簡易檢索 / 詳目顯示

研究生: 吳建緯
Wu, Jian-Wei
論文名稱: 物聯網之安全及隱私保護身分認證機制
A Secure Identity Authentication and Privacy-Preserving Scheme for IoT
指導教授: 林輝堂
Lin, Hui-Tang
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2020
畢業學年度: 108
語文別: 英文
論文頁數: 78
中文關鍵詞: 物聯網身分認證物理不可仿造功能隱私保護
外文關鍵詞: Internet of things, identity authentication, physical unclonable function, privacy-preservation
相關次數: 點閱:155下載:6
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 物聯網(IoT)的出現帶來了許多的利益與應用,使得物聯網設備廣泛地被使用並且被設置在生活周遭。但是物聯網設備的一些特性產生了一些安全議題,並使得傳統網路的身份驗證不適合用於物聯網。這些安全議題分別是設備缺少隱私保護以及會遭受物理攻擊(physical attack)和克隆攻擊(cloning attack)。如果在身分認證中未考量這些問題,這將會導致在這個環境下的成員遭受攻擊。因此在物聯網的環境下設計新穎的身份認證方案是一項重大挑戰。
    為了解決這個問題,我們提出了一種基於物理不可克隆功能(PUF)的物聯網之安全及隱私保護身分認證機制。安全分析表明我們的方法對各種安全問題具有較強的強健性。性能分析則表明我們的方法可以符合物聯網設備資源受限的需求。

    The development of the Internet of Things (IoT) has brought many benefits and applications, and these IoT devices are used and set around our lives widely. However, these characteristics of IoT devices generate some security issues for IoT. These security issues make the identity authentication of traditional networks be unsuitable for the IoT. The security issues are lack of privacy-preservation and the occurrence of physical attack and cloning attack, respectively. If identity authentication doesn't consider these security issues, the attacker will crack the identity authentication scheme and then cause the IoT to be attacked. Therefore, design of novel identity authentication scheme is a significant challenge.
    To address these issues, we propose a secure identity authentication and privacy-preserving scheme based on physical unclonable function (PUF). The security analysis shows that it is robust against different security issues. The performance analysis shows our scheme can meet the resource-constrained IoT device.

    摘要......I Abstract......II Acknowledgements......I Contents......IV List of Figures......VII List of Tables......IX Chapter 1......1 Introduction......1 1.1 Overview......1 1.2 Identity authentication......3 1.3 Internet of Things......4 1.4 IoT Architecture......5 1.4.1 Perception Layer......5 1.4.2 Network Layer......6 1.4.3 Application Layer......6 1.5 Security Issues in the IoT......6 1.6 Physical Unclonable Function......7 1.7 CRPs Leak Problem......8 1.8 Motivation......9 1.9 Objective......10 1.10 Thesis Outline......10 Chapter 2......11 Related Works......11 2.1 Network Environment......12 2.2 Identity Authentication......12 2.2.1 Mutual authentication in IoT systems using physical unclonable functions......13 2.2.2 Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices......14 2.2.3 Two-Factor Authentication for IoT with Location Information......17 Chapter 3......20 A Secure Identity Authentication and Privacy-Preserving Scheme for IoT......20 3.1 Network Environment......21 3.2 Assumption......21 3.3 Registration......23 3.4 Proposed Scheme......23 3.4.1 Normal procedure......24 3.4.1.1 Protocol 1: Identity authentication for new device......24 3.4.1.2 Protocol 2: CRP update......27 3.4.1.3 Protocol 3: Identity authentication for firmware update......30 3.4.2 Resynchronizing procedure......36 3.4.2.1 Protocol 1: Identity authentication for new device......36 3.4.2.2 Protocol 2: CRP update......38 Chapter 4......40 Security Analysis......40 4.1 BAN Logical......41 4.1.1 Notation......41 4.1.2 Postulates......41 4.1.3 Analysis of the identity authentication for new devices......42 4.1.4 Analysis of CRP update......45 4.1.5 Analysis of identity authentication for firmware update......48 4.2 Security Comparison with existing authentication protocols based on PUF......52 Chapter 5......54 Performance Analysis......54 5.1 Computational Cost......55 5.2 Computational Complexity......56 5.3 Communication Overhead......57 5.4 Storage Overhead......59 Chapter 6......60 Experiment......60 6.1 Experimental environment......61 6.2 Protocol 1: Identity authentication for new device......61 6.3 Protocol 2: CRP update......65 6.4 Protocol 3: Identity authentication for firmware update......68 Chapter 7......73 Conclusion......73 Bibliography......75

