跳到主要內容

臺灣博碩士論文加值系統

(44.200.86.95) 您好!臺灣時間:2024/05/20 08:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:石家維
研究生(外文):Chia-Wei Shih
論文名稱:叢集式無線感測網路之遠程證實協定研究
論文名稱(外文):Remote Attestation for Cluster-based Wireless Sensor Networks
指導教授:顏嵩銘顏嵩銘引用關係
指導教授(外文):Sung-Ming Yen
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2014
畢業學年度:103
語文別:英文
論文頁數:62
中文關鍵詞:無線感測網路遠程證實
外文關鍵詞:Wireless sensor networkRemote attestation
相關次數:
  • 被引用被引用:0
  • 點閱點閱:159
  • 評分評分:
  • 下載下載:4
  • 收藏至我的研究室書目清單書目收藏:0
由於感測終端元件大多佈署於惡劣環境中且受限於低成本之製作,
使得感測元件易成為攻擊者之目標。
攻擊者可將惡意程式植入至感測終端元件中,進而達到控制該元件之目的。
遠程證實 (Remote Attestation) 方法既為一種透過遠程方
式使得驗證者能檢驗感測終端元件內部軟體完整性的機制。

可 信 賴 平 台 模 組 (Trusted Platform Module)
是 根 據 可 信 賴 計 算 組 織 (Trusted Computing Group)
建議之規範所實作之防竄改密碼硬體模組。
可信賴平台模組可內嵌在一個計算平台中,
藉以提供此平台之系統狀態、軟體完整性測量結果與各類密碼演算法。

在無線感測網路中,由於對感測終端元件之低成本製作
與大規模佈署要求,使得在每一元件內嵌一個可信賴平台模組為一個不合宜方法。
對此我們採用叢集式 (Cluster-based) 無線感測網路架構以提升感測網路之存活期與可靠性,同時避免大量增加整體感測網路之布建成本。
在此架構下,將感測範圍區域內許多感測終端元件形成數個叢集,
每個叢集中有一個計算資源較好且內嵌可信賴平台模組之元件作為叢集頭 (Cluster Head)。

Krauß 等人提出之遠程證實協定允許感測終端元件驗證叢集頭之軟體完整性。
在我們研究過程中,發現 Krauß 等人的遠程證實協定造成叢集頭嚴重的儲存負擔,因此我們首先改善 Krauß 等人的方法以降低儲存空間之需求。
而在叢集式無線感測網路中叢集頭容易成為攻擊者之目標,我們提出新的協定讓基地台 (Base Station) 能夠驗證叢集頭之完整性。

在叢集式架構下,叢集頭負責將感測終端元件在叢集範圍所收集到的資料傳送到遠處的基地台。
為了確保資料的正確性,叢集頭必須驗證感測終端元件之完整性,
然而因感測元件之低成本需求並不適合在每一元件內嵌可信賴平台模組。
為 此 , 我 們 僅 要 求 感 測 終 端 元 件 內 擁 有 少 量 的 唯 讀 記 憶 體 (Read-Only Memory),提出一個虛擬可信賴平台模組驗證協定,使得叢集頭能驗證感測終端元件的完整性。
此外,叢集頭亦可透過此協定與感測終端元件重新建立一把共享金鑰。
Sensor nodes are usually vulnerable to be compromised due to their unattended
deployment and the low costs requirement. Thus, an attacker can reprogram the
compromised sensor and control the node to act on his behalf. Remote attestation
is the activity of making a claim about the internal state of a platform by supplying
evidence to a remote verifier.
The Trusted Platform Module (TPM) is a tamper-proof hardware based on the
Trusted Computing specification. A TPM is added to the platform in order to enable
functions, such as platform integrity measurement, remote attestation and crypto-
graphic functionality. However, in the wireless sensor network, the low cost design
and large scale deployment make it infeasible to equip each resource-constrained
sensor node with a TPM. We explore the cluster-based sensor network architecture
to increase the network lifetime and reliability without significantly increasing the
cost. The sensor network is organized in clusters where a minority of nodes are
equipped with TPMs and act as the cluster heads.
In this thesis, we first improve Krauβ et al.’s attestation protocol to decrease
the storage overhead. Their protocol allows the sensor nodes to verify whether the
platform configuration of the cluster head is trustworthy. However, a node acts as
the cluster head may be valuable to attack and our new protocol enables the base
station to verify the integrity of the cluster head.
A cluster head is responsible for verifying the trustworthiness of the sensor nodes
within the cluster. The low cost requirement of the sensor node precludes using an
expensive hardware, so we propose a virtual TPM attestation protocol. Assuming
only a small amount of read-only memory in each sensor node and the cluster head
can verify the integrity of each underlying sensor node. Furthermore, the cluster
head can re-establish the secret key with the dominated sensor nodes.
1 Introduction 1
1.1 Motivation of the Research . . . . . . . . 1
1.2 Overview of the Thesis .. . . . . . . . . . 3

