物聯網是一種由大量聯網裝置所組成的新型態網路架構。這些聯網裝置有時會自動建立彼此間的關係，藉以合作提供服務，而這種強調裝置間關係的物聯網稱為社群物聯網。如同傳統物聯網一樣，社群物聯網由大量資源受限的裝置所組成，因此容易面臨各種不同型態的安全威脅。然而，由於社群物聯網中傳送的資料常常較為敏感或私密，因此更需要一個全面性的安全管理系統來保護社群物聯網中的網路安全。

為了達到這個目的，本論文提出一個能實用於社群物聯網的安全管理系統。此系統由兩個核心概念所組成：增強型圖形化零知識證明流程與社群物聯網信任評估方法，藉此來對社群物聯網中所有的安全面向提供保護。跟傳統的安全防護機制相比，圖形化零知識證明流程可以用更低的運算量達到更安全的保護，因此更適用於社群物聯網中。不過圖形化零知識證明流程的缺點是傳輸消耗過高，因此本論文首先提出能在同樣安全水平下消耗更少運算與傳輸資源的增強型圖形化零知識證明流程。基於這樣的流程，本安全管理系統提出了五大安全機制，藉以對X.805標準中定義的各個安全面向提供保護。其次，本論文所提出的社群物聯網信任評估方法將參考各種環境資訊，如：裝置間的關係，以訂定適合當前環境的安全需求，最後再依據這些安全需求來決定系統內所有安全機制的執行參數。

由實驗結果可知，本論文所提出之方法在效能上都會比原圖形化零知識證明流程快了至少三倍以上，更比傳統的安全防護機制快了將近十倍。而在傳輸方面，本方法也比原圖形化零知識證明流程減少了三倍以上的傳輸量。由此可知，本篇論文所提出之基於零知識原理之情境感知社群物聯網安全管理系統比其他現有方法更適用於社群物聯網的環境中。

Internet of Things (IoT) is an emerging network technology composed of thousands IoT devices. Sometimes, IoT devices would automatically establish their relationship to cooperatively provide services, and this kind of IoT is called Social IoT (SIoT). Similar to IoT, SIoT is vulnerable to all kinds of security threats because most devices are resource-constrained. However, the data transmitted in SIoT are usually sensitive, and thus providing a comprehensive security management system for SIoT is essential.

To this end, the thesis would like to propose a practical security management system using two core concepts, Enhanced Graph-based Zero-knowledge Proof (E-GZKP) procedure and Social IoT Trust Evaluation method, to protect all security dimensions in SIoT. Compared to traditional security mechanisms, the Graph-based Zero-knowledge Proof (GZKP) scheme is more secure with lower computation overheads, which is more practical in SIoT. However, the transmission overhead of GZKP is too high to use. Thus, this thesis proposes E-GZKP, which can reduce the computation and transmission overheads of ZGKP under the same security level. Based on E-GZKP, five security mechanisms in the proposed system can be used to protect all security dimensions defined in X.805. Moreover, the Social IoT Trust Evaluation refers to several contexts, including relationships between devices, is then proposed to derive security requirements in this environment. Considering security requirements, a suitable security configuration of all mechanisms can be obtained.

The experiment results show that the proposed system is at least 3 times faster than GZKP, and even 10 times faster than traditional security mechanisms. In the transmission overheads, E-GZKP also reduces 3 times network traffic than GZKP. Thus, the proposed Context-aware Zero-knowledge Security Management System is more feasible in the SIoT environment.