    [1]IoT Analytics. (2018). State of the IoT 2018: Number of IoT devices now at 7B – Market accelerating. Available: https://iot-analytics.com/state-of-the-iot-update-q1-q2-2018-number-of-iot-devices-now-7b/
    [2]Muhammad Bilal, “A Review of Internet of Things Architecture, Technologies and Analysis Smartphone-based Attacks Against 3D printers,” arXiv Prepr, vol.1708, no. 04560, pp. 1-21, 2017.
    [3]Roozbeh Derakhshan, Maria E. Orlowska, and Xue Li, “RFID data management: challenges and opportunities,” 2007 IEEE International Conference on RFID, pp. 175-182, 2007.
    [4]Angel Polo et al., “Enhanced rate physical layer for Bluetooth™ low energy,” U.S. Patent, vol. 9, no. 408, pp.147, 2016.
    [5]Erik Dahlman, Stefan Parkvall, and Johan Skold, “4G: LTE/LTE-advanced for mobile broadband,” Academic press, 2013.
    [6]Cheng-Xiang Wang et al., “Cellular architecture and key technologies for 5G wireless communication networks,” IEEE communications magazine, vol. 52, no 2, pp. 122-130, 2014.
    [7]Deepak Vasisht, Swarun Kumar, Dina. Katabi, “Decimeter-level localization with a single WiFi access point,” In 13th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 16), pp. 165-178, 2016.
    [8]P. Eronen and H. Tschofenig,“Pre-shared key ciphersuites for transport layer security (TLS),”RFC 4279, 2005.
    [9]Samuel Weiler et al., “Using raw public keys in transport layer security (TLS) and datagram transport layer security (DTLS),” RFC 7250, 2014.
    [10]Ulrich Rührmair, and Daniel E. Holcomb, “PUFs at a glance,” Proceedings of the conference on Design, Automation & Test in Europe. European Design and Automation Association, pp. 347, 2014.
    [11]G. Edward Suh and Srinivas Devadas, “Physical unclonable functions for device authentication and secret key generation,” 2007 44th ACM/IEEE Design Automation Conference, pp. 9-14, 2007.
    [12]Daniel E. Holcomb, Wayne P. Burleson, and Fu. Kevin, “Power-up SRAM state as an identifying fingerprint and source of true random numbers,” IEEE Transactions on Computers, vol. 58.9, pp. 1198-1210, 2008.
    [13]Sandeep S. Kumar et al., “The butterfly PUF protecting IP on every FPGA,” 2008 IEEE International Workshop on Hardware-Oriented Security and Trust, pp. 67-70, 2008.
    [14]Shahin Tajik, et al. “Physical characterization of arbiter PUFs,” International Workshop on Cryptographic Hardware and Embedded Systems, pp. 493-509, 2014.
    [15]Muhammad Naveed Aman, Kee Chaing Chua, and Biplab Sikdar, “Mutual authentication in IoT systems using physical unclonable functions,” IEEE Internet of Things Journal, vol. 4, no. 5, pp. 1327-1340, 2017.
    [16]Prosanta Gope and Biplab Sikdar,“Lightweight and Privacy-Preserving Two-Factor Authentication Scheme for IoT Devices,” IEEE Internet of Things Journal, vol. 6, no. 1, pp. 580-589, 2018.
    [17]Muhammad Naveed Aman, Mohamed Haroon Basheer, and Biplab Sikdar, “Two-Factor Authentication for IoT with Location Information,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 3335-3351, 2018.
    [18]Anuj Sehgal et al., “Management of resource constrained devices in the internet of things,” IEEE Communications Magazine, vol. 50, no. 12, pp. 144-149, 2012.
    [19]Shahid Raza et al., “S3K: Scalable security with symmetric keys—DTLS key establishment for the Internet of Things,” IEEE Transactions on Automation Science and Engineering, vol. 13, no. 3, pp. 1270-1280, 2016.
    [20]S. Guilley and R. Pacalet, “SoCs security: A war against side-channels,” Annales des télécommunications, vol. 59, no. 7-8, pp. 998-1009, 2004.
    [21]Joo Guan Ooi and Kok Horng Kam, “A proof of concept on defending cold boot attack,” 2009 1st Asia Symposium on Quality Electronic Design, pp. 330-335, 2009.
    [22]Xi Chen, Robert P. Dick, and Alok Choudhary, “Operating system controlled processor-memory bus encryption,” 2008 Design, Automation and Test in Europe, pp. 1154-1159, 2008.
    [23]Yevgeniy Dodis, et al., “Robust fuzzy extractors and authenticated key agreement from close secrets,” Annual International Cryptology Conference, pp. 232-250, 2006.
    [24]Martin Sauter, “From GSM to LTE: an introduction to mobile networks and mobile broadband,” John Wiley & Sons, 2010.
    [25]J. Zornoza et al., “Merging smart wearable devices and wireless mesh networks for collaborative sensing,” 2017 32nd Conference on Design of Circuits and Integrated Systems (DCIS), pp. 1-6, 2017.
    [26]M. Burrows, M. Abadi, R. Needham, “A Logic of Authentication,” Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences, vol. 426, no. 1871, pp. 233-271, 1989.
    [27]Hugo Krawczyk, Mihir Bellare, and Ran Canetti, “HMAC: Keyed-hashing for message authentication,” RFC 2104, 1997.
    [28]Shay Gueron, Simon Johnson, and Jesse Walker, “SHA-512/256,” 2011 Eighth International Conference on Information Technology: New Generations, pp. 354-358, 2011.
    [29]Pete Chown, “Advanced encryption standard (AES) ciphersuites for transport layer security (TLS),” RFC 3268, 2002.
    [30]Neal Koblitz, “Elliptic curve cryptosystems,” Mathematics of computation, vol. 48, no. 177, pp. 203-209, 1987.
    [31]Vincent van der Leest et al., “Efficient Implementation of True Random Number Generator Based on SRAM PUFs,” Cryptography and Security: From Theory to Applications, pp. 300-318, 2012.
    [32]Simona Buchovecka et al., “True random number generator based on ring oscillator PUF circuit,” Microprocessors and Microsystems, vol. 53, pp. 33-41, 2017.

    下載圖示 校內:2024-01-30公開
    校外:2024-01-30公開
    QR CODE