2 Preliminary 5
2.1 Hash Function and Hash Chain . . . . . . . . 5
2.1.1 Hash Function . . . .... . . . . . . . . . 5
2.1.2 Hash Chain . . . . . . . . . . . . . . . . 5
2.2 Message Authentication Code . . . . . . . . 6
2.3 Introduction to Trusted Platform Module . . 7
2.3.1 Architecture of Trusted Platform Module .. 7
2.3.2 The Chain of Trust in TPM . . . . . . . . 7
2.3.3 Remote Attestation . . . . . . . . . . . . 9
2.3.4 Sealed Storage ... . . . . . . . . . . . . 9

3 Related Work 12
3.1 Software-based Remote Attestation .. . . . . 12
3.1.1 Time-based Attestation ..... . . . . . . . 12
3.1.2 Memory-based Attestation . . . . . . . . . 15
3.1.3 Review of Kiyomoto et al.’s Scheme . . . . 17
3.2 Hardware-based Remote Attestation . . . . . 19
3.2.1 Review of Krauβ et al.’s Scheme . . . . . 19

4 The Proposed Remote Attestation Protocols 22
4.1 Sensor Network Model . . . . . . . . . . 23
4.1.1 The Architecture of Micro-controller . 25
4.2 Assumptions and Attack Model . .. . . . . 25
4.3 Proposed Improved Krauβ et al.’s Attestation Protocol 26

4.3.1 Security Analysis and Performance Comparison . 27
4.4 Proposed Attestation Protocol Between Base Station and Cluster Head 29
III4.4.1 Security Analysis . . 30
4.4.2 Performance Analysis . 31
4.5 Proposed Virtual TPM Attestation Protocol with Key Update . . . . 32
4.5.1 Security Analysis . . . . 38
4.5.2 Performance Analysis . . 39

5 Conclusions 44
[1] T. Abuhmed, N. Nyamaa, and D. Nyang, “Software-based Remote Code Attestation in Wireless Sensor Network,” Proc. of the IEEE Conference on Global
Telecommunications, pp. 1-8, 2009.

[2] I. Crossbow Technology, “MICA2: Wireless Mea-
surement System,” http://www.eol.ucar.edu/isf/facilities/
isa/internal/CrossBow/DataSheets/mica2.pdf.

[3] C. Castelluccia, A. Francillon, D. Perito, and C. Soriente, “On the Difficulty of Software-based Attestation of Embedded Devices,” Proc. of the 16th ACM
Conference on Computer and Communications Security, pp. 400-409, 2009.

[4] K.E. Defrawy, A. Francillon, D. Perito, and G. Tsudik, “SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust,” Proc. of
the Network and Distributed System Security Symposium (NDSS), 2012.

[5] A. Francillon and C. Castelluccia, “Code Injection Attacks on Harvard-architecture Devices,” Proc. of the 15th ACM Conference on Computer and Communications Security, pp. 15-26, 2008.

[6] FIPS 180-1, “Secure Hash Standard,” NIST, US Department of Commerce,
Washington, D.C., 1995.

[7] FIPS 198, “The Keyed-Hash Message Authentication Code (HMAC),” NIST, US Department of Commerce, Washington, D.C., 2002.

[8] T. Giannetsos, T. Dimitriou, I. Krontiris, and N.R. Prasad, “Arbitrary Code Injection through Self-propagating Worms in Von Neumann Architecture De-
vices,” The Computer Journal, Vol. 53, No. 10, pp. 1576-1593, 2010.

[9] S. Ganeriwal, S. Ravi, and A. Raghunathan, “Trusted Platform based Key Establishment and Management for Sensor Networks,” 2007.

[10] S. Kiyomoto and Y. Miyake, “Lightweight Attestation Scheme for Wireless Sensor Network,” International Journal of Security and Its Application, Vol. 8, No. 2, pp. 25-40, 2014.

[11] C. Krauβ, F. Stumpf, and C. Eckert, “Detecting Node Compromise in Hybrid Wireless Sensor Networks Using Attestation Techniques,” Proc. of the 4th European Conference on Security and Privacy in Ad-Hoc and Sensor Network, pp. 203-217, 2007.

[12] L. Lamport, “Password Authentication with Insecure Communication,” Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981.

