An internet of things device access monitoring method and system based on security protection technology

Abstract

This invention belongs to the field of device access monitoring technology and discloses a method and system for monitoring IoT device access based on security protection technology. The method includes the following steps: using QKD and FHE technologies, generating corresponding FHE key pairs between the new IoT device and the access point; using the new IoT device, periodically collecting its own multi-dimensional monitoring data features and encrypting and sending them to the access point; using the access point, receiving the encrypted multi-dimensional monitoring data features transmitted by the new IoT device and inputting the encrypted multi-dimensional monitoring data features into a security protection detection engine; based on the encrypted multi-dimensional monitoring data features, network environment data, and key freshness, using the security protection detection engine to perform detection, obtain, and execute the access control decision for the new IoT device. This invention solves the problems of low encryption security, low monitoring and anomaly detection capabilities, and lack of dynamic and intelligent access control in existing technologies.

Description

Technical Field

[0001] This invention belongs to the field of device access monitoring technology, specifically relating to a method and system for monitoring IoT device access based on security protection technology. Background Technology

[0002] With the rapid development of Internet of Things (IoT) technology, a large number of IoT devices are being deployed in various scenarios, from smart homes to industrial control and smart cities. While these devices bring convenience, they also bring serious security challenges. IoT devices are often resource-constrained and have weak security protection capabilities, making them vulnerable to cyberattacks. Traditional device access management methods, such as simple authentication and static key management, are insufficient to cope with increasingly complex network threats and cannot effectively protect the security of IoT devices and the entire network.

[0003] The shortcomings of existing technology: 1) Low encryption security: Traditional data encryption algorithms may be secure with current computing power, but their security will no longer exist when faced with powerful network attack threats in the future. Keys may be cracked quickly, and once static keys or keys with too low update frequency are leaked, attackers can use the keys for illegal access or data theft for a long time.

[0004] 2) Inadequate monitoring and anomaly detection capabilities: Existing technologies rely on predefined rules (such as IP address ranges, ports, and protocol types) to determine device legitimacy. This static method cannot identify legitimate devices with unknown attack patterns or abnormal behavior, and struggles to detect subtle, progressive anomalies such as resource exhaustion attacks and slow attacks. It is prone to generating numerous false positives (misclassifying normal behavior as an attack) and may also miss detections (failing to identify genuine attack behavior), leaving security personnel overwhelmed or complacent.

[0005] 3) Lack of dynamic and intelligent access control: Existing technologies often only offer two extreme decisions: "allow" or "deny," lacking the ability to dynamically adjust based on factors such as the current state of the device, historical behavior, and environmental risks. Furthermore, decisions are often based on fixed logic and cannot adaptively adjust to new security threats, new device types, or environmental changes. Summary of the Invention

[0006] To address the problems of low encryption security, poor monitoring and anomaly detection capabilities, and lack of dynamic and intelligent access control in existing technologies, the present invention aims to provide an IoT device access monitoring method and system based on security protection technology.

[0007] The technical solution adopted in this invention is as follows: A method for monitoring IoT device access based on security protection technology includes the following steps: Using the access point, new IoT devices are authenticated. After successful authentication, QKD and FHE technologies are used to generate corresponding FHE key pairs between the new IoT device and the access point. Using new IoT devices, the system periodically collects its own multidimensional monitoring data features, encrypts them using the public key in the FHE key pair, and sends the encrypted multidimensional monitoring data features to the access point. Using the access point, receive encrypted multidimensional monitoring data features transmitted by new IoT devices, and input the encrypted multidimensional monitoring data features into the security protection detection engine. Based on the characteristics of encrypted multidimensional monitoring data, network environment data, and key freshness, a security protection detection engine is used to perform detection, obtain and execute new access control decisions for IoT devices.

[0008] Furthermore, the access point is used to authenticate the new IoT device. After successful authentication, QKD and FHE technologies are used to generate a corresponding FHE key pair between the new IoT device and the access point, including the following steps: Using the access point, the device identity and registration information of new IoT devices and quantum channel request signals are received, and the new IoT devices are authenticated based on the device identity and registration information. If authentication is successful, a quantum channel is established between the access point and the new IoT device using QKD technology based on the quantum channel request signal, and the process proceeds to the next step; otherwise, access is denied. Through the quantum channel, a secure key negotiation is performed between the access point and the new IoT device. The corresponding quantum key is generated between the access point and the new IoT device and then post-processed to obtain the initial key. Based on the initial key, FHE technology is used to generate a corresponding FHE key pair with the new IoT device at the access point; the FHE key pair includes a public key and a private key. The environmental entropy-aware dynamic key update method is used to periodically update the initial key to obtain the updated initial key, and then the FHE key pair generation process is repeated.

