Internet of Things application system model; According to the characteristics of risk points, the security risks of IoT terminals are classified; the security risks of IoT terminals are determined through analysis. The IoT terminal security protection method includes four steps of hardware security, access security, operating system security and application security. Through the above-mentioned IoT terminal security threat analysis method and protection method, the security threats faced by the IoT terminal can be analyzed in detail. threats and develop corresponding protection plans.

Figure 202110660755

Description

Internet of things terminal security threat analysis method and protection method
Technical Field
The invention relates to the field of security of terminals of the Internet of things, in particular to a security threat analysis method and a protection method for terminals of the Internet of things.
Background
The networking quantity of industrial internet of things devices is increased from 24 hundred million to 138 hundred million and is increased by about five times in 2016 to 2025 years, and the networking quantity of industrial internet of things devices exceeds the networking quantity of consumer internet of things devices in 2023 years, as shown in fig. 1.
The development of communication technologies such as LoRa, NB-IoT and 5G makes the interconnection of everything practical. The NB-IoT, which is particularly oriented to the low-traffic-consumption Internet of things terminal, is taken as an important branch of the internet of everything and is suitable for being widely deployed in the fields of smart cities, smart traffic, smart production, smart homes and the like.
In terms of video monitoring equipment, the video monitoring equipment of Haekwov and Dahua in Zhejiang is exposed seriously, wherein the total amount of the Haekwov exposure equipment exceeds 580 million, and the exposure amount of the video monitoring equipment of manufacturers such as Dahua in Zhejiang and D-Link also reaches the million level as shown in FIG. 2.
Meanwhile, the number of routers and video monitoring equipment exposed to the Internet in China ranks in the front of the whole world, and the number of routers exceeds 350 thousands, which is second only to the United states. The number of the video monitoring devices exceeds 240 ten thousand, and the video monitoring devices are positioned at the first place; and secondly vietnam, usa, brazil, india, etc. Therefore, there is a need for an analysis method and a protection method for security threats of an internet of things terminal, which can analyze and protect the security threats of the internet of things terminal, thereby ensuring the security of the internet of things terminal.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an Internet of things terminal security threat analysis method and a protection method.
In order to achieve the purpose, the invention provides the following technical scheme: an Internet of things terminal security threat analysis method comprises three steps,
analyzing a service flow and an implementation principle of the Internet of things, and establishing an Internet of things application system model;
analyzing main risk points of the security risk of the Internet of things based on the established Internet of things application system model, summarizing the characteristics of the risk points, and classifying the security risk of the terminal of the Internet of things;
and thirdly, determining the security risk of the terminal of the Internet of things by analyzing the physical security risk of the terminal of the Internet of things, the security risk of network communication and structure, the risk of data leakage, the risk of malicious software infection and the risk of service interruption.
Further, the internet of things application system model comprises a server-side system, a terminal system and a communication network;
the server-side system collects data information from the terminal system, stores the data information into the server, processes the data information through the service function module, feeds back a processing result to the user interface through different service interfaces for display, and obtains a data result through an API interface or a UI interface;
the terminal system includes low complexity devices, complex devices and gateways, which connect the physical world and the internet through wired and wireless networks,
the terminal system is a motion sensor, a digital door lock, a vehicle networking system or an industrial control sensor.
Further, the terminal system collects data from the real physical environment around, and transmits the data to the server system through the cellular or non-cellular network after formatting the data, and displays the information to the user when receiving the feedback from the server,
the communication network comprises a wired communication network and a wireless communication network, is responsible for connecting the server and the terminal, provides a channel for data transmission between the server and the terminal, and simultaneously undertakes information interaction between the terminal equipment and the user terminal.
Further, the channel is a telecommunication network, the internet or satellite communication, and the information interaction is bluetooth, WIFI or near field communication.
Furthermore, the terminal system is composed of a sensor and a gateway, the main function of the terminal system is to realize the collection, identification and control of information, and the terminal system comprises a light terminal, a complex terminal and an internet of things gateway.
