為了結合現有各種遠程證實方法之優點,本論文提出幾項基於輕量化硬體可信賴代理人的遠程證實方法。由於該可信賴代理人不需執行任何繁複的密碼運算並且僅需配置少量的參數儲存空間,因此特別適用於計算資源受限的小型裝置,例如無線感測器。特別值得一提的是,時間與空間兩項物理因素都被應用於本研究的提案方法中。基於時間因素之設計,遠程證實方法的程序可被確保執行於一個未被干擾的環境中,並且不受資料傳遞時導致的時間延遲所影響。基於空間因素之設計,證實者可以免於閒置記憶體空間被攻擊者利用的風險,此外還能增進記憶體利用率。實驗結果完全呈現本提案方法的有效性,效率分析也指出計算資源受限的證實者僅需消耗相對少量的能源即可完成遠程證實程序。 ;Wireless sensor networks (WSNs) have been applied in various commercial, scientific, and military applications for surveillance and critical data collection. Malicious code injection attack threatens sensor nodes and results in fake data delivery or private data disclosure. An adversary injects malicious codes into a sensor node with some software-based vulnerabilities (e.g., buffer overflow). The malicious codes can further be converted to a worm that propagates itself via the victim; consequently compromising the WSN. In a cluster-based WSN, the cluster heads become attractive targets for the adversary because injection of malicious codes into a cluster head leads to a compromise of the cluster network. Evidently, a security mechanism against the aforementioned threats is urgently desired.
Remote attestation scheme used for verifying the integrity of program memory contents is a promising mechanism against the malicious code injection attack. The scheme enables a verifier to remotely check whether a prover behaves in an expected manner. The prover must provide a guarantee of integrity-related evidences for justifying its trustworthiness. For resource-constrained sensor nodes, low-cost software-based schemes are preferred; unfortunately, several weaknesses and limitations of the schemes in practice have been identified. Alternative trusted platform module (TPM)-based schemes potentially address the deficiencies of the software-based schemes. However, the TPM-based schemes are impractical for certain WSN applications primarily because of the high computational overhead and high hardware cost.
This dissertation proposes several remote attestation schemes that combine the advantages of the existing remote attestation schemes. The proposed schemes depend on a lightweight hardware-based trusted agent appointed by the verifier. The trusted agent is particularly suitable for small devices because it need not execute any complicated cryptographic computation and requires some parameter storage. Time and space effects are applied in the proposed schemes. The time effect enables the remote attestation scheme to be executed in an untampered environment. The space effect protects provers from exploitation of unused program memory space; in addition, the memory utilization can be enhanced. Experimental results demonstrate the effectiveness of the proposed schemes. Furthermore, performance analysis indicates the energy consumed by resource-constrained provers is very low.
