面向物联网服务协同的跨层安全机制研究

Internet of Things (IoT) service collaborations are widely used to coordinate loosely coupled services that are often deployed on an open IoT environment, in order to finish specific business goals. The publish/subscribe-based service collaboration has features of indirect, anonymous and multicasting service interaction, existing privacy-preserving techniques for static service interactions cannot satisfy security and privacy requirements of the dynamic and changing IoT service due to these new features mentioned above. This project aims to investigate the challenging issues of efficient and novel privacy-preserving theory in IoT service collaborations, and explore multi-layered security challenges for sensitive data and access control-based data privacy-preserving techniques for IoT service collaborations based on our previous work in this area. This project will put more efforts on key issues of the modeling and verification of secure service, the access control mechanism of published data, service policy privacy. Cross-layer privacy-preserving approaches for combining attribute-based encryption mechanism, policy encoding mechanism, and fully homomorphic mechanism will be embedded in publish/subscribe-based service collaborations. This project will further develop a prototype tool to ensure secure IoT service collaborations. Cryptographic security analysis and application studies will be employed to validate the security and effectiveness of the proposed techniques. The research results of this project are expected to effectively address the challenging issues of high-efficient and secure collaboration of IoT services. Later, this project will have more direction and guiding significance for building secure IoT demonstration applications, such as WIT120, smart grid and so on..This project will put more efforts on key issues of the access control mechanism of published data, service policy and data access for service compositions, and cross-layer privacy-preserving approaches for combining attribute-based encryption mechanism, policy encoding mechanism, and fully homomorphic mechanism. This project will further develop a prototype tool to ensure secure IoT service collaborations. Cryptographic security analysis and application studies will be employed to validate the security and effectiveness of the proposed techniques. The research results of this project are expected to effectively address the challenging issues of high-efficient and secure collaboration of IoT services. Later, this project will have more direction and guiding significance for building secure IoT demonstration applications, such as WIT120, smart grid and so on.

物联网服务协同通过将部署于开放物联网环境中的服务以松耦合的形式实时协作完成一定的业务目标。基于发布/订阅的物联网服务协同具有间接、匿名和多播的交互特征，已有的面向确定环境的服务安全机制已经无法满足动态多变的物联网服务安全与隐私需求，本项目旨在研究适用于物联网服务的高效新型服务安全保护理论，探索服务安全建模与验证、发布数据细粒度的访问控制模型和高效新型的服务策略隐私保障机制等关键问题，研究形式化建模与验证方法和属性加密机制、策略编码机制与全同态加密机制相结合的方法，在服务协同架构中嵌入服务安全形式化建模与验证、访问控制、隐私保护等安全功能，实现物联网服务交互的安全性、高效性和实时性。本项目预期研究成果将为智慧医疗、智能电网等物联网实际应用领域数据安全与隐私保护问题的解决提供理论指导。

物联网服务协同通过将部署于开放物联网环境中的服务以松耦合的形式实时协作完成一定的业务目标。但物联网环境的开放性和动态性，给服务协同中的服务安全与数据隐私问题带来了挑战。本项目研究了物联网服务协同不同层次、新型的服务安全与数据隐私保护理论，采用区块链和密码学技术，针对用户隐私信息泄露问题，提出了多层次的保护用户行为隐私和数据策略隐私的方法；针对协同服务安全难保障问题，提出跨域服务协同下安全服务提供和安全交互方法；针对共享数据未授权访问问题，提出共享数据细粒度访问控制方法。本项目的研究成果为智慧医疗、智能电网等物联网实际应用领域数据安全与隐私保护问题的解决提供理论指导。三年来，申请人围绕着本项目的研究内容发表论文12篇，获得最佳论文1篇；申请国家发明专利6项，其中4项已授权；协助培养在读博士研究生1名，协助指导硕士在读研究生1人，作为指导老师培养在读硕士研究生8人，培养晋升副高级职称1人。