CN113993134A - IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals - Google Patents

IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals Download PDF

Info

Publication number
CN113993134A
CN113993134A CN202111607415.1A CN202111607415A CN113993134A CN 113993134 A CN113993134 A CN 113993134A CN 202111607415 A CN202111607415 A CN 202111607415A CN 113993134 A CN113993134 A CN 113993134A
Authority
CN
China
Prior art keywords
rfid
action
accessed
iot
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111607415.1A
Other languages
Chinese (zh)
Other versions
CN113993134B (en
Inventor
陈政霖
郑飞州
陈胜俭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Youkegu Technology Co ltd
Original Assignee
Guangzhou Youkegu Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Youkegu Technology Co ltd filed Critical Guangzhou Youkegu Technology Co ltd
Priority to CN202111607415.1A priority Critical patent/CN113993134B/en
Publication of CN113993134A publication Critical patent/CN113993134A/en
Application granted granted Critical
Publication of CN113993134B publication Critical patent/CN113993134B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0029Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement being specially adapted for wireless interrogation of grouped or bundled articles tagged with wireless record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an IoT (Internet of things) equipment secure access method based on RFID (radio frequency identification) signals, which comprises the following steps: collecting the change of the RFID signal caused by the user after the user takes the action in the mode database; extracting corresponding RFID characteristics to construct a motion recognition training set; constructing and training the CNN-LightGBM model; after receiving an RFID signal sent by an IoT device to be accessed, extracting corresponding RFID characteristics; inputting the extracted RFID features into a CNN-LightGBM model; the CNN-LightGBM model outputs action categories and prediction probabilities; judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period, and if so, agreeing to the access request of the IoT equipment to be accessed; otherwise, rejecting the access request of the IoT equipment to be accessed.

