跳到主要內容

臺灣博碩士論文加值系統

(44.222.64.76) 您好!臺灣時間:2024/06/14 07:45
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:陳冠霖
研究生(外文):Chen, Guan-Lin
論文名稱:確保在受限閘道下的物聯網系統安全
論文名稱(外文):Ensuring IoT/M2M System Security under the Limitation of Constrained Gateways
指導教授:林甫俊
指導教授(外文):Lin, Fu-Chun
口試委員:林甫俊陳志成李皇辰易志偉
口試委員(外文):Lin, Fu-ChunChen, Jyh-ChengLee, Huang-ChenYi, Chih-Wei
口試日期:2017-12-25
學位類別:碩士
校院名稱:國立交通大學
系所名稱:資訊科學與工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2017
畢業學年度:106
語文別:英文
論文頁數:38
中文關鍵詞:物聯網機器對機器通訊安全認證資源受限
外文關鍵詞:IoTM2MSecurityAuthenticationresource-constrained
相關次數:
  • 被引用被引用:1
  • 點閱點閱:379
  • 評分評分:
  • 下載下載:76
  • 收藏至我的研究室書目清單書目收藏:0
物聯網服務必須提供相關的安全機制,以避免服務受到非法的使用。然而在某些情形下,物聯網系統中的閘道是資源有限的設備以至於缺少足夠的資源,例如計算能力以及記憶體,來執行完整的認證流程。因此,常用的傳輸層安全協議(Transport Layer Security)無法完全適用於物聯網系統以確保其安全性。
此外,因為閘道資源受限,它並無法頻繁的更新以修補有漏洞的軟體,因此有可能遭受來自互聯網上的阻斷服務攻擊(DOS)。因此,必須要有一個保護機制來去阻擋這樣的攻擊。
我們的研究將著重在為資源受限閘道的物聯網系統提供其適用的安全機制。為了解決這樣的問題,我們在oneM2M標準中所定義的安全框架上設計了一個安全機制。同時,我們也設計了一個保護機制抵禦惡意使用者的攻擊以及非法閘道對於系統的存取。並將這個機制實作於OM2M的物聯網平台中,並針對資源成本以及效能方面進行評估。
The IoT/M2M service must provide security mechanisms to avoid illegal usage of the service. However, in some situation the gateways involved in the IoT/M2M systems are resource-constrained, and they do not have sufficient resources, such as computing power and memory, to perform full authentication procedure. Hence, the commonly used Transport Layer Security (TLS) protocol cannot be readily applicable to ensure the security of the IoT/M2M systems.
Besides, because the gateway is resource-constrained and cannot be updated frequently to fix the vulnerability of the software, it may suffer the denial-of-service (DOS) attack from the Internet. Hence, there must be a protection mechanism to against the attack.
Our research focuses on providing IoT/M2M system security under the limitation of constrained gateways. We design a security mechanism on top of the security framework defined in the oneM2M standard to address this problem. We also design a protection mechanism to defend the attack of the malicious users and to reject the access of the illegal gateways to our system. Furthermore, we implement this mechanism on the OM2M platform and evaluate it in terms of cost and performance.
摘要 i
Abstract ii
Acknowledgement iii
Table of Contents iv
List of Tables vi
List of Figures vii
I. Introduction 1
1.1. Motivation and Problem Overview 1
1.2. Contribution 1
1.3. Thesis Organization 2
II. Background 3
2.1. oneM2M Standard 3
2.1.1. Functional Architecture 3
2.1.2. Security Architecture 5
2.1.3. Security Frameworks 6
2.1.3.1. Remote Security Provisioning Framework (RSPF) 6
2.1.3.1.1. Pre-Provisioned Symmetric Key Remote Security Provisioning Framework 7
2.1.3.1.2. Certificate-Based Remote Security Provisioning Framework 7
2.1.3.2. Security Association Establishment Framework(SAEF) 7
2.1.3.2.1. Provisioned Symmetric Key Security Association Establishment Framework 7
2.1.3.2.2. Certificate-Based Security Association Establishment Framework 8
2.1.3.2.3. MAF-Based Security Association Establishment Framework 8
2.2. Transport Layer Security (TLS) 8
2.2.1. Key Agreement Algorithms 10
2.2.2. Block Cipher Algorithms 10
2.2.3. Message Authentication Code Algorithms 11
2.3. Datagram Transport Layer Security (DTLS) 12
III. Related Work 14
3.1. Certificate issues in IoT/M2M systems 14
3.2. Proxy-based security mechanisms 16
3.3. Other security mechanisms 17
3.4. Platform Implementation of oneM2M Standards 18
IV. Proposed Security Design 19
4.1. Security Architecture 19
4.2. Whitelist Application Procedure 20
4.3. Remote Security Provisioning Framework 23
4.4. Security Association Establishment Framework 24
4.5. Key Revocation Procedure 25
V. Implementation and Evaluation 28
5.1. System Implementation 28
5.2. Testing Scenarios 31
5.3. Metric Measurement 32
5.4. Performance Evaluation 33
VI. Conclusion and Future Work 35
[1] Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Communications Surveys and Tutorials, 17(4), 2347-2376. DOI: 10.1109/COMST.2015.2444095(2015)
[2] Lake, D., Milito, R. M. R., Morrow, M., & Vargheese, R. (2014). Internet of things: Architectural framework for ehealth security. Journal of ICT Standardization, 1(3), 301-328.
