簡易檢索 / 詳目顯示
| 研究生: |
胡仁維 Hu, Jen-Wei |
|---|---|
| 論文名稱: |
基於區塊鏈技術之去中心化IoT安全與SDN網路管理系統 A Decentralized Blockchain-based IoT Security and SDN Network Management System |
| 指導教授: |
楊竹星
Yang, Chu-Sing |
| 學位類別: |
博士 Doctor |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2019 |
| 畢業學年度: | 108 |
| 語文別: | 英文 |
| 論文頁數: | 55 |
| 中文關鍵詞: | 區塊鏈 、軟體定義網路 、IoT 、智能合約 、網路管理 |
| 外文關鍵詞: | Blockchain, SDN, Internet of Things, Smart contract, Network management |
| 相關次數: | 點閱:95 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
根據最近的研究報告,全球物聯網 IoT 裝置的部署已經超過 700 萬個。
但隨著這些智慧設備裝置被快速地部署與不同應用的發展,也衍生出許多 IoT 相關的議題需克服,如效能、擴展性以及安全等。
最近越來越多網路攻擊的事件,是藉由入侵並控制這些智慧裝置來發動,這些攻擊事件讓 IoT 資安問題逐漸受到重視。
但由於大部分的 IoT 設備本身有硬體資源上的限制,且無法擁有較強的運算能力,讓 IoT 設備無法提供有效的安全機制來保護系統本身,
因此,開發一個能提供 IoT 設備安全且自主性地方式進行系統更新之機制是有其必要性。
而另一方面,我們也需考量 IoT 底層網路的管理,軟體定義網路 SDN 是ㄧ個新興的網路技術,能利用動態的方式,對管理的設備進行網路策略的部署與設定,其集中式的架構雖然擁有管理上的優點,然而也帶來額外的安全問題。此篇博士論文中,提出了一個基於區塊鏈技術之去中心化IoT安全與SDN網路管理系統,此系統結合了SDN與區塊鏈兩個網路技術,在 IoT 裝置的韌體更新機制,我們的方法可以確保所欲更新之韌體的完整性,並整合惡意程式的掃描來確保更新檔案之安全性,我們的系統也使用 peer-to-peer 的檔案儲存方式,藉此解決單一節點故障的問題,提高系統的可用率且能避免遭受 DDoS 的網路攻擊。此外,我們所提出的系統整合 SDN 框架來管理網路,並實現網路虛擬化服務,提高底層網路的安全與穩定。藉由區塊鏈技術的不可被竄改特性來更新與維護 SDN 控制器的網路控制規則。最後,我們針對提出的系統在傳輸效能、計算的成本、通訊的負擔並與現有系統進行分析與比較,實驗的結果顯示我們所提出的系統能透過安全與自動地更新機制加強 IoT 設備的安全性且藉由 SDN 提供一個更可靠的底層 IoT 網路環境。
According to a recent study, the IoT market currently has 7 billion connected devices worldwide. The rapid deployment in the number and diverse development of smart devices has raised the issues of efficiency, scalability, and security within the current IoT network. After a number of incidents where smart devices were compromised to attack the larger network, the importance of IoT security has brought increased attention. Since IoT devices are often resource-constrained and do not contain the compute resources necessary to implement strong security. As such, many IoT devices cannot offer advanced security features to protect themselves. Therefore, a mechanism through which the firmware of software of IoT devices can be securely and autonomously updated must be developed. On the other hand, to consider the underlying IoT network management, SDN is an emerging networking paradigm to vastly simplify policy enforcement and network reconfiguration in a dynamic manner. However, its centralized architecture takes obvious advantages but also brings additional security concerns. This dissertation proposes a decentralized blockchain-based IoT security and SDN network management system. This scheme combines the advantages of two emerging technologies: SDN and blockchain. The firmware update mechanism for IoT devices ensures integrity of firmware and enforces the scanning of malicious code. With a peer-to-peer file sharing system, our system enjoys high availability without the single failure point problem, mitigating the possibility of DDoS attacks. In addition, our system integrates a SDN framework to facilitate efficient management and realizes an on-demand network virtualization service to improve the security and stability of the entire network. Using the immutability of blockchain technology to securely update and monitor the flow rule tables in SDN controllers. We have evaluated the performance of our proposed scheme in terms of transmission throughput, computation costs, communication overhead, and comparison with the existing model with respect to various metrics. The results of our evaluation show that our proposed system is effective in strengthening IoT security and provides more reliable underlying IoT network.
