跳到主要內容

臺灣博碩士論文加值系統

(216.73.216.136) 您好!臺灣時間:2026/07/11 01:03
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳韋丞
研究生(外文):CHEN, WEI-CHENG
論文名稱:設計與實作訊息佇列遙測之物對物安全傳輸協定
論文名稱(外文):Design and Implementation of MQTT Thing-to-Thing Security Protocol
指導教授:蘇維宗
指導教授(外文):SU, WEI-TSUNG
口試委員:陳朝鈞葉建華
口試委員(外文):CHEN, CHAO-CHUNYEH, JIAN-HUA
口試日期:2018-07-13
學位類別:碩士
校院名稱:真理大學
系所名稱:資訊工程學系碩士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2018
畢業學年度:106
語文別:中文
論文頁數:58
中文關鍵詞:物聯網訊息佇列遙測傳輸協定端點至端點安全密文策略屬性加密委外運算
外文關鍵詞:Internet of ThingsMessage Queue Telemetry TransportEnd-to-End SecurityCiphertext-Policy Attribute Based EncryptionDelegation
相關次數:
  • 被引用被引用:0
  • 點閱點閱:388
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
近年來,由於資訊與網路技術普及,使得物聯網(Internet of Things,簡稱IoT)相關技術蓬勃發展。諸如智慧城市、智慧穿戴、工業4.0等相關應用都需要物聯網技術來達到其目的,使得IoT裝置的數量迅速成長。然而,由於這些數量龐大的IoT裝置都需要透過網路通訊協定,例如被物聯網廣泛使用的訊息佇列遙測傳輸協定(Message Queue Telemetry Transport,簡稱MQTT),將資料上傳至雲端或傳送給其它IoT裝置,所以相對地產生許多資訊安全的問題。攻擊者只需要監聽物聯網的資料傳輸通道,就可以簡單地取得個人的隱私資料。為了避免這些隱私資料在傳輸過程中洩漏,MQTT支援了傳輸層安全(Transport Layer Security,簡稱TLS)與存取控制清單(access control list,簡稱ACL)。然而,MQTT-TLS只能確保傳輸通道安全,所以當訊息代理人被監控或甚至是遭到入侵或訊息代理人將資料解密送出後仍可能導致所有資料外洩。另一方面,MQTT-ACL雖然可以達到存取控制的目的,但是隨著IoT裝置數量的迅速成長,龐大的ACL規則庫將導致規則檢查時系統效能的負擔。為了解決上述問題,本論文設計並實作了一個MQTT物對物安全傳輸協定(MQTT Thing-to-Thing Security,簡稱MQTT-TTS)。首先,MQTT-TTS實現了端點對端點的資料保護。此外,MQTT-TTS能夠依據IoT裝置運算能力選擇適當的加密演算法。然而,經由傳統加密系統所加密的資料並不易於在物聯網應用中分享,所以MQTT-TTS支援密文策略屬性加密(Ciphertext-Policy Attribute-Based Encryption,簡稱CP-ABE)。由於CP-ABE提供細緻且靈活的存取控制,所以跟傳統加密系統相比是一種適用於物聯網的解決方案。為了評估MQTT-TTS的效能,本論文分別在電腦與Raspberry Pi 3 (RPi)上執行MQTT-TTS與CP-ABE並進行比較分析。根據實驗結果,因為電腦的運算資源豐富,所以在執行MQTT-TTS與CP-ABE並不會花費太多資源成本。相反地,當CP-ABE存取控制複雜度變高時,RPi的效能卻有很明顯的差異性,因此本篇論文依據實驗結果提出對物聯網應用使用MQTT-TTS時的建議。其中,當IoT裝置透過委外運算並採用我們所提出的建議來提高效能就可以在維持資料隱私的前提下讓較弱的物聯網裝置(Rpi)可以減少40~80%的時間來完成CP-ABE運算。
Internet of Tings (IoT) attracts a lots of attention recently. Since IoT is the underlying technology of applications such as smart city, wearable technology, and Industry 4.0, the number of IoT devices is rapidly increasing. For these applications, IoT devices will send secure sensitive data to cloud or other IoT devices for further processing through network protocol, such as Message Queue Telemetry Transport (MQTT). Since data is transmitted over Internet, attackers can easily obtain data by sniffing networks. Therefore, MQTT supports Transport Layer Security (TLS) and Access Control List (ACL) to protect data. Unfortunately, MQTT-TLS provides session encryption only and the data can be exposed at broker. On the other hand, the performance of MQTT-ACL can be enormously decreased with the increasing number of ACL rules for massive IoT devices. For solving these problems, we design and implement MQTT Thing-to-Thing Security protocol (MQTT-TTS). MQTT-TTS provides end-to-end security which prevents data leak at broker. Since IoT devices are typically resource constrained, MQTT-TTS supports multiple security algorithms which can be selected according to the capabilities of IoT devices. Moreover, data sharing is essential for most of IoT applications but is difficult if the data is encrypted with traditional encryption systems. Thus, MQTT-TTS supports Ciphertext-Policy Attribute Based Encryption (CP-ABE) which provides flexible and fine grained access control. In order to evaluate the performance of MQTT-TTS, MQTT-TTS with CP-ABE is implemented on personal computer (PC) and Raspberry Pi 3 (RPi). According to the experimental results, MQTT-TTS with CP-ABE will not consume much resources in resource-rich PC. However, for RPi, the performance can be obviously degraded if the complexity of access policy of CP-ABE becomes higher. Thus, we conclude several suggestions to apply MQTT-TTS with CP-ABE to resource-constrained IoT devices based on our experimental results. Moreover, a delegation approach is also proposed to improve the performance of MQTT-TTS with CP-ABE. The proposed delegation approach can improve the performance of MQTT-TTS with CP-ABE by 40~80% under the premise of keeping data privacy.
