簡易檢索 / 詳目顯示

回結果列表
研究生: 郭冠里
Kuo, Kuan-Li
論文名稱: 物聯網家用閘道器之資安風險評估與案例研究
Security Risk Assessment and Case Study of IoT Home Gateway
指導教授: 侯廷偉
Hou, Ting-Wei
學位類別: 碩士
Master
系所名稱: 工學院 - 工程科學系
Department of Engineering Science
論文出版年: 2017
畢業學年度: 105
語文別: 中文
論文頁數: 54
中文關鍵詞: 物聯網資訊安全技術共同評估準則保護剖繪家庭閘道器資訊安全
外文關鍵詞: Internet of Things, Common Criteria, Protection Profile, Home gateway, Security
相關次數: 點閱:171下載:18
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 資訊技術安全評估共同準則(Common Criteria,CC)是為資訊安全產品評估與檢驗所遵循之標準。保護剖繪(Protection Profile,PP)則是在共同準則之內的安全組件,其針對特定環境內的威脅做出安全性的需求描述。
    目前共同準則所公佈的保護剖繪中,有針對許多主題做出安全需求的規範,如:智慧卡、作業系統、資料庫管理系統等,但其中並無為物聯網家用閘道器所量身打造之規範。因此本論文將依循共同準則之規範,為物聯網家用閘道器制定一個專屬的保護剖繪,希望能夠藉此提升此類閘道器之安全性與可靠性。
    本論文在最後亦提供兩則案例分析,來探討嵌入式裝置與市售的家庭閘道器其安全性,並針對其弱點做出相對應的解釋與因應說明。

    In recent years, the Common Criteria published Protection Profiles on requirements of Smart Card, Operating System and Database Management Systems etc. But there is no one for the IoT Home Gateway. Therefore, this research follows the Common Criteria specification and tries to define Protection Profile for the IoT Home Gateway, to enhance the security and reliability of such devices. Studies of two cases are experimented on the safety issues of an embedded device which could be used as a platform of an IoT home gateway, and an off-the-shelf IoT Home Gateway. The threats are also identified.

    摘要 I Extended Abstract II 誌謝 IX 目錄 X 表目錄 XII 圖目錄 XIII 第一章 序論 1 1.1 研究背景 1 1.2 研究動機與目的 1 1.3 章節概述 3 第二章 相關背景 4 2.1 物聯網資安議題與物聯網家用閘道器 4 2.2 資訊技術安全評估共同準則 5 2.3 保護剖繪 11 2.4 開放網路軟體安全計畫 12 第三章 家用閘道器之保護剖繪制定 23 3.1 PP介紹(AFT_INT) 23 3.2 符合性聲明(APE_CCL) 24 3.3 安全問題定義(APE_SPD) 25 3.4 安全目標(APE_OBJ) 27 3.5 延伸組件定義(APE_ECD) 33 3.6 安全需求 34 3.7 小結 40 第四章 案例分析 41 4.1實驗室IoT Gateway測試 41 4.2市售閘道器測試 46 4.3小結 49 第五章 結論 50 5.1 結論 50 5.2 未來展望 51 參考文獻 52

    [1] Qi JingAthanasios V. VasilakosJiafu WanEmail authorJingwei LuDechao Qiu, (2014) “Security of the Internet of Things: perspectives and challenges”, SpringerLink, Vol.20, Issue 8, pp.2481-2501, Nov, 2015.
    [2] S. Sicari, A. Rizzardi a, L.A. Grieco, A. Coen-Porisini a, (2015) “Security, privacy and trust in Internet of Things: The road ahead”, ScienceDirect, Vol.76, pp.146-164, Jan, 2015.
    [3] Xin Huang, Paul Craig, Hangyu Lin, Zheng Yan,(2016)“SecIoT: a security framework for the Internet of Things”, Wiley Online Library, Vol.9, Issue 16, pp.3083-3094, Nov, 2016.
    [4] Marie-Helen Maras,(2015) “Internet of Things: security and privacy implications”, International Data Privacy Law, Vol.5, No.2, pp.99-104, Mar, 2015.
    [5] Saurabh SinghPradip Kumar SharmaSeo Yeon MoonJong Hyuk ParkEmail author,(2017)“i-SHSS: An IoT Based Smart Home Security System”, SpringerLink, Vol.448 , pp.303-306, May, 2017.
    [6] Verizon Data Breach Digest IoT Calamity: the Panda Monium. [Online]. Available: http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-sneak-peek_xg_en.pdf [Access: 24-July-2017]
    [7] Shancang Li, Theo Tryfonas, Honglei Li,(2016)”The Internet of Things: a security point of view”, Internet Research, Vol.26, Issue.2, pp.337-359, Apr, 2016.
    [8] IoT market segments – Biggest opportunities in industrial manufacturing, [Online]. Available: https://iot-analytics.com/iot-market-segments-analysis/ [Access: 22-July-2017]
    [9] Common Criteria, [Online]. Available:
    http://www.commoncriteriaportal.org [Access: 18-July-2017]
    [10] ISO/IEC 15408-1:2009, [Online]. Available: https://www.iso.org/standard/50341.html [Access: 26-July-2017]
    [11] “Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 201=¸ o, Up 31 Percent From 2016”, [Online]. Available: http://www.gartner.com/newsroom/id/3598917 [Access: 25-July-2017]
    [12] “Hacking into Internet Connected Light Bulbs”, [Online]. Available:
    https://www.contextis.com/resources/blog/hacking-internet-connected-light-bulbs/ [Access: 25-July-2017]
    [13] Maire O’Neill,(2016)“Insecurity by Design: Today's IoT Device Security Problem.”Engineering, Vol.2, Issue.1, pp.48-49, Mar, 2016.
    [14] Jung Tae Kim,(2015)“Requirement of Security for IoT Application based on Gateway System”, International Journal of Security and Its Applications, Vol.9, No.10, pp.201-208, Oct, 2015.
    [15] OWASP, [Online]. Available:
    https://www.owasp.org/index.php/Main_Page [Access: 26-July-2017]
    [16] Top 10 2017 – OWASP, [Online]. Available:
    https://www.owasp.org/index.php/Top_10_2017 [Access: 26-July-2017]
    [17] Category:OWASP AntiSamy Project , [Online]. Available:
    https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project [Access: 27-July-2017]
    [18] OWASP Internet of Things Project, [Online]. Available:
    https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project [Access: 26-July-2017]
    [19] Top 10 IoT Vulnerabilities (2014), [Online]. Available:
    https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014) [Access: 26-July-2017]
    [20] OWASP Cloud Top 10, [Online]. Available:
    https://www.owasp.org/index.php/Category:OWASP_Cloud_%E2%80%90_10_Project [Access: 27-July-2017]
    [21] OWASP Mobile TOP 10, [Online]. Available:
    https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Top_10_Mobile_Risks [Access: 27-July-2017]
    [22] Apache Tomcat 7.0.56 Vulnerability Statistics, [Online]. Available:
    http://www.cvedetails.com/version/183540/Apache-Tomcat-7.0.56.html [Access: 29-July-2017]

    下載圖示 校內:2019-08-31公開
    校外:2019-09-01公開
    QR CODE