系統識別號 | U0002-1501202021504500 |
---|---|
DOI | 10.6846/TKU.2020.00414 |
論文名稱(中文) | 物聯網安全閘道器認證機制與實作 |
論文名稱(英文) | Authentication Mechanism of Secured IoT Gateway and Implementation |
第三語言論文名稱 | |
校院名稱 | 淡江大學 |
系所名稱(中文) | 資訊工程學系碩士在職專班 |
系所名稱(英文) | Department of Computer Science and Information Engineering |
外國學位學校名稱 | |
外國學位學院名稱 | |
外國學位研究所名稱 | |
學年度 | 108 |
學期 | 1 |
出版年 | 109 |
研究生(中文) | 洪偉智 |
研究生(英文) | Wei-Chih Hung |
學號 | 706410098 |
學位類別 | 碩士 |
語言別 | 繁體中文 |
第二語言別 | |
口試日期 | 2020-01-08 |
論文頁數 | 77頁 |
口試委員 |
指導教授
-
張世豪
委員 - 林其誼 委員 - 鄭欣明 |
關鍵字(中) |
物聯網 閘道器 加密 認證 |
關鍵字(英) |
IoT gateway encryption authentication |
第三語言關鍵字 | |
學科別分類 | |
中文摘要 |
隨著網際網路與微機電系統的發展,讓嵌入式與可攜式的微電子裝置無所不在,而這些裝置也具有網路連接功能可以將現實世界數位化並拉近大量分散的資訊, 即所謂的物聯網( Internet of Things,IoT)。IoT 技術是運用硬體的感測器和軟體應用程式介面( Application Programming Interface, API ) 將實體物件的感測值串連至虛擬網路,並透過網際網路連結並交換資料。然而,由於IoT 的快速發展,製造商與營運商主要強調軟硬體設計的關係與設備連線的擴充性,因此前期較無考慮裝置與軟體的安全性,導致IoT 有多種可能被攻擊的方式,進而導致使用者或重要資訊隱私曝露等問題,因此IoT 安全近年來也成為一個重要的學術研究與產業發展的項目。 本論文著重在IoT設備的認證和傳輸訊息加密的設計和實作來加強IoT的資訊安全。在實作裡,使用Device – Gateway – Server 基本架構來模擬實際的IoT連線通訊,並測試在傳輸的資料加上加解密流程對各設備造成的影響以及歸納各種測試結果。 |
英文摘要 |
This thesis focuses on the design and implementation of authentication and message encryption for IoT devices to enhance IoT information security. In practice, using basic “Device-Gateway-Server “ architecture to simulate the actual IoT communication, and test effects of encrypting / decrypting data on IoT devices then summarize test results. |
第三語言摘要 | |
論文目次 |
目錄 第一章、簡介 1 1.1 IoT簡介 1 1.2 IoT架構 2 1.3 IoT資訊安全疑慮 4 1.4 IoT設備認證&訊息加密 6 第二章、文獻探討 7 第三章、認證機制規劃 13 3.1 規劃目的 13 3.2 閘道器和伺服器間的認證 14 3.3 傳輸格式 18 3.3.1 格式規劃 18 3.3.2 基本檢查 20 3.4 IoT設備和伺服器間的認證 26 3.4.1 概念 26 3.4.2 要求金鑰流程 26 3.5 攻擊模式 & 防禦機制 29 第四章、實驗說明&實作測試 31 4.1 實驗架構 31 4.1.1 架構&設備說明 31 4.1.2 ZigBee傳輸模組 32 4.1.3 訊息傳收差異 34 4.1.4 加密 38 4.2 實作測試 40 4.2.1 基本流程 40 4.2.2 傳輸內容及說明 42 4.2.2.1 閘道器傳送ID給伺服器 42 4.2.2.2 伺服器傳送短金鑰給閘道器 43 4.2.2.3 閘道器產生認證碼並傳給伺服器 44 4.2.2.4 伺服器通知認證結果 44 4.2.2.5 IoT設備傳送要求金鑰訊息 45 4.2.2.6 伺服器產生金鑰並傳給IoT設備 46 4.2.2.7 IoT用金鑰加密內定訊息並傳給伺服器做認證 47 4.2.2.8 認證成功,伺服器傳送結果給IoT設備 48 4.2.2.9 IoT設備傳送加密訊息 49 4.2.2.10 IoT設備B連線 50 4.2.2.11 IoT設備B傳送加密訊息 50 4.2.2.12 伺服器傳送加密訊息給IoT設備 50 4.3 效能測試 53 4.3.1 秏電量測試 53 4.3.2 效能測試 55 4.3.3 解密耗時測試 57 4.3.3.1 AES相關說明 57 4.3.3.2 ECC相關說明 57 4.3.3.3 測試程式流程 61 4.3.3.4 測試結果 64 第五章、結論 74 參考文獻 75 圖目錄 Fig 1: Smart Home Example 2 Fig 2: IoT Structure 1 3 Fig 3: IoT Structure 2 3 Fig 4: IoT Structure 3 3 Fig 5: IoT Structure Sample 5 Fig 6: IoT Structure Sample 5 Fig 7: Semantic Gateway 9 Fig 8: CLSA 10 Fig 9: Authentication by Gateway 11 Fig 10: Authentication by Security Token 12 Fig 11: Server – Gateway Auth Flow 15 Fig 12: AES Key Build & Get Auth Code 16 Fig 13: Message Structure Design 18 Fig 14: Message Length Range 18 Fig 15: Check Code Range 19 Fig 16: Check Head & Tail 22 Fig 17: Check Message Entirety 