Further, the light terminal is used for single physical purpose, the light terminal performs data interaction with the service end of the internet of things through a gateway or user terminal equipment,
the complex terminal is internally provided with a processor, runs a local application program or processes audio and video data, performs data interaction with the service end of the Internet of things through a long-distance communication link or through WIFI and Ethernet through user terminal equipment,
the Internet of things gateway is used for managing a long-distance communication link, receiving a command sent by a server system, converting the command into light and complex information which can be analyzed by the terminal, transmitting the light and complex information to the terminal, processing the information collected by the terminal and then sending the processed information to the server system.
Further, the light terminal is a wearable device, a home security sensor or an NFC label,
the complex terminal comprises an intelligent household appliance, an industrial control system or an intelligent automobile tracking and monitoring device,
the Internet of things gateway is an Internet of things service gateway or a customer premise equipment gateway.
A security threat protection method for an internet of things terminal is mainly characterized in that flow analysis and situation awareness are added to a communication network part connecting a terminal and a server, passive defense and active defense technical strategies are adopted, based on consideration of internet of things research and development design, online operation and scrapped security requirements, intelligent perception and intelligent countermeasures driven by threat information can be finally realized, and the security threat protection method can autonomously cope with complex and diverse potential network security threats in the internet of things era, and comprises an internet of things terminal security protection method and an internet of things terminal communication security protection method.
Further, the method for protecting the terminal of the internet of things comprises four steps of hardware safety, access safety, operating system safety and application safety.
Firstly, the hardware safety ensures that a system program, terminal parameters, safety data and user data in a chip are not falsified or illegally acquired by realizing the safety access of a terminal chip of the Internet of things, a reliable computing environment, the safety chip added with a safety module and the safety of an encryption unit;
secondly, the access security utilizes a lightweight and easily integrated security application plug-in to carry out terminal anomaly analysis and encrypted communication, so as to realize terminal intrusion protection, thereby avoiding the behavior of attacking key nodes of the network by virtue of the terminal, and simultaneously preventing illegal node access by virtue of a lightweight forced authentication mechanism;
thirdly, the operating system safely ensures that the system behaviors related to safety are controllable all the time through monitoring, protecting and reminding system resource calling;
and fourthly, the application safety guarantee terminal identifies the source of the application software to be installed, controls the sensitive behavior of the installed application software, and simultaneously ensures that the preset application software in the terminal has no malicious absorbing behavior and no unauthorized user data modifying, deleting and stealing behaviors.
Further, the method for protecting the communication safety of the terminal of the internet of things comprises the following steps:
introducing a network node identity authentication mechanism, introducing the identity authentication mechanism into the communication network of the Internet of things, and authenticating the identity of an edge sensing node by using a key network node, so that false nodes are prevented and stopped from being accessed into the network, and the safety of the communication network node is ensured;
strengthening terminal data integrity protection, establishing a reliability guarantee mechanism of information transmission by establishing a secure channel between the internet of things terminal and a communication network, and providing encryption and integrity protection for terminal data while ensuring the communication quality of a user so as to prevent data leakage and communication content from being intercepted and tampered;
step three, data transmission encryption operation is enhanced, on the basis of stopping plaintext transmission, data filtering and authentication encryption operation are further enhanced, correctness of transmitted data is guaranteed, multi-dimensional verification of equipment fingerprints, timestamps, identity verification and message integrity is carried out, and safety of data transmission is guaranteed to the maximum extent;
and step four, sensing the security situation of the communication network, actively identifying the public network Internet of things equipment through a network space search engine, passively detecting the local network Internet of things equipment through flow characteristics, analyzing and tracking the flow of the equipment after the basic condition of the currently connected Internet of things equipment in the network is known, monitoring security attack in real time, and predicting the security risk of the Internet of things.
By the method for analyzing the security threat of the terminal of the internet of things and the method for protecting the terminal of the internet of things, the security threat faced by the terminal of the internet of things can be analyzed in detail and a corresponding protection scheme can be formulated.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a network quantity diagram of global consumption networking equipment and industrial networking equipment.