[3] Hossain, M. M., Fotouhi, M., & Hasan, R. (2015, June). Towards an analysis of security issues, challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE World Congress on (pp. 21-28). IEEE.
[4] Network Working Group, The Transport Layer Security (TLS) Protocol, Version 1.2.(2008)
[5] Network Working Group, Datagram Transport Layer Security, Version 1.2.(2012)
[6] Apostolopoulos, G., Peris, V., & Saha, D.: Transport Layer Security: How much does it really cost?. In INFOCOM'99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE (Vol. 2, pp. 717-725).(1999)
[7] Kuo, F. C., Tschofenig, H., Meyer, F., & Fu, X.: Comparison Studies between Pre-Shared Key and Public Key Exchange Mechanisms for Transport Layer Security (TLS). Institute for Informatics, University of Goettingen, Technical Report IFI-TB-2006-01(2006)
[8] Changyan Peng, Quan Zhang, Chaojing Tang, "Improved TLS Handshake Protocols Using Identity-based Cryptography", International Symposium on Information Engineering and Electronics Commerce 2009 (IEEC '09), pp. 135-139, 16-17 May 2009.
[9] oneM2M, http://www.onem2m.org/about-onem2m/why-onem2m
[10] oneM2M, TS 0001 v2.10.0, Functional Architecture
[11] oneM2M, TS 0003 v2.4.1, Security Solutions
[12] TLS, https://en.wikipedia.org/wiki/Transport_Layer_Security
[13] TLS-PSK, https://en.wikipedia.org/wiki/TLS-PSK
[14] Yu-Hao Hsu and Fuchun Joseph Lin: Preventing Misuse of Duplicate Certificates in IoT/M2M Systems. The 7th International Workshop on Internet on Things: Privacy, Security and Trust (IoTPST), July 31-August 3, 2017, Vancouver, Canada
[15] Mario FRUSTACI, Pasquale PACE, Gianluca ALOI: Securing the IoT world: issues and perspectives. IEEE Conference on Standards for Communications & Networking (IEEE CSCN), September 18-20, 2017, Helsinki, Finland
[16] Hummen, R., Shafagh, H., Raza, S., Voig, T., & Wehrle, K., Delegation-based Authentication and Authorization for the IP-based Internet of Things. In Sensing, Communication, and Networking (SECON), 2014 Eleventh Annual IEEE International Conference on (pp. 284-292), (2014)
[17] Saied, Y. B., Olivereau, A., & Laurent, M. (2012, May). A distributed approach for secure M2M communications. In New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on (pp. 1-7). IEEE.
[18] Porambage, P., Braeken, A., Gurtov, A., Ylianttila, M., & Spinsante, S. (2015, December). Secure end-to-end communication for constrained devices in IoT-enabled Ambient Assisted Living systems. In Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on (pp. 711-714). IEEE.
[19] Raza, S., Shafagh, H., Hewage, K., Hummen, R., & Voigt, T. (2013). Lithe: Lightweight secure CoAP for the internet of things. IEEE Sensors Journal, 13(10), 3711-3720.
[20] Hummen, R., Wirtz, H., Ziegeldorf, J. H., Hiller, J., & Wehrle, K. (2013, October). Tailoring end-to-end IP security protocols to the Internet of Things. In Network Protocols (ICNP), 2013 21st IEEE International Conference on (pp. 1-10). IEEE.
[21] OM2M, https://wiki.eclipse.org/OM2M/one
[22] OpenMTC, http://www.open-mtc.org/
[23] OCEAN openMobius and Cube, http://www.iotocean.org/main/
[24] OpenSSL, https://www.openssl.org/
[25] Java Secure Socket Extension (JSSE) Reference Guide, https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
[26] Jetty, https://www.eclipse.org/jetty/
[27] Stunnel, https://www.stunnel.org/index.html
[28] VisualVM, VisualVM, https://visualvm.github.io/
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