叢集式無線感測網路之遠程證實協定研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：49

、訪客IP：3.145.68.182

姓名

石家維(Chia-Wei Shih) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

叢集式無線感測網路之遠程證實協定研究
(Remote Attestation for Cluster-based Wireless Sensor Networks)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

由於感測終端元件大多佈署於惡劣環境中且受限於低成本之製作，
使得感測元件易成為攻擊者之目標。
攻擊者可將惡意程式植入至感測終端元件中，進而達到控制該元件之目的。
遠程證實 (Remote Attestation) 方法既為一種透過遠程方
式使得驗證者能檢驗感測終端元件內部軟體完整性的機制。

可信賴平台模組 (Trusted Platform Module)
是根據可信賴計算組織 (Trusted Computing Group)
建議之規範所實作之防竄改密碼硬體模組。
可信賴平台模組可內嵌在一個計算平台中，
藉以提供此平台之系統狀態、軟體完整性測量結果與各類密碼演算法。

在無線感測網路中，由於對感測終端元件之低成本製作
與大規模佈署要求，使得在每一元件內嵌一個可信賴平台模組為一個不合宜方法。
對此我們採用叢集式 (Cluster-based) 無線感測網路架構以提升感測網路之存活期與可靠性，同時避免大量增加整體感測網路之布建成本。
在此架構下，將感測範圍區域內許多感測終端元件形成數個叢集，
每個叢集中有一個計算資源較好且內嵌可信賴平台模組之元件作為叢集頭 (Cluster Head)。

Krauß 等人提出之遠程證實協定允許感測終端元件驗證叢集頭之軟體完整性。
在我們研究過程中，發現 Krauß 等人的遠程證實協定造成叢集頭嚴重的儲存負擔，因此我們首先改善 Krauß 等人的方法以降低儲存空間之需求。
而在叢集式無線感測網路中叢集頭容易成為攻擊者之目標，我們提出新的協定讓基地台 (Base Station) 能夠驗證叢集頭之完整性。

在叢集式架構下，叢集頭負責將感測終端元件在叢集範圍所收集到的資料傳送到遠處的基地台。
為了確保資料的正確性，叢集頭必須驗證感測終端元件之完整性，
然而因感測元件之低成本需求並不適合在每一元件內嵌可信賴平台模組。
為此，我們僅要求感測終端元件內擁有少量的唯讀記憶體 (Read-Only Memory)，提出一個虛擬可信賴平台模組驗證協定，使得叢集頭能驗證感測終端元件的完整性。
此外，叢集頭亦可透過此協定與感測終端元件重新建立一把共享金鑰。

摘要(英)

Sensor nodes are usually vulnerable to be compromised due to their unattended
deployment and the low costs requirement. Thus, an attacker can reprogram the
compromised sensor and control the node to act on his behalf. Remote attestation
is the activity of making a claim about the internal state of a platform by supplying
evidence to a remote veriﬁer.
The Trusted Platform Module (TPM) is a tamper-proof hardware based on the
Trusted Computing speciﬁcation. A TPM is added to the platform in order to enable
functions, such as platform integrity measurement, remote attestation and crypto-
graphic functionality. However, in the wireless sensor network, the low cost design
and large scale deployment make it infeasible to equip each resource-constrained
sensor node with a TPM. We explore the cluster-based sensor network architecture
to increase the network lifetime and reliability without signiﬁcantly increasing the
cost. The sensor network is organized in clusters where a minority of nodes are
equipped with TPMs and act as the cluster heads.
In this thesis, we ﬁrst improve Krauβ et al.’s attestation protocol to decrease
the storage overhead. Their protocol allows the sensor nodes to verify whether the
platform conﬁguration of the cluster head is trustworthy. However, a node acts as
the cluster head may be valuable to attack and our new protocol enables the base
station to verify the integrity of the cluster head.
A cluster head is responsible for verifying the trustworthiness of the sensor nodes
within the cluster. The low cost requirement of the sensor node precludes using an
expensive hardware, so we propose a virtual TPM attestation protocol. Assuming
only a small amount of read-only memory in each sensor node and the cluster head
can verify the integrity of each underlying sensor node. Furthermore, the cluster
head can re-establish the secret key with the dominated sensor nodes.

