物聯網帶給人們生活的便利，同時也帶來資安威脅。由於物聯網設備配備有限的運算資源與能源，大多數都沒有加密通信傳輸，以及缺乏嚴謹身份驗證，導致攻擊者可輕易的加入網路中，並且對於訊息進行竊聽竄改並發起惡意攻擊，造成重大的資安危害。因此，如何在物聯網中同時達成安全防護與能源節省的兩項目標，是目前亟待解決的問題。
本研究基於設備的物理不可仿製功能(Physical Unclonable Function, PUF)以及可信任的第三方(Trust Third Party, TTP)，設計一套低耗能及低運算的雙向身份驗證機制，讓物聯網設備用較低計算量和耗能進行身份驗證，避免設備隨意加入物聯網，並且在完成驗證後，雙方建立彼此傳輸所使用的加密金鑰，以提供訊息傳遞的安全防護。對於疑似盜用金鑰的設備，提供一套可疑設備的身分驗證機制，讓管理端點可以辨別惡意設備和受害設備，以執行更進一步的處理。另外欲對設備進行韌體更新時，提供身分驗證機制，避免設備被植入惡意的韌體，成為攻擊者所控制的設備。最後透過邏輯分析以及實作，證明本機制的正確性以及可行性。

Although Internet of Things (IoT) has significantly enhanced people’s daily life, it comes with the price of security threats. IoT devices are vulnerable to security threats because they are equipped with limited resource and energy, conduct unencrypted communication, and do not enforce rigorous identification (ID) authentication. Therefore, figuring out how to provide security protection while minimizing energy consumption at the same time is a critical issue for the success of IoT. The goal of this project is to develop a network security defense scheme for IoT.
In this thesis, we design an ID two-way authentication scheme with low energy consumption and low computation requirements based on physical unclonable function (PUF) and trusted third party (TTP). The authentication scheme can prevent IoT from the malicious devices joining the network easily. After authenticating, the two parties can establish the session key to provide the communication security. Besides that, we design a detecting the impersonation attack scheme, which lets the management node recognize the victim device and the malicious device to conduct the further countermeasures. In addition, we propose an identity authentication scheme for firmware update to prevent the devices from malicious firmware injected. Finally, the correctness and feasibility of the proposed schemes are proved through logic analysis and implementation.

[1] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A Survey on Security and Privacy Issues in Internet-of-Things”, IEEE Internet of Things Journal, vol. 4, no. 5, October 2017
[2] Vangelis Gazis, “A Survey of Standards for Machine-to-Machine and the Internet of Things”, IEEE Communications Surveys & Tutorials, vol. 19, no. 1, First Quarter 2017
[3] O. Hahm, E. Baccelli, H. Petersen, and N. Tsiftes, “Operating Systems for Low-End Devices in the Internet of Things: A Survey”, IEEE Internet of Things Journal, vol. 3, no. 5, October 2016
[4] M. A. Razzaque, M. M. Jevric, A. Palade, and S. Clarke, “Middleware for Internet of Things: A Survey”, IEEE Internet of Things Journal, vol. 3, no. 1, February 2016
[5] L. Atzori, A. Iera , G. Morabito, “The Internet of Things: A survey”, Computer Networks, Volume 54, Issue 15, Pages 2787-2805, 28 October 2010
[6] News, Gartner, [Online].
Available: https://www.gartner.com/newsroom/id/3598917
[7] P.P. Ray, “A survey on Internet of Things architectures”, Journal of King Saud University – Computer and Information Sciences, 2016
[8] Li Da Xu , Wu He, and Shancang Li “Internet of Things in Industries: A Survey”, IEEE Transactions on Industrial Informatics, vol. 10, no. 4, November 2014
[9] Yanbo Wu, Quan Z. Sheng, and Sherali Zeadally, “RFID: Opportunities and Challenges”, Next-Generation Wireless Technologies, ch. 7, pp. 105–129, 2013
[10] A. Zanella, N. Bui, A. Castellani, L. Vangelista, and M. Zorzi, “Internet of Things for Smart Cities”, IEEE Internet of Things Journal, vol. 1, NO. 1, February 2014
[11] Mari Carmen Domingo, “An overview of the Internet of Things for people with disabilities”, Journal of Network and Computer Applications 35, 584–596, 2012
[12] International Business Machines Corporation (IBM), “MQTT V3.1 Protocol Specification”, 2010
[13] C. Bormann, A. P. Castellani, and Z. Shelby, “CoAP: An application protocol for billions of tiny Internet nodes,” IEEE Internet Comput., vol. 16, no. 2, pp. 62–67, Mar./Apr. 2012
[14] Z. Shelby, “The constrained application protocol,” Internet Engineer Task Force (IETF), Fremont, CA, USA, RFC 7252, 2014. [Online]. Available: https://tools.ietf.org/html/rfc7252
[15] Secure list 2017, Kaspersky.