[1] L. Chen, S. Thombre, K. Jarvinen, E. S. Lohan, A. AlenSavikko, H. Leppakoski, M. Z. H. Bhuiyan, S. BuPasha, G. N. Ferrara, S. Honkala, J. Lindqvist, L. Ruotsalainen, P. Korpisarri, and H. Kuuseniemi, “Robustness, Security and Privacy in LocationBased Services for Future IoT: A Survey,” IEEE Access, vol. 5, pp. 8956–8977, 2017.
[2] “State of the IoT 2018: Number of IoT Devices Now at 7B Market Accelerating.” https://iotanalytics.com, 2018.
[3] “Gartner Says 5.8 Billion Enterprise and Automotive IoT Endpoints Will Be in Use in 2020.” https://www.gartner.com/en/newsroom/pressreleases/20190829gartnersays58billionenterpriseandautomotiveio, 2019.
[4] M. T. Hammi, B. Hammi, P. Bellot, and A. Serhrouchni, “Bubbles of Trust: A Decentralized Blockchainbased Authentication System for IoT,” Computers and Security, vol. 78, pp. 126–142, 2018.
[5] P. K. Sharma, S. Singh, Y.S. Jeong, and J. H. Park, “DistBlockNet: A Distributed Blockchainsbased Secure SDN Architecture for IoT Networks,” IEEE Communications Magazine, vol. 55, no. 9, pp. 78–85, 2017.
[6] “Major DDoS Attacks on Dyn Bring Down Twitter, Spotify, and More.” https://cybersec.buzz/majorddosattacksdynbringtwitterspotify, 2016.
[7] Q. Yan, F. R. Yu, and Q. Gong, “SoftwareDefined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 602–622, 2016.
[8] “How SDN and Blockchain Can Help with IoT Privacy and Security.” https://www.networkcomputing.com/cloudinfrastructure/howsdnandblockchaincanhelpiotprivacyandsecurity, 2018.
[9] H. Chen, J. Yu, C. Hang, B. Zang, and P.C. Yew, “Dynamic Software Updating Using a Relaxed Consistency Model,” IEEE Transactions on Software Engineering, vol. 37, no. 5, pp. 679–694, 2011.
[10] “2018 International AntiBotnet Guide.” https://securingdigitaleconomy.org/wpcontent/uploads/2018/11/CSDEAntiBotnetReportfinal.pdf, 2018.
[11] C. M. Hayden, E. K. Smith, E. A. Hardisty, M. Hicks, and J. S. Foster, “Evaluating Dynamic Software Update Safety Using Systematic Testing,” IEEE Transactions on
Software Engineering, vol. 38, no. 6, pp. 1340–1354, 2012.
[12] “Internet of Things Security Best Practices.” https://internetinitiative.ieee.org, 2017.
[13] Y. Liu, Y. Kuang, Y. Xiao, and G. Xu, “SDNbased Data Transfer Security for Internet of Things,” IEEE Internet of Things Journal, vol. 5, no. 1, pp. 257–268, 2018.
[14] T. Theodorou and L. Mamatas, “CORALSDN: A softwaredefined Networking Solution for the Internet of Things,” in 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFVSDN), Nov. 2017.
[15] C. Tselios, I. Politis, and S. Kotsopoulos, “Enhancing SDN Security for IoTrelated Deployments through Blockchain,” in 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFVSDN), Nov. 2017.
[16] G. S. Aujla, R. Chaudhary, N. Kumar, A. K. Das, and J. J. P. C. Rodrigues, “SecSVA: Secure Storage, Verification, and Auditing of Big Data in the Cloud Environment,” IEEE Communications Magazine, vol. 56, pp. 78–85, 2018.