關鍵字(中)

★ 無線感測網路
★ 遠程證實

關鍵字(英)

★ Wireless sensor network
★ Remote attestation

論文目次

1 Introduction 1
1.1 Motivation of the Research . . . . . . . . 1
1.2 Overview of the Thesis .. . . . . . . . . . 3

2 Preliminary 5
2.1 Hash Function and Hash Chain . . . . . . . . 5
2.1.1 Hash Function . . . .... . . . . . . . . . 5
2.1.2 Hash Chain . . . . . . . . . . . . . . . . 5
2.2 Message Authentication Code . . . . . . . . 6
2.3 Introduction to Trusted Platform Module . . 7
2.3.1 Architecture of Trusted Platform Module .. 7
2.3.2 The Chain of Trust in TPM . . . . . . . . 7
2.3.3 Remote Attestation . . . . . . . . . . . . 9
2.3.4 Sealed Storage ... . . . . . . . . . . . . 9

3 Related Work 12
3.1 Software-based Remote Attestation .. . . . . 12
3.1.1 Time-based Attestation ..... . . . . . . . 12
3.1.2 Memory-based Attestation . . . . . . . . . 15
3.1.3 Review of Kiyomoto et al.’s Scheme . . . . 17
3.2 Hardware-based Remote Attestation . . . . . 19
3.2.1 Review of Krauβ et al.’s Scheme . . . . . 19

4 The Proposed Remote Attestation Protocols 22
4.1 Sensor Network Model . . . . . . . . . . 23
4.1.1 The Architecture of Micro-controller . 25
4.2 Assumptions and Attack Model . .. . . . . 25
4.3 Proposed Improved Krauβ et al.’s Attestation Protocol 26

4.3.1 Security Analysis and Performance Comparison . 27
4.4 Proposed Attestation Protocol Between Base Station and Cluster Head 29
III4.4.1 Security Analysis . . 30
4.4.2 Performance Analysis . 31
4.5 Proposed Virtual TPM Attestation Protocol with Key Update . . . . 32
4.5.1 Security Analysis . . . . 38
4.5.2 Performance Analysis . . 39

5 Conclusions 44

參考文獻

[1] T. Abuhmed, N. Nyamaa, and D. Nyang, “Software-based Remote Code Attestation in Wireless Sensor Network,” Proc. of the IEEE Conference on Global
Telecommunications, pp. 1-8, 2009.

[2] I. Crossbow Technology, “MICA2: Wireless Mea-
surement System,” http://www.eol.ucar.edu/isf/facilities/
isa/internal/CrossBow/DataSheets/mica2.pdf.

[3] C. Castelluccia, A. Francillon, D. Perito, and C. Soriente, “On the Diﬃculty of Software-based Attestation of Embedded Devices,” Proc. of the 16th ACM
Conference on Computer and Communications Security, pp. 400-409, 2009.

[4] K.E. Defrawy, A. Francillon, D. Perito, and G. Tsudik, “SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust,” Proc. of
the Network and Distributed System Security Symposium (NDSS), 2012.

[5] A. Francillon and C. Castelluccia, “Code Injection Attacks on Harvard-architecture Devices,” Proc. of the 15th ACM Conference on Computer and Communications Security, pp. 15-26, 2008.

[6] FIPS 180-1, “Secure Hash Standard,” NIST, US Department of Commerce,
Washington, D.C., 1995.

[7] FIPS 198, “The Keyed-Hash Message Authentication Code (HMAC),” NIST, US Department of Commerce, Washington, D.C., 2002.

[8] T. Giannetsos, T. Dimitriou, I. Krontiris, and N.R. Prasad, “Arbitrary Code Injection through Self-propagating Worms in Von Neumann Architecture De-
vices,” The Computer Journal, Vol. 53, No. 10, pp. 1576-1593, 2010.

[9] S. Ganeriwal, S. Ravi, and A. Raghunathan, “Trusted Platform based Key Establishment and Management for Sensor Networks,” 2007.

[10] S. Kiyomoto and Y. Miyake, “Lightweight Attestation Scheme for Wireless Sensor Network,” International Journal of Security and Its Application, Vol. 8, No. 2, pp. 25-40, 2014.

[11] C. Krauβ, F. Stumpf, and C. Eckert, “Detecting Node Compromise in Hybrid Wireless Sensor Networks Using Attestation Techniques,” Proc. of the 4th European Conference on Security and Privacy in Ad-Hoc and Sensor Network, pp. 203-217, 2007.

[12] L. Lamport, “Password Authentication with Insecure Communication,” Communications of the ACM, Vol. 24, No. 11, pp. 770-772, 1981.

[13] D. Liu, P. Ning, and R. Li, “Establishing Pairwise Keys in Distributed Sensor Networks,” ACM Transactions on Information and System Security, Vol. 8, No.
1, pp. 41-77, 2005.