Description

IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals
Technical Field
The invention relates to the technical field of internet of things, in particular to an IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals.
Background
With the continuous development of internet of things (IOT) technology, more and more IOT devices are present in people's lives. Most of these devices are located in the user's home, such as smart air conditioners, smart door locks, smart speakers, etc. The Internet of things equipment jointly forms an intelligent home environment of the user, and unprecedented experience is provided for family life of the user. However, the large amount of sensitive data generated during the operation of these IoT devices makes the privacy of users more vulnerable to disclosure. Therefore, ensuring the secure operation of these IoT devices is an important capability that each device must be deployed. The most important point is that newly deployed IoT devices must be able to establish a connection with existing IoT devices through secure encryption means, and form a security domain together through a local area network, so as to prevent malicious attacks while ensuring operability.
Most of the existing access schemes require user participation in protocols (e.g. entering passwords), which are used on a large scale in existing intelligent environments, but are not feasible in many cases. The reason is that in the coming years, the size of the IoT devices in the home will increase from a few to hundreds of thousands, and entering passwords for all IoT devices individually will place a huge burden on the homeowner. Meanwhile, most new IoT devices do not have a user interface, which makes it very difficult for homeowners to enter passwords. There is a need for an IoT device access solution that does not require direct user involvement.
Existing solutions can be broadly divided into two categories: pre-allocation pairing methods and context-based pairing methods.
The pre-allocation pairing method is to pre-allocate an initial key for the IoT device to be accessed in advance when the IoT device to be accessed leaves a factory, and to perform verification when the IoT device to be accessed needs to be accessed. However, in the IoT scenario, since the number of deployed IoT devices is huge and there are hundreds of different device vendors, and it is difficult to share these key information among these vendors, resulting in difficulty in establishing a uniform security association for all IoT devices through one security center, such a pre-allocated access scheme is still a temporary scheme and difficult to meet future challenges.
On the other hand, the context-based pairing method uses an existing security device to identify the device to be accessed. These schemes take advantage of the basic fact that IoT devices in the same security domain will perceive substantially the same environment through their sensors, so each IoT device can perceive the environment with a different sensor and verify key consistency using the generated "environment fingerprint" to ensure that IoT devices in the security domain can securely access. However, these methods require that the IoT device to be accessed and the existing IoT device have the same sensor, including the same type, chip set and calibration method, in order to effectively extract the symmetric key. The existing device has strong heterogeneity of sensors, so the access method has no universality.
The use of electromagnetic wave signals to perceive the environment is a new trend, and researchers are using Wi-Fi signals for secure access of IoT devices. Specifically, existing methods consider the room interior to be a secure domain, and action events within the secure domain will cause random interference to Wi-Fi signals, which provides entropy for the generation of symmetric keys. By detecting the characteristics of Wi-Fi signal information fluctuation generated by the IoT equipment to be accessed and the security equipment, a symmetric key with enough length is generated after a certain time, and the security access of the equipment is completed. According to the method, the interior of a room is considered to be a security domain, Wi-Fi signals are difficult to penetrate through a wall, malicious personnel outside the room are difficult to capture complete Wi-Fi signal fluctuation, the characteristics generated by the fluctuation are incomplete, and therefore a complete key is difficult to obtain, and the security of the method is formed. There are three problems with the practical use of this method. The first problem is that the method based on the Wi-Fi signal has a large amount of noise which is difficult to eliminate, and the original CSI information of the Wi-Fi signal acquired by the prior art will have a large amount of noise, such as noise caused by cyclic shift diversity, sampling time offset, sampling frequency offset, beam forming, and the like, which is difficult to remove, so that it is difficult to extract the signal fluctuation feature with a sufficiently high confidence. The second problem is that Wi-Fi itself is easily attacked, and accessing Wi-Fi keeps a long connection against the security principle of the security domain, and the existing method needs to access an IoT device to be accessed to first access a Wi-Fi local area network in the security domain, and establish a Wi-Fi connection to acquire Wi-Fi signal fluctuation, so that an unverified device can access the local area network of the security domain at will and exchange information with the security domain, and the security principle of the security domain is seriously against. A third problem is that the existing methods based on extracting feature strings take a long access time and are uncontrollable, and the existing methods continuously detect the radio frequency signal changes caused by the motion in the room, extract the signal features and generate a symmetric key with a sufficient length. However, due to the multipath effect, the multipath through which radio frequency signals transmitted by IoT devices at different locations pass is very different; although located in the same room, it is difficult to generate a symmetric key by extracting a feature string. If the characteristic strings are required to be identical to each other to generate the symmetric key, the generation requirement of the symmetric key can be met only by the fluctuation generated by the action influence of a certain position of the radio-frequency signal which happens to pass through similar multipath, which takes a long time, and the time length is uncontrollable.
Disclosure of Invention
The invention provides an IoT device security access method based on RFID signals, which utilizes directionality and stability of RFID signals to obtain purer original signal information, and is easier to extract signal fluctuation characteristics, thereby achieving light weight in data processing; in addition, the method provided by the invention only allows the IoT equipment to be accessed to establish the RFID connection with the RFID reader to complete the access process by utilizing the limited information transfer capability of the RFID signal, so that malicious equipment is prevented from randomly accessing a security domain, and the security of the IoT system is protected; in addition, the method provided by the invention predicts the action type by recording the daily behavior habit of the user and training the machine learning model, allows the IoT equipment to be accessed, the action type and the occurrence time of which are consistent with the behavior pattern of the user, greatly shortens the safe access time of the equipment, and can realize the controllable equipment access through the customized access action.
A second object of the present invention is to provide a system applying the IoT device secure access method based on the RFID signal.
In order to realize the first invention, the technical scheme is as follows:
an IoT device security access method based on RFID signals comprises the following steps:
recording the action made by the user and the time period corresponding to the action, and storing the action made and the time period corresponding to the action in the behavior pattern database after being associated;
collecting the change of the RFID signal caused by the user after the user takes the action in the mode database; extracting corresponding RFID characteristics to construct a motion recognition training set;
constructing a CNN-LightGBM model, and applying the action recognition training set to train the CNN-LightGBM model;
after receiving an RFID signal sent by an IoT device to be accessed, extracting corresponding RFID characteristics;
inputting the extracted RFID features into a CNN-LightGBM model; the CNN-LightGBM model outputs action categories and prediction probabilities;
judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period, and if so, agreeing to the access request of the IoT equipment to be accessed; otherwise, rejecting the access request of the IoT equipment to be accessed.
Preferably, when the predicted probability output by the CNN-LightGBM model is greater than or equal to a set first threshold, determining whether the output action category and the time for receiving the to-be-accessed IoT device to transmit the RFID signal match the action in the behavior pattern database and the corresponding time period.
Preferably, after the change of the RFID signal caused by the action in the mode database is collected, the collected data is processed by adopting a noise reduction filtering method, and then the corresponding RFID characteristic is extracted;
and after receiving the RFID signal sent by the IoT equipment to be accessed, processing the received RFID signal by adopting a noise reduction filtering method, and extracting corresponding RFID characteristics.
Preferably, the adopted noise reduction filtering method is any one of fast fourier transform, short-time fourier transform or kalman filter.
Preferably, the extracted RFID features are signal strength features and angle of arrival features.
Preferably, the method further comprises the following steps:
defining an access action;
collecting the change of the RFID signal caused by the user after the access action is performed; extracting corresponding RFID characteristics to train the CNN-LightGBM model;
after receiving the RFID signal sent by the IoT equipment to be accessed, extracting corresponding RFID characteristics;
inputting the extracted RFID features into a CNN-LightGBM model; and if the action type output by the CNN-LightGBM model is an access action, agreeing to an access request of the IoT equipment to be accessed.
In order to realize the second invention, the adopted technical scheme is as follows:
an IoT device security access system based on RFID signals comprises IoT devices to be accessed, a security device group, an RFID reader and a security terminal;
the IoT equipment to be accessed is used for sending RFID signals to the RFID reader;
the safety equipment group is used for sending RFID signals to the RFID reader, so that the RFID reader can collect the change of the RFID signals caused by the action of the user in the mode database;
the RFID reader is used for receiving the RFID signals sent by the IoT equipment to be accessed and the RFID signals sent by the safety equipment group, processing the RFID signals sent by the IoT equipment to be accessed and the RFID signals sent by the safety equipment group and then transmitting the processed RFID signals to the safety terminal;
the safety terminal is used for recording the action made by the user and the time period corresponding to the action, and storing the action made and the time period corresponding to the action in the behavior mode database after being associated; the RFID identification training set is used for extracting corresponding RFID characteristics in the RFID signals sent by the safety equipment group to construct an action identification training set; constructing a CNN-LightGBM model, and applying the action recognition training set to train the CNN-LightGBM model; the method comprises the steps of extracting corresponding RFID characteristics in RFID signals sent by IoT equipment to be accessed and inputting the RFID characteristics into a CNN-LightGBM model; the CNN-LightGBM model outputs action categories and prediction probabilities; judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period, and if so, agreeing to the access request of the IoT equipment to be accessed; otherwise, rejecting the access request of the IoT equipment to be accessed.
Preferably, the IoT device to be accessed comprises an RFID tag and a Wi-Fi module; wherein the RFID tag is used for sending an RFID signal to the RFID reader; the Wi-Fi module is used for keeping long connection with the security terminal when the action type output by the CNN-LightGBM model and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period.
Preferably, the security device group comprises a security device, an RFID tag group and a Wi-Fi module; the RFID tag group is used for sending an RFID signal to the RFID reader under the instruction of the safety equipment, so that the RFID reader can acquire the change of the RFID signal caused by the action of the user in the mode database; the Wi-Fi module is used for keeping long connection with the Wi-Fi module of the security terminal.
Preferably, the safety terminal comprises a signal analysis module, a noise reduction module, a behavior recording module, a model training module, a model prediction module, a behavior matching module and a Wi-Fi module;
the signal analysis module is used for analyzing RFID signals sent by the IoT equipment to be accessed and RFID signals sent by the safety equipment group to obtain RFID channel information;
the noise reduction module is used for carrying out noise reduction filtering processing on the obtained RFID channel information;
the behavior recording module is used for recording the action made by the user and the time period corresponding to the action, and storing the action made and the time period corresponding to the action in the behavior mode database after being associated;
the model training module is used for extracting corresponding RFID characteristics in RFID signals sent by the safety equipment group to construct an action recognition training set, constructing a CNN-LightGBM model, and applying the action recognition training set to train the CNN-LightGBM model;
the model prediction module is used for extracting corresponding RFID characteristics in RFID signals sent by IoT equipment to be accessed and inputting the RFID characteristics into the CNN-LightGBM model; the CNN-LightGBM model outputs action categories and prediction probabilities;
the behavior matching module is used for judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period or not, and if so, agreeing to the access request of the IoT equipment to be accessed; otherwise, rejecting the access request of the IoT equipment to be accessed;
the Wi-Fi module is used for keeping long connection with the security device group, verifying the identity of the IoT device to be accessed when agreeing to the access request of the IoT device to be accessed, and keeping long connection with the IoT device to be accessed.
Compared with the prior art, the invention has the beneficial effects that:
1) according to the invention, the directionality and stability of the RFID signal are utilized, purer signal information can be obtained, and the signal noise can be removed only by using a simple noise reduction algorithm, so that the data processing is lighter.
2) The invention only allows the IoT equipment to be accessed to establish the RFID connection with the RFID reader to complete the access process by utilizing the limited information transfer capability of the RFID signal, thereby preventing malicious equipment from randomly accessing a security domain and protecting the security of the IoT system.
