摘要
因物联网终端系统资源受限而广泛应用的轻量级TCP/IP协议栈没有考虑到网络安全因素,使得物联网完全暴露在安全威胁之中.因此,部署IPsec VPN保护物联网终端与云端的连接是必要的,本文根据资源受限智能终端的特点,提出在部署IPSec VPN前,先对IPsec协议栈进行裁剪,优化IKE密钥协商及SA建立机制,通过ESP建立安全的IPSec VPN传输通道,保护物联网终端和云连接数据传输的安全,并给出了IPSec轻量级裁剪的方法.
The Light-weight TCP/IP protocol stacks are widely used in IoT to reduce the influence of constrained-resource.But due to the lack of cyber security considerations,the IoT system is under threats of security attack.Therefore,it is necessary and urgent to apply IPsec VPN to maintaining confidentiality of the connection between the equipment and the Cloud.The paper presents a method to clip lightweight IPsec protocol stacks,optimizing the mechanism of IKE negotiation and SA establishment.And then,a security solution is proposed to protect the security of the IoT system by Using ESP to establish secure IPSec transmission channel.
作者
曾喜娟
ZENG Xijuan(Intelligent Manufacturing Engineering College,Liming Vocational University,Quan zhou,Fujian 362000)
出处
《绵阳师范学院学报》
2020年第8期94-97,102,共5页
Journal of Mianyang Teachers' College
基金
福建省智能制造应用技术协同创新中心项目资助项目(KDL18016)。
