2.1 Privacy protection
Privacy is a concept formed by human society in the context of the concept of private ownership in the civilized era. Privacy is defined differently for different domains and objects. There is no clear definition of a more general and broad concept of privacy. This article believes that for personal or collective security and interests, the information that is closely related to itself is hidden to prevent outsiders from knowing that such hidden information is "privacy." Privacy information is information that individuals, groups, and other entities are reluctant to be aware of by the outside world. The act taken to achieve covert privacy information is called "confidentiality of privacy protection", that is, "privacy protection."
In order to provide users with ubiquitous personalized services, the IoT must use automated perception functions to use users' personal information without being perceived or disturbed by users. For example, in the intelligent medical care system, it is necessary to collect physiological physiological data (heart rate, body temperature, blood pressure, etc.) of the user in real time. In the IoT environment, the use of personal information covers the entire life cycle of users' personal data, including its perception, storage, transmission and application. User privacy issues mainly occur in the sensing and application phases of these four processes. Data perception has the characteristics of invisible and wide coverage, and belongs to system behavior. Because perceived personal information is private to users, users have privacy protection requirements for this process. In addition, service-oriented application processing the essence is that the personal information is shared by other entities interacting with the system. For individuals, the information is uncontrollable, and the user also needs privacy protection for this process. In these cases, if the system privacy protection mechanism is missing, the user's private information will be potentially threatened, which raises the privacy protection of the IoT. As a special concept, privacy protection has the timeliness and mandatory characteristics of time and space in the historical process of each entity. Although it is for unauthorised persons, privacy protection has its special significance compared with the privacy of information security in general. Privacy can be considered as the privacy of certain information, and unlike general information privacy, in many cases, privacy and external needs must be balanced. For example, when a doctor provides a diagnosis service to a patient, some patients may be ashamed to disclose their personal information, but have to provide their doctor with their own historical medical records. The source of balance between external demand and privacy protection is often due to political or other social coercive factors. In addition, privacy protection has a broader, relatively independent system and variability for different spaces and times. Therefore, the goal of privacy protection technology is not to completely hide private information, but to meet the certain information needs of the outside world while leaking as little as possible, that is, to balance external needs and privacy protection. Privacy protection technology refers to the general term for all technologies that can be used to protect privacy.
2.2 Strategy Synthesis Research for Secure Data Sharing
In order to provide better services to users, different organizations need to cooperate with each other. The main goal of this collaboration is data sharing. Data shared in a service collaborative environment is generally sensitive, such as medical data for patients in a medical information system. Therefore, providing security guarantees for sharing data is an urgent problem to be solved. To meet this challenge, a common global strategy for any participating organization that all participating organizations can accept. Working with a global strategy usually requires a coordinated or negotiated approach between organizations. An example of a combination of services is the production of policy-based services, which requires a policy integrating each component service. Therefore, the key to defining a strategy controlling access to shared data is a combination of local policies of different participating organizations into one global strategy. Generally, there are two layers of strategy for la joint data for data in the format 728212; the layer is a coarse data layer, organizational layer, data can be files, databases or other information; the second layer is the data layer associated with the data structure. Research in this section focuses on the coarse data layer. To protect your data, different organizations usually choose different attribute elements and restricting access to control to independently dictate the management policy of data usage, which can easily lead to misunderstandings between organizations. Strategies of different organizations are different, even dissuasive, such as one rule allows some action on common data, and the second rule does not allow the same operation on shared data. Therefore, the key issue in the combination of strategy is standardization and integration of policy principles, a way of solving various and even rejected principles. To solve the above problem, the first task is to standardize in Demographic language plays an important role in regulating these requirements. Different policy languages have appeared, such as XACL, EPAL and XACML, which have provided algorithms for the combination of strategies. But mainly focus on pre-ionic algorithm combinations of policies such as enabling priority, rejection of priority and so on. These methods are not enough to support the complex semantics of a data-driven policy combination. This article will use this strategy to combine the principles to combine the strategy.
XACML is one of the most commonly used policy specification languages. If the IoT system runs with fewer communication ports, it will cause a series of security risks if the carrying capacity of the network system exceeds its personal carrying capacity. The specific manifestations are as follows: First, network system congestion. The operation of the whole network system includes a large number of network devices, and the current authentication analysis method can not effectively manage the use of each device. In this case, how to ensure the connection between most multiplier devices and network systems becomes a problem that relevant personnel need to think about and solve. Second, Computer communication network terminals adopt a unified authentication method to encrypt and manage various information. In this process, if there are other devices connected to the IoT, a lot of resources will be wasted when authentication generates secret keys. Thirdly, system transmission security. Computer communication network can acquire more complete information under the action of encryption algorithm, but due to the interference of network equipment, if the encryption algorithm is more complex, it will lead to the problem of information use delay. IoT (IOT) is essentially a technology that integrates and superimposes data information through radio frequency identification (RFID), infrared sensing and global positioning system (GPS). It promotes passive recipients to scan and track the used items, and transforms the privacy data information into public information. However, due to the lack of effective protection of information, the whole system will lose information when it is used. 2.3 IoT terminal node security issues IoT equipment will generally be arranged in various unmanned monitoring scenarios, in the geographical space distribution reflects the characteristics of decentralization, which brings adverse effects for attackers attacking system equipment, seriously interfering with the safe use of the entire system equipment software and hardware. When these devices are used, they are often in a state of unmanned adherence and random operation, which invisibly increases the risk of equipment damage. IoT terminal signal interference security issues. The IoT perception layer network is mainly in the form of wireless connection. The use of signals has a strong openness, so the signal is very vulnerable to interference from the external environment when it is used. Data transmission security. Broadcasting is a main way of data transmission in the perception layer. However, in practical application, the ability of perception nodes has limitations, which increases the possibility of data information being destroyed invisibly. In addition, the perceptual nodes in the perceptual layer do not have complete data processing functions, and data errors are inevitable in the process of data use, which restricts the security and stability of the data information of the whole system. Compared with traditional network devices, intelligent sensor terminal devices generally have the characteristics of openness and comprehensiveness. In the process of using information, it is easy to be exposed to the attacker's line of sight, which provides an opportunity for attackers to attack the system and poses a threat to the cooperative work of sensor nodes.