3) The invention trains the machine learning model to predict the action type by recording the daily behavior habit of the user and the user-defined access action, allows the IoT equipment to be accessed, the action type and the occurrence time of which are consistent with the user behavior pattern, to be accessed, and greatly shortens the time for safe access of the equipment while ensuring the access safety. The user-defined access action enables the user to complete the access of new equipment by making the access action at any time, so that the access process is more controllable.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is an application architecture diagram of an IoT device secure access method based on an RFID signal according to the present invention.
Fig. 2 is a schematic flowchart of an IoT device secure access method based on an RFID signal according to the present invention.
Fig. 3 is a schematic diagram of an application example of the IoT device secure access method based on the RFID signal provided in the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Fig. 1 is an application architecture diagram of an IoT device secure access method based on an RFID signal according to the present invention. As shown in fig. 1, the IoT device secure access method provided in the present invention mainly relates to a security device group, a device to be accessed, a security terminal, and an RFID reader.
The basic idea of the RFID signal-based IoT equipment security access method provided by the invention is to train a CNN-LightGBM model capable of identifying actions through radio frequency signal changes by recording the activity habits of users and user-defined access actions. When the RFID signal of the equipment to be accessed generates signal fluctuation with high enough prediction probability of corresponding action at the right time, the equipment to be accessed is considered to be in the room, and the equipment to be accessed is allowed to be accessed. Since the RFID signal is greatly attenuated when penetrating through the outer wall of the room, the change of the RFID signal is mainly caused by the motion in the room, and it is difficult for the devices outside the room to obtain the complete change of the RFID signal, so that the secure pairing of the IoT devices can be achieved. The parts are specifically explained as follows:
1) device to be accessed
1.1) RFID tag: and the system is responsible for transmitting the RFID signal with the identity information of the equipment to be accessed. The tag includes but is not limited to active, passive, directional, non-directional, and all other forms of RFID tags;
1.2) Wi-Fi module: the terminal is responsible for sending an access request and an identity identifier to a Wi-Fi module of the security terminal when the terminal is not accessed, and keeping long connection with the Wi-Fi module of the security terminal after access is granted;
1.3) operating system: the function of managing the equipment to be accessed is realized;
2) safety device group
2.1) safety devices: the device which passes the access authentication is provided with an RFID tag and a Wi-Fi module. When motion occurs in a room, the safety equipment transmits an RFID signal to the RFID reader, and the safety terminal captures the fluctuation of the corresponding signal and uses the signal as training data of the corresponding motion for training the CNN-LightGBM model;
2.2) RFID tag group: is responsible for the transmission of RFID signals with security device identity information. The tag includes but is not limited to active, passive, directional, non-directional, and all other forms of RFID tags;
2.3) Wi-Fi module: the terminal is responsible for keeping long connection with a Wi-Fi module of the security terminal;
2.4) operating system: the function responsible for managing the safety equipment is realized;
3) RFID reader
3.1) reader: and the signal analysis module is responsible for receiving the RFID signals from the plurality of RFID labels, packaging the information into a data packet after preliminary analysis, and forwarding the data packet to the safety terminal.
4) Security terminal
4.1) terminal definition: the security terminals, i.e., devices in the room that have been considered secure and trusted while having sufficient computing power, are the most common security terminals, i.e., gateways that control all IoT devices. The RFID reader is connected with the RFID reader in a wired or wireless mode;
4.2) a signal analysis module: and the RFID reader is responsible for analyzing the data packet in the specified format forwarded by the RFID reader into the identity and the RFID channel information. The identity identification of the equipment to be accessed is forwarded to a Wi-Fi module of the safety terminal for identity verification of the equipment to be accessed, and the RFID channel information is forwarded to a noise reduction module for signal processing;
4.3) noise reduction module: the RFID system is responsible for eliminating basic noise in RFID channel information, and according to different characteristic value extraction requirements, a plurality of noise reduction methods and filtering methods can be used, such as Fast Fourier Transform (FFT), Short Time Fourier Transform (STFT), Kalman filter and the like, and the noise-reduced result is forwarded to a behavior recording module and a model training module. In the embodiment, the noise reduction is carried out on the signal only by using Kalman filtering, so that the requirement of model training can be met;
4.4) behavior recording module: and the system is responsible for recording radio frequency signal fluctuation caused by normal activities of users and corresponding activity time and maintaining a behavior pattern database. For example, every night, 19:00 to 19:10 of the security device group acquires a radio frequency signal (representing that a user goes home to a corridor) with the frequency of 1 time/s and the RSS and the AoA both change from small to large and then change to small, and when the security device group detects movement in the period, the security device group starts to acquire radio frequency signal information with fixed duration, and the information is subjected to noise reduction and then stored in a behavior recording module of the security terminal in a two-dimensional matrix [ sampling point x characteristic ]. For example, setting the continuous sampling time to be 60s, the number of sampling points to be 600, and the characteristics of RSS and AoA changes of the RFID signal, the security terminal may obtain a [600 × 2] two-dimensional matrix, store the matrix in the behavior recording module, and label the matrix as [001,19:00-19:10], where 001 represents an action label and 19:00-19:10 represents an occurrence period.
4.5) a model training module: is responsible for the training of the CNN-LightGBM model. And capturing corresponding motion information by using the security terminal and the security equipment group according to the user motion habit recorded by the behavior recording module to obtain a series of two-dimensional matrixes and motion labels to form a training set. And training a prediction model capable of predicting the action classification probability P according to the information by using the CNN-LightGBM model.
For example, over a long period of data collection, a series of two-dimensional RFID information matrices of the form [600 × 2] and corresponding motion tags have been obtained. The two-dimensional information matrix [600 × 2] is input to the CNN. In the invention, the used CNN network structure is a sampling layer +1 average pooling layer +2 full connection layer + output layer with an input layer +2 convolution layer +2 activation function as ELU, wherein convolution kernels can be freely selected according to learning effect, the full connection layer activation function is SoftMax, Loss is Binary cross entry, and parameters of each layer of the CNN network are updated by using a gradient back propagation algorithm. Inputting the feature matrix obtained after training into a LightGBM algorithm, and outputting the prediction probability P that the action belongs to the action A to form a CNN-LightGBM model. The input of the model is a two-dimensional information matrix [600 × 2], and the predicted probability P that the action belongs to the action a can be output.