FIG. 2 is a graph of manufacturer's video surveillance equipment exposure numbers.
Fig. 3 is a flowchart of a security threat analysis method for an internet of things terminal.
Fig. 4 is a flowchart of a security threat protection method for an internet of things terminal.
Detailed Description
In the description of the present invention, it is to be understood that the terms "center", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "inner", "outer", "axial", "circumferential", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used merely for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; may be mechanically coupled, may be electrically coupled or may be in communication with each other; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
the internet of things is car networking, intelligent house, intelligent monitoring, intelligent logistics, intelligence dress, wisdom medical treatment or wisdom energy, analyzes the business process and the realization principle of internet of things, establishes internet of things application system model, because perception terminal or node are in dangerous physical environment, probably stolen, illegal position removes, artificial destruction and the threat that natural environment arouses, probably causes the loss of perception terminal or node, the position removes or can't work, above-mentioned content relates to terminal physics security risk.
Sensing equipment generally cannot have complete safety protection capability and lacks a corresponding safety protection system, so that the sensing equipment is easy to attack and damage, secondly, many pieces of Internet of things equipment are not updated in time or lack of a corresponding updating mechanism to cause extremely high software vulnerability risks existing in the Internet of things terminal equipment, and the above contents relate to the self safety risks of the terminal.
At present, many safety protection functions suitable for general computing equipment are difficult to realize on the internet of things due to the limitation of computing resources or system types, so that a communication mechanism of the internet of things has great potential safety hazards. For example: many internet of things devices transmit in part or in whole plaintext and lack an encrypted communication mechanism. Many internet of things do not carry out authority limit on code or configuration item change, lack mature authorization or authentication mechanism, easily take place malicious sensitive operation or data unauthorized access. Some home networks rarely perform network segmentation isolation or firewall setting, so that the internet of things equipment is extremely easy to be infected by viruses in the same network segment and maliciously accessed or controlled. The foregoing relates to network communications and structural security risks.
The risk that the privacy data of the user are revealed by the Internet of things system is high. The leakage risk of cloud and Internet of things terminal equipment is mainly existed. On one hand, the cloud service platform may suffer from external attack or internal disclosure, or user sensitive data may be leaked due to reasons such as weak password authentication of a cloud service user; on the other hand, a data leakage channel also exists between devices, and devices in the same network segment or adjacent network segments may view information of other devices, such as a name of a house owner, accurate geographical location information, even things purchased by a consumer, and the like. The above relates to data leakage risks.
Once the terminal and the node are perceived to be physically captured or logically broken, an attacker can analyze confidential information stored in the terminal or the node by using a simple tool; meanwhile, an attacker can utilize the vulnerability of the sensing terminal or the node to carry out Trojan and virus attacks, so that the terminal node is controlled illegally or is in an unavailable state, unauthorized access is obtained, or the attack is implemented. Such as Mirai, BASHLITE, Lizkebab, Torlus, Gafgyt, etc., which trigger large-scale DDoS attacks. Besides being used for denial of service attacks, the internet of things equipment infected by the viruses can also be used for snooping the privacy of others, hijacking equipment by lasso, or being utilized as a network penetration entrance connected with the equipment for attacking the internet of things and the like. The foregoing relates to malware infection risk.
The loss of availability or connectivity may affect the functional characteristics of the internet of things devices and may also reduce security in some situations, for example, a building alarm system may directly affect the overall security of the building once the connection is broken. The above relates to service interruption risk.
Example 2:
the communication network system of the Internet of things is mainly used for transmitting and processing information acquired by the sensing layer in the network. Because the networks related to the internet of things are various, radio frequency networks such as wireless and infrared of a sensing layer reach an application layer platform of the internet of things through the internet from a wireless access network, such as a narrow-band internet of things network, a wireless local area network, a cellular mobile communication network, a wireless ad hoc network and the like, the network security threat faced by the internet of things is more complex, and potential safety hazard analysis is carried out on the network security threat.
