隨著網際網路與微機電系統的發展，讓嵌入式與可攜式的微電子裝置無所不在，而這些裝置也具有網路連接功能可以將現實世界數位化並拉近大量分散的資訊， 即所謂的物聯網（ Internet of Things，IoT）。IoT 技術是運用硬體的感測器和軟體應用程式介面（ Application Programming Interface, API ) 將實體物件的感測值串連至虛擬網路，並透過網際網路連結並交換資料。然而，由於IoT 的快速發展，製造商與營運商主要強調軟硬體設計的關係與設備連線的擴充性，因此前期較無考慮裝置與軟體的安全性，導致IoT 有多種可能被攻擊的方式，進而導致使用者或重要資訊隱私曝露等問題，因此IoT 安全近年來也成為一個重要的學術研究與產業發展的項目。

本論文著重在IoT設備的認證和傳輸訊息加密的設計和實作來加強IoT的資訊安全。在實作裡，使用Device – Gateway – Server 基本架構來模擬實際的IoT連線通訊，並測試在傳輸的資料加上加解密流程對各設備造成的影響以及歸納各種測試結果。

This thesis focuses on the design and implementation of authentication and message encryption for IoT devices to enhance IoT information security. In practice, using basic “Device-Gateway-Server “ architecture to simulate the actual IoT communication, and test effects of encrypting / decrypting data on IoT devices then summarize test results.

目錄
第一章、簡介	1
1.1	IoT簡介	1
1.2	IoT架構	2
1.3	IoT資訊安全疑慮	4
1.4	IoT設備認證&訊息加密	6
第二章、文獻探討	7
第三章、認證機制規劃	13
3.1	規劃目的	13
3.2	閘道器和伺服器間的認證	14
3.3	傳輸格式	18
3.3.1	格式規劃	18
3.3.2	基本檢查	20
3.4	IoT設備和伺服器間的認證	26
3.4.1	概念	26
3.4.2	要求金鑰流程	26
3.5	攻擊模式 & 防禦機制	29
第四章、實驗說明&實作測試	31
4.1	實驗架構	31
4.1.1	架構&設備說明	31
4.1.2	ZigBee傳輸模組	32
4.1.3	訊息傳收差異	34
4.1.4	加密	38
4.2	實作測試	40
4.2.1	基本流程	40
4.2.2	傳輸內容及說明	42
4.2.2.1	閘道器傳送ID給伺服器	42
4.2.2.2	伺服器傳送短金鑰給閘道器	43
4.2.2.3	閘道器產生認證碼並傳給伺服器	44
4.2.2.4	伺服器通知認證結果	44
4.2.2.5	IoT設備傳送要求金鑰訊息	45
4.2.2.6	伺服器產生金鑰並傳給IoT設備	46
4.2.2.7	IoT用金鑰加密內定訊息並傳給伺服器做認證	47
4.2.2.8	認證成功，伺服器傳送結果給IoT設備	48
4.2.2.9	IoT設備傳送加密訊息	49
4.2.2.10	IoT設備B連線	50
4.2.2.11	IoT設備B傳送加密訊息	50
4.2.2.12	伺服器傳送加密訊息給IoT設備	50
4.3	效能測試	53
4.3.1	秏電量測試	53
4.3.2	效能測試	55
4.3.3	解密耗時測試	57
4.3.3.1	AES相關說明	57
4.3.3.2	ECC相關說明	57
4.3.3.3	測試程式流程	61
4.3.3.4	測試結果	64
第五章、結論	74
參考文獻	75


