臺灣博碩士論文加值系統

數位家庭中，家用閘道器已被廣泛使用來管理家中的裝置與服務，最常使用的安全機制莫過於採用使用者認證與授權方式，其中卻隱含著潛在的危險問題：對於裝置本身並無安全上的保障—若使用者身份遭破解以至於整個家庭網路安全系統瓦解，入侵者便能肆無忌憚盜用機密資料與存取裝置服務進而破壞裝置。
本研究對數位家庭電子裝置、家用閘道器與服務供應商三方之間設計出一套安全的裝置認證與服務管理流程。首先於家用閘道器內嵌入認證中心(Authorized Center)來控管家中所有裝置與服務的認證程序。其次，對於能連上家用閘道器的家用電器裝置中嵌入一個安全模組(Security Module)，具備安全認證與保護機密資訊的功能，在此將此裝置稱之安全意識裝置(Security-aware Device)。當使用者欲存取某項裝置服務時，藉由裝置所內嵌安全模組透過認證中心執行裝置啟動認證程序，使其運作。優點在於裝置有能力去判斷本身是否能安全運作、檢查是否處於合法的家庭網路環境以及查看被允許使用時間的限制。藉此，可避免他人入侵家中網路系統攻陷家用閘道器系統架構，盜用其服務與竊取資料或惡意破壞裝置等行為；若裝置遭受偷竊或未經授權任意移往其它數位家庭則無法正常啟動，可有效提高裝置安全性並降低失竊率。
實作此裝置認證機制於2.8GHz TPM嵌入式平台，裝置經由認證至啟動運作所需時間約為0.4秒，藉此證明對於效能上的負擔並無太大的影響，且在裝置上增加一層安全性防護。

Home gateways are being deployed into smart homes to provide services and to control smart digital devices. The security mechanism most commonly used in such platforms is user authentication and authorization, which implies the potential risk: if the user identity is cracked, the entire home network security is collapsed, and the intruder can control the devices and services, even to reveal users’ private information.
We propose to have the “security-aware” devices in homes. A security-aware device requires an authentication mechanism and service management between itself, the home gateway, and the service provider. In our design, a home gateway is embedded with an Authorized Center to control the authentication process of all home devices and services. Smart devices are required to embed a security module which implements authentication and security functions to protect confidential information. When a user wants to access a security-aware device, the embedded security module starts authentication process. The key advantage is that a security-aware device can check whether it is in a safe environment or not. If not, it will not work. In addition, if the device is stolen or moved to any other unauthorized smart home network, it will not work, either. Hence the proposed approach could correctly and effectively improve the security of home devices and may even help to reduce the theft rate.
Performance measures show that the authentication process takes about 0.4 seconds under a 2.8GHz TPM embedded platform. This implies that it will not cause too much overhead on performance.

中文摘要 i
Abstract ii
誌謝 iii
章節目錄 iv
圖目錄 vi
表目錄 vii
第一章 序論 1
1.1 研究背景 1
1.2 研究動機 3
1.3 研究目的 4
1.4 研究貢獻和章節概要 5
第二章 背景介紹與相關研究 6
2.1 文獻探討 6
2.1.1 數位家庭 6
2.1.2 參考監督 11
2.1.3 RBAC 13
2.2 技術背景分析 17
2.2.1 加解密演算法和雜湊演算法 17
2.2.2 一次性密碼 19
2.2.3 代理人信任機制 21
2.3.4 自我檢測機制 21
2.3.5 零件識別技術 22
第三章 系統分析和需求 23
3.1 家庭網路鏈結關係 25
3.2 情境描述 27
3.3 系統開發需求 29
3.4 延伸至商業用途之討 32
第四章 系統架構設計 35
4.1 系統架構 35
4.2 安全意識裝置與家用閘道器架構 38
4.3 安全意識裝置安裝初始化流程 41
4.4 安全意識裝置S-OTP安全啟動流程 44
4.5 小結 49
第五章 實驗結果與分析討論 50
5.1 系統運作流程 50
5.2 系統雛形建置 54
5.3 效能評估 56
第六章 結論與未來工作 58
參考文獻 60
自述 62

