淡江大學覺生紀念圖書館 (TKU Library)
進階搜尋


下載電子全文限經由淡江IP使用) 
系統識別號 U0002-1501202021504500
中文論文名稱 物聯網安全閘道器認證機制與實作
英文論文名稱 Authentication Mechanism of Secured IoT Gateway and Implementation
校院名稱 淡江大學
系所名稱(中) 資訊工程學系碩士在職專班
系所名稱(英) Department of Computer Science and Information Engineering
學年度 108
學期 1
出版年 109
研究生中文姓名 洪偉智
研究生英文姓名 Wei-Chih Hung
學號 706410098
學位類別 碩士
語文別 中文
口試日期 2020-01-08
論文頁數 77頁
口試委員 指導教授-張世豪
委員-林其誼
委員-鄭欣明
中文關鍵字 物聯網  閘道器  加密  認證 
英文關鍵字 IoT  gateway  encryption  authentication 
學科別分類 學科別應用科學資訊工程
中文摘要 隨著網際網路與微機電系統的發展,讓嵌入式與可攜式的微電子裝置無所不在,而這些裝置也具有網路連接功能可以將現實世界數位化並拉近大量分散的資訊, 即所謂的物聯網( Internet of Things,IoT)。IoT 技術是運用硬體的感測器和軟體應用程式介面( Application Programming Interface, API ) 將實體物件的感測值串連至虛擬網路,並透過網際網路連結並交換資料。然而,由於IoT 的快速發展,製造商與營運商主要強調軟硬體設計的關係與設備連線的擴充性,因此前期較無考慮裝置與軟體的安全性,導致IoT 有多種可能被攻擊的方式,進而導致使用者或重要資訊隱私曝露等問題,因此IoT 安全近年來也成為一個重要的學術研究與產業發展的項目。

本論文著重在IoT設備的認證和傳輸訊息加密的設計和實作來加強IoT的資訊安全。在實作裡,使用Device – Gateway – Server 基本架構來模擬實際的IoT連線通訊,並測試在傳輸的資料加上加解密流程對各設備造成的影響以及歸納各種測試結果。
英文摘要 This thesis focuses on the design and implementation of authentication and message encryption for IoT devices to enhance IoT information security. In practice, using basic “Device-Gateway-Server “ architecture to simulate the actual IoT communication, and test effects of encrypting / decrypting data on IoT devices then summarize test results.
論文目次 目錄
第一章、簡介 1
1.1 IoT簡介 1
1.2 IoT架構 2
1.3 IoT資訊安全疑慮 4
1.4 IoT設備認證&訊息加密 6
第二章、文獻探討 7
第三章、認證機制規劃 13
3.1 規劃目的 13
3.2 閘道器和伺服器間的認證 14
3.3 傳輸格式 18
3.3.1 格式規劃 18
3.3.2 基本檢查 20
3.4 IoT設備和伺服器間的認證 26
3.4.1 概念 26
3.4.2 要求金鑰流程 26
3.5 攻擊模式 & 防禦機制 29
第四章、實驗說明&實作測試 31
4.1 實驗架構 31
4.1.1 架構&設備說明 31
4.1.2 ZigBee傳輸模組 32
4.1.3 訊息傳收差異 34
4.1.4 加密 38
4.2 實作測試 40
4.2.1 基本流程 40
4.2.2 傳輸內容及說明 42
4.2.2.1 閘道器傳送ID給伺服器 42
4.2.2.2 伺服器傳送短金鑰給閘道器 43
4.2.2.3 閘道器產生認證碼並傳給伺服器 44
4.2.2.4 伺服器通知認證結果 44
4.2.2.5 IoT設備傳送要求金鑰訊息 45
4.2.2.6 伺服器產生金鑰並傳給IoT設備 46
4.2.2.7 IoT用金鑰加密內定訊息並傳給伺服器做認證 47
4.2.2.8 認證成功,伺服器傳送結果給IoT設備 48
4.2.2.9 IoT設備傳送加密訊息 49
4.2.2.10 IoT設備B連線 50
4.2.2.11 IoT設備B傳送加密訊息 50
4.2.2.12 伺服器傳送加密訊息給IoT設備 50
4.3 效能測試 53
4.3.1 秏電量測試 53
4.3.2 效能測試 55
4.3.3 解密耗時測試 57
4.3.3.1 AES相關說明 57
4.3.3.2 ECC相關說明 57
4.3.3.3 測試程式流程 61
4.3.3.4 測試結果 64
第五章、結論 74
參考文獻 75