[17] R. Chaudhary, A. Jindal, G. S. Aujla, S. Aggarwal, N. Kumar, and K.K. R. Choo,“BEST: Blockchainbased Secure Energy Trading in SDNenabled Intelligent Transportation System,” Computers and Security, vol. 85, pp. 288–299, 2019.
[18] Q. Feng, D. He, S. Zeadally, M. K. Khan, and N. Kumar, “A Survey on Privacy Protection in Blockchain System,” Journal of Network and Computer Applications, vol. 15, pp. 45–58, 2019.
[19] K. Gai, K.K. R. Choo, and L. Zhu, “Blockchainenabled Reengineering of Cloud Datacenters,” IEEE Cloud Computing, vol. 5, pp. 21–25, 2018.
[20] A. AlFuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications,” IEEE Communications Surveys Tutorials, vol. 17, pp. 2347–2376, 2015.
[21] S. N. Swamy, D. Jadhav, and N. Kulkarni, “Security Threats in the Application Layer in IoT Applications,” in 2017 International Conference on ISMAC (IoT in Social, Mobile, Analytics and Cloud) (ISMAC), Oct. 2017.
[22] S. Kuklinski and P. Chemouil, “Network Management Challenges in Softwaredefined Networks,” IEICE Transactions on Communications, vol. E97B, no. 1, pp. 2–9, 2014.
[23] S. Schaller and D. Hood, “Software Defined Networking Architecture Standardization,” Computer Standards and Interfaces, vol. 54, pp. 197–202, 2017.
[24] V. Gatteschi, F. Lamberti, C. Demartini, C. Pranteda, and V. Santamaría, “To Blockchain or Not to Blockchain: That Is the Question,” IT Professional, vol. 20, no. 2, pp. 62–74, 2018.
[25] S. Nakamoto, “Bitcoin: A Peertopeer Electronic Cash System.” https://bitcoin.org/bitcoin.pdf, 2008.
[26] B. Lee and J.H. Lee, “Blockchainbased Secure Firmware Update for Embedded Devices in an Internet of Things Environment,” The Journal of Supercomputing, vol. 73, no. 3, pp. 1152–1167, 2017.
[27] B.C. Choi, S.H. Lee, J.C. Na, and J.H. Lee, “Secure Firmware Validation and Update for Consumer Devices in Home Networking,” IEEE Transactions on Consumer Electronics, vol. 62, pp. 39–44, 2016.
[28] G. Jurkovic and V. Sruk, “Remote Firmware Update for Constrained Embedded Systems,” in 2014 37th IEEE International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Jul. 2014.
[29] L. Kvarda, P. Hnyk, L. Vojtech, Z. Lokaj, M. Neruda, and T. Zitta, “Software Implementation of a Secure Firmware Update Solution in an IoT Context,” Journal of Advances in Electrical and Electronic Engineering, vol. 14, no. 4, pp. 389–396, 2016.
[30] H. Lu, N. Arora, H. Zhang, C. Lumezanu, J. Rhee, and G. Jiang, “Hybnet: Network Manager for A Hybrid Network Infrastructure,” in Proceedings of the Industrial Track of the 13th ACM/IFIP/USENIX International Middleware Conference, pp. 1–6, 2013.
[31] D. Drutskoy, E. Keller, and J. Rexford, “Scalable Network Virtualization in Software-defined Networks,” IEEE Internet Computing, vol. 17, no. 2, pp. 20–27, 2013.
[32] D. Y. Huang, K. Yocum, and A. C. Snoeren, “Highfidelity Switch Models for Software-defined Network Emulation,” in HotSDN ’13 Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 43–48, 2013.
[33] T. Koponen, M. Casado, N. Gude, J. Stribling, L. Poutievski, M. Zhu, R. Ramanathan, Y. Iwata, H. Inoue, T. Hama, and S. Shenker, “Onix: A Distributed Control Platform for Largescale Production Networks,” in OSDI’10 Proceedings of the 9th USENIX conference on Operating systems design and implementation, pp. 351–364, 2010.
