應用於遠程證實之資訊隱藏型亂數填充技術

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：43

、訪客IP：18.117.152.139

姓名

林政諭(Cheng-Yu Lin) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

應用於遠程證實之資訊隱藏型亂數填充技術
(Data-hiding based random padding in remote attestation)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

由基地台及感測節點所構成的無線感測網路已逐漸普及於我們的日常生活中。其中，於無線感測網路中擔任要角的感測節點在擁有諸多優點的同時，也受到不少限制，如計算能力的限制、記憶體空間限制及能源限制。也因以上限制，導致感測節點常為攻擊者攻擊的首要目標。

　　有鑑於此，遠程證實被提出以檢查感測節點是否遭攻擊者入侵。其作法為透過挑戰/回應協定達成。驗證者可藉由遠程證實檢查證實者的記憶體完整性，以達到其目的。在遠程證實中，亂數填充及耗時驗證機制皆必須採用。然而，若耗時驗證機制被使用於一規模較大的無線感測網路時，會因網路延遲而無法發揮其功效。因而有了硬體基礎之遠程證實的誕生。該遠程證實利用鑲嵌於感測節點的防竄改晶片作為一遠端的代理人進行時間的測量，並驗證該主計算平台之完整性，因此挑戰值及回應值應先被預先計算好，並存放於防竄改晶片上。

　　本提案將利用資訊隱藏的技術，將原先應儲存於防竄改晶片上的挑戰值及回應值改存放於主計算平台中的亂數填充區塊。藉此減少防竄改晶片的儲存負擔，並同時增加亂數填充區塊的使用率。

摘要(英)

Wireless sensor network (WSN) composed of base station and sensor nodes has been widely applied in our daily lives, such as healthcare monitoring systems. The advantages of sensor nodes are optimized implementation and cost-efficient. However, these sensors have limited resources in computation, memory capacity, and energy. For the reasons given above, these sensors become attractive target for various security risks. A compromised sensor node will result in fake data delivery or private data disclosure. Therefore, a security mechanism used for detecting the trustworthiness of a sensor node is urgently desired.

Remote attestation scheme, an effective protection mechanism, has been proposed for detecting the trustworthiness of a sensor node. The remote attestation is based on challenge-response protocol. A verifier can verify the trustworthiness of a sensor node by attesting it′s integrity of program memory. In remote attestation, both random padding and time-based detection approach are essential. However, in a large-scale WSN, time-based detection approach is susceptible to varying transmission delays. Therefore, many hardware-based remote attestation schemes depending on a tamper-proof chip have been proposed. The tamper-proof chip is employed to act as a remote agent, therefore, it must store challenge-response pairs for verifying the trustworthiness of the sensor node.

In this thesis, we propose a remote attestation with lightweight tamper-proof chip. With stenography that we applied, the chip does not need to store challenge-response pairs. The challenge-response pairs are randomly stored in platform while only the lightweight tamper-proof chip is aware of the memory locations of these challenge-response pairs.

關鍵字(中)

★ 無線感測網路
★ 遠程證實
★ 亂數填充技術
★ 硬體安全模組

關鍵字(英)

★ wireless sensor network
★ remote attestation
★ random padding
★ hardware security module

論文目次

1 緒論
1.1 研究動機 2
1.2 本研究主要貢獻 3
2 相關背景
2.1 無線感測網路 6
2.1.1 無線感測網路之通訊架構 7
2.1.2 無線感測網路之記憶體架構 9
2.2 遠程證實概要 10
2.2.1 訊息鑑別碼 10
2.2.2 基本遠程證實模型 11
2.3 遠程證實之輔助機制 15
3 文獻探討與回顧
3.1 軟體基礎之遠程證實 17
3.1.1 回顧Seshardri等人所提出之系統 17
3.1.2 回顧Yang等人所提出之系統 22
3.2 硬體基礎之遠程證實 24
3.2.1 回顧Krauβ等人所提出之系統 26
3.3 現有遠程證實方法之總結 28
4 應用於遠程證實之資訊隱藏型亂數填充技術
4.1 提案方法之概要 31
4.2 亂數填充區域之嵌入探討 33
4.2.1 亂數填充區佈置-雜湊嵌入法 34
4.2.2 雜湊嵌入法之可行性分析 35
4.3 本提案之隨機記憶體走訪函式介紹 37
4.3.1 線性反饋移位暫存器之介紹 38
4.3.2 設計概念 40
4.3.3 MLFSR 設計細節 41
4.4 亂數填充區佈置-MLFSR嵌入法 44
4.5 多記憶體區塊之MLFSR 47
4.6 本提案之檢查碼計算函式介紹 49
4.7 本提案方法之協定 52
4.8 安全性分析 55
4.8.1 重送攻擊之抵禦 55
4.8.2 記憶體複製攻擊及遮罩攻擊之抵禦 56
4.8.3 壓縮攻擊之抵禦 57
4.8.4 預先計算攻擊之抵禦 57
4.8.5 冒名頂替攻擊之抵禦 58
4.8.6 挑戰值及回應值之安全性探討 58
4.8.7 偵測惡意程式碼成功率 59
5 結論
5.1 本論文貢獻 61
5.2 未來研究方向 62
參考文獻 63