[0009] Furthermore, using the environment entropy-aware dynamic key update method, the initial key is periodically updated to obtain an updated initial key, and the FHE key pair generation process is repeated, including the following steps: The access point is used to periodically collect quantum channel environment data, and the corresponding probability distribution entropy is obtained based on the quantum channel environment data. The access point periodically collects its own internal state data and encrypts the internal state data according to the initial key to obtain encrypted internal state data. Based on the probability distribution entropy and the encrypted internal state data, the initial key is periodically updated to obtain an updated initial key, and the FHE key pair generation process is repeated.

[0010] Furthermore, using new IoT devices, the system periodically collects its own multi-dimensional monitoring data features, encrypts them using the public key in the FHE key pair, and sends the encrypted multi-dimensional monitoring data features to the access point, including the following steps: Using new IoT devices, periodically collect their own device status information and device behavior data, as well as network traffic data between the device and the access point; By integrating device status information, device behavior data, and network traffic data collected at the same time, multidimensional monitoring data is obtained, and feature extraction is performed to obtain the corresponding multidimensional monitoring data features. Based on the public key in the FHE key pair, the multidimensional monitoring data features are encrypted to obtain the encrypted multidimensional monitoring data features, which are then sent to the access point through a public channel.

[0011] Furthermore, the security protection detection engine is built on artificial intelligence and federated learning algorithms, and includes a dynamic trust analysis model and an access control decision model.

[0012] Furthermore, the dynamic trust analysis model is built based on the AE-Attention-MLP algorithm, and includes a dynamic trust scoring module built based on the AE algorithm, a weighted fusion module built based on the Attention mechanism, and an access anomaly identification module built based on the MLP algorithm.

[0013] Furthermore, the access control decision model is constructed based on the HMARL algorithm, and the access control decision model includes an interconnected access point-level control decision generation layer, a device-level control decision generation layer, and an experience replay pool. The access point-level control decision generation layer is equipped with an access point-level agent constructed based on the DQN algorithm and a first set of optimization objectives. The device-level control decision generation layer is equipped with several device-level agents constructed based on the PPO algorithm and corresponding second set of optimization objectives. The experience replay pool is connected to the access point-level agent and several device-level agents respectively.

[0014] Furthermore, the construction method of the security protection detection engine includes the following steps: Based on the access point and several existing IoT devices, a federated learning architecture is constructed. The federated learning includes an aggregation point corresponding to the access point and training points corresponding to several IoT devices. The aggregation point communicates with several training points respectively. At the aggregation point, artificial intelligence is used to build an initial dynamic trust analysis model and an initial access control decision model, and the initial dynamic trust analysis model and the initial access control decision model are deployed to all training points of the communication connection. At the training point, according to the preset feature engineering, a number of training samples are collected, and based on the number of training samples, the initial dynamic trust analysis model and the initial access control decision model are optimized and trained to obtain the optimized dynamic trust analysis model and the optimized access control decision model. Extract the model parameter update values ​​and some historical experience of the optimized dynamic trust analysis model and the optimized access control decision model, and encrypt and transmit the model parameter update values ​​and historical experience to the aggregation point. At the aggregation point, the initial dynamic trust analysis model and the initial access control decision model are adjusted according to the model parameter update amount to obtain the final dynamic trust analysis model and the final access control decision model. Several historical experiences are stored in the experience replay pool of the final access control decision model to build a security protection detection engine.

[0015] Furthermore, based on the characteristics of the encrypted multi-dimensional monitoring data, network environment data, and key freshness, a security protection detection engine is used to perform detection, obtain and execute new access control decisions for IoT devices, including the following steps: Receive encrypted multidimensional monitoring data features, collect network environment data between the access point and the new IoT device and the key freshness of the FHE key pair, and input the encrypted multidimensional monitoring data features, network environment data and key freshness into the security protection detection engine; Based on the characteristics of encrypted multidimensional monitoring data, network environment data, and key freshness, the dynamic trust analysis model of the security protection detection engine is used to obtain the dynamic trust score of the new IoT device and the corresponding access anomaly identification results. If the dynamic trust score is lower than the dynamic trust score threshold, proceed to the next step; otherwise, end the current IoT device access monitoring method and wait for the next cycle of security protection detection process. Based on the dynamic trust score and access anomaly identification results, the access control decision model of the security protection detection engine is used to generate a new access control decision for IoT devices. Execute the access control decision, terminate the current IoT device access monitoring method, and wait for the next cycle of security protection detection process.