[14] A. Martin, “The Ten-page Introduction to Trusted Computing,” Technical Report RR-08-11, OUCL, 2008.

[15] B. Paron, “The Trusted Platform Module (TPM) and Sealed Storage,” Technical Report, 2007.

[16] S. Prasanna and S. Rao, “An Overview of Wireless Sensor Networks Applications and Security,” International Journal of Soft Computing and Engineering, Vol. 2, No. 2, pp. 538-540, 2012.

[17] D. Perito and G. Tsudik, “Secure Code Update for Embedded Devices via Proofs of Secure Erasure,” Proc. of ESORICS ’10, pp. 643-662, 2010.

[18] M. Pirretti, S. Zhu, N. Vijaykrishnan, P. McDaniel, M. Kandemir, and R.Brooks, “The Sleep Deprivation Attack in Sensor Networks: Analysis and Methods of Defense,” International Journal of Distributed Sensor Networks, Vol. 2,No. 1, pp. 267-287, 2006.

[19] M. Ryan, “Introduction to the TPM 1.2,” Draft, 2009.

[20] R. Rivest, “The MD5 Message-Digest Algorithm,” RFC 1312, 1992.

[21] R. Rivest, “The RC5 Encryption Algorithm,” Proc. of the Workshop on Fast
Software Encryption, LNCS 1008, pp. 86-96, 1995.

[22] R. Rivest and A. Shamir, “PayWord and MicroMint: Two Simple Micropayment Schemes,” Proc. of the 15th International Workshop on Security Protocols,
LNCS 1189, pp. 69-87, Springer, 1996.

[23] A. Shamir, “How to Share a Secret,” Communications of the ACM, Vol. 22, No. 11, pp. 612-613, 1979.

[24] H. Shacham, “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86),” Proc. of the 14th ACM Conference on
Computer and Communications Security, pp. 552-561, 2007.

[25] O.J. Svendsli, “Atmel’s Self-Programming Flash Microcontrollers,” http://www.atmel.com/images/doc2464.pdf, Atmel, 2010.

[26] A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla, “SCUBA: Secure Code Update by Attestation in Sensor Networks,” Proc. of the 5th ACM
Workshop on Wireless Security, pp. 85-94, 2006.

[27] A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, “SWATT: Software-based Attestation for Embedded Devices,” Proc. of IEEE Symposium on Security and Privacy, pp. 272-282, 2004.

[28] Trusted Computing Group, “TCG Speciﬁcation Architecture Overview,” TCG Speciﬁcation Revision 1.4, 2007.

[29] Trusted Computing Group, “Trusted Platform Module Library Part 1: Architecture,” Revision 00.96, March 2013.

[30] H. Tan, W. Hu, and S. Jha, “A TPM-enabled Remote Attestation Protocol (TRAP) in Wireless Sensor Networks,” Proc. of the 6th ACM Workshop on Performance Monitoring and Measurement of Heterogeneous Wireless and Wired
Networks, pp. 9-16, 2011.

[31] F. Ye, H. Luo, S. Lu, and L. Zhang, “Statistical En-Route Filtering of Injected False Data in Sensor Networks,” IEEE Journal on Selected Areas in Commu-
nications, Vol. 23, No. 4, pp. 839-850, 2005.

[32] Y. Yang, X. Wang, S. Zhu, and G. Gao, “Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks,” Proc. of the 26th IEEE Symposium on Reliable Distributed Systems, pp. 219-230, 2007.

[33] S.M. Yen and Y. Zheng, “Weighted One-way Hash Chain and its Applications,”
Proc. of International Workshop on Information Security, pp. 135-148, 2000.

[34] H. Zhang and A. Arora, “GS 3 : Scalable Self-conﬁguration and Self-healing in Wireless Networks,” Proc. of the 21st ACM Symposium on Principles of
Distributed Computing, pp. 58-67, 2002.

[35] D. Zhang and D. Liu, “DataGuard: Dynamic Data Attestation in Wireless Sensor Networks,” Proc. of the 40th IEEE/IFIP International Conference on
Dependable Systems and Networks, pp. 261-270, 2010.

[36] Y. Zheng, J. Pieprzyk, and J. Seberry, “HAVAL - A One-way Hashing Algorithm with Variable Length of Output,” Proc. of AUSCRYPT ’92, LNCS 718,
pp. 81-104, 1992.

[37] S. Zhu, S. Setia, and S. Jajodia, “LEAP: Eﬃcient Security Mechanisms for Large-scale Distributed Sensor Networks,” Proc. of the 10th ACM Conference
on Computer and Communications Security, pp. 62-72, 2003.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2014-11-24

推文