參考文獻

[1] A. Francillon and C. Castelluccia, “Code Injection Attacks on Harvard architecture Devices,” Proceeding of the 15th ACM Conference on Computer and Communications of Security, pp. 15-26, 2008.
[2] S. Smith, “Handbook of Financial Cryptography and Security,” Chapmand and Hall/CRC, pp.257-278, 2010.
[3] H. Tan, W. Hu, and S. Jha, “A TPM-enable Remote Attestation Protocol (TRAP) in Wireless Sensor Networks,” Proceeding of the 6th ACM Workshop on Performance Monitoring and Measurement of Heterogeneous Wirekess and Wired Networks, pp. 9-16, 2011.
[4] T. Zhang, J. Szefer, and R.B. Lee, “Security Verification of Hardware-Enabled Attestation Protocols,” Proceeding of the 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops, pp. 47-54, 2012.
[5] C. Krauβ, F. Stumpf, and C. Eckert, “Detecting Node Compromise in Hybrid Wireless Sensor Networks Using Attestation Techniques,” Proceedings of the 4th European Conference on Security and Privacy in Ad-hoc and Sensor Networks, pp. 203-217, 2007.
[6] FIPS 198, “The Keyed-Hash Message Authentication Code (HMAC),” NIST, US Department of Commerce, Washington, D.C., 2002.
[7] A. Seshadri, A. Perrig, L.V. Doorn and P. Khosla, “SWATT: SoftWare-based ATTestation for Embedded Devices,” proceeding of IEEE Symposium on Security and Privacy, pp. 272-282, 2004.
[8] A Seshadri, M. Luk, A. Perrig, L.V. Doorn and P. Khosla “SCUBA: Secure Code Update by Attestation in Sensor Networks,” Proceeding of the 5th ACM Workshop on wireless Security, pp. 85-94, 2006.
[9] A Seshadri, M. Luk, E. Shi, A. Perrig, L.V. Doorn and P. Khosla, “Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems,” Proceeding of the Twentieth ACM Symposium on Operating Systems Principles, pp. 1-16, 2005.
[10] Y. Yang, X. Wang, S. Zhu and G. Gao, “Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks,” Proceeding of the 26th IEEE Symposium on Reliable Distributed System, pp. 219-230, 2007.
[11] T. Abuhmed, N. Nyamaa and D. Nyang, “Software-based Remote Code Attestation in Wireless Sensor Network,” Proceeding of the IEEE Conference on Global Telecommunications, pp. 1-8, 2009.
[12] C. Castelluccia, A. Francillon, D. Perito and C. Soriente, “On the difficulty of Software-based Attestation of Embedded Devices,” Proceeding of the 16th ACM Conference on Computer and Communication Security, pp. 400-409, 2009.
[13] S. Fluhrer, I. Mantin and A. Shamir, “Weakness in the Key Scheduling Algorithm of RC4,” In 8th Annual Workshop on Selected Areas in Cryptography, pp. 1-24, 2001.
[14] S. Marti, T.J. Giuli, K. Lai and M. Baker, “Mitigating Routing Misbehavior in Mobile Ad Hoc Networks,” Proceedings of the 6th Annual International
Conference on Mobile Computing and Networking, pp 255-265, 2000.
[15] A. Shamir, “How to Share a Secret,” Communication of the ACM, Vol. 22, No.11, pp. 612-613, 1979.
[16] B. Parno, “The Trusted Platform Module (TPM) and Sealed Storage”Technical Report, 2007.
[17] D. Schellekens, B. Wyseur and B. Preneel, “Remote Attestation on Legacy Operating System with Trusted Platofrm Modules,” Science of Computer Programming, Vol. 74, Issues 1-2, pp. 13-22, 2008.
[18] A. Klimov and A. Shamir, “New Cryptographic Primitives Based on Multiword T-function,” Fast Software Encryption Workshop, 2004.
[19] M. Mitzenmacher and E. Upfal, Probability and Computing: Randomized Algorithm and Probabilistic Analysis, New York: Cambridge University Press,
pp. 32-34, 2005.
[20] J. Murray and H. Bradley, The Oxford English Dictionary: Being a Corrected Reissue with an Introduction, Supplement, and Bibliography of a New English Dictionary on Historic Principles, Founded Mainly on the Materials Collected by the Philological Society, Oxford: At the Clarendon Press, 1933.
[21] E.W. Weisstein, “Primitive Polynomial,” MathWorld – A Wolfram Web Resource. http://mathworld.wolfram.com/PrimitivePolynomial.html
[22] R.C. Tausworthe, “Random Numbers Generated by Linear Recurrence Modulo Two” Mathematics of Computation, pp. 201-209, 1965.
[23] B. Rosenberg, Handbook of Financial Cryptography and Security, Chapman and Hall/CRC, pp. 257-274, 2010.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2018-1-26

推文