[34] A. Tootoonchian and Y. Ganjali, “HyperFlow: A Distributed Control Plane for OpenFlow,” in Proceedings of the 2010 internet network management conference on Research on enterprise networking, p. 3, 2010.
[35] S. Bhowmik, M. A. Tariq, B. Koldehofe, A. Kutzleb, and K. Rothermel, “Distributed Control Plane for Softwaredefined Networks: A Case Study Using Eventbased Middleware,” in DEBS ’15 Proceedings of the 9th ACM International Conference on Distributed EventBased Systems, pp. 92–103, 2015.
[36] N. Kshetri, “Blockchain’s Roles in Strengthening Cybersecurity and Protecting Privacy,” Telecommunications Policy, vol. 41, no. 10, pp. 1027–1038, 2017.
[37] D. Hankerson, A. J. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography. SpringerVerlag New York, 2004.
[38] D. Boneh, B. Lynn, and H. Shacham, “Short Signatures from the Weil Pairing,” Journal of Cryptology, vol. 17, no. 4, pp. 297–319, 2004.
[39] M. Scott, “Computing the Tate Pairing,” in CTRSA’05 Proceedings of the 2005 international conference on Topics in Cryptology, pp. 293–304, 2005.
[40] S. Lucks, “Design Principles for Iterated Hash Functions,” IACR Cryptology ePrint
Archive, vol. 253, pp. 1–22, 2004.
[41] “Open vSwitch.” http://openvswitch.org, 2018.
[42] “Lagopus Switch: A Highperformance Software OpenFlow 1.3 Switch.” https://lagopus.github.io, 2018.
[43] A. AlShabibi, M. De Leenheer, M. Gerola, A. Koshibe, G. Parulkar, E. Salvadori, and B. Snow, “OpenVirteX: Make Your Virtual SDNs Programmable,” in HotSDN ’14 Proceedings of the third workshop on Hot topics in software defined networking, pp. 25–30, 2014.
[44] J. Matias, M. Alaitz, N. Toledo, B. Tornero, and E. Jacob, “The EHUOEF: An OpenFlowbased Layer2 Experimental Facility,” Computer Networks, vol. 63, pp. 101–127, 2014.
[45] J. Benet, “IPFScontent Addressed, Versioned, P2P File System,” arXiv preprint arXiv:1407.3561, 2014.
[46] “ProofofAuthority.” https://en.bitcoinwiki.org/wiki/ProofofAuthority, 2019.
[47] “VirusTotal: A Free Online Service That Analyzes Files and URLs.” https://www.virustotal.com, 2019.
[48] T. Dryja and J. Poon, “The Bitcoin Lightning Network: Scalable Offchain Instant Payments.” http://lightning.network/lightningnetworkpaper.pdf, 2015.
[49] E. K. Lua, J. Crowcroft, M. Pias, R. S. Sharma, and S. Lim, “A Survey and Comparison of Peertopeer Overlay Network Schemes,” IEEE Communications Surveys and Tutorials, vol. 7, no. 2, pp. 72–93, 2005.
[50] M. Rosenfeld, “Analysis of Hashratebased Double Spending,” arXiv preprint
arXiv:1402.2009, 2014.
[51] “South Korea Says It Misidentified Source of Cyberattack.” http://www.nytimes.com/2013/03/23/world/asia/southkoreasaysitmisidentifiedsourceofcyberattack.html, 2013.
[52] “3.20 South Korea Cyber Attack.” http://www.nshc.net/wp/redalertreporteng/, 2013.
[53] C. Dannen, Introducing Ethereum and Solidity. Apress, Berkeley, CA, 2017.
[54] E. Barker and A. Roginsky, “Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths,” tech. rep., National Institute of Standards and Technology, 2011.
[55] R. Lu, X. Liang, X. Li, X. Lin, and X. Shen, “EPPA: An Efficient and Privacy Preserving Aggregation Scheme for Secure Smart Grid Communications,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 9, pp. 1621–1631, 2012.
校內:2024-12-27公開校外:2024-12-27公開