[1] 鄭玉玲,賴昌祈,廖啟業,張光耀,張耿豪,謝東明,梁若玲, “高安全性硬體密碼加速器研發與應用,” 影像與識別, Volume 5, No. 4, pp. 65-73, 民88.12. Available:www.cis.nctu.edu.tw/~ippr/Doc/Dec88/6.doc
[2] 吳榮軒, 基於CAGI 方案之車用電子裝置防盜機制, 國立成功大學工程科學所碩士論文, 2008.
[3] J. P. Anderson, “Computer Security Technology Planning Study,” Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, 1972.
[4] Eun-Ae Cho, Chang-Joo Moon and Doo-Kwon Baik, “Home Gateway Operating Model using Reference Monitor for Enhanced User Comfort and Privacy,” IEEE Transactions on Consumer Electronics, Volume 54, Issue 2, pp. 494 – 500, May. 2008.
[5] Joan Daemen and Vincent Rijmen, “AES Proposal: Rijndael,” 1999, http://csrc.nist.gov/encryption/ aes/rijndael/Rijndael.pdf.
[6] Ulfar Erlingsson, “The Inlined Reference Monitor Approach to Security Policy Enforcement,” ProQuest Information and Learning, UMI, Cornell University, Ithaca, NY, USA, Jan, 2004.
[7] David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn and Ramaswamy Chandramouli, “Proposed NIST Standard for Role-Based Access Control,” ACM Transactions on Information and System Security, Volume 4, No. 3, pp. 224-274, August 2001.
[8] Satish Gupta, “White Paper: Home Gateway,” Wipro Technologies, http://www.broadcastpapers.com/whitepapers/wiprohomegateway.pdf
[9] Men Long and Uri Blumenthal, “Manageable One-Time Password for Consumer Applications,” International Conference on Consumer Electronics, Las Vegas, USA, pp. 1-2, 10-14 Jan. 2007.
[10] Young Gu Lee, Hyun Chul Kim, Jung Jae Kim and Moon Seog Jun, “A Design of Home Network Security Protocol Using User Authentication and Access Control Technology,” International Conference on Convergence and Hybrid Information Technology, pp. 30 - 34, 28-30 Aug. 2008.
[11] Yun-Kyung Lee, Deok Gyu Lee, Jong-Wook Han and Tai-Hoon Kim, “Home Network Device Authentication: Device Authentication Framework and Device Certificate Profile,” The Computer Journal Advance Access published, Volume 51, Issue 4, July 24, 2008.
[12] A. Pfitzmann, B. Pfitzmann, M. Schunter and M. Waidner, “Trusting Mobile User Devices and Security Modules,” IEEE Computer, Volume 30, pp. 61–68, Feb. 1997.
[13] R. Rivest, “The MD5 Message-Digest Algorithm,” MIT Laboratory for Computer Science and RSA Data Security, Inc. Apr. 1992.
[14] J. Suomalainen, S. Moloney, J. Koivisto and K. Keinanen, “OpenHouse: A Secure Platform for Distributed Home Services,” Sixth Annual Conference on Privacy, Security and Trust, pp. 15 – 23, 1-3 Oct. 2008.
[15] UPnP Forum, UPnP Technology, http://www.upnp.org/.
[16] A. Weimerskirch, C. Paar, and M. Wolf, “Cryptographic Component Identification: Enabler for Secure Vehicles,” in Proc. IEEE 62nd Semiannual Vehicular Technology Conference (VTC), Dallas, Texas, USA, pp. 1227–1231, Sept. 2005.
[17] William C.Barker, “Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher,” Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, May. 2004.
[18] Jung-Hsuan Wu, Chien-Chuan Kung, Jhan-Hao Rao, Pang-Chieh Wang, Cheng-Liang Lin and Ting-Wei Hou, “Design of an In-vehicle Anti-theft Component,” Eighth International Conference on Intelligent Systems Design and Applications(ISDA), Kaohsiung City, Taiwan, Volume 1, pp. 566 -569, Nov. 2008.
[19] Pang-Chieh Wang, Cheng-Liang Lin, Chieh-Chuan Kung, Jhan-Hao Rao and Ting-Wei Hou, “A "Try Before You Buy" Approach for Networked Digital Home Appliances and Services,” International Conference on Consumer Electronics, Las Vegas, USA, pp. 1-2, 10-14 Jan. 2009.
[20] P. C. Wang, T. W. Hou, J. H. Wu, and B. C. Chen, "A Security Module for Car Appliances," International Journal of Mechanical Systems Science and Engineering(IJMSSE), pp. 155–160 , Volume. 1, No. 3, Summer 2007.
[21] E. J. Yoon and K. Y. Yoo(2006), “One-Time Password Authentication Scheme Using Smart Cards Providing User Anonymity,” Workshop on Security Issues on Grid/ Distributed Computing Systems (SIGDCS 2006), pp. 303-311, May. 2006.