IOTOPS Xinru Li Internet-Draft Yuyin Ma Intended status: Informational Guangshuo Chen Expires: 29 August 2024 29 February 2024 Intelligent Protection Optimization System for IOT draft-li-iotops-intelligent-security-00 Abstract Communication technology is becoming more and more developed, the Internet of Things coverage is becoming more and more comprehensive, and a large number of data and devices are joining, which also makes more data security and privacy issues appear. Therefore, this draft proposes a scheme to build an information-centered network. By analyzing common network attack methods, an intelligent protection optimization system is established from three aspects: naming and parsing, data exchange, and data caching, so as to achieve better content privacy protection without adding additional costs. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 21 August 2024. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Li, et al. Expires 29 August 2024 [Page 1] Internet-Draft Intelligent Protection February 2024 Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction 2. Current Situation and Problems 2.1. Terminal Layer 2.2. Transport Layer 2.3. Processing Layer 3. Principle 3.1. Design Principle 3.2. Typical Characteristics 3.2.1. Cache Network 3.2.2. Authenticity of Information 3.2.3. Seamless Migration 3.2.4. Space Expansion 3.2.5. Flexible and Changeable 4. System Design 4.1. Naming and Parsing 4.2. Data Exchange 4.3. Data Caching 5. Security Considerations 6. IANA Considerations 7. Acknowledgments 8. References 8.1. Normative References 8.2. Informative References Authors' Addresses 1. Introduction With the penetration of new generation information and communication technologies such as artificial intelligence, blockchain, and 5G communication into all areas of society, various types of intelligent applications and devices have also emerged, gradually entering the era of the Internet of everything. The application range of Internet of Things devices and systems is very wide, and the characteristics of diversified equipment, diversified environment, and massive real-time information also make security issues the core of Internet of Things systems. Li, et al. Expires 29 August 2024 [Page 2] Internet-Draft Intelligent Protection February 2024 The original data interaction mode uses location as connection to deliver content, but often users are only interested in the content itself. Therefore, Inter centre Network (ICN) provides a relatively new network working mode. ICN realizes nformation search and transmission through content index, which will effectively simplify the network structure and improve the security and reliability of the system. To address the issue of content privacy protection in iot systems we have designed an intelligent scheme that can perform security assessments on specific users and combine the potential of ICN networks to increase the security of content privacy without incuring significant overhead. 2. Current Situation and Problems The overall security architecture of the Internet of Things can roughly include the physical and information collection security layer, transmission security layer and processing security layer of the terminal sensor network, which all contain security risks. 2.1. Terminal Layer Due to the large number of devices and simple defense mechanisms, the devices are vulnerable to attacks, weak identity authentication and authorization mechanisms, and lack necessary security defense capabilities. 2.2. Transport Layer Massive data transmission is easy to be stolen or tampered with, and attackers can also use massive data to extract statistical characteristics and analyze users. 2.3. Processing Layer There are many types of equipment data, the calculation network is complex and changeable, and the data reliability is low. And the Internet of Things applications are diverse, may produce malicious program attacks. 3. Principle 3.1. Design Principle Li, et al. Expires 29 August 2024 [Page 3] Internet-Draft Intelligent Protection February 2024 Add the necessary security mechanisms to separate content and location, simplify the addressing process, and turn the network into a pure content web. 3.2. Typical Characteristics 3.2.1. Cache Network All intermediate nodes support caching, and in the case of a cache in the network, users do not have to wait for the network to forward data from the original node, but can obtain information from the nearest node with cached data. 3.2.2. Authenticity of Information The system can encrypt the data that needs to be guaranteed by the administrator's permission, so that the user can ensure the authenticity of the information. 3.2.3. Seamless Migration Modify different types of cache schemes, plan the data exchange of related nodes, and plan the priority, so as to avoid service interruption during migration. 3.2.4. Space Expansion Avoid letting the terminal bear the massive data storage alone, make full use of rich network equipment, and realize the simple terminal to independently receive or send the data of interest to the superior. 3.2.5. Flexible and Changeable It avoids the fixation of traditional network location and content binding, focuses on the exchange of data, and can reduce the possibility of being attacked by flexible nodes. 4. System Design The system is built from three aspects, giving full play to the potential of ICN and increasing the connection between ICN and the Internet of Things. Li, et al. Expires 29 August 2024 [Page 4] Internet-Draft Intelligent Protection February 2024 4.1. Naming and Parsing The forwarded data needs to include a description of the content and the name, and since the information grows too fast, the name needs to be short enough to accommodate the forwarding capability. The analysis is divided into absolute and relative concentration two kinds. 4.2. Data Exchange The system has three basic data exchange modes, including center mode, flooding mode and ideal mode. The central mode requires the existence of an omniscient supernode, the flooding mode can waste a lot of bandwidth, and the ideal mode is very complex. 4.3. Data Caching The system will intelligently manage cache data and optimize data selection, node selection, time selection and mode selection. 5. Security Considerations This document does not contain any security considerations. 6. IANA Considerations This document makes no IANA requests. 7. Acknowledgements The creation of this document has been a collaborative effort, and we extend our gratitude to individuals and organizations whose contributions and insights have enriched the content and quality of this work. 8. References 8.1. Normative References [IEEE] M. Cao et al., "Toward On-Device Federated Learning: A Direct Acyclic Graph-Based Blockchain Approach", IEEE Trans. Neural Networks and Learning Systems, pp. 1-15. Li, et al. Expires 29 August 2024 [Page 5] Internet-Draft Intelligent Protection February 2024 8.2. Informative References [IEEE] F. Song, Y. Ma, Z. Yuan, I. You, G. Pau and H. Zhang, "Exploring Reliable Decentralized Networks with Smart Collaborative Theory," in IEEE Communications Magazine, vol. 61, no. 8, pp. 44-50, August 2023, doi: 10.1109/MCOM.003.2200443. Authors' Addresses Xinru Li BeiJing JiaoTong University Haidian District, Beijing Email: 20211011@bjtu.edu.cn Yuyin Ma BeiJing JiaoTong University Haidian District, Beijing Email: mayuyin@bjtu.edu.cn Guangshuo Chen BeiJing JiaoTong University Haidian District, Beijing Email: 17733652726@163.com Li, et al. Expires 29 August 2024 [Page 6]