And analyzing main risk points of the security risk of the Internet of things based on the Internet of things application system model. Data transmission of the internet of things generally communicates by means of wireless radio frequency signals, and the inherent vulnerability of a wireless network makes a system easily attacked in various forms. An attacker can cause the reader-writer to be incapable of receiving data in a normal electronic tag or cause the base station to be incapable of working normally by transmitting an interference signal, so that communication is interrupted. In addition, the wireless transmission network is easy to cause that the signal transmission process is difficult to effectively protect, and is easy to hijack, eavesdrop and even tamper by an attacker. The above shows that the wireless data transmission link has vulnerability.
Because the number of nodes in the internet of things is huge and the nodes exist in a cluster mode, an attacker can utilize the controlled nodes to send malicious data packets to the network to launch denial of service attack, and network congestion, paralysis and service interruption are caused. The above shows that the transport network is vulnerable to denial of service attacks.
A user accesses a network without authorization, uses network resources illegally, or attacks the network; the user accesses the network without authorization and obtains the data in the network, such as user information, configuration information, routing information, etc. The foregoing relates to unauthorized access and access to networks.
For communication network operators, the traditional management and control of communication functions such as short messages, data, voice and the like are mainly performed according to a single device, a single function and a single user. However, the internet of things equipment terminal is large in scale, and communication functions such as short messages and data of different services are combined more, and if the communication functions cannot be managed and controlled in batch through multiple dimensions such as regions, services and users on the network side, risks caused by the control of a large number of terminals cannot be dealt with. The above relates to communication network operator emergency management and control risks.
Example 3:
with the continuous maturity of internet of things technology products, the potential and the growth performance of the products are gradually highlighted. The application of the internet of things has penetrated into each link of production and life. In the embodiment, a consumption internet of things is selected for safety risk analysis, and the consumption internet of things is an intelligent device network which is produced and created by taking consumption as a main line and utilizing the intelligent device of the internet of things to greatly improve or influence the consumption habits of people. Smart homes (including smart homes, household appliances and the like) are the most important consumer-grade products of the consumer internet of things, and meanwhile, smart wearable devices such as bracelets, glasses and portable medical devices are also the main application of the consumer internet of things. The application scene of the internet of things is close to a plurality of terminal sellers, and a black industrial chain is easy to generate.
There are increasing security threat incidents for consuming the internet of things, such as that a portable insulin pump introduced by a medical company in the uk is remotely controlled by a hacker who may threaten the user's life safety by controlling the injection metering. In 2017, many Lesox virus events aiming at the smart television occur in Japan.
By adopting the method of the invention to analyze the business process and the realization principle of the consumer Internet of things and analyzing the main risk points of the safety risk of the Internet of things based on the application system model of the Internet of things, the main threats of the consumer Internet of things can be found as follows:
(1) privacy such as user files and videos is stolen by using secret behaviors such as loopholes or automatic software installation;
(2) the botnet program is propagated to change the intelligent equipment into a tool which is hijacked for utilization;
(3) and data stealing or destruction is carried out by controlling the equipment to reversely attack the cloud platform in the enterprise or at the rear end of the enterprise.
Example 4:
the embodiment selects the Internet of vehicles for safety risk analysis, the Internet of vehicles is a large system for wireless communication and information exchange between vehicles, vehicles and roads, vehicles and pedestrians, the Internet and the like based on an internal vehicle network, an inter-vehicle network and a vehicle-mounted mobile Internet according to an agreed communication protocol and a data interaction standard, and the Internet of vehicles is an integrated network capable of realizing intelligent traffic management, intelligent dynamic information service and intelligent vehicle control, and is a typical application of the Internet of things technology in the field of traffic systems. The Internet of vehicles has important significance for promoting the integration and the upgrade of the industries of automobiles, traffic and information communication and for the remodeling of the ecological and value chain system of the related industry.