23 Fig 18: Message Receive and Analyze 24 Fig 19: Devices Check List 25 Fig 20: Key Storage 26 Fig 21: Get Key Process 28 Fig 22: IoT Test Structure 31 Fig 23: Arduino & ZigBee CC2530 (Left) 33 Fig 24: Raspberry Pi & ZigBee CC2530 (Right) 33 Fig 25: ZigBee CC2530 Send & Receive Test 34 Fig 26: Socket Send & Receive Situation 35 Fig 27: ZigBee Send & Receive Situation 36 Fig 28: Socket Send & Receive Situation 37 Fig 29: ZigBee Send & Receive Situation 38 Fig 30: PKCS7 Padding 39 Fig 31: Test Step 41 Fig 32: Raspberry Pi Gateway Terminal Log – Send Gateway ID 42 Fig 33: C# Server Log – Get Gateway ID & Send Short Key 43 Fig 34: Raspberry Pi Gateway Terminal Log – Calculate Auth Code & Send Back 44 Fig 35: C# Server Log – Auth Done 44 Fig 36: Raspberry Pi Gateway Terminal Log – Get Auth Ok Message 44 Fig 37: Raspberry Pi Gateway Terminal Log – Get IoT Device Message 45 Fig 38: C# Server Log – Get IoT Device Message from Gateway 45 Fig 39: C# Server Log – Analyze Message & Send Encrypted Key Back 46 Fig 40: Arduino IoT Device Log – Get IoT Device Message from Gateway 46 Fig 41: Arduino IoT Device Log – Send Auth 47 Fig 42: C# Server Log – Get IoT Device Auth 47 Fig 43: C# Server Log – Receive Auth Message & Send Auth Result 48 Fig 44: Arduino IoT Device Log – Get Auth Succeed Message 48 Fig 45: C# Server Log – Get Encrypted Message from IoT Device A 49 Fig 46: C# Server Log – IoT Device B Auth Process 50 Fig 47: C# Server Log – Get Encrypted Message from IoT Device B 50 Fig 48: C# Server Log & Interface – Device List & Send Message to IoT Device A 51 Fig 49: Arduino IoT Device Log – Get Message from Server 52 Fig 50: Arduino & ZigBee - Current Voltage Digital Detector - Power Bank 54 Fig 51: Raspberry Pi Monitor 55 Fig 52: ECDH 58 Fig 53: Self Organize ECC Class 60 Fig 54: ECC Decrypt Time Consumption Test Flow 61 Fig 55: Create ECC Key and Encrypted Data 62 Fig 56: ECC Decrypt Time Consumption 62 Fig 57: AES Decrypt 100~1000 Bytes Time Consumption (Left) 65 Fig 58: ECC Decrypt 100~1000 Bytes Time Consumption (Right) 65 Fig 59: AES & ECC Decrypt 100~1000 Bytes Time Consumption 65 Fig 60: AES Decrypt 100~100000 Bytes Time Consumption (Left) 66 Fig 61: ECC Decrypt 100~100000 Bytes Time Consumption (Right) 66 Fig 62: AES & ECC Decrypt 100~100000 Bytes Time Consumption 66 Fig 63: AES Decrypt 100~2000000 Bytes Time Consumption (Left) 66 Fig 64: ECC Decrypt 100~2000000 Bytes Time Consumption (Right) 66 Fig 65: AES & ECC Decrypt 100~2000000 Bytes Time Consumption 67 Fig 66: AES & ECC Decrypt 100~2000000 Bytes without Check Validation Time Consumption 67 Fig 67: ECC Decryption 100000 Bytes Time Consumption of Each Step 68 Fig 68: ECC Decryption 1000000 Bytes Time Consumption of Each Step 69 Fig 69: ECC Sample Code Process 71 Fig 70: ECC Sample Code Message Structure 71 Fig 71: Pass AES