本論文提出一適用於公共安全物聯網的身份鑑別技術，由於物聯網中包含電力和計算資源相對有限的感測器，如穿戴在執勤人員身上的感測器等，所以本論文技術特別著重於減少這些節點之計算負擔。隨著資訊與通訊各種技術的發展，物聯網的相關技術愈來愈成熟，應用面也愈來愈廣，有些國家及學者開始考慮運用此技術建構執行公共安全任務之環境的臨時物聯網，如風災、地震過後等進行緊急救難之區域，在任務區域的許多原有設備可能已被破壞或不穩定，必須快速建構一臨時的資通網路供執勤人員有充分的資源與即時支援執行公共安全任務，這也包括需提供充分的資訊給指揮官以便能統籌資源及掌握任務現場進行指揮和調度。物聯網應用在此一領域，其安全性必須受到特別關注，因執行之公共安全任務本身就涉及社會安全甚至國家安全，尤其一些如打擊犯罪之現場安全通訊不只受自然環境之影響還有可能受人為惡意的破壞。本論文著重於研究公共安全物聯網上以輕量型運算建構的鑑別技術，使物聯網中通聯的雙方能有效率地進行雙向鑑別並建立共同密鑰做為建立安全通道之基礎，本論文技術也提供使用者匿名並防治重送攻擊而通訊雙方也能確認彼此建立之共同密鑰的一致性，相較於目前其他相關研究，本論文為公共安全物聯網提供計算效能佳且安全功能完善的鑑別技術。

This paper proposes an identity authentication scheme for an Internet of Things (IoT) in public safety, including computational and energy resource-constrained sensors for on-site first responders. In addition, we focus on reducing the computational burden. With the development of information and communication technologies, the related work of IoT has become increasingly mature, and the application of IoT has been extended more widely. Recently, many researchers have studied how to construct temporary IoT communication for public safety missions, such as the disaster area of a wind hazard, an earthquake, or other disasters. Most of the communication equipment might be destroyed or unstable in a disaster area. Providing full resources and immediate support for responders and instantly supporting the implementation of a relief assignment require construction of a temporary communication network. If a commander receives useful information regarding the event scene, he or she can conduct and monitor the status of a mission. The application of an IoT in public safety must take security into account. In particular, communication regarding a crime scene not only is affected by the natural environment but might also be subject to malicious destruction. In this paper, we propose a lightweight authentication and key establishment protocol for IoT that not only supports user anonymity but also resists the repeating of an attack to ensure conformity with a session key. A security and performance analysis shows that the proposed scheme has robust and effective authentication comparable to related work.

目錄
第一章、前言 1
第二章、前置知識與相關研究 4
2.1 雙線性配對(Bilinear Pairing)	4
2.2 Butun等學者方法與分析 5
2.2.1 初始程序 6
2.2.2註冊程序 6
2.2.3鑑別程序 7
2.2.4分析與討論 8
第三章、	本論文之方法 10
3.1 安全需求之定義 11
3.2 系統架構 13
3.3 註冊程序 15
3.4 鑑別程序 16
3.4.1 CSP與閘道器 17
3.4.2 閘道器與感測器 18
3.4.3 指揮官與CSP 20
3.4.4 指揮官與感測器 22
第四章、	討論與分析 25
4.1 相互鑑別(Mutual Authentication) 25
4.2 使用者匿名性(User Anonymity) 26
4.3 建立共同密鑰	27
4.4 已知密鑰安全(Known session key security) 29
4.5 重送攻擊(Replay attack) 30
4.6 安全功能比較 30
4.7 效能分析 31
第五章、	結論與未來研究方向 34
參考文獻	35
Appendix 38

圖目錄
圖 2.1鑑別程序 7
圖 3.1系統架構 14
圖 3.2閘道器與CSP鑑別程序	17
圖 3.3閘道器與感測器鑑別程序 19
圖 3.4指揮官與CSP鑑別程序	21
圖 3.5指揮官與感測器鑑別程序 23