The intelligent car networking simultaneously realizes communication with cloud service and local bus through the on-vehicle smart machine, realizes carrying out remote control's intelligent demand to the vehicle through cell-phone application. Therefore, the vehicle internal information architecture accessed to the Internet of vehicles at least comprises a driving information bus and an Internet of things/Internet communication network, so that the safety of gateway type components also becomes an important factor influencing the safety of the Internet of vehicles. With the continuous progress of the intellectualization and networking of the internet of vehicles, the safety of the internet of vehicles becomes an important factor related to whether the internet of vehicles can be rapidly developed.
By adopting the method disclosed by the invention to analyze the business process and the implementation principle of the Internet of vehicles and analyzing the main risk points of the safety risk of the Internet of things based on the Internet of things application system model, the main threats of the Internet of vehicles can be found as follows:
(1) the legality of the sensor data is difficult to judge, and false response is caused by tampering of basic data;
(2) the core control component has a leak, and the control right leaks and potential safety hazards;
(3) the interface identity authentication is lost, and the potential safety hazard of illegal equipment access exists;
(4) the OTA channel presents a risk of supply chain threat implantation;
(5) intelligent application presence is made possible.
Example 5:
in the embodiment, the industrial internet is selected for safety risk analysis, the industrial production activity begins to show the development trend of digitalization, intellectualization and networking due to the application of the industrial internet in industrial production, and the interconnection of all production links becomes a new normal state. This makes the partial link network of industrial production and external network intercommunication, when improving efficiency, can arouse and lead to serious security incident.
According to incomplete statistics, 28.05% of industrial control systems of ICS, SCADA and the like of 82 industrial enterprises of the industrial Internet alliance of China have bugs, wherein 23.2% of the bugs are high-risk bugs. In general, the security situation of industrial internet in China is severe, the potential safety hazard of an industrial control system and a platform is prominent day by day, the adaptability of industrial network security products and services is not high, and the awareness and the capability of industrial internet security guarantee are in urgent need of reinforcement.
By adopting the method disclosed by the invention to analyze the business process and the realization principle of the industrial internet and analyzing the main risk points of the safety risk of the internet of things based on the application system model of the internet of things, the main threats of the industrial internet can be found as follows:
(1) the network and system assets are numerous and complex, the identification of the assets and the network boundary is difficult, the assets are directly exposed to the Internet, and the security risk is great.
(2) The service life of the system and the equipment is long, software and hardware cannot be upgraded and updated in time, and a large number of security holes exist;
(3) technical means such as network isolation measures, host safety protection measures and the like are lost, so that the spread of viruses and attacks cannot be prevented, and vulnerability safety risks cannot be responded;
(4) the threat perception capability is insufficient, and when the events such as intrusion attack, malicious damage, misoperation and the like occur, the user cannot position and effectively trace the source in real time;
(5) the safety operation capability is insufficient, professional safety personnel and safety operation capability are lacked, and closed-loop management of issuing, tracking and responding to safety risks is lacked.
Example 6:
in this embodiment, an industrial internet of things is selected for security risk analysis, and the industrial internet of things refers to a global network connecting links such as industrial products, processes, and services. It realizes the free communication among people, data and machines. The industrial Internet of things is characterized in that the technology of intelligent equipment and the Internet is used for improving the existing industrial industry, the problem which cannot be solved in the past is solved, and the working efficiency is greatly improved. For example: after the intelligent gate is used for ticket checking, the railway transportation system reduces the work of needing multi-person ticket checking in the past to the situation that only 1 or 2 guides guide passengers to correctly use the gate by the side. And the intelligent ticket checking and one-ticket one-pass mechanism of the gate effectively solves the ticket evasion problem.
Although the original intention of the development of the industrial Internet of things is to solve the industrial pain point and improve the operation efficiency. However, as part of equipment manufacturers lack safety experience, pay attention to service and cost and neglect safety, a great amount of potential safety hazards are introduced to the existing service system after part of new equipment is put into production.