圖目錄
Fig 1: Smart Home Example 2
Fig 2: IoT Structure 1 3
Fig 3: IoT Structure 2 3
Fig 4: IoT Structure 3 3
Fig 5: IoT Structure Sample 5
Fig 6: IoT Structure Sample 5
Fig 7: Semantic Gateway 9
Fig 8: CLSA 10
Fig 9: Authentication by Gateway 11
Fig 10: Authentication by Security Token 12
Fig 11: Server – Gateway Auth Flow 15
Fig 12: AES Key Build & Get Auth Code 16
Fig 13: Message Structure Design 18
Fig 14: Message Length Range 18
Fig 15: Check Code Range 19
Fig 16: Check Head & Tail 22
Fig 17: Check Message Entirety 23
Fig 18: Message Receive and Analyze 24
Fig 19: Devices Check List 25
Fig 20: Key Storage 26
Fig 21: Get Key Process 28
Fig 22: IoT Test Structure 31
Fig 23: Arduino & ZigBee CC2530 (Left) 33
Fig 24: Raspberry Pi & ZigBee CC2530 (Right) 33
Fig 25: ZigBee CC2530 Send & Receive Test 34
Fig 26: Socket Send & Receive Situation 35
Fig 27: ZigBee Send & Receive Situation 36
Fig 28: Socket Send & Receive Situation 37
Fig 29: ZigBee Send & Receive Situation 38
Fig 30: PKCS7 Padding 39
Fig 31: Test Step 41
Fig 32: Raspberry Pi Gateway Terminal Log – Send Gateway ID 42
Fig 33: C# Server Log – Get Gateway ID & Send Short Key 43
Fig 34: Raspberry Pi Gateway Terminal Log – Calculate Auth Code & Send Back 44
Fig 35: C# Server Log – Auth Done 44
Fig 36: Raspberry Pi Gateway Terminal Log – Get Auth Ok Message 44
Fig 37: Raspberry Pi Gateway Terminal Log – Get IoT Device Message 45
Fig 38: C# Server Log – Get IoT Device Message from Gateway 45
Fig 39: C# Server Log – Analyze Message & Send Encrypted Key Back 46
Fig 40: Arduino IoT Device Log – Get IoT Device Message from Gateway 46
Fig 41: Arduino IoT Device Log – Send Auth 47
Fig 42: C# Server Log – Get IoT Device Auth 47
Fig 43: C# Server Log – Receive Auth Message & Send Auth Result 48
Fig 44: Arduino IoT Device Log – Get Auth Succeed Message 48
Fig 45: C# Server Log – Get Encrypted Message from IoT Device A 49
Fig 46: C# Server Log – IoT Device B Auth Process 50
Fig 47: C# Server Log – Get Encrypted Message from IoT Device B 50
Fig 48: C# Server Log & Interface – Device List & Send Message to IoT Device A 51
Fig 49: Arduino IoT Device Log – Get Message from Server 52
Fig 50: Arduino & ZigBee - Current Voltage Digital Detector - Power Bank 54
Fig 51: Raspberry Pi Monitor 55
Fig 52: ECDH 58
Fig 53: Self Organize ECC Class 60
Fig 54: ECC Decrypt Time Consumption Test Flow 61
Fig 55: Create ECC Key and Encrypted Data 62
Fig 56: ECC Decrypt Time Consumption 62
Fig 57: AES Decrypt 100~1000 Bytes Time Consumption (Left) 65
Fig 58: ECC Decrypt 100~1000 Bytes Time Consumption (Right) 65
Fig 59: AES & ECC Decrypt 100~1000 Bytes Time Consumption 65
Fig 60: AES Decrypt 100~100000 Bytes Time Consumption (Left) 66
Fig 61: ECC Decrypt 100~100000 Bytes Time Consumption (Right) 66
Fig 62: AES & ECC Decrypt 100~100000 Bytes Time Consumption 66
Fig 63: AES Decrypt 100~2000000 Bytes Time Consumption (Left) 66
Fig 64: ECC Decrypt 100~2000000 Bytes Time Consumption (Right) 66
Fig 65: AES & ECC Decrypt 100~2000000 Bytes Time Consumption 67
Fig 66: AES & ECC Decrypt 100~2000000 Bytes without Check Validation Time Consumption 67
Fig 67: ECC Decryption 100000 Bytes Time Consumption of Each Step 68
Fig 68: ECC Decryption 1000000 Bytes Time Consumption of Each Step 69
Fig 69: ECC Sample Code Process 71
Fig 70: ECC Sample Code Message Structure 71
Fig 71: Pass AES Key 72
Fig 72: Pass ECC Public Key 73