Key 72 Fig 72: Pass ECC Public Key 73 表目錄 Table 1: Attack Mode & Defense Mechanism 29 Table 2: ZigBee Module 32 Table 3: AES Source 38 Table 4: Battery Rundown Time 54 Table 5: Raspberry Pi Performance Test - 1 56 Table 6: Raspberry Pi Performance Test - 2 56 Table 7: Raspberry Pi Performance Test - 3 56 Table 8: ECC Decrypt Time Consumption 64 Table 9: AES & ECC Decrypt 10000~2000000 Bytes without Check Validation Time Consumption 68 |
參考文獻 |
[1] ”Gartner Says 5.8 Billion Enterprise and Automotive IoT Endpoints Will Be in Use in 2020,” 29 August 2019. [Online]. Available: https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-automotive-io [2] M. M. Hossain, M. Fotouhi, and R. Hasan, "Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things,” in Proc. of the IEEE World Congress on Services, pp. 21-28, New York, NY, USA, 27 June-2 July, 2015 [3] Z. K. Zhang, M. C. Y. Cho, and S. Shieh, “Emerging Security Threats and Countermeasures in IoT,” in Proc. of the 10th ACM AISA Conference on Computer and Communications Security (AISACCS ‘15), pp. 1-6, Singapore, April 14–17, 2015 [4] J. Li, Z. Huang and X. Wang, “Countermeasure Research about Developing Internet of Things Economy A Case of Hangzhou City” in Proc. of the International Conference on E-Business and EGovernment (ICEE), 2011. [5] M. J. Covington and R. Carskadden, “Threat implications of the Internet of Things,” in Proc. of the 5th International Conference on Cyber Conflict (CyCon). IEEE, pp. 1–12, 2013. [6] A. Perrig, J. Stankovic, and D. Wagner, “Security in wireless sensor networks,” Communications of the ACM, vol. 47, no. 6, pp. 53–57, 2004. [7] T. Kavitha and D. Sridharan, “Security vulnerabilities in wireless sensor networks: A survey,” Journal of information Assurance and Security, vol. 5, no. 1, pp. 31–44, 2010. [8] M. Panda, “Security threats at each layer of wireless sensor networks,” International Journal of Advanced Research in Computer Science and Software Engineering, vol. 3, pp. 50–56, 2013. [9] A. S. Sastry, S. Sulthana, and S. Vagdevi, “Security threats in wireless sensor networks in each layer,” Int. J. Advanced Networking and Applications, vol. 4, no. 04, pp. 1657–1661, 2013. [10] A. Al-Fuqaha, et al., "Internet of things: A survey on enabling technologies, protocols, and applications," IEEE Communications Surveys & Tutorials, vol. 17, pp. 2347-2376, 2015. [11] S. Sicari, A. Rizzardi, L.A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer Networks, vol. 76, pp. 146-164, 2015. [12] G.P. Hancke, “Eavesdropping attacks on high-frequency RFID tokens,” in Proc. of the 4th Workshop on RFID Security (RFIDSec), pp. 100–113, 2008. [13] T. Zia and A. Zomaya, “Security issues in wireless sensor networks,” in Proc. of the International Conference on Systems and Networks Communications, ICSNC, 2006. [14] N. Gruschka