1. Two authentication methods: one-way authentication (one-way authentication between IoT devices and security chips), two-way authentication (between IoT cloud services, IoT, and IoT devices).
2. Transmission encryption involves: Transport Layer Security (TLS), certificates, and identity authentication. Common encryption methods are mainly based on three algorithms: SSL (Secure Sockets, IoT scale is large and difficult to use directly), TLS and HTTPS.
In TLS communication, a handshake is required to establish a TLS connection between the user and the server, and
the handshake process is as follows:
(1) The user (client) makes a request to the server.
(2) The server sends its certificate to the user.
(3) The user ensures the correctness of the identity of the HTTP server by encrypting a new random number (Premaster Secret). If the server can decrypt it correctly, the user can know that the server has a private key that matches the public key in the certificate of the HTTP server.
(4) Both the user and the server send a final end message to verify that both parties use the same session key.
The SSL connection involves the following four basic steps:
(1) The user (client) sends a secure connection request.(2) The server responds to the security request.
(3) User (client) response.
(4) Establish a safe channel.
The SSL protocol can provide sufficient transmission security for the Internet of Things.
HTTPS is also known as HTTP over TLS / SSL or Secure HTTP. HTTPS is a protocol that provides secure HTTP connections, and is designed for authentication of website access and protection of privacy, security and integrity during information exchange.
HTTPS can resist attacks such as man-in-the-middle (MITM), eavesdropping, tampering, forgery, etc., and provides two-way encryption between the sender and receiver.
3. Message Queuing Telemetry Transport (Message Queuing Telemetry Transport) and Constrained Application Protocol (CoAP) are two of the most promising IoT protocols for IoT devices with limited resources.
4. In the IoT environment, terminal nodes are limited by: ① processing power, CPU (MCU) processor, RAM; ② storage space; ③ network capacity; ④ user interface and display; ⑤ energy consumption.
5. Attack techniques in the IoT environment: ① physical attack; ② eavesdropping: the typical means of anti-eavesdropping is encryption, secure key exchange algorithm, such as DH (Difffie-Hellman, DH) key exchange; ③ counterfeiting: such as man-in-the-middle attack (MIMT); ④ MIMT attack; ⑤ DoS (Denial of Service) attack; ⑥ Access attack; ⑦ Other attacks: such as "bad USB" firmware attack, privacy attack, RAM attack, side channel attack, ransomware, etc.
6. Symmetric cipher algorithms are divided into stream ciphers and block ciphers.
7. Two effective ways of providing confidentiality and authentication are PKC and asymmetric cryptography.
8. There are two ways to use the public key: ① public key encryption: anyone can encrypt a message with the entity’s public key, but only the entity with the corresponding private key can decrypt the ciphertext; ② digital signature: anyone with the public key Anyone can decrypt the ciphertext generated by the private key. This verification proves that the sender has access to the private key and is therefore likely the person associated with the public key.
9. The basic idea of ECC is to assume that the elliptic curve discrete logarithm problem is not feasible or at least not solvable in reasonable time. ECC operations are small and can be performed in resource-constrained environments.
10. Three steps of access control: identification (a kind of identification) → authentication → authorization.
11. Random numbers (Nonce) can be introduced in different message exchanges, and these random numbers can use one of the following strategies: ① Random Number: requires a certain storage space; ② Serial Number: does not require any data storage, In the case of message replay, its counter value will be less than or equal to the current counter value, so the message will be discarded. If an entity fails (such as restart, hardware failure, etc.), this protection is no longer effective; ③ Timestamp: Guarantees the timeliness of messages, but it is very energy-intensive on restricted entities because the clocks must be kept in sync.
12. OpenID is an open standard for a decentralized authentication protocol that allows users to authenticate through partner sites using third-party services. In IoT, OpenID is a more forward-looking approach to device authentication.
For OpenID and OAuth, the basic process of authentication is similar:
● Request login
● Check if the supplicant is authenticated● Redirect identity provider URL
● The identity provider authenticates the user
● The identity provider processes the request and response by sending back a redirect URL to the requester
● The requester responds