4.6) model prediction module: and the CNN-LightGBM model is used for predicting the action type and the classification probability P of the action type in the RFID signal transmitted by the equipment to be accessed. When the classification probability P is larger than a set threshold value, such as 0.95, sending the action type and the action occurrence time to a behavior matching module;
4.7) a behavior matching module: and the device is responsible for authenticating whether the action detected by the device to be accessed is matched with the user behavior pattern in the behavior pattern database or not and obtaining a final authentication result. If the two types of authentication are matched, the authentication is successful, and if the two types of authentication are not matched, the authentication is failed;
4.8) Wi-Fi module: and the module with the capability of transmitting and receiving Wi-Fi signals is responsible for establishing Wi-Fi long connection with the security equipment group. When the received authentication result is successful, verifying the identity of the equipment to be accessed, and agreeing to the access request of the equipment to be accessed;
4.9) active access mode: the user is required to be started when the user has active access requirements and not started at ordinary times. Only checking whether the RFID signal of the equipment to be accessed has the access action preset by the user. And if the equipment to be accessed exists and passes the authentication of the identity of the equipment to be accessed, allowing the equipment to be accessed.
The flow of the IoT device secure access method based on the RFID signal provided by the present invention is shown in fig. 2, and the specific steps are as follows:
s201: the method comprises the steps that a safety equipment group and a safety terminal record radio frequency signal fluctuation and corresponding activity time caused by normal activities of users and user-defined access actions for a long time, and an action recognition training set is generated after noise reduction;
s202: the model training module trains a CNN-LightGBM model by using the action recognition training set;
s203: the method comprises the steps that an RFID tag on equipment to be accessed continuously sends a signal to an RFID reader, and continuously requests a Wi-Fi module of a security terminal to show an identity of the RFID tag and request access;
s204: the RFID reader receives a signal of the equipment to be accessed, packs label information of the equipment to be accessed and signal information of the equipment to be accessed in the signal into a data packet, and sends the data packet to a signal analysis module of the safety terminal. Here, the transmission may be wireless transmission or wired transmission;
s205: and a signal analysis module of the safety terminal analyzes the data packet from the RFID reader and extracts the identity and channel information of the equipment to be accessed. The identity identification is forwarded to a Wi-Fi module of the security terminal for identity verification of the equipment to be accessed, and the channel information is forwarded to a noise reduction module for signal processing;
s206: the noise reduction module is used for carrying out noise reduction and preprocessing on the channel information and then sending the processed information to the model prediction module for action classification prediction;
s207: the model prediction module predicts the action type and the prediction probability detected by the equipment to be accessed by using the trained CNN-LightGBM model, and transmits the prediction result to the action matching module when the prediction probability is more than or equal to a set threshold value;
s208: the behavior matching module checks whether the motion type and the occurrence time are matched with the user behavior patterns recorded in the behavior pattern database or not, and if so, the authentication is successful;
s209: and forwarding the judgment result to a Wi-Fi module and a security device group of the security terminal. If the access request is successful, the Wi-Fi module receives the access request of the equipment to be accessed according to the identity and brings the equipment to be accessed into the trust chain; if not, the device to be accessed is refused to access.
Example 2
Fig. 3 is a schematic diagram of an application example of the IoT device secure access method based on the RFID signal provided in the present invention. In this embodiment, the security terminal is an intelligent gateway that controls all IoT devices in a room, the security device includes a smart television, a smart speaker, and a smart desk lamp in the room, the general device includes a printer, the device to be accessed is an intelligent sweeping robot, and the RFID reader is a general RFID reader. The intelligent gateway provides a Wi-Fi hotspot as an AP (access point), an original intelligent television, an intelligent sound box and an intelligent desk lamp in a room are connected with the intelligent gateway through Wi-Fi, and meanwhile, the intelligent floor sweeping robot serves as equipment to be accessed and is brought into the room by a user. The intelligent television, the intelligent sound box, the intelligent desk lamp and the intelligent floor sweeping robot comprise RFID tags. A database of behavioral patterns for the user is established. The CNN-LightGBM model, which can recognize actions, has been trained in advance. The user-defined action is swinging the hands up and down three times. The specific process of application is as follows:
1) the intelligent floor sweeping robot is powered on, transmits an RFID signal to an RFID reader and continuously sends an access request to the intelligent gateway;
2) after receiving the RFID signal, the RFID reader encapsulates the RFID signal into a data packet and forwards the data packet to the intelligent gateway;
3) after the intelligent gateway analyzes and reduces the noise of the signal, the intelligent gateway predicts that the action is action 003 (actually walking through a corridor) by using a CNN-LightGBM model, the probability is 97 percent, and the prediction result is forwarded to a behavior matching module;
4) the behavior matching module searches the behavior pattern database, finds that the user can do action 003 in a range of 18:00 to 18:30, considers that the equipment is really in the room, successfully authenticates and agrees to the Wi-Fi access request of the intelligent floor sweeping robot;
5) and the request of the intelligent sweeping robot passes the identity authentication and successfully accesses the Wi-Fi. The intelligent gateway transmits the information to all safety equipment in the room and the intelligent sweeping robot to be accessed through the Wi-Fi module, and the intelligent sweeping robot is added into the safety equipment group and is successfully accessed;
6) if the results are not matched and the duration time of the access request exceeds a system threshold value, the access of the intelligent sweeping robot is refused, and meanwhile, a malicious access alarm is sent to the user;
7) if the long-time access is unsuccessful, the user can set the security terminal to be in an active access mode, and make a preset access action before the equipment to be accessed, and swing the hands up and down for three times. At the moment, the security terminal detects that the RFID signal transmitted by the equipment to be accessed fluctuates, the probability of 95% is that the user swings up and down three times, and if the user is considered to be actively accessing, the access is allowed after the identity of the equipment to be accessed is verified.
8) At the moment, an eavesdropper outside the room tries to access the intelligent device, but the eavesdropper is continuously unmatched due to the large attenuation of the RFID signal after penetrating through the wall, and a malicious access alarm is triggered and is discovered by the user.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An IoT device security access method based on RFID signals is characterized in that: the method comprises the following steps:
recording the action made by the user and the time period corresponding to the action, and storing the action made and the time period corresponding to the action in the behavior pattern database after being associated;
collecting the change of the RFID signal caused by the user after the user takes the action in the mode database; extracting corresponding RFID characteristics to construct a motion recognition training set;
constructing a CNN-LightGBM model, and applying the action recognition training set to train the CNN-LightGBM model;
after receiving an RFID signal sent by an IoT device to be accessed, extracting corresponding RFID characteristics;
inputting the extracted RFID features into a CNN-LightGBM model; the CNN-LightGBM model outputs action categories and prediction probabilities;
judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period, and if so, agreeing to the access request of the IoT equipment to be accessed; otherwise, rejecting the access request of the IoT equipment to be accessed.
2. The RFID signal based IoT device secure access method of claim 1, wherein: when the predicted probability output by the CNN-LightGBM model is larger than or equal to a set first threshold value, judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period.
3. The RFID signal based IoT device secure access method of claim 1, wherein: after the change of the RFID signal caused by the action in the mode database is collected, the collected data is processed by adopting a noise reduction filtering method, and then corresponding RFID characteristics are extracted;
and after receiving the RFID signal sent by the IoT equipment to be accessed, processing the received RFID signal by adopting a noise reduction filtering method, and extracting corresponding RFID characteristics.
4. The RFID signal based IoT device secure access method of claim 3, wherein: the adopted noise reduction filtering method is any one of fast Fourier transform, short-time Fourier transform or Kalman filter.
5. The RFID signal based IoT device secure access method according to any of claims 1-4, characterized in that: the extracted RFID characteristics are signal strength characteristics and arrival angle characteristics.
6. The RFID signal based IoT device secure access method of claim 5, wherein: further comprising:
defining an access action;
collecting the change of the RFID signal caused by the user after the access action is performed; extracting corresponding RFID characteristics to train the CNN-LightGBM model;
after receiving the RFID signal sent by the IoT equipment to be accessed, extracting corresponding RFID characteristics;
inputting the extracted RFID features into a CNN-LightGBM model; and if the action type output by the CNN-LightGBM model is an access action, agreeing to an access request of the IoT equipment to be accessed.
7. An IoT device security access system based on RFID signals, characterized in that: the security access method comprises the steps of accessing IoT equipment, a security equipment group, an RFID reader and a security terminal;
the IoT equipment to be accessed is used for sending RFID signals to the RFID reader;
the safety equipment group is used for sending RFID signals to the RFID reader, so that the RFID reader can collect the change of the RFID signals caused by the action of the user in the mode database;
the RFID reader is used for receiving the RFID signals sent by the IoT equipment to be accessed and the RFID signals sent by the safety equipment group, processing the RFID signals sent by the IoT equipment to be accessed and the RFID signals sent by the safety equipment group and then transmitting the processed RFID signals to the safety terminal;
the safety terminal is used for recording the action made by the user and the time period corresponding to the action, and storing the action made and the time period corresponding to the action in the behavior mode database after being associated; the RFID identification training set is used for extracting corresponding RFID characteristics in the RFID signals sent by the safety equipment group to construct an action identification training set; constructing a CNN-LightGBM model, and applying the action recognition training set to train the CNN-LightGBM model; the method comprises the steps of extracting corresponding RFID characteristics in RFID signals sent by IoT equipment to be accessed and inputting the RFID characteristics into a CNN-LightGBM model; the CNN-LightGBM model outputs action categories and prediction probabilities; judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period, and if so, agreeing to the access request of the IoT equipment to be accessed; otherwise, rejecting the access request of the IoT equipment to be accessed.
8. The RFID signal based IoT device secure access system of claim 7, wherein: the IoT device to be accessed comprises an RFID tag and a Wi-Fi module; wherein the RFID tag is used for sending an RFID signal to the RFID reader; the Wi-Fi module is used for keeping long connection with the security terminal when the action type output by the CNN-LightGBM model and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period.
9. The RFID signal based IoT device secure access system of claim 7, wherein: the safety equipment group comprises safety equipment, an RFID tag group and a Wi-Fi module; the RFID tag group is used for sending an RFID signal to the RFID reader under the instruction of the safety equipment, so that the RFID reader can acquire the change of the RFID signal caused by the action of the user in the mode database; the Wi-Fi module is used for keeping long connection with the Wi-Fi module of the security terminal.
10. The RFID signal based IoT device secure access system of claim 7, wherein: the safety terminal comprises a signal analysis module, a noise reduction module, a behavior recording module, a model training module, a model prediction module, a behavior matching module and a Wi-Fi module;
the signal analysis module is used for analyzing RFID signals sent by the IoT equipment to be accessed and RFID signals sent by the safety equipment group to obtain RFID channel information;
the noise reduction module is used for carrying out noise reduction filtering processing on the obtained RFID channel information;
the behavior recording module is used for recording the action made by the user and the time period corresponding to the action, and storing the action made and the time period corresponding to the action in the behavior mode database after being associated;
the model training module is used for extracting corresponding RFID characteristics in RFID signals sent by the safety equipment group to construct an action recognition training set, constructing a CNN-LightGBM model, and applying the action recognition training set to train the CNN-LightGBM model;
the model prediction module is used for extracting corresponding RFID characteristics in RFID signals sent by IoT equipment to be accessed and inputting the RFID characteristics into the CNN-LightGBM model; the CNN-LightGBM model outputs action categories and prediction probabilities;
the behavior matching module is used for judging whether the output action type and the time for receiving the RFID signal sent by the IoT equipment to be accessed are matched with the action in the behavior pattern database and the corresponding time period or not, and if so, agreeing to the access request of the IoT equipment to be accessed; otherwise, rejecting the access request of the IoT equipment to be accessed;
the Wi-Fi module is used for keeping long connection with the security device group, verifying the identity of the IoT device to be accessed when agreeing to the access request of the IoT device to be accessed, and keeping long connection with the IoT device to be accessed.
CN202111607415.1A 2021-12-27 2021-12-27 IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals Active CN113993134B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111607415.1A CN113993134B (en) 2021-12-27 2021-12-27 IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111607415.1A CN113993134B (en) 2021-12-27 2021-12-27 IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals

Publications (2)

Publication Number Publication Date
CN113993134A true CN113993134A (en) 2022-01-28
CN113993134B CN113993134B (en) 2022-03-22

Family

ID=79734408

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111607415.1A Active CN113993134B (en) 2021-12-27 2021-12-27 IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals

Country Status (1)

Country Link
CN (1) CN113993134B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115865568A (en) * 2023-02-28 2023-03-28 广州市成格信息技术有限公司 Intelligent gateway for all-optical network

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108063704A (en) * 2017-11-27 2018-05-22 海尔优家智能科技(北京)有限公司 A kind of method for network access and system
CN108632948A (en) * 2017-03-22 2018-10-09 南昌黑鲨科技有限公司 Method for network access, access request equipment and equipment to be accessed
US20190096196A1 (en) * 2017-09-28 2019-03-28 Ncr Corporation Self-Service Terminal (SST) Maintenance and Support Processing
CN109800483A (en) * 2018-12-29 2019-05-24 北京城市网邻信息技术有限公司 A kind of prediction technique, device, electronic equipment and computer readable storage medium
CN110602040A (en) * 2019-08-05 2019-12-20 苏州凌瑞智能技术有限公司 Virtual gateway access and authentication method for Internet of things
CN111160424A (en) * 2019-12-16 2020-05-15 南方电网科学研究院有限责任公司 NFC equipment fingerprint authentication method and system based on CNN image identification
CN111556294A (en) * 2020-05-11 2020-08-18 腾讯科技(深圳)有限公司 Safety monitoring method, device, server, terminal and readable storage medium
CN112492609A (en) * 2020-12-07 2021-03-12 广州大学 Wi-Fi signal fluctuation-based IoT equipment safety automatic pairing method and device
CN112526206A (en) * 2020-11-20 2021-03-19 国网重庆市电力公司营销服务中心 Method and system for managing RFID (radio frequency identification) key of running electric energy metering device
CN112883355A (en) * 2021-03-24 2021-06-01 南京邮电大学 Non-contact user identity authentication method based on RFID and convolutional neural network
US20210258300A1 (en) * 2020-02-13 2021-08-19 Axis Ab Method for re-provisioning a digital security certificate and a system and a non-transitory computer program product thereof
CN113365273A (en) * 2021-06-03 2021-09-07 东南大学 Packet-level wireless equipment authentication method based on channel state information
CN113794683A (en) * 2021-08-06 2021-12-14 四川大学 Industrial Internet of things intrusion detection method, device, equipment and storage medium

