在物聯網越來越普及的這個時代,我們所面臨的資安問題不再侷限在個人電腦上,家中的電視冰箱等都有可能成為駭客攻擊的對象。當企業將自家產品傳感器佈署在管轄不到的範圍中,企業要如何確保所佈署的傳感器是否被入侵?若傳感器接收的訊息會傳送至企業內部的伺服器,攻擊者便有可能進一步滲透到企業內部。 在正常情況下,傳感器每隔一段固定時間,傳送特定封包格式(beacon)來告訴伺服器目前此傳感器還在線上。由於傳感器不在企業能夠防禦的範圍內,攻擊者能夠拿到實體的機器,若攻擊者將實體記憶體的內容全數載下,透過反編譯技術將原始碼重現,傳感器內部的行為攻擊者是能夠完全模仿的。 為了防止特定封包格式被模仿,本文提出以一次性密碼(One Time Password)來替代,並透過傳送執行檔的方式以及亂數的驗證來確保客戶端所執行的程式是安全的。在第四章會介紹一次性密碼的傳送以及偵測。 ;In this era of increasingly popular Internet of things, we are facing the problem of security which is no longer limited to personal computers, on the contrary home TVs, refrigerators and so forth may also be the objects of hacker attacks. When the enterprises deployed sensors on their own product out of the controllable range, how does the enterprises make sure that the deployment of the sensor is not invaded? If the messages captured by the sensor were ready to be sent to the server in the enterprise, the attacker could probably able to penetrate into the enterprise further. Under normal circumstances, the sensor will send a specific packet format (beacon) during a fixed period of time, to tell the server that the sensor is still online. Because the sensor is not within the defense range of the enterprise, the attacker may be able to grab the entity of the machine. If the attacker loaded all the contents of the physical memory and reproduced the source code through the disassembly techniques, the behaviors within the sensor would be able to be imitated by the attacker completely. In order to prevent a particular format of packets from being imitated, this article proposes an alternative method to ensure that the program executed by the client is secure by using the One Time Password mechanism, sending executable files and verifying of the random numbers. In the fourth chapter, the transmission and detection of the one-time passwords will be introduced.
