A remote certification method, system, computer equipment and data processing terminal

Abstract

The invention belongs to the technical field of Internet of Things security, and discloses a remote certification method, system, computer equipment and data processing terminal. The remote certification method includes: a registration stage; a remote certification request stage; a verification and challenge stage; and a decision stage. The remote attestation method provided by the present invention is a software-based attestation scheme, so no additional hardware support is required, and can be applied to all IoT devices, especially to class 1 IoT devices with limited resources and deployed in large numbers. The present invention proposes a "delay observation mechanism" to alleviate the limitation that the traditional software-based proof scheme cannot be applied to wireless networks. At the same time, the present invention uses strict time control and "reputation mechanism" to ensure the security of the protocol, and adopts the principle of "let higher-performance verification nodes undertake more work" to design the checksum function, which greatly reduces the number of protocols. time overhead to address attacks that hide malicious code through return-oriented programming.

Description

technical field [0001] The invention belongs to the technical field of Internet of Things security, and in particular relates to a remote certification method, system, computer equipment and data processing terminal. Background technique [0002] Currently, the Internet of Things (IoT) plays an important role in daily life, healthcare, agriculture, disaster warning and other fields. However, there is a hidden danger in IoT: Class 1 IoT devices, which have the minimum resources required to support secure communication on the Internet, but lack the protection of secure hardware, and do not support any hardware modification or extension, making them extremely vulnerable to attack. Therefore, it is important to secure these devices and detect them for malware as early as possible. [0003] Remote attestation is a very effective way to secure these devices, allowing trusted entities called verifiers to remotely verify the software integrity of other entities called certifiers. ...

AI Technical Summary

Problems solved by technology

[0007] (1) Class 1 IoT devices have the minimum resources required to support secure Internet communications, but lack the protection of secure hardware, and do not support any hardware modification or expansion, and are extremely vulnerable to attacks

[0008] (2) Software-based remote attestation schemes, usually based on strict time control, cannot be applied to wireless network environments with random network delays, and cannot resist proxy attacks

[0009] (3) The hardware-based remote attestation scheme is too expensive for IoT devices and will hardly be applied

[0010] (4) Based on the basic idea of ​​remote attestation based on the combination of software and hardware, since type 1 IoT devices cannot provide the minimum hardware conditions required for the combination of software and hardware, such solutions cannot be used

[0011] (5) The existing software-based remote attestation scheme has uncertain network delay in the wireless network environment, so the strictly time-based remote attestation scheme cannot be applied to this environment

[0012] (6) The software-based remote attestation scheme cannot defend against proxy attacks. Although some schemes propose countermeasures, the scenario is only applied to the computer CPU to verify the peripheral firmware. Because the computer bus has a high-speed transmission rate and no transmission interference, so in this scenario There is no need to consider network delays, so this solution cannot be directly applied to wireless networks

[0013] (7) Existing software-based remote attestation schemes are not enough to just prove code space, attackers can still use return-oriented programming to hide malicious code, so all memories (RAM, ROM, EEPROM) must be authenticated

[0014] The difficulty of solving the above problems and defects is: to solve the above problems, the goal of the present invention is to provide a software-based remote Proof scheme; solve the problem that traditional software-based remote proofs cannot resist proxy attacks; propose a quantitative analysis method for random network delays in wireless networks so that the scheme can be applied to wireless network environments; propose a proof of Internet of Things The method of all memory of the device; the proof speed is no less than the existing remote proof scheme; it can resist the common attacks known so far

Images