By adopting the method disclosed by the invention to analyze the business process and the realization principle of the industrial Internet of things and analyzing the main risk points of the safety risk of the Internet of things based on the Internet of things application system model, the main threats of the industrial Internet of things can be found as follows:
(1) the state of the sensor directly affects the production process, and the consequence is serious if a safety problem occurs;
(2) the novel intelligent equipment is connected to the original production environment, and an existing safety means is impacted;
(3) data safety depends on continuous operation and maintenance, and safety and cost are difficult to be considered;
(4) the cloud host and data security completely depends on the basic security capability of the cloud platform due to insufficient cloud security experience;
(5) the mobile terminal APP development outsourcing is difficult to control the distribution path and is easy to be utilized by lawbreakers.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. The Internet of things terminal security threat analysis method is characterized by comprising the following steps:
the method for analyzing the security threat of the terminal of the Internet of things comprises three steps,
analyzing a service flow and an implementation principle of the Internet of things, and establishing an Internet of things application system model;
analyzing main risk points of the security risk of the Internet of things based on the established Internet of things application system model, summarizing the characteristics of the risk points, and classifying the security risk of the terminal of the Internet of things;
and thirdly, determining the security risk of the terminal of the Internet of things by analyzing the physical security risk of the terminal of the Internet of things, the security risk of network communication and structure, the risk of data leakage, the risk of malicious software infection and the risk of service interruption.
2. The internet of things terminal security threat analysis method of claim 1, wherein:
the Internet of things application system model comprises a server-side system, a terminal system and a communication network;
the server-side system collects data information from the terminal system, stores the data information into the server, processes the data information through the service function module, feeds back a processing result to the user interface through different service interfaces for display, and obtains a data result through an API interface or a UI interface;
the terminal system includes low complexity devices, complex devices and gateways, which connect the physical world and the internet through wired and wireless networks,
the terminal system is a motion sensor, a digital door lock, a vehicle networking system or an industrial control sensor.
3. The internet of things terminal security threat analysis method of claim 2, wherein:
the terminal system collects data from the real physical environment, formats the data and transmits the data to the server system through a cellular or non-cellular network, and displays the information to the user when receiving the feedback of the server,
the communication network comprises a wired communication network and a wireless communication network, is responsible for connecting the server and the terminal, provides a channel for data transmission between the server and the terminal, and simultaneously undertakes information interaction between the terminal equipment and the user terminal.
4. The internet of things terminal security threat analysis method of claim 3, wherein:
the channel is a telecommunication network, the Internet or satellite communication, and the information interaction is Bluetooth, WIFI or near field communication.
5. The internet of things terminal security threat analysis method of claim 2, wherein:
the terminal system comprises a sensor and a gateway, and mainly has the functions of collecting, identifying and controlling information, and comprises a light terminal, a complex terminal and an Internet of things gateway.
6. The internet of things terminal security threat analysis method of claim 5, wherein:
the light terminal is used for single physical purpose, the light terminal performs data interaction with the service end of the Internet of things through a gateway or user terminal equipment,
the complex terminal is internally provided with a processor, runs a local application program or processes audio and video data, performs data interaction with the service end of the Internet of things through a long-distance communication link or through WIFI and Ethernet through user terminal equipment,
the Internet of things gateway is used for managing a long-distance communication link, receiving a command sent by a server system, converting the command into light and complex information which can be analyzed by the terminal, transmitting the light and complex information to the terminal, processing the information collected by the terminal and then sending the processed information to the server system.
7. The internet of things terminal security threat analysis method of claim 6, wherein:
the light terminal is wearable equipment, a home security sensor or an NFC label,
the complex terminal is an intelligent household appliance, an industrial control system or an intelligent automobile tracking and monitoring device,
the Internet of things gateway is an Internet of things service gateway or a customer premise equipment gateway.
