跳到主要內容

臺灣博碩士論文加值系統

(18.97.14.86) 您好!臺灣時間:2025/01/14 10:44
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:龔逸軒
研究生(外文):Yi-Hsuan Kung
論文名稱:物聯綱中對動態使用者與裝置的高效金鑰管理
論文名稱(外文):An Efficient Key Management Scheme for Dynamic Users and Devices in Internet of Things
指導教授:蕭旭君
指導教授(外文):Hsu-Chun Hsiao
口試日期:2017-06-30
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2017
畢業學年度:105
語文別:英文
論文頁數:46
中文關鍵詞:物聯網團體金鑰管理
外文關鍵詞:Internet of ThingsGroup Key Management
相關次數:
  • 被引用被引用:0
  • 點閱點閱:176
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
隨著物聯網的發展,為了防止未授權者取得裝置所收集的敏感資
訊,建立存取控制成為重要的課題。實行存取控制時,若裝置與使用
者間能夠建立加解密資料用的共享金鑰、裝置以此金鑰對資料進行加
密並傳輸加密的資料、且擁有存取權的使用者們皆可使用此金鑰進行
解密,則能夠免於依賴一個需要隨時在線上處理認證與存取控制的單
位。然而,現行的團體金鑰管理系統並沒有辦法有效率地處理因物聯
網規模的擴張及現實環境中使用者與裝置之間動態變化的存取關係而
引出的新挑戰。在這篇論文中,我們提出的方法其核心發想源自於觀
察出,現實中擁有類似屬性的裝置―例如功能性類似或擁有相同隱私
層級―通常擁有相似的存取條件限制或由同一群使用者所使用。藉由
裝置分類的技術將所有裝置分類至數量固定的群組中,能夠在維持理
想的安全層級下有效減少系統處理變化時所耗費的資源。此篇論文提
供理論上的數據分析以及展示可行性、利用Alljoyn 框架的概念實作。
With the widespread of Internet of Things (IoT) devices that collect sensitive data, access control is more crucial than ever to safeguard such data from unauthorized use. To enforce access control policies without an on-line trusted entity, one promising approach is to maintain a group key shared between the device and its current subscribers, such that the device can encrypt its data and only users with the same group key can access the encrypted data. However, prior group key management schemes fail to efficiently address new challenges introduced by the scale of IoT and the dynamic memberships of both users and devices. This thesis proposes an efficient group key management method to accommodate multiple users as well as devices and to handle frequent membership changes. Inspired by the observation that devices with similar functionalities often have similar access permissions, the core idea of the proposed method is to integrate existing group key management scheme with device grouping techniques to improve efficiency while maintaining a decent security level. The thesis provides both theoretical analysis and a proof-of-concept implementation based on Alljoyn, an open-source IoT communication framework to demonstrate the feasibility of the proposed method.
Contents
口試委員會審定書iii
誌謝v
Acknowledgements vii
摘要ix
Abstract xi
1 Introduction 1
2 Background 5
2.1 Logical Key Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 LKH structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.2 User join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.3 User leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Key Management based on Chinese Remainder Theorem . . . . . . . . . 7
3 Problem Definition 11
3.1 System model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Attacker model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3 Assumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.4 Desired properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4 Proposed solution 15
4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2 Proposed method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.1 Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.2.2 On user join group i . . . . . . . . . . . . . . . . . . . . . . . . 20
4.2.3 On user leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4.2.4 On device join . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.2.5 On device leave . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5 Analysis 27
5.1 Storage overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.2 Computation overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.2.1 When user leaves subgroup i . . . . . . . . . . . . . . . . . . . . 28
5.2.2 When user joins subgroup i . . . . . . . . . . . . . . . . . . . . . 29
5.2.3 When device joins device group j . . . . . . . . . . . . . . . . . 29
5.2.4 When device leaves . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.3 Communication overhead . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.4 Comparison with existing methods . . . . . . . . . . . . . . . . . . . . . 31
5.5 ID update method collusion . . . . . . . . . . . . . . . . . . . . . . . . 34
6 Implementation 37
6.1 Alljoyn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2 Near Field Communication . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.3 Implementation detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
7 Related work 41
8 Conclusion and future work 43
Bibliography 45
[1] Breaking down mirai: An iot ddos botnet analysis. https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html.
[2] D. Balenson, D. McGrew, and A. Sherman. Key management for large dynamic groups: One-way function trees and amortized initialization, 1999.
[3] A. Banks and R. Gupta. Mqtt version 3.1. 1. OASIS standard, 2014.
[4] I. Damgård, H. Haagh, and C. Orlandi. Access control encryption: Enforcing information flow with cryptography. In Theory of Cryptography Conference, pages 547–576. Springer, 2016.
[5] H. Harney and E. Harder. Logical key hierarchy protocol. Technical report, Internet draft, 1999.
[6] G. Horng. Cryptanalysis of a key management scheme for secure multicast communications. IEICE Transactions on Communications, 85(5):1050–1051, 2002.
[7] Information technology – Telecommunications and information exchange between systems – Near Field Communication – Interface and Protocol (NFCIP-1). Standard, International Organization for Standardization, Mar. 2013.
[8] S. Jahid, P. Mittal, and N. Borisov. Easier: Encryption-based access control in social networks with efficient revocation. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pages 411–415. ACM, 2011.
[9] T. H.-J. Kim, L. Bauer, J. Newsome, A. Perrig, and J. Walker. Challenges in access right assignment for secure home networks. In HotSec, 2010.
[10] M. Y. Malik. Efficient group key management schemes for multicast dynamic communication systems. arXiv preprint arXiv:1211.3502, 2012.
[11] M.-H. Park, Y.-H. Park, H.-Y. Jeong, and S.-W. Seo. Key management for multiple multicast groups in wireless networks. IEEE Transactions on Mobile Computing, 12(9):1712–1723, 2013.
[12] B. Purushothama and B. Amberker. Group key management scheme for simultaneous multiple groups with overlapped membership. In Communication Systems and Networks (COMSNETS), 2011 Third International Conference on, pages 1–10. IEEE, 2011.
[13] S. Sciancalepore, A. Capossele, G. Piro, G. Boggia, and G. Bianchi. Key management protocol with implicit certificates for iot systems. In Proceedings of the 2015 Workshop on IoT challenges in Mobile and Industrial Systems, pages 37–42. ACM, 2015.
[14] C. Soriente, G. Tsudik, and E. Uzun. Secure pairing of interface constrained devices. International Journal of Security and Networks, 4(1-2):17–26, 2009.
[15] P. Vijayakumar, S. Bose, and A. Kannan. Chinese remainder theorem based centralised group key management for secure multicast communication. IET information Security, 8(3):179–187, 2014.
[16] J. Zhang and V. Varadharajan. Wireless sensor network key management survey and taxonomy. Journal of Network and Computer Applications, 33(2):63–75, 2010.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top