圖目錄
Fig 1: Smart Home Example	2
Fig 2: IoT Structure 1	3
Fig 3: IoT Structure 2	3
Fig 4: IoT Structure 3	3
Fig 5: IoT Structure Sample	5
Fig 6: IoT Structure Sample	5
Fig 7: Semantic Gateway	9
Fig 8: CLSA	10
Fig 9: Authentication by Gateway	11
Fig 10: Authentication by Security Token	12
Fig 11: Server – Gateway Auth Flow	15
Fig 12: AES Key Build & Get Auth Code	16
Fig 13: Message Structure Design	18
Fig 14: Message Length Range	18
Fig 15: Check Code Range	19
Fig 16: Check Head & Tail	22
Fig 17: Check Message Entirety	23
Fig 18: Message Receive and Analyze	24
Fig 19: Devices Check List	25
Fig 20: Key Storage	26
Fig 21: Get Key Process	28
Fig 22: IoT Test Structure	31
Fig 23: Arduino & ZigBee CC2530 (Left)	33
Fig 24: Raspberry Pi & ZigBee CC2530 (Right)	33
Fig 25: ZigBee CC2530 Send & Receive Test	34
Fig 26: Socket Send & Receive Situation	35
Fig 27: ZigBee Send & Receive Situation	36
Fig 28: Socket Send & Receive Situation	37
Fig 29: ZigBee Send & Receive Situation	38
Fig 30: PKCS7 Padding	39
Fig 31: Test Step	41
Fig 32: Raspberry Pi Gateway Terminal Log – Send Gateway ID	42
Fig 33: C# Server Log – Get Gateway ID & Send Short Key	43
Fig 34: Raspberry Pi Gateway Terminal Log – Calculate Auth Code & Send Back	44
Fig 35: C# Server Log – Auth Done	44
Fig 36: Raspberry Pi Gateway Terminal Log – Get Auth Ok Message	44
Fig 37: Raspberry Pi Gateway Terminal Log – Get IoT Device Message	45
Fig 38: C# Server Log – Get IoT Device Message from Gateway	45
Fig 39: C# Server Log – Analyze Message & Send Encrypted Key Back	46
Fig 40: Arduino IoT Device Log – Get IoT Device Message from Gateway	46
Fig 41: Arduino IoT Device Log – Send Auth	47
Fig 42: C# Server Log – Get IoT Device Auth	47
Fig 43: C# Server Log – Receive Auth Message & Send Auth Result	48
Fig 44: Arduino IoT Device Log – Get Auth Succeed Message	48
Fig 45: C# Server Log – Get Encrypted Message from IoT Device A	49
Fig 46: C# Server Log – IoT Device B Auth Process	50
Fig 47: C# Server Log – Get Encrypted Message from IoT Device B	50
Fig 48: C# Server Log & Interface – Device List & Send Message to IoT Device A	51
Fig 49: Arduino IoT Device Log – Get Message from Server	52
Fig 50: Arduino & ZigBee - Current Voltage Digital Detector - Power Bank	54
Fig 51: Raspberry Pi Monitor	55
Fig 52: ECDH	58
Fig 53: Self Organize ECC Class	60
Fig 54: ECC Decrypt Time Consumption Test Flow	61
Fig 55: Create ECC Key and Encrypted Data	62
Fig 56: ECC Decrypt Time Consumption	62
Fig 57: AES Decrypt 100~1000 Bytes Time Consumption (Left)	65
Fig 58: ECC Decrypt 100~1000 Bytes Time Consumption (Right)	65
Fig 59: AES & ECC Decrypt 100~1000 Bytes Time Consumption	65
Fig 60: AES Decrypt 100~100000 Bytes Time Consumption (Left)	66
Fig 61: ECC Decrypt 100~100000 Bytes Time Consumption (Right)	66
Fig 62: AES & ECC Decrypt 100~100000 Bytes Time Consumption	66
Fig 63: AES Decrypt 100~2000000 Bytes Time Consumption (Left)	66
Fig 64: ECC Decrypt 100~2000000 Bytes Time Consumption (Right)	66
Fig 65: AES & ECC Decrypt 100~2000000 Bytes Time Consumption	67
Fig 66: AES & ECC Decrypt 100~2000000 Bytes without Check Validation Time Consumption	67
Fig 67: ECC Decryption 100000 Bytes Time Consumption of Each Step	68
Fig 68: ECC Decryption 1000000 Bytes Time Consumption of Each Step	69
Fig 69: ECC Sample Code Process	71
Fig 70: ECC Sample Code Message Structure	71
Fig 71: Pass AES Key	72
Fig 72: Pass ECC Public Key	73


表目錄
Table 1: Attack Mode & Defense Mechanism	29
Table 2: ZigBee Module	32
Table 3: AES Source	38
Table 4: Battery Rundown Time	54
Table 5: Raspberry Pi Performance Test - 1	56
Table 6: Raspberry Pi Performance Test - 2	56
Table 7: Raspberry Pi Performance Test - 3	56
Table 8: ECC Decrypt Time Consumption	64
Table 9: AES & ECC Decrypt 10000~2000000 Bytes without Check Validation Time Consumption	68

[1] ”Gartner Says 5.8 Billion Enterprise and Automotive IoT Endpoints Will Be in Use in 2020,” 29 August 2019. [Online]. Available: https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-automotive-io

[2] M. M. Hossain, M. Fotouhi, and R. Hasan, "Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things,” in Proc. of the IEEE World Congress on Services, pp. 21-28, New York, NY, USA, 27 June-2 July, 2015

[3] Z. K. Zhang, M. C. Y. Cho, and S. Shieh, “Emerging Security Threats and Countermeasures in IoT,” in Proc. of the 10th ACM AISA Conference on Computer and Communications Security (AISACCS ‘15), pp. 1-6, Singapore, April 14–17, 2015

[4] J. Li, Z. Huang and X. Wang, “Countermeasure Research about Developing Internet of Things Economy A Case of Hangzhou City” in Proc. of the International Conference on E-Business and EGovernment (ICEE), 2011.

[5] M. J. Covington and R. Carskadden, “Threat implications of the Internet of Things,” in Proc. of the 5th International Conference on Cyber Conflict (CyCon). IEEE, pp. 1–12, 2013.