[0016] An IoT device access monitoring system based on security protection technology is provided to implement an IoT device access monitoring method. The system is set at the access point and includes a key generation unit, a data receiving unit, and a security protection detection unit connected in sequence.

[0017] The beneficial effects of this invention are as follows: This invention provides an IoT device access monitoring method and system based on security protection technology. Through identity verification, it effectively prevents simple forgery. Utilizing QKD technology, a secure quantum channel is established between the access point and the device, ensuring that any eavesdropping or replaying of authentication information is detected and interrupted, fundamentally eliminating the possibility of replay attacks. QKD technology guarantees absolute security in key distribution. Based on this, the generated FHE key pair further binds the device and access point, making device identity verification rely not only on static information but also on dynamically generated, tamper-proof keys, providing stronger proof. The QKD channel itself provides a secure key transmission channel, avoiding the risks of eavesdropping or tampering in traditional key distribution methods, simplifying the key management process, and reducing errors and risks caused by manual intervention. The key is generated directly between the device and the access point through a secure channel, without passing through a third-party server, reducing the risk of key leakage. The dynamic trust analysis model of the security protection detection engine can perform dynamic trust analysis and identify abnormal behavior from more dimensions and at a deeper level. It can identify unknown attack patterns or legitimate devices with abnormal behavior, and improve the accuracy of detection, reducing false positives and false negatives. The access control decision model integrates dynamic trust scoring and anomaly detection results, and the resulting integration of access point-level and device-level decisions achieves an effective combination of macro-level security policies and micro-level device control, improving the rationality and adaptability of overall decision-making. It has the ability to dynamically adjust based on factors such as the current status of the device, historical behavior, and environmental risks, and can adaptively adjust according to new security threats, new device types, or environmental changes.

[0018] Other beneficial effects of the present invention will be further explained in the specific embodiments. Attached Figure Description

[0019] Figure 1 This is a flowchart of the IoT device access monitoring method based on security protection technology in this invention.

[0020] Figure 2 This is a structural block diagram of the IoT device access monitoring system based on security protection technology in this invention. Detailed Implementation

[0021] The present invention will be further explained below with reference to the accompanying drawings and specific embodiments.

[0022] Example 1: like Figure 1 As shown, this embodiment provides a method for monitoring IoT device access based on security protection technology, including the following steps: S1: Using the access point, authenticate the new IoT device. After successful authentication, use Quantum Key Distribution (QKD) and Fully Homomorphic Encryption (FHE) technologies to generate a corresponding FHE key pair between the new IoT device and the access point, including the following steps: S1-1: Using the access point, receive the device identity and registration information of the new IoT device and the quantum channel request signal, and verify the identity of the new IoT device based on the device identity and registration information; IoT devices (such as sensors and controllers) are equipped with QKD transceiver modules built in or through external modules. When attempting to access the network, the device actively sends its identification and registration information, as well as a quantum channel request signal (which can be assisted by a classical channel), to the nearest access point. S1-2: If authentication is successful, then based on the quantum channel request signal, QKD technology is used to build a quantum channel between the access point and the new IoT device, involving physical layer operations such as optical path calibration and polarization / phase reference alignment, and then proceed to the next step; otherwise, access is rejected. S1-3: Through the quantum channel, secure key negotiation is conducted between the access point and the new IoT device. Using the quantum no-cloning theorem and the measurement collapse principle, a corresponding shared quantum key that is theoretically impossible to be eavesdropped on is generated between the access point and the new IoT device. After post-processing, the initial key is obtained. Key post-processing and expansion: Error correction: Due to noise and loss in quantum channels, both parties need to perform error correction on the generated initial key sequence to obtain a cleaner shared key; Privacy amplification: In order to eliminate the small amount of information leakage that may be introduced due to channel noise or eavesdropping, both parties perform privacy amplification, further shortening and randomizing the key to ensure that only the legitimate parties have the complete key; Key expansion: The generated initial key (usually short) may not be sufficient to meet the needs of encrypting large amounts of data later. A cryptographically secure pseudo-random number generator is used to expand the initial key to generate an FHE key pair of sufficient length for subsequent FHE operations. S1-4: Based on the initial key, use FHE technology to generate a corresponding FHE key pair with the new IoT device at the access point; the FHE key pair includes a public key and a private key, and includes the following steps: S1-4-1: Based on the initial key, execute a cryptographically secure key derivation function, such as a hash-based message authentication code-based extract-and-expand key derivation function (HKDF), independently at the access point and with the new IoT device to obtain key material of sufficient length suitable for use as a seed for FHE key generation. The formula is:

[0023] In the formula, It is a pseudo-random key; Extract functions for HKDF; Extraction function for hash-based message authentication code (HMAC); Parameters derived from the key; This is the initial key; For time indication;

[0024] In the formula, For key materials; For HKDF extended functions; For contextual information; Output key length, in bytes; This is an HMAC extension function used to iteratively generate keys of sufficient length; S1-4-2: Based on the specific FHE scheme to be used in advance (e.g., Brakerski-Gentry-Vaikuntanathan, BGV), initialize the corresponding key at the access point and the new IoT device to generate the FHE library. S1-4-3: Based on the key materials, independently call the key generation function of the FHE library at the access point and the new IoT device to generate the corresponding FHE key pair; the FHE key pair includes a public key and a private key; The formula is:

[0025] In the formula, This is the private key for the FHE key pair; This refers to the pseudo-random generation function in the FHE library;

[0026] In the formula, The public key of the FHE key pair; For public key generation functions in the FHE library; S1-4-4: The public key of the FHE key pair between the access point and the new IoT device is exchanged via a quantum channel for two-way encryption to prevent man-in-the-middle attacks; the private key must be securely stored on its local device and kept strictly confidential, and is only used for subsequent FHE decryption operations. FHE technology primarily addresses the problem of performing calculations directly on encrypted data, allowing operations on encrypted data without decryption, thereby protecting data privacy. S1-5: Using the environment entropy-aware dynamic key update method, the initial key is periodically updated to obtain the updated initial key, and the FHE key pair generation process is repeated, including the following steps: S1-5-1: Use the access point to periodically collect quantum channel environmental data (including quantum channel photon loss rate, ambient temperature change, electromagnetic interference intensity, and network latency fluctuation), and obtain the corresponding probability distribution entropy based on the quantum channel environmental data; The formula is:

[0027] In the formula, Entropy is the probability distribution. Environmental parameters in quantum channel environment data The entropy value; For environmental parameter indications; S1-5-2: Use the access point to periodically collect its own internal status data (including device hardware fingerprint, operating system version, installed firmware version, current load, etc.), and encrypt the internal status data according to the initial key to obtain encrypted internal status data; S1-5-3: Based on the probability distribution entropy and the encrypted internal state data, the initial key is periodically updated to obtain the updated initial key, and the FHE key pair generation process is repeated. The formula is:

[0028] In the formula, For the updated initial key; This is the initial key; Entropy is the probability distribution. This is the encrypted internal state data; The XOR operator; This is internal state data; S2: Using a new IoT device, periodically collect its own multi-dimensional monitoring data features, encrypt them using the public key in the FHE key pair, and send the encrypted multi-dimensional monitoring data features to the access point, including the following steps: S2-1: Use new IoT devices to periodically collect their own device status information and device behavior data, and collect network traffic data between the device and the access point; Device status information includes the device type, hardware status, runtime, current load, battery level, software version, and error logs of new IoT devices; device behavior data includes communication frequency, data packet mode, function execution records, and user interaction records; network traffic data includes connection information, traffic statistics, data packet frequency, and communication mode. S2-2: Integrate the device status information, device behavior data and network traffic data collected at the same time to obtain multi-dimensional monitoring data, and perform feature extraction to obtain the corresponding multi-dimensional monitoring data features; S2-3: Encrypt the multidimensional monitoring data features according to the public key in the FHE key pair to obtain the encrypted multidimensional monitoring data features, and send them to the access point through the public channel; The formula is:

[0029] In the formula, For FHE encryption function; The public key of the FHE key pair; For time Multidimensional monitoring data characteristics; For time indication;