表目錄
表 3.1符號表 10
表 4.1安全功能比較表 31
表 4.2執行時間(秒) 32
表 4.3鑑別程序運算時間之估計 32

[1]“The internet of things,” International Telecommunication Union Internet Reports,2005.[Online].Available: https://www.itu.int/net/wsis/tunis/newsroom/stats/The-Internet-of-Things-2005.pdf. Accessed on: Jun., 30 ,2017.
[2]L. G. Kruger, “The First Responder Network (FirstNet) and Next-Generation Communications for Public Safety: Issues for Congress,”Congressional Research Service , Jan. 2017.  [Online].  Available:https://fas.org/sgp/crs/homesec/R42543.pdf. Accessed on: Jun., 30 ,2017.
[3]B. Scannell, “Sensor fusion approach to precision location and tracking for first responders,” Analog Devices Technical Article, 2016.
[4]R. Khan, R. Hasan, and J. Xu, “SEPIA: Secure-PIN-Authentication-as-a-Service for ATM Using Mobile and Wearable Devices,” in Proc. 2015 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering, Mar. 2015, pp. 41–50.
[5]R. S. Pippal, C. D. Jaidhar, and S. Tapaswi,“Comments on Symmetric Key Encryption based Smart Card Authentication Scheme,” in Proc. 2010 2nd International Conference on Computer Technology and Development, Nov. 2010, pp. 482–484.
[6]L. B. Jivanadham, A.K.M.M Islam, Y. Katayama, S. Komaki, and S. Baharun, “Cloud Cognitive Authenticator (CCA): A Public Cloud Computing Authentication Mechanism,” in Proc. 2013 International Conference on Informatics, Electronics and Vision (ICIEV), 2013, pp. 1–6.
[7]N. Kahani, K. Elgazzar, J. R. Cordy, “Authentication and Access Control in e-Health Systems in the Cloud,”in Proc. 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), 2016, pp.13-23.
[8]M.A. Iqbal, M. Bayoumi, “A Novel Authentication and Key Agreement Protocol for Internet of Things Baked Resourceconstrained Body Area Sensors, ” in Proc. 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) , 2016 , pp.315–320. 
[9]I. Butun, M. Erol-Kantarci, B. Kantarci, and H. Song,“Cloud-Centric Multi-Level Authentication as a Service for Secure Public Safety Device Networks,” IEEE Communications Magazine, vol. 54, no. 4, pp.47–53, Apr. 2016.
[10]S. Mitsunari, R. Sakai, and M. Kasahara, “A new traitor tracing,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences , vol. 85, no. 2, pp. 481–484, 2002.
[11]K. Y. Choi, J. Y. Hwang, D. H. Lee, and I. S. Seo, “ ID-based Authenticated Key Agreement for Low-Power Mobile Devices,” in Proc. 10th Australasian Conference on Information Security Privacy (ACISP) , 2005, pp. 494–505.
[12]F. Bao, R. Deng, and H. Zhu, “Variations of Diffie-Hellman problem,” in Proc. 5th International Conference on Information and Communications Security, 2003, pp. 301– 312.
[13]J. Silverman, “The Xedni Calculus and the Elliptic Curve Discrete Logarithm Problem”, Designs, Codes and Cryptography, vol. 20, pp. 5–40,Apr. 2000. 
[14]D. He, S. Zeadally, N. Kumar, and W. Wei, “Efficient and anonymous mobile user authentication protocol using self-certified public key cryptography for multi-server architectures,” IEEE Transactions on Information Forensics and Security, vol. 11, no. 9, pp. 2052–2064, Sep. 2016.
[15]X. Xiong, D. Wong, and T. Deng, “TinyPairing: A fast and lightweight pairing-based cryptographic library for wireless sensor networks,” in Proc. Wireless Communications and Networking Conference (WCNC) , 2010, pp. 1–6.
[16]S. Chatterjee, A. Das, and J. Sing, “A novel and efficient user access control scheme for wireless body area sensor networks,” Elsevier Journal of King Saud University – Computer and Information Sciences, vol. 26 ,no. 2, pp. 181-201, Jul. 2014.