[13] D. Liu, P. Ning, and R. Li, “Establishing Pairwise Keys in Distributed Sensor Networks,” ACM Transactions on Information and System Security, Vol. 8, No.
1, pp. 41-77, 2005.

[14] A. Martin, “The Ten-page Introduction to Trusted Computing,” Technical Report RR-08-11, OUCL, 2008.

[15] B. Paron, “The Trusted Platform Module (TPM) and Sealed Storage,” Technical Report, 2007.

[16] S. Prasanna and S. Rao, “An Overview of Wireless Sensor Networks Applications and Security,” International Journal of Soft Computing and Engineering, Vol. 2, No. 2, pp. 538-540, 2012.

[17] D. Perito and G. Tsudik, “Secure Code Update for Embedded Devices via Proofs of Secure Erasure,” Proc. of ESORICS ’10, pp. 643-662, 2010.

[18] M. Pirretti, S. Zhu, N. Vijaykrishnan, P. McDaniel, M. Kandemir, and R.Brooks, “The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense,” International Journal of Distributed Sensor Networks, Vol. 2,No. 1, pp. 267-287, 2006.

[19] M. Ryan, “Introduction to the TPM 1.2,” Draft, 2009.

[20] R. Rivest, “The MD5 Message-Digest Algorithm,” RFC 1312, 1992.

[21] R. Rivest, “The RC5 Encryption Algorithm,” Proc. of the Workshop on Fast
Software Encryption, LNCS 1008, pp. 86-96, 1995.

[22] R. Rivest and A. Shamir, “PayWord and MicroMint: Two Simple Micropayment Schemes,” Proc. of the 15th International Workshop on Security Protocols,
LNCS 1189, pp. 69-87, Springer, 1996.

[23] A. Shamir, “How to Share a Secret,” Communications of the ACM, Vol. 22, No. 11, pp. 612-613, 1979.

[24] H. Shacham, “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86),” Proc. of the 14th ACM Conference on
Computer and Communications Security, pp. 552-561, 2007.

[25] O.J. Svendsli, “Atmel’s Self-Programming Flash Microcontrollers,” http://www.atmel.com/images/doc2464.pdf, Atmel, 2010.

[26] A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla, “SCUBA: Secure Code Update by Attestation in Sensor Networks,” Proc. of the 5th ACM
Workshop on Wireless Security, pp. 85-94, 2006.

[27] A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, “SWATT: Software-based Attestation for Embedded Devices,” Proc. of IEEE Symposium on Security and Privacy, pp. 272-282, 2004.

[28] Trusted Computing Group, “TCG Specification Architecture Overview,” TCG Specification Revision 1.4, 2007.

[29] Trusted Computing Group, “Trusted Platform Module Library Part 1: Architecture,” Revision 00.96, March 2013.

[30] H. Tan, W. Hu, and S. Jha, “A TPM-enabled Remote Attestation Protocol (TRAP) in Wireless Sensor Networks,” Proc. of the 6th ACM Workshop on Performance Monitoring and Measurement of Heterogeneous Wireless and Wired
Networks, pp. 9-16, 2011.

[31] F. Ye, H. Luo, S. Lu, and L. Zhang, “Statistical En-Route Filtering of Injected False Data in Sensor Networks,” IEEE Journal on Selected Areas in Commu-
nications, Vol. 23, No. 4, pp. 839-850, 2005.

[32] Y. Yang, X. Wang, S. Zhu, and G. Gao, “Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks,” Proc. of the 26th IEEE Symposium on Reliable Distributed Systems, pp. 219-230, 2007.

[33] S.M. Yen and Y. Zheng, “Weighted One-way Hash Chain and its Applications,”
Proc. of International Workshop on Information Security, pp. 135-148, 2000.

[34] H. Zhang and A. Arora, “GS 3 : Scalable Self-configuration and Self-healing in Wireless Networks,” Proc. of the 21st ACM Symposium on Principles of
Distributed Computing, pp. 58-67, 2002.

[35] D. Zhang and D. Liu, “DataGuard: Dynamic Data Attestation in Wireless Sensor Networks,” Proc. of the 40th IEEE/IFIP International Conference on
Dependable Systems and Networks, pp. 261-270, 2010.

[36] Y. Zheng, J. Pieprzyk, and J. Seberry, “HAVAL - A One-way Hashing Algorithm with Variable Length of Output,” Proc. of AUSCRYPT ’92, LNCS 718,
pp. 81-104, 1992.

[37] S. Zhu, S. Setia, and S. Jajodia, “LEAP: Efficient Security Mechanisms for Large-scale Distributed Sensor Networks,” Proc. of the 10th ACM Conference
on Computer and Communications Security, pp. 62-72, 2003.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top