[ADA10] Sibel Adali, Robert Escriva, Mark K. Goldberg, Mykola Hayvanovych, “Measuring Behavioral Trust in Social Networks,” 2010 IEEE International Conference on Intelligence and Security Informatics (ISI), 2010.
[ANS05] ANSI X9.62-2005, American National Standard for Financial Services, “The Elliptic Curve Digital Signature Algorithm (ECDSA),” 2005.
[ATZ12] Luigi Atzoria, Antonio Ierab, Giacomo Morabitoc, Michele Nitti, “The Social Internet of Things (SIoT) – When Social Networks Meet the Internet of Things: Concept, Architecture and Network Characterization,” Computer Networks, Vol. 56, No. 16, pp. 3594-3608, 2012.
[BAR07] Elaine B. Barker, Don Johnson, Miles E. Smid, “Recommendation for Pair-Wise Key Establishment Using Discrete Logarithm Cryptography,” Special Publication (NIST SP) - 800-56A Rev, 2007.
[BUR06] Mike Burmester, Yvo Desmedt, “A Secure and Efficient Conference Key Distribution System,” Lecture Notes in Computer Science, Vol. 950, pp. 275-286, 2006.
[CHA11] Ioannis Chatzigiannakis, Apostolos Pyrgelis, Paul G. Spirakis, Yannis C. Stamatiou, “Elliptic Curve Based Zero Knowledge Proofs and their Applicability on Resource Constrained Devices,” IEEE Eighth International Conference on Mobile Ad-Hoc and Sensor Systems, pp. 715-720, 2011.
[CHE12] Szu-Ying Chen, Yau-Hwang Kuo, "Trust Evaluation for Opportunistic Networks," 2012.
[CHE15] Ing-Ray Chen, Fenye Bao, Jia Guo, “Trust-based Service Management for Social Internet of Things Systems,” IEEE Transactions on Dependable and Secure Computing, Vol. PP, No.99, pp. 1-1, 2015.
[CHU11] I-Hsun Chuang, Chou-Ting Hsieh, Yau-Hwang Kuo, “An Adaptive Cross-layer Design Approach for Network Security Management,” 2011 13th International Conference on Advanced Communication Technology (ICACT), pp. 1085-1089, 2011.
[CIS] Cisco, “The Internet of Things,” Available: http://share.cisco.com/internet-of-things.html.
[DAE99] Joan Daemen, Vincent Rijmen, “AES Proposal: Rijndael,” 1999.
[DIF76] Whitfield Diffie, Martin Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. 22, No. 6, pp. 644-654, 1976.
[FLO14] Pádraig Flood, Michael Schukat, “Peer to Peer Authentication for Small Embedded Systems: A Zero-knowledge-based Approach to Security For the Internet of Things,” 10th International Conference on Digital Technologies (DT), pp. 68-72, 2014.
[GOL85] Shafi Goldwasser, Silvio Micali, Charles Rackoff, “The Knowledge Complexity of Interactive Proof-systems,” Proceedings of 17th Ann. ACM Symposium on Theory of Computing, pp. 291-304, 1985.
[GOL86] Oded Goldreich, Silvio Micali, Avi Wigderson, “Proofs that Yield Nothing But Their Validity or All Languages in NP Have Zero-Knowledge Proof Systems,” Journal of the ACM, Vol. 38, No. 3, pp. 691-729, 1986.
[GOL87] Oded Goldreich, Silvio Micali, Avi Wigderson, “How to Prove All NP Statements in Zero-Knowledge and a Methodology of Cryptographic Protocol Design (Extended Abstract),” Lecture Notes in Computer Science, pp. 171-185, 1987.
[HUA10] Dijiang Huang, Zhibin Zhou, Xiaoyan Hong, Mario Gerla, “Establishing Email-Based Social Network Trust for Vehicular Networks,” 2010 7th IEEE Consumer Communications and Networking Conference, 2010.
[HUQ13] Wang Huqing, Sun Zhixin, “Research on Zero-knowledge Proof Protocol,” International Journal of Computer Science Issues, IJCSI, Vol. 10, No. 1, pp. 194-200, 2013.
[ITU05] International Telecommunication Union, “ITU Internet Reports 2005: The Internet of Things,” 2005.
[KEO14] Sye Loong Keoh, Sandeep S. Kumar, Hannes Tschofenig, “Securing the Internet of Things: A Standardization Perspective,” IEEE Internet of Things Journal, Vol. 1, NO. 3, pp. 265-275, 2014.
[LEN00] Arjen K. Lenstra, Eric R. Verheul, “Selecting Cryptographic Key Sizes,” Lecture Notes in Computer Science, Vol. 1751, pp. 446-465, 2000.
[LI10] Mingming Li, Jianbin Hu, Jiang Du, “A Data-Centric Trust Evaluation Mechanism in Wireless Sensor Networks,” 2010 Ninth International Symposium on Distributed Computing and Applications to Business Engineering and Science (DCABES), 2010.
[MAC14] Kenneth MacKay, “Micro-ecc Library,” 2014, Available: https://github.com/kmackay/micro-ecc.

[MAO03] Wenbo Mao, “Modern Cryptography: Theory and Practice,” Prentice-Hall, pp. 672-722, 2003.
[MOH12] Seyed Mohammad, Hossein Moossavizadeh, Mehran Mohsenzadeh, Nasrin Arshadi, “A New Approach to Measure Believability Dimension of Data Quality,” Management Science Letters, Vol. 2, No. 7, pp. 2565-2570, 2012.
[MTI11] Abderrahmen Mtibaa, Khaled A. Harras, “Social-Based Trust in Mobile Opportunistic Networks,” 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), 2011.
[NIST] National Institute of Standards and Technology, “NIST Recommendation,” 2012.
[NIT14] Michele Nitti, Roberto Girau, Luigi Atzori, “Trustworthiness Management in the Social Internet of Things,” IEEE Transaction on Knowledge and Data Engineering, Vol. 26, No. 5, pp. 1253-1266, 2014.
[NIT15] Michele Nitti, Luigi Atzori, Irena Pletikosa Cvijikj, “Friendship Selection in the Social Internet of Things: Challenges and Possible Strategies,” IEEE Internet of Things Journal, Vol. 2, No. 3, pp. 240-247, 2015.
[RAY08] Maxim Raya, Panagiotis Papadimitratos, Virgil D. Gligor, Jean-Pierre Hubaux, “On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks,” 2008 INFOCOM The 27th IEEE Conference on Computer Communications, 2008.
[ROM11] Rodrigo Roman, Pablo Najera, Javier Lopez, “Securing the Internet of Things,” Computer, pp. 51-58, 2011
[SCH91] Claus Peter Schnorr, “Efficient Signature Generation by Smart Cards,” Journal of Cryptology, Vol. 4, No. 3, pp. 161-174, 1991.
[TRI10] Sacha Trifunovic, Franck Legendre, Carlos Anastasiades, “Social Trust in Opportunistic Networks,” 2010 INFOCOM IEEE Conference on Computer Communications Workshops, pp. 1-6, 2010.
[WAN96] Richard Y. Wang, Diane M. Strong, “Beyond accuracy: What Data Quality Means to Data Consumers,” Journal of Management Information Systems, Vol. 12, No. 4, pp. 5-33, 1996.
[X.800] CCITT X.800, “Security Architecture for Open Systems Interconnection for CCITT Applications,” 1991.
[X.805] ITU-T X.805, “Security Architecture for System Providing End-to-end Communications,” 2003.