表目錄
Table 1: Attack Mode & Defense Mechanism 29
Table 2: ZigBee Module 32
Table 3: AES Source 38
Table 4: Battery Rundown Time 54
Table 5: Raspberry Pi Performance Test - 1 56
Table 6: Raspberry Pi Performance Test - 2 56
Table 7: Raspberry Pi Performance Test - 3 56
Table 8: ECC Decrypt Time Consumption 64
Table 9: AES & ECC Decrypt 10000~2000000 Bytes without Check Validation Time Consumption 68

參考文獻 [1] ”Gartner Says 5.8 Billion Enterprise and Automotive IoT Endpoints Will Be in Use in 2020,” 29 August 2019. [Online]. Available: https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-automotive-io

[2] M. M. Hossain, M. Fotouhi, and R. Hasan, "Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things,” in Proc. of the IEEE World Congress on Services, pp. 21-28, New York, NY, USA, 27 June-2 July, 2015

[3] Z. K. Zhang, M. C. Y. Cho, and S. Shieh, “Emerging Security Threats and Countermeasures in IoT,” in Proc. of the 10th ACM AISA Conference on Computer and Communications Security (AISACCS ‘15), pp. 1-6, Singapore, April 14–17, 2015

[4] J. Li, Z. Huang and X. Wang, “Countermeasure Research about Developing Internet of Things Economy A Case of Hangzhou City” in Proc. of the International Conference on E-Business and EGovernment (ICEE), 2011.

[5] M. J. Covington and R. Carskadden, “Threat implications of the Internet of Things,” in Proc. of the 5th International Conference on Cyber Conflict (CyCon). IEEE, pp. 1–12, 2013.

[6] A. Perrig, J. Stankovic, and D. Wagner, “Security in wireless sensor networks,” Communications of the ACM, vol. 47, no. 6, pp. 53–57, 2004.

[7] T. Kavitha and D. Sridharan, “Security vulnerabilities in wireless sensor networks: A survey,” Journal of information Assurance and Security, vol. 5, no. 1, pp. 31–44, 2010.

[8] M. Panda, “Security threats at each layer of wireless sensor networks,” International Journal of Advanced Research in Computer Science and Software Engineering, vol. 3, pp. 50–56, 2013.

[9] A. S. Sastry, S. Sulthana, and S. Vagdevi, “Security threats in wireless sensor networks in each layer,” Int. J. Advanced Networking and Applications, vol. 4, no. 04, pp. 1657–1661, 2013.

[10] A. Al-Fuqaha, et al., "Internet of things: A survey on enabling technologies, protocols, and applications," IEEE Communications Surveys & Tutorials, vol. 17, pp. 2347-2376, 2015.

[11] S. Sicari, A. Rizzardi, L.A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer Networks, vol. 76, pp. 146-164, 2015.

[12] G.P. Hancke, “Eavesdropping attacks on high-frequency RFID tokens,” in Proc. of the 4th Workshop on RFID Security (RFIDSec), pp. 100–113, 2008.