[0030] In the formula, This is a random number used to increase the randomness of encryption and prevent attackers from deducing the plaintext by observing the ciphertext; The secret modulus is a small prime number used to map messages to a finite field, known only to the key holder; This is a small error term, introduced by arithmetic operations during the encryption process; For the remainder function; The large ring modulus is a very large integer that determines the modulus level of the encryption scheme; S3: Using the access point, receive encrypted multi-dimensional monitoring data features transmitted by new IoT devices, and input the encrypted multi-dimensional monitoring data features into the security protection detection engine; The security protection detection engine is built on artificial intelligence and federated learning algorithms, and includes a dynamic trust analysis model and an access control decision model. The dynamic trust analysis model is built on the Autoencoder (AE)-Attention-Multilayer Perceptron (MLP) algorithm, and includes a dynamic trust scoring module based on the AE algorithm, a weighted fusion module based on the Attention mechanism, and an access anomaly identification module based on the MLP algorithm. The access control decision model is constructed based on the Hierarchical Multi-Agent Reinforcement Learning (HMARL) algorithm. The access control decision model includes an interconnected access point-level control decision generation layer, a device-level control decision generation layer, and an experience replay pool. The access point-level control decision generation layer is configured with access point-level agents constructed based on the Deep Q-Network (DQN) algorithm and a first set of optimization objectives. The device-level control decision generation layer is configured with several device-level agents constructed based on the Proximal Policy Optimization (PPO) algorithm and a corresponding second set of optimization objectives. The experience replay pool is connected to the access point-level agents and several device-level agents respectively. The construction method of the security protection detection engine includes the following steps: A-1: Based on the access point and several existing IoT devices, construct a federated learning architecture. The federated learning includes the aggregation point corresponding to the access point and the training points corresponding to several IoT devices. The aggregation point communicates with several training points respectively. A-2: At the aggregation point, use artificial intelligence to build an initial dynamic trust analysis model and an initial access control decision model, and deploy the initial dynamic trust analysis model and the initial access control decision model to all training points of the communication connection. A-3: At the training point, according to the preset feature engineering, a number of training samples are collected, and based on the number of training samples, the initial dynamic trust analysis model and the initial access control decision model are optimized and trained to obtain the optimized dynamic trust analysis model and the optimized access control decision model. A-4: Extract the model parameter update values ​​and some historical experiences of the optimized dynamic trust analysis model and the optimized access control decision model, and encrypt and transmit the model parameter update values ​​and historical experiences to the aggregation point. A-5: At the aggregation point, the initial dynamic trust analysis model and the initial access control decision model are adjusted according to the model parameter update amount to obtain the final dynamic trust analysis model and the final access control decision model. Several historical experiences are stored in the experience replay pool of the final access control decision model to build a security protection detection engine. S4: Based on the characteristics of the encrypted multi-dimensional monitoring data, network environment data, and key freshness, a security protection detection engine is used to perform detection, obtain and execute new access control decisions for IoT devices, including the following steps: S4-1: Receive encrypted multi-dimensional monitoring data features, collect network environment data between the access point and the new IoT device and the key freshness of the FHE key pair, and input the encrypted multi-dimensional monitoring data features, network environment data and key freshness into the security protection detection engine. The security protection detection engine directly generates and executes decisions based on encrypted data, reducing the abruptness of access decision generation and avoiding the increased computational load caused by data decryption; S4-2: Based on the characteristics of encrypted multi-dimensional monitoring data, network environment data, and key freshness, the dynamic trust analysis model of the security protection detection engine is used to obtain the dynamic trust score of the new IoT device and the corresponding access anomaly identification results, including the following steps: S4-2-1: Input the encrypted multidimensional monitoring data features, including encrypted device status information features, encrypted device behavior data features, and encrypted network traffic data features, along with the corresponding network environment data, into the dynamic trust analysis model of the security protection detection engine; The formula is:

[0031] In the formula, For time The characteristics of encrypted multidimensional monitoring data; For time The characteristics of encrypted device status information; For time Encrypted device behavior data characteristics; For time Characteristics of encrypted network traffic data; S4-2-2: Based on the characteristics of the encrypted device status information, use the dynamic trust scoring module of the dynamic trust analysis model to perform dynamic trust scoring and obtain the device status score. The formula is:

[0032] In the formula, Rate the equipment status; As a dynamic trust scoring function, AE assesses the "normality" or "trustworthiness" of data by reconstructing and scoring the input data, and then converts it into a corresponding score; S4-2-3: Based on the characteristics of the encrypted device behavior data, use the dynamic trust scoring module of the dynamic trust analysis model to perform dynamic trust scoring and obtain the device behavior score; The formula is:

[0033] In the formula, Rate the device's behavior; S4-2-4: Based on the characteristics of the encrypted network traffic data, use the dynamic trust scoring module of the dynamic trust analysis model to perform dynamic trust scoring and obtain the network traffic score. The formula is:

[0034] In the formula, Score network traffic; S4-2-5: Extract the network environment data features corresponding to the network environment data, and based on the network environment data features, use the dynamic trust scoring module of the dynamic trust analysis model to perform dynamic trust scoring and obtain the network environment score. The formula is:

[0035] In the formula, Score network traffic; Characteristics of network environment data; S4-2-6: Based on the dynamic scoring weights, the device status score, device behavior score, network traffic score, network environment score, and key freshness are weighted and combined to obtain a new dynamic trust score for IoT devices. The formula is:

[0036] In the formula, For dynamic scoring weights; For key freshness; Key freshness retrieval function; S4-2-7: Based on the dynamic attention weight, the weighted fusion module of the dynamic trust analysis model is used to perform weighted fusion of encrypted device status information features, encrypted device behavior data features, encrypted network traffic data features, and network environment data features to obtain weighted fusion features. S4-2-8: Based on the weighted fusion characteristics, the access anomaly identification module of the dynamic trust analysis model is used to identify access anomalies and obtain the access anomaly identification results of new IoT devices. S4-3: If the dynamic trust score is lower than the dynamic trust score threshold, proceed to the next step; otherwise, end the current IoT device access monitoring method and wait for the next cycle of security protection detection process. S4-4: Based on the dynamic trust score and access anomaly identification results, the access control decision model of the security protection detection engine is used to generate a new access control decision for IoT devices, including the following steps: S4-4-1: Input the encrypted network traffic data characteristics, network environment data characteristics, dynamic trust score, and access anomaly identification results into the access control decision model of the security protection detection engine; S4-4-2: Based on the dynamic trust score and access anomaly identification results, randomly select a number of historical experiences from the experience replay pool of the access control decision model. Based on the historical experiences, select the first optimization objective (e.g., maximize the overall network security, minimize the false alarm rate, etc.) from the first optimization objective set of the access point-level control decision generation layer, and update the first action space of the corresponding access point-level agent to obtain the updated first action space. S4-4-3: Based on some historical experience, select a second optimization objective (e.g., limit device bandwidth, isolate devices, etc.) from the second optimization objective set of the device-level control decision generation layer, select the corresponding device-level intelligent agent in the device-level control decision generation layer, and update the second action space of the corresponding device-level intelligent agent to obtain the updated second action space (including allow access, deny access, isolate devices, rate limiting, monitor only, and restrict access). S4-4-4: Based on the characteristics of encrypted network traffic data, network environment data, dynamic trust score, and access anomaly identification results, update the first state space of the access point-level agent to obtain the updated first state space. S4-4-5: Based on the first action space and the updated first state space, and based on the first optimization objective, use the access point-level agent to generate decisions and obtain access point-level access control decisions (e.g., global network policy adjustments). S4-4-6: Based on the characteristics of encrypted network traffic data, network environment data characteristics, dynamic trust score, access anomaly identification results, and access point-level access control decisions, update the second state space of the device-level intelligent agent to obtain the updated second state space; S4-4-7: Based on the updated second state space and second action space, and based on the second optimization objective, use a device-level intelligent agent to generate decisions and obtain device-level access control decisions for new IoT devices (e.g., allowing access for new IoT devices of this type, imposing specific restrictions on access permissions to the device, communication rates, etc.). S4-4-8: Integrate the access point-level access control decision and the corresponding device-level access control decision to obtain the new access control decision for IoT devices; S4-5: Execute access control decision, end the current IoT device access monitoring method, and wait for the next cycle of security protection detection process.

[0037] Example 2: like Figure 2 As shown, this embodiment provides an IoT device access monitoring system based on security protection technology, which is used to implement an IoT device access monitoring method. The system is set at the access point and includes a key generation unit, a data receiving unit, and a security protection detection unit connected in sequence.

[0038] The key generation unit is used to authenticate new IoT devices. After successful authentication, QKD and FHE technologies are used to generate corresponding FHE key pairs between the new IoT device and the access point. The data receiving unit is used to receive encrypted multi-dimensional monitoring data features transmitted by new IoT devices and input the encrypted multi-dimensional monitoring data features into the security protection detection engine. The security protection detection unit is used to perform detection based on the characteristics of encrypted multi-dimensional monitoring data, network environment data, and key freshness using the security protection detection engine, and to obtain and execute new access control decisions for IoT devices.