[6] A. Perrig, J. Stankovic, and D. Wagner, “Security in wireless sensor networks,” Communications of the ACM, vol. 47, no. 6, pp. 53–57, 2004.

[7] T. Kavitha and D. Sridharan, “Security vulnerabilities in wireless sensor networks: A survey,” Journal of information Assurance and Security, vol. 5, no. 1, pp. 31–44, 2010.

[8] M. Panda, “Security threats at each layer of wireless sensor networks,” International Journal of Advanced Research in Computer Science and Software Engineering, vol. 3, pp. 50–56, 2013.

[9] A. S. Sastry, S. Sulthana, and S. Vagdevi, “Security threats in wireless sensor networks in each layer,” Int. J. Advanced Networking and Applications, vol. 4, no. 04, pp. 1657–1661, 2013.

[10] A. Al-Fuqaha, et al., "Internet of things: A survey on enabling technologies, protocols, and applications," IEEE Communications Surveys & Tutorials, vol. 17, pp. 2347-2376, 2015.

[11] S. Sicari, A. Rizzardi, L.A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer Networks, vol. 76, pp. 146-164, 2015.

[12] G.P. Hancke, “Eavesdropping attacks on high-frequency RFID tokens,” in Proc. of the 4th Workshop on RFID Security (RFIDSec), pp. 100–113, 2008.

[13] T. Zia and A. Zomaya, “Security issues in wireless sensor networks,” in Proc. of the International Conference on Systems and Networks Communications, ICSNC, 2006.

[14] N. Gruschka and M. Jensen, “Attack surfaces: A taxonomy for attacks on cloud service,” in Proc. of the IEEE 3rd International Conference on Cloud Computing (CLOUD), pp. 276–279, 2010.

[15] T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, “Security challenges in the ip-based internet of things,” Wireless Personal Communications, vol. 61, no. 3, pp. 527–542, 2011.

[16] Y. Oren and A. D. Keromytis, “From the aether to the ethernet–attacking the Internet using broadcast digital television,” in Proc. of the 23rd USENIX Security Symposium, San Diego, CA, USA, pp. 353–368, 2014.

[17] S. Cesare, “Breaking the security of physical devices.” 2014, accessed on 12-April-2015. [Online]. 
Available: https://regmedia.co.uk/2014/08/06/dfgvhbhjkui867ujk5ytghj.pdf

[18] P. Desai, A. Sheth, and P. Anantharam, “Semantic gateway as a service architecture for IoT interoperability,” in Proc. of the IEEE International Conference on Mobile Services, pp. 313-319, New York, NY, USA, 27 June-2 July, 2015.

[19] S. K. Datta, C. Bonnet, and N. Nikaein, “An IoT gateway centric architecture to provide novel m2m services,” in Proc. of the World Forum on Internet of Things (WF-IoT). IEEE, pp. 514–519, 2014.

[20] H. Chen, X. Jia, and H. Li, “A Brief Introduction to IoT Gateway,” in IET International Conference on Communication Technology and Application (ICCTA 2011), pp. 610-613, Oct 2011.

[21] R. Bonetto, N. Bui, V. Lakkundi, A. Olivereau, A. Serbanati, and M. Rossi, “Secure Communication for Smart IoT Objects: Protocol Stacks, Use Cases and Practical Examples,” in IEEE Int. Symp. on World of Wireless, Mobile, and Multimedia Networks (WoWMoM 2012), pp. 1-7, Jun 2012.

[22] P. L. R. Chze, K. S. Leong, A. K. Wee, E. Sim, K. E. May, Y. J. Jie, and H. S. Wing, "Secured IoT Gateway For Smart Nation Applications,” in Proc. of the 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC), pp. 1065-1068, Limassol, Cyprus, 25-29 June 2018.

[23] “2.4G zigbee CC2530 無線串口收發模組 DL-20 250米長距離”, 
TaiwanIOT (https://www.taiwaniot.com.tw/) [Online]. Available: https://www.taiwaniot.com.tw/product/2-4g-zigbee-cc2530-%E7%84%A1%E7%B7%9A%E4%B8%B2%E5%8F%A3%E6%94%B6%E7%99%BC%E6%A8%A1%E7%B5%84/

[24] “AESLib”, Davy Landman, GitHub [Online]. Available: https://github.com/DavyLandman/AESLib

[25] ECDH秘鑰協商算法原理
Available: https://learnblockchain.cn/2019/06/23/ecdh/

[26] “cryptron”, Yalir, GitHub [Online]. Available: https://github.com/Yalir/Synthese4A/tree/master/cryptron

[27] “EC_KEY_NEW(3) - Library Functions Manual”, OpenBSD Manual Page Server (https://www.openbsd.org/) [Online]. Available: https://man.openbsd.org/EC_KEY_new.3

[28] “ECDH_COMPUTE_KEY(3) - Library Functions Manual”, OpenBSD Manual Page Server (https://www.openbsd.org/) [Online]. Available: https://man.openbsd.org/ECDH_compute_key.3