and M. Jensen, “Attack surfaces: A taxonomy for attacks on cloud service,” in Proc. of the IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 276–279, 2010. [15] T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, “Security challenges in the ip-based internet of things,” Wireless Personal Communications, vol. 61, no. 3, pp. 527–542, 2011. [16] Y. Oren and A. D. Keromytis, “From the aether to the ethernet–attacking the Internet using broadcast digital television,” in Proc. of the 23rd USENIX Security Symposium, San Diego, CA, USA, pp. 353–368, 2014. [17] S. Cesare, “Breaking the security of physical devices.” 2014, accessed on 12-April-2015. [Online]. Available: https://regmedia.co.uk/2014/08/06/dfgvhbhjkui867ujk5ytghj.pdf [18] P. Desai, A. Sheth, and P. Anantharam, “Semantic gateway as a service architecture for IoT interoperability,” in Proc. of the IEEE International Conference on Mobile Services, pp. 313-319, New York, NY, USA, 27 June-2 July, 2015. [19] S. K. Datta, C. Bonnet, and N. Nikaein, “An IoT gateway centric architecture to provide novel m2m services,” in Proc. of the World Forum on Internet of Things (WF-IoT). IEEE, pp. 514–519, 2014. [20] H. Chen, X. Jia, and H. Li, “A Brief Introduction to IoT Gateway,” in IET International Conference on Communication Technology and Application (ICCTA 2011), pp. 610-613, Oct 2011. [21] R. Bonetto, N. Bui, V. Lakkundi, A. Olivereau, A. Serbanati, and M. Rossi, “Secure Communication for Smart IoT Objects: Protocol Stacks, Use Cases and Practical Examples,” in IEEE Int. Symp. on World of Wireless, Mobile, and Multimedia Networks (WoWMoM 2012), pp. 1-7, Jun 2012. [22] P. L. R. Chze, K. S. Leong, A. K. Wee, E. Sim, K. E. May, Y. J. Jie, and H. S. Wing, "Secured IoT Gateway For Smart Nation Applications,” in Proc. of the 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC), pp. 1065-1068, Limassol, Cyprus, 25-29 June 2018. [23] “2.4G zigbee CC2530 無線串口收發模組 DL-20 250米長距離”, TaiwanIOT (https://www.taiwaniot.com.tw/) [Online]. Available: https://www.taiwaniot.com.tw/product/2-4g-zigbee-cc2530-%E7%84%A1%E7%B7%9A%E4%B8%B2%E5%8F%A3%E6%94%B6%E7%99%BC%E6%A8%A1%E7%B5%84/ [24] “AESLib”, Davy Landman, GitHub [Online]. Available: https://github.com/DavyLandman/AESLib [25] ECDH秘鑰協商算法原理 Available: https://learnblockchain.cn/2019/06/23/ecdh/ [26] “cryptron”, Yalir, GitHub [Online]. Available: https://github.com/Yalir/Synthese4A/tree/master/cryptron [27] “EC_KEY_NEW(3) - Library Functions Manual”, OpenBSD Manual Page Server (https://www.openbsd.org/) [Online]. Available: https://man.openbsd.org/EC_KEY_new.3 [28] “ECDH_COMPUTE_KEY(3) - Library Functions Manual”, OpenBSD Manual Page Server (https://www.openbsd.org/) [Online]. Available: https://man.openbsd.org/ECDH_compute_key.3 |
論文全文使用權限 |
如有問題,歡迎洽詢!
圖書館數位資訊組 (02)2621-5656 轉 2487 或 來信