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632948A (en) * 2017-03-22 2018-10-09 南昌黑鲨科技有限公司 Method for network access, access request equipment and equipment to be accessed
US20190096196A1 (en) * 2017-09-28 2019-03-28 Ncr Corporation Self-Service Terminal (SST) Maintenance and Support Processing
CN108063704A (en) * 2017-11-27 2018-05-22 海尔优家智能科技(北京)有限公司 A kind of method for network access and system
CN109800483A (en) * 2018-12-29 2019-05-24 北京城市网邻信息技术有限公司 A kind of prediction technique, device, electronic equipment and computer readable storage medium
CN110602040A (en) * 2019-08-05 2019-12-20 苏州凌瑞智能技术有限公司 Virtual gateway access and authentication method for Internet of things
CN111160424A (en) * 2019-12-16 2020-05-15 南方电网科学研究院有限责任公司 NFC equipment fingerprint authentication method and system based on CNN image identification
US20210258300A1 (en) * 2020-02-13 2021-08-19 Axis Ab Method for re-provisioning a digital security certificate and a system and a non-transitory computer program product thereof
CN111556294A (en) * 2020-05-11 2020-08-18 腾讯科技(深圳)有限公司 Safety monitoring method, device, server, terminal and readable storage medium
CN112526206A (en) * 2020-11-20 2021-03-19 国网重庆市电力公司营销服务中心 Method and system for managing RFID (radio frequency identification) key of running electric energy metering device
CN112492609A (en) * 2020-12-07 2021-03-12 广州大学 Wi-Fi signal fluctuation-based IoT equipment safety automatic pairing method and device
CN112883355A (en) * 2021-03-24 2021-06-01 南京邮电大学 Non-contact user identity authentication method based on RFID and convolutional neural network
CN113365273A (en) * 2021-06-03 2021-09-07 东南大学 Packet-level wireless equipment authentication method based on channel state information
CN113794683A (en) * 2021-08-06 2021-12-14 四川大学 Industrial Internet of things intrusion detection method, device, equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
吴嘉伟: "基于RFID的非侵入式人体感知技术研究", 《信息科技辑》 *
孙静博等: "面向大数据的电信宽带接入点行为特征", 《太赫兹科学与电子信息学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115865568A (en) * 2023-02-28 2023-03-28 广州市成格信息技术有限公司 Intelligent gateway for all-optical network

Also Published As

Publication number Publication date
CN113993134B (en) 2022-03-22

Similar Documents

Publication Publication Date Title
Babun et al. Z-iot: Passive device-class fingerprinting of zigbee and z-wave iot devices
Kumar et al. Toward design of an intelligent cyber attack detection system using hybrid feature reduced approach for iot networks
Meidan et al. Detection of unauthorized IoT devices using machine learning techniques
Sharaf-Dabbagh et al. On the authentication of devices in the Internet of Things
EP3276527B1 (en) Electromagnetic threat detection and mitigation in the internet of things
Tang et al. Exploiting Wireless Received Signal Strength Indicators to Detect Evil‐Twin Attacks in Smart Homes
Song et al. Enhancing Packet‐Level Wi‐Fi Device Authentication Protocol Leveraging Channel State Information
CN104796857A (en) Location-based security system for portable electronic device
Wang et al. Deep neural networks for CSI-based authentication
Illy et al. ML-based IDPS enhancement with complementary features for home IoT networks
CN113993134B (en) IoT (Internet of things) equipment secure access method and system based on RFID (radio frequency identification) signals
Ikrissi et al. A study of smart campus environment and its security attacks
Yousefnezhad et al. Medi: Measurement-based device identification framework for internet of things
Bezawada et al. Behavioral fingerprinting of Internet‐of‐Things devices
Liu et al. Sniffmislead: Non-intrusive privacy protection against wireless packet sniffers in smart homes
Uras et al. MAC address de-randomization for WiFi device counting: Combining temporal-and content-based fingerprints
Li et al. A physical layer authentication mechanism for IoT devices
Thamilarasu et al. Intrusion detection in RFID systems
Sun et al. IoT‐IE: An Information‐Entropy‐Based Approach to Traffic Anomaly Detection in Internet of Things
Charyyev et al. Misactivation detection and user identification in smart home speakers using traffic flow features
Li et al. ZPA: A smart home privacy analysis system based on ZigBee encrypted traffic
Nkuba et al. ZMAD: Lightweight Model-Based Anomaly Detection for the Structured Z-Wave Protocol
Alazzam et al. A New Network Digital Forensics Approach for Internet of Things Environment Based on Binary Owl Optimizer
CN116437355A (en) Radio frequency fingerprint-based wireless equipment identity authentication method and device
Feng et al. Detection of RFID cloning attacks: a spatiotemporal trajectory data stream-based practical approach

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A secure access method and system for IoT devices based on RFID signals

Effective date of registration: 20230825

Granted publication date: 20220322

Pledgee: Guangzhou Rural Commercial Bank Co.,Ltd. Huaxia Branch

Pledgor: Guangzhou youkegu Technology Co.,Ltd.

Registration number: Y2023980053830

PE01 Entry into force of the registration of the contract for pledge of patent right