Available: https://securelist.com/honeypots-and-the-internet-of-things/78751/
[16] The OWASP Top 10 IoT Vulnerabilities 2014.
Available: https://www.owasp.org/index.php/Top_IoT_Vulnerabilities
[17] B. Gassend, D. Clarke, M. van Dijk and S. Devadas, “Silicon Physical Random Functions”, In Proceedings of the Computer and Communication Security Conference, November 2002
[18] B. Gassend, D. Clarke, M. van Dijk, and S. Devadas “Controlled physical random functions”, In Proceedings of 18th Annual Computer Security Applications
[19] E. Rescorla and N. Modadugu, “Datagram transport layer security, Version 1.2,” RFC 6347, Internet Engineering Task Force (IETF), Jan. 2012
[20] P. Wouters, H. Tschofenig, J. Gilmore, S. Weiler, and T. Kivinen,“Using raw public keys in transport layer security (TLS) and datagram transport layer security (DTLS),” RFC 7250, Internet Engineering Task Force (IETF), Jun. 2014
[21] P. Eronen and H. Tschofenig, “Pre-shared key ciphersuites for transport layer security (TLS),” RFC 4279, Internet Engineering Task Force (IETF), Dec. 2005
[22] Yue Qiu and Maode Ma, “A Mutual Authentication and Key Establishment Scheme for M2M Communication in 6LoWPAN Networks”, IEEE Transactions on Industrial Informatics, vol. 12, no. 6, Dec. 2016
[23] A. G. Roselin, P. Nanda and S. Nepal, “Lightweight Authentication Protocol (LAUP) for 6LoWPAN Wireless Sensor Networks”, IEEE Trustcom / BigDataSE / ICESS, 2017
[24] E. Barker and A. Roginsky, “Recommendation for Cryptographic Key Generation,” NIST Spec. Publ. 800–133.
[25] M. Burrows, M. Abadi, R. Needham, “A Logic of Authentication”, ACM Transactions on Computer Systems, vol. 8, p. 18–36, 1990
[26] U. Ru¨hrmair, S. Devadas, and F. Koushanfar, ‘‘Security based on physical unclonability and disorder,’’ Introduction to Hardware Security and Trust, M. Tehranipoor and C. Wang, Eds. New York, NY, USA: Springer-Verlag, pp. 65–102, 2012
[27] A. Maiti et al., “Physical Unclonable Function and True Random Number Generator: A Compact and Scalable Implementation,” Proc. ACM Great Lakes Symp. VLSI (GLSVLSI 09), pp. 425–428, 2009
[28] Raspberry Pi 3,
https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/
[29] K.-F. Krentz, H. Rafiee, and C. Meinel, “6lowpan security: adding compromise resilience to the 802.15. 4 security sublayer,” in Proceedings of the International Workshop on Adaptive Security. ACM, p. 1, 2013
[30] S. Raza, D. Trabalza, and T. Voigt, “6lowpan compressed dtls for coap,” in Distributed Computing in Sensor Systems (DCOSS), 2012 IEEE 8th International Conference on. IEEE, pp. 287–289, 2012
[31] G. Edward Suh, S Devadas, “Physical Unclonable Functions for Device Authentication and Secret Key Generation”, in Proceedings of the 44th annual Design Automation Conference Pages 9-14
[32] Fu zhi Chu, Run Tong Zhang, Rong Qian Ni, and Wei Dai, “An Improved Identity Authentication Scheme for Internet of Things in Heterogeneous Networking Environments”, 16th International Conference on Network-Based Information Systems, 2013
[33] S. Raza, L. Seitz, D. Sitenkov, and G. Selander, “S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things”, IEEE Transactions on Automation Science and Engineering, vol. 13, no. 3, July 2016
[34] Z. Shelby, S. Chakrabarti, E. Nordmark, and C. Bormann, “Neighbor discovery optimization for IPv6 over low-power wireless personal area networks (6LoWPANs),” IETF RFC 6775, 2012
[35] M. Warnier, "Bilateral Key Exchange analysed in BAN logic," February 2002. [Online]. Available: http://homepage.tudelft.nl/68x7e/Papers/ bke.pdf. [Accessed 18 May 2014]