目錄
第一章、緒論 1
1.1 物聯網 1
1.2 物聯網的安全性議題 2
1.3 研究目標與貢獻 7
1.3.1 物聯網通訊協定安全機制與其限制 7
1.4 全文架構 9
第二章、相關研究 10
2.1 物聯網攻擊手法 10
2.2 適用於物聯網之通訊協定 10
2.2.1 超文本傳輸協定 11
2.2.2 超文本傳輸安全協定 12
2.2.3 訊息佇列遙測傳輸協定 12
2.2.4 受限制的應用通訊協定 16
2.2.5 進階佇列傳輸協定 17
2.2.6 資料分享服務 17
2.3 資料加密演算法 18
2.3.1 ABE與CP-ABE 20
2.3.2 橢圓曲線 22
2.4 相關論文 22
第三章、MQTT-TTS設計與實作 27
3.1 設計物對物安全的交換方式 27
3.2 設計物對物安全的訊息格式 28
3.3 開發環境與工具 32
3.4 修改Eclipse MQTT-Paho 34
3.4.1 修改MQTT-Paho資料發布端程式 34
3.4.2 修改MQTT-Paho資料訂閱端 35
3.5 修改CP-ABE工具套件 37
3.6 委外加密 41
3.7 MQTT-TTS與SMQTT比較 43
第四章、效能分析 44
4.1 資料大小與存取政策屬性個數對執行時間的影響 44
4.2 資料傳送頻率對執行時間的影響 50
4.3 委外運算對執行時間的影響 51
4.4 CPU與記憶體效能分析 51
第五章、結論與未來展望 54
參考文獻 56
參考文獻
[1] G. SMITH, “From 1982 coca-cola vending machine to latest trend: What the internet
of things means for business,” 2015-07-15.
[2] H. Bauer, M. Patel, and J. Veira, “The internet of things:sizing up the opportunity,” 2014.
[3] Q.-Y. Zhang, “An iot service discovery platform with heterogeneous protocols,” Mas- ter’s thesis, 2017.
[4] “Hp study reveals 70 percent of internet of things devices vulnerable to attack,” 2014.
[5] “Vulnerability in key fob can let hackers open subaru cars,” 2017.
[6] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internet of things: A survey on enabling technologies, protocols, and applications,” IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015.
[7] “5 possible attacks on the ioe and how to prevent them,” 2015.
[8] R. T. Fielding, Architectural Styles and the Design of Network-based Software Archi-
tectures. PhD thesis, 2000.
[9] O. M. GROUP, “Data distribution service,” 2015.
[10] M. Singh, M. Rajan, V. Shivraj, and P. Balamuralidhar, “Secure MQTT for internet of things (IoT),” in 2015 Fifth International Conference on Communication Systems and Network Technologies, IEEE, apr 2015.
[11] L. Bisne and M. Parmar, “Composite secure MQTT for internet of things using ABE and dynamic s-box AES,” in 2017 Innovations in Power and Advanced Computing Technologies (i-PACT), IEEE, apr 2017.
[12] X. Wang, J. Zhang, E. M. Schooler, and M. Ion, “Performance evaluation of attribute- based encryption: Toward data privacy in the IoT,” in 2014 IEEE International Conference on Communications (ICC), IEEE, jun 2014.
[13] A. Mektoubi, H. L. Hassani, H. Belhadaoui, M. Rifi, and A. Zakari, “New approach for securing communication over MQTT protocol a comparaison between RSA and elliptic curve,” in 2016 Third International Conference on Systems of Collaboration (SysCo), IEEE, nov 2016.
[14] M. Ambrosin, M. Conti, and T. Dargahi, “On the feasibility of attribute-based en- cryption on smartphone devices,” in Proceedings of the 2015 Workshop on IoT chal- lenges in Mobile and Industrial Systems - IoT-Sys '15, ACM Press, 2015.
[15] S. Mo↵at, M. Hammoudeh, and R. Hegarty, “A survey on ciphertext-policy attribute- based encryption (CP-ABE) approaches to data security on mobile devices and its application to IoT,” in Proceedings of the International Conference on Future Net- works and Distributed Systems - ICFNDS '17, ACM Press, 2017.
[16] J.-S. SU, D. CAO, X.-F. WANG, Y.-P. SUN, and Q.-L. HU, “Attribute-based en- cryption schemes,” Journal of Software, vol. 22, pp. 1299–1315, jun 2011.
[17] V. Goyal, O. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine- grained access control of encrypted data,” in Proceedings of the 13th ACM conference on Computer and communications security - CCS '06, ACM Press, 2006.
[18] B. W. a. r. John Bethencourt, Amit Sahai (advisory role), “libbswabe.”
[19] M. Anoop, “Elliptic curve cryptography,” 2008.
[20] “Paho mqtt c clinet.”
[21] B. Lynn, “The pairing-based cryptography library.”
[22] W. Yuan, “Dynamic policy update for ciphertext-policy attribute-based encryption.,” IACR Cryptology ePrint Archive, vol. 2016, p. 457, 2016.
[23] Y. Zhang, J. Li, X. Chen, and H. Li, “Anonymous attribute-based proxy re- encryption for access control in cloud computing,” Sec. and Commun. Netw., vol. 9, pp. 2397–2411, Sept. 2016.
[24] T. Lindner, “The evolution of smart coca cola vending machine,” 2014.
[25] E. M. Schooler, “Data-centric networking for a data-centric iot:a user’s perspective,” 2016.
[26] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryp- tion,” in 2007 IEEE Symposium on Security and Privacy (SP '07), IEEE, may 2007.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top