[13] T. Zia and A. Zomaya, “Security issues in wireless sensor networks,” in Proc. of the International Conference on Systems and Networks Communications, ICSNC, 2006.

[14] N. Gruschka and M. Jensen, “Attack surfaces: A taxonomy for attacks on cloud service,” in Proc. of the IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 276–279, 2010.

[15] T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, “Security challenges in the ip-based internet of things,” Wireless Personal Communications, vol. 61, no. 3, pp. 527–542, 2011.

[16] Y. Oren and A. D. Keromytis, “From the aether to the ethernet–attacking the Internet using broadcast digital television,” in Proc. of the 23rd USENIX Security Symposium, San Diego, CA, USA, pp. 353–368, 2014.

[17] S. Cesare, “Breaking the security of physical devices.” 2014, accessed on 12-April-2015. [Online].
Available: https://regmedia.co.uk/2014/08/06/dfgvhbhjkui867ujk5ytghj.pdf

[18] P. Desai, A. Sheth, and P. Anantharam, “Semantic gateway as a service architecture for IoT interoperability,” in Proc. of the IEEE International Conference on Mobile Services, pp. 313-319, New York, NY, USA, 27 June-2 July, 2015.

[19] S. K. Datta, C. Bonnet, and N. Nikaein, “An IoT gateway centric architecture to provide novel m2m services,” in Proc. of the World Forum on Internet of Things (WF-IoT). IEEE, pp. 514–519, 2014.

[20] H. Chen, X. Jia, and H. Li, “A Brief Introduction to IoT Gateway,” in IET International Conference on Communication Technology and Application (ICCTA 2011), pp. 610-613, Oct 2011.

[21] R. Bonetto, N. Bui, V. Lakkundi, A. Olivereau, A. Serbanati, and M. Rossi, “Secure Communication for Smart IoT Objects: Protocol Stacks, Use Cases and Practical Examples,” in IEEE Int. Symp. on World of Wireless, Mobile, and Multimedia Networks (WoWMoM 2012), pp. 1-7, Jun 2012.

[22] P. L. R. Chze, K. S. Leong, A. K. Wee, E. Sim, K. E. May, Y. J. Jie, and H. S. Wing, "Secured IoT Gateway For Smart Nation Applications,” in Proc. of the 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC), pp. 1065-1068, Limassol, Cyprus, 25-29 June 2018.

[23] “2.4G zigbee CC2530 無線串口收發模組 DL-20 250米長距離”,
TaiwanIOT (https://www.taiwaniot.com.tw/) [Online]. Available: https://www.taiwaniot.com.tw/product/2-4g-zigbee-cc2530-%E7%84%A1%E7%B7%9A%E4%B8%B2%E5%8F%A3%E6%94%B6%E7%99%BC%E6%A8%A1%E7%B5%84/

[24] “AESLib”, Davy Landman, GitHub [Online]. Available: https://github.com/DavyLandman/AESLib

[25] ECDH秘鑰協商算法原理
Available: https://learnblockchain.cn/2019/06/23/ecdh/

[26] “cryptron”, Yalir, GitHub [Online]. Available: https://github.com/Yalir/Synthese4A/tree/master/cryptron

[27] “EC_KEY_NEW(3) - Library Functions Manual”, OpenBSD Manual Page Server (https://www.openbsd.org/) [Online]. Available: https://man.openbsd.org/EC_KEY_new.3

[28] “ECDH_COMPUTE_KEY(3) - Library Functions Manual”, OpenBSD Manual Page Server (https://www.openbsd.org/) [Online]. Available: https://man.openbsd.org/ECDH_compute_key.3
論文使用權限
  • 同意紙本無償授權給館內讀者為學術之目的重製使用,於2020-02-27公開。
  • 同意授權瀏覽/列印電子全文服務,於2020-02-27起公開。


  • 若您有任何疑問,請與我們聯絡!
    圖書館: 請來電 (02)2621-5656 轉 2487 或 來信 dss@mail.tku.edu.tw