The network system carries out isolation processing, and builds system access control with higher security level when the whole system is running, so as to realize effective isolation of different network systems. Intrusion detection technology in the application layer of the IoT can help the relevant personnel to detect and detect the phenomenon of intrusion in time, and choose effective measures to repair system vulnerabilities according to the basic performance of intrusion. The computer network security based on the IoT is an important link in the operation of the entire IoT system, and also an important guarantee to ensure data information security. In the new historical period, combined with the actual development of the IoT technology, relevant personnel need to take effective measures to protect the data security of the IoT system from the use needs of the whole network, so as to better promote the development of the IoT, benefit mankind and society.
2.3 Service Access Control Based on Publish / Subscribe System
In the first structure, it is defined which entities are in a given group and a unique identifier is assigned to a given group. In the second structure is a method of exchanging data. You can specify a group as "on" or "closed" to indicate that the data source is "yes" or "not" a member of a propagation group. In the past few decades, multicast technology has been an active topic for researchers to continue to pay attention to. Traditional multicast protocols can be divided into two broad categories: 1) transport layer multicast and 2) application layer multicast. As the name implies, the TLM protocol implements multipoint data transmission. Group members copy messages to different outgoing links. By adopting an overlay structure, ALM can avoid application deployment issues while eliminating the impact on the scalability of IP multicast. However, ALM is less efficient than TLM. The communication architecture of Fig. 1 can deliver real-time data that distinguishes QoS.
The publish-subscribe service delivers messages to destinations that are interested in messages in a data-centric manner. In this process, the specific addresses of these destinations are not specified, but based on the attributes of the messages, in the form of anonymous interactions. This means that neither the publisher nor the subscriber know their identity in the system. This form of service is an event-based distributed system. Initially, these systems consisted only of services provided by mature, such as event services provided by the Common Object Request Broker architecture or Web service notifications that introduced event-based communication in Web services. Subsequently, DEBS evolved into a suitable middleware structure, such as an object management group, or an advanced message queue protocol, but it is usually named with a "service". It is called the notification service. Implicit calls are used to achieve strong decoupling between applications when an event occurs. This pattern allows the publisher/subscriber pattern to be formalized into a new type of interaction model. This paper proposes a data-centric access control architecture (DCACF), as shown in Fig. 2, which supports access control and in-network data integration in smart grid services.
In the IoT environment, the publish and subscribe system is designed to handle large-scale interactive information and events. In a typical publish and subscribe system, it is generally composed of a publisher, a subscriber, and a system agent. The publisher and subscriber belong to the same user, and they all generate notification events containing their own set of attributes for subsequent system processing. In a publish-subscribe system, publishers provide services and data in the system or publish advertising information; subscribers seek targeted services and data for their own use in the system; system agents act as intermediaries for publishers and subscribers. Matching services are provided to users who meet the needs of both publishers.
The peak-to-average power ratio of a signal is usually used as an evaluation parameter to measure the relationship between linearity and power efficiency. The larger the value, the higher the design cost of the linear power amplifier for the mobile terminal. The wireless communication intelligent algorithm uses the linear matrix transformation distribution characteristics to provide a signal suppression scheme based on the precoding matrix, which not only effectively improves the performance of the Internet of Things service, but also has a low complexity and has no major impact on the signal spectrum.
In the publication subscription system mentioned in this chapter, system agents are usually deployed in distributed IoT nodes to provide users with more convenient and rapid service. At the same time, the program also provides user access control functions to ensure system security and data privacy. Malicious users may participate in the publishing subscription system and launch attacks during packet transmission and service access. This chapter defines two types of attacks that may exist for publishing subscription systems: privacy breach attacks and illegal access attacks. (1) Privacy Disclosure Attacks In the distribution subscription system, there may be some users who collect and analyze other users' preferences and private profiles due to curiosity. A privacy breach attack attempts to acquire and disclose a user's privately sensitive information when matching related users, storing data (eg, when caching data sets), and packet transmission. (2) Illegal Access Attack In addition, a malicious user may pretend to be an authorized user to access the data or service of the target user, resulting in illegal access, access to services or data. Malicious users may even deliberately provide incorrect services and data to legitimate users, causing the publishing subscription system to function incorrectly and fail. Or refusal to pay for the use of services or data. Both types of attacks result in a large amount of communication, computing, and storage overhead, and can also cause the confidentiality and availability of the publish and subscribe system to be compromised. The DCACF model of the proposed scheme is similar to the commonly used honest but curious model, and the communication channel is an unsecure channel. This assumption is more in line with the actual application. All entities in the scenario (such as publishers, subscribers, and system agents) have limited computing power, with system agents having more computing and storage capabilities than publishers and subscribers. In the scenario, publishers and subscribers do not trust each other, but they all trust system agents. System agents do not trust any publishers or subscribers. In addition, all entities are honest but curious and run their system functions in strict accordance with the designed protocol. It should be noted that in the PACS mechanism mentioned in this chapter, the system agent in the publish and subscribe system is defined as safe and reliable, regardless of its corruption.