8. Internet of things terminal security threat protection method mainly increases flow analysis, situation perception in the communication network part of connecting terminal and server, through taking the technological strategy of passive defense, active defense, on the basis of taking into account thing networking research and development design, operation and condemned security demand, can realize finally threatening intelligence perception of information drive and even intelligent countermeasures, the complicated manifold potential network security threat of thing networking era of independently coping, its characterized in that: the method comprises an Internet of things terminal safety protection method and an Internet of things terminal communication safety protection method.
9. The internet of things terminal security threat prevention method according to claim 8, characterized in that:
the method for protecting the terminal of the Internet of things comprises four steps of hardware safety, access safety, operating system safety and application safety,
firstly, the hardware safety ensures that a system program, terminal parameters, safety data and user data in a chip are not falsified or illegally acquired by realizing the safety access of a terminal chip of the Internet of things, a reliable computing environment, the safety chip added with a safety module and the safety of an encryption unit;
secondly, the access security utilizes a lightweight and easily integrated security application plug-in to carry out terminal anomaly analysis and encrypted communication, so as to realize terminal intrusion protection, thereby avoiding the behavior of attacking key nodes of the network by virtue of the terminal, and simultaneously preventing illegal node access by virtue of a lightweight forced authentication mechanism;
thirdly, the operating system safely ensures that the system behaviors related to safety are controllable all the time through monitoring, protecting and reminding system resource calling;
and fourthly, the application safety guarantee terminal identifies the source of the application software to be installed, controls the sensitive behavior of the installed application software, and simultaneously ensures that the preset application software in the terminal has no malicious absorbing behavior and no unauthorized user data modifying, deleting and stealing behaviors.
10. The internet of things terminal security threat prevention method according to claim 8, characterized in that:
the method for protecting the communication safety of the terminal of the Internet of things comprises the following steps:
introducing a network node identity authentication mechanism, introducing the identity authentication mechanism into the communication network of the Internet of things, and authenticating the identity of an edge sensing node by using a key network node, so that false nodes are prevented and stopped from being accessed into the network, and the safety of the communication network node is ensured;
strengthening terminal data integrity protection, establishing a reliability guarantee mechanism of information transmission by establishing a secure channel between the internet of things terminal and a communication network, and providing encryption and integrity protection for terminal data while ensuring the communication quality of a user so as to prevent data leakage and communication content from being intercepted and tampered;
step three, data transmission encryption operation is enhanced, on the basis of stopping plaintext transmission, data filtering and authentication encryption operation are further enhanced, correctness of transmitted data is guaranteed, multi-dimensional verification of equipment fingerprints, timestamps, identity verification and message integrity is carried out, and safety of data transmission is guaranteed to the maximum extent;
and step four, sensing the security situation of the communication network, actively identifying the public network Internet of things equipment through a network space search engine, passively detecting the local network Internet of things equipment through flow characteristics, analyzing and tracking the flow of the equipment after the basic condition of the currently connected Internet of things equipment in the network is known, monitoring security attack in real time, and predicting the security risk of the Internet of things.