[0039] This invention provides an IoT device access monitoring method and system based on security protection technology. Through identity verification, it effectively prevents simple forgery. Utilizing QKD technology, a secure quantum channel is established between the access point and the device, ensuring that any eavesdropping or replaying of authentication information is detected and interrupted, fundamentally eliminating the possibility of replay attacks. QKD technology guarantees absolute security in key distribution. Based on this, the generated FHE key pair further binds the device and access point, making device identity verification rely not only on static information but also on dynamically generated, tamper-proof keys, providing stronger proof. The QKD channel itself provides a secure key transmission channel, avoiding the risks of eavesdropping or tampering associated with traditional key distribution methods (such as insecure network transmission), simplifying the key management process, and reducing errors caused by manual intervention. To mitigate risks, keys are generated directly between devices and access points via a secure channel, eliminating the need for third-party servers and reducing the risk of key leakage. The dynamic trust analysis model of the security protection detection engine can perform dynamic trust analysis and identify abnormal behavior from more dimensions and at a deeper level. It can identify legitimate devices with unknown attack patterns or abnormal behavior, improving detection accuracy and reducing false positives and false negatives. The access control decision model integrates dynamic trust scoring and anomaly detection results, generating integrated access point-level and device-level decisions. This achieves an effective combination of macro-level security strategies and micro-level device control, improving the rationality and adaptability of overall decision-making. It has the ability to dynamically adjust based on factors such as the current status of devices, historical behavior, and environmental risks, and can adaptively adjust to new security threats, new device types, or environmental changes.

[0040] This invention is not limited to the optional embodiments described above, and anyone can derive other various forms of products based on the inspiration of this invention. The specific embodiments described above should not be construed as limiting the scope of protection of this invention; the scope of protection of this invention should be determined by the claims, and the specification can be used to interpret the claims.

Claims

1. A method for monitoring the access of Internet of Things (IoT) devices based on security protection technology, characterized in that: Includes the following steps: Using the access point, new IoT devices are authenticated. After successful authentication, QKD and FHE technologies are used to generate corresponding FHE key pairs between the new IoT device and the access point. Using new IoT devices, the system periodically collects its own multidimensional monitoring data features, encrypts them using the public key in the FHE key pair, and sends the encrypted multidimensional monitoring data features to the access point. Using the access point, receive encrypted multidimensional monitoring data features transmitted by new IoT devices, and input the encrypted multidimensional monitoring data features into the security protection detection engine. Based on the characteristics of encrypted multidimensional monitoring data, network environment data, and key freshness, a security protection detection engine is used to perform detection, obtain and execute new access control decisions for IoT devices.

2. The IoT device access monitoring method based on security protection technology according to claim 1, characterized in that: Using the access point, new IoT devices are authenticated. After successful authentication, QKD and FHE technologies are used to generate corresponding FHE key pairs between the new IoT device and the access point, including the following steps: Using the access point, the device identity and registration information of new IoT devices and quantum channel request signals are received, and the new IoT devices are authenticated based on the device identity and registration information. If authentication is successful, a quantum channel is established between the access point and the new IoT device using QKD technology based on the quantum channel request signal, and the process proceeds to the next step; otherwise, access is denied. Through the quantum channel, a secure key negotiation is performed between the access point and the new IoT device. The corresponding quantum key is generated between the access point and the new IoT device and then post-processed to obtain the initial key. Based on the initial key, using FHE technology, a corresponding FHE key pair is generated at the access point with the new IoT device; the FHE key pair includes a public key and a private key. The environmental entropy-aware dynamic key update method is used to periodically update the initial key to obtain the updated initial key, and then the FHE key pair generation process is repeated.

3. The IoT device access monitoring method based on security protection technology according to claim 2, characterized in that: The environment entropy-aware dynamic key update method is used to periodically update the initial key to obtain the updated initial key, and then the FHE key pair generation process is repeated, including the following steps: The access point is used to periodically collect quantum channel environment data, and the corresponding probability distribution entropy is obtained based on the quantum channel environment data. The access point periodically collects its own internal state data and encrypts the internal state data according to the initial key to obtain encrypted internal state data. Based on the probability distribution entropy and the encrypted internal state data, the initial key is periodically updated to obtain an updated initial key, and the FHE key pair generation process is repeated.

4. The IoT device access monitoring method based on security protection technology according to claim 3, characterized in that: Using new IoT devices, the system periodically collects its own multidimensional monitoring data features, encrypts them using the public key in the FHE key pair, and sends the encrypted multidimensional monitoring data features to the access point, including the following steps: Using new IoT devices, periodically collect their own device status information and device behavior data, as well as network traffic data between them and the access point; By integrating device status information, device behavior data, and network traffic data collected at the same time, multidimensional monitoring data is obtained, and feature extraction is performed to obtain the corresponding multidimensional monitoring data features. Based on the public key in the FHE key pair, the multidimensional monitoring data features are encrypted to obtain the encrypted multidimensional monitoring data features, which are then sent to the access point through a public channel.

5. The IoT device access monitoring method based on security protection technology according to claim 4, characterized in that: The security protection detection engine is built on artificial intelligence and federated learning algorithms, and includes a dynamic trust analysis model and an access control decision model.

6. The IoT device access monitoring method based on security protection technology according to claim 5, characterized in that: The dynamic trust analysis model is constructed based on the AE-Attention-MLP algorithm, and includes a dynamic trust scoring module based on the AE algorithm, a weighted fusion module based on the Attention mechanism, and an access anomaly identification module based on the MLP algorithm.

7. The IoT device access monitoring method based on security protection technology according to claim 6, characterized in that: The access control decision model is constructed based on the HMARL algorithm and includes an interconnected access point-level control decision generation layer, a device-level control decision generation layer, and an experience replay pool. The access point-level control decision generation layer is configured with an access point-level agent constructed based on the DQN algorithm and a first set of optimization objectives. The device-level control decision generation layer is configured with several device-level agents constructed based on the PPO algorithm and corresponding second sets of optimization objectives. The experience replay pool is connected to the access point-level agent and several device-level agents respectively.

8. The IoT device access monitoring method based on security protection technology according to claim 7, characterized in that: The method for constructing the security protection detection engine includes the following steps: Based on the access point and several existing IoT devices, a federated learning architecture is constructed. The federated learning includes an aggregation point corresponding to the access point and training points corresponding to several IoT devices. The aggregation point is communicatively connected to several training points. At the aggregation point, artificial intelligence is used to build an initial dynamic trust analysis model and an initial access control decision model, and the initial dynamic trust analysis model and the initial access control decision model are deployed to all training points of the communication connection. At the training point, according to the preset feature engineering, a number of training samples are collected, and based on the number of training samples, the initial dynamic trust analysis model and the initial access control decision model are optimized and trained to obtain the optimized dynamic trust analysis model and the optimized access control decision model. Extract the model parameter update values ​​and some historical experience of the optimized dynamic trust analysis model and the optimized access control decision model, and encrypt and transmit the model parameter update values ​​and historical experience to the aggregation point. At the aggregation point, the initial dynamic trust analysis model and the initial access control decision model are adjusted according to the model parameter update amount to obtain the final dynamic trust analysis model and the final access control decision model. Several historical experiences are stored in the experience replay pool of the final access control decision model to build a security protection detection engine.

9. The IoT device access monitoring method based on security protection technology according to claim 8, characterized in that: Based on the characteristics of encrypted multidimensional monitoring data, network environment data, and key freshness, a security protection detection engine is used to perform detection, obtain and execute new access control decisions for IoT devices, including the following steps: Receive encrypted multidimensional monitoring data features, collect network environment data between the access point and the new IoT device and the key freshness of the FHE key pair, and input the encrypted multidimensional monitoring data features, network environment data and key freshness into the security protection detection engine; Based on the characteristics of encrypted multidimensional monitoring data, network environment data, and key freshness, the dynamic trust analysis model of the security protection detection engine is used to obtain the dynamic trust score of the new IoT device and the corresponding access anomaly identification results. If the dynamic trust score is lower than the dynamic trust score threshold, proceed to the next step; otherwise, end the current IoT device access monitoring method and wait for the next cycle of security protection detection process. Based on the dynamic trust score and access anomaly identification results, the access control decision model of the security protection detection engine is used to generate a new access control decision for IoT devices. Execute the access control decision, terminate the current IoT device access monitoring method, and wait for the next cycle of security protection detection process.

10. An IoT device access monitoring system based on security protection technology, used to implement the IoT device access monitoring method as described in any one of claims 1-9, characterized in that: The system is located at the access point and includes a key generation unit, a data receiving unit, and a security protection detection unit connected in sequence.

Images