CN202110660755.4A 2021-06-15 2021-06-15 Internet of things terminal security threat analysis method and protection method Pending CN113382076A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110660755.4A CN113382076A (en) 2021-06-15 2021-06-15 Internet of things terminal security threat analysis method and protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110660755.4A CN113382076A (en) 2021-06-15 2021-06-15 Internet of things terminal security threat analysis method and protection method

Publications (1)

Publication Number Publication Date
CN113382076A true CN113382076A (en) 2021-09-10

Family

ID=77574417

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110660755.4A Pending CN113382076A (en) 2021-06-15 2021-06-15 Internet of things terminal security threat analysis method and protection method

Country Status (1)

Country Link
CN (1) CN113382076A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114185286A (en) * 2021-10-22 2022-03-15 中汽研(天津)汽车工程研究院有限公司 Intelligent networking automobile information security threat identification method
CN114363040A (en) * 2021-12-30 2022-04-15 国网宁夏电力有限公司 Operation safety protection method and system for power grid load regulation and control platform
CN115037559A (en) * 2022-08-10 2022-09-09 中国信息通信研究院 Data safety monitoring system based on flow, electronic equipment and storage medium
CN118174968A (en) * 2024-05-14 2024-06-11 中国电子科技集团公司第三十研究所 Device and method for identifying characteristics of explicit and implicit terminal equipment of Internet of things

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090204815A1 (en) * 2008-02-12 2009-08-13 Dennis Charles L System and method for wireless device based user authentication
CN110365625A (en) * 2018-04-09 2019-10-22 国家计算机网络与信息安全管理中心 Internet of things security detection method, device and storage medium
CN111030841A (en) * 2019-11-07 2020-04-17 西安科成新果信息科技有限公司 Forestry internet of things safety communication system
CN111464563A (en) * 2020-05-08 2020-07-28 武汉思普崚技术有限公司 Protection method of industrial control network and corresponding device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090204815A1 (en) * 2008-02-12 2009-08-13 Dennis Charles L System and method for wireless device based user authentication
CN110365625A (en) * 2018-04-09 2019-10-22 国家计算机网络与信息安全管理中心 Internet of things security detection method, device and storage medium
CN111030841A (en) * 2019-11-07 2020-04-17 西安科成新果信息科技有限公司 Forestry internet of things safety communication system
CN111464563A (en) * 2020-05-08 2020-07-28 武汉思普崚技术有限公司 Protection method of industrial control network and corresponding device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114185286A (en) * 2021-10-22 2022-03-15 中汽研(天津)汽车工程研究院有限公司 Intelligent networking automobile information security threat identification method
CN114363040A (en) * 2021-12-30 2022-04-15 国网宁夏电力有限公司 Operation safety protection method and system for power grid load regulation and control platform
CN115037559A (en) * 2022-08-10 2022-09-09 中国信息通信研究院 Data safety monitoring system based on flow, electronic equipment and storage medium
CN115037559B (en) * 2022-08-10 2022-11-01 中国信息通信研究院 A flow-based data security monitoring system, electronic equipment and storage medium
CN118174968A (en) * 2024-05-14 2024-06-11 中国电子科技集团公司第三十研究所 Device and method for identifying characteristics of explicit and implicit terminal equipment of Internet of things

Similar Documents

Publication Publication Date Title
Miloslavskaya et al. Internet of Things: information security challenges and solutions
Nazir et al. Survey on wireless network security
CN113382076A (en) Internet of things terminal security threat analysis method and protection method
Gan et al. Internet of things security analysis
Hongsong et al. Security and trust research in M2M system
KR102414334B1 (en) Method and apparatus for detecting threats of cooperative-intelligent transport road infrastructure
CN112491788B (en) Security cloud proxy service platform, implementation method and Internet of things system
CN115150208B (en) Zero-trust-based Internet of things terminal secure access method and system
CN111010384A (en) Self-security defense system and security defense method for terminal of Internet of things
CN106559399A (en) A kind of the Internet mobile terminal synthesis managing and control system
Rekik et al. A cyber-physical threat analysis for microgrids
Dellios et al. Information security compliance over intelligent transport systems: Is it possible?
CN117425149A (en) Wireless network data security management system
Thankappan et al. A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks
Magare et al. Security and privacy issues in smart city: Threats and their countermeasures
CN101247618B (en) Terminal validity detecting method and system
Fysarakis et al. Security Concerns in Cooperative Intelligent Transportation Systems
Raja et al. Threat modeling and IoT attack surfaces
McGee Evaluating the cyber security in the internet of things: Smart home vulnerabilities
Gu et al. IoT security and new trends of solutions
Doan et al. Threat modeling for ML-based topology prediction in vehicular edge computing architecture
CN117786663A (en) Commercial password application compliance detection system and method
Lekidis et al. Open V2X management platform cyber-resilience and data privacy mechanisms
Chen et al. Classified security protection evaluation for vehicle information system
KR20200054495A (en) Method for security operation service and apparatus therefor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210910