English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 78733/78733 (100%)
造訪人次 : 34465334      線上人數 : 1635
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/77615


    題名: 減輕代理人攻擊之具有自適應性與隨機性的基於計算時間無線感測網路遠端檢測方案;Adaptive and Randomized Time-based Wireless Sensor Networks Remote Attestation Against Proxy Attack
    作者: 簡丞博;Chien, Cheng-Po
    貢獻者: 資訊工程學系
    關鍵詞: 基於計算時間遠端檢測;代理人攻擊;Time-based Remote Attestation;Proxy Attack
    日期: 2018-07-23
    上傳時間: 2018-08-31 14:49:59 (UTC+8)
    出版者: 國立中央大學
    摘要: 無線感測網路已被廣泛的應用在醫學、科學、軍事與商業應用上。大量的傳
    感器節點部署在特定的地理區域以收集用於分析目的的環境數據。然而,傳感器
    節點通常部署在公共地理區域,允許攻擊者捕獲傳感器節點。攻擊者可以取的感
    測器上的一些敏感資料以及分析感測器上軟體的漏洞。攻擊者也可以對捕獲的感
    測器注入惡意程式並重新佈署回感測網路中。受到感染的感測器會對周遭的感測
    器傳播惡意程式。這些受感染的感測器將可以互相勾結以執行各種攻擊,像是假
    資料傳遞、選擇性封包發送、服務阻斷等。因此我們需要一個檢查感測器是否遭
    受感染的安全機制。

    基於時間的遠程檢測方案提供了用於檢查感測器上記憶體完整性的機制。感
    測器藉由向檢驗者提出記憶體完整性的證明來展示自己是沒有受到入侵的。如果
    感測器是遭受到修改,則它無法通過正常程序產生記憶體完整性的證明。另外,
    檢驗者需要設置門檻值並藉由測量感測器產生記憶體完整性證明的時間來防止
    攻擊者藉由額外的操作來偽造證明。不幸的是,測量的時間很容易受到無線感測
    網路中通訊延遲的影響,這可能會導致正常的感測器無法通過檢測。此外,基於
    時間的遠端檢測容易受到代理人攻擊。代理人攻擊為攻擊者可以藉由強大的裝置
    幫助產生受感染的感測器產生完整性證明,使得受感染的感測器能夠輕易的通過
    檢測。

    本研究中我們提出了更適應基於時間的遠端檢測方案以及減輕代理人攻擊
    的危害。在我們的方案中我們會將整個檢驗方案分成好幾輪並且每一輪的結果都
    將被隨機的決定是否要回傳給檢驗者。而那些沒有發送給檢驗者的證明都將通過
    回應區塊鏈在後續的證明中進行檢查。提出方案中的關鍵想法為通過多次的時間
    測量來避免檢驗者對正常感測器的誤判。除此之外,多輪的方法會耗進受感染電
    池的電量並使得攻擊者入侵感測網路變得不再強大。我們還提出了另一種替代方
    案,藉由安裝輕量級的安全硬體模組來降低正常感測器進行檢測的耗電量並保持
    受感染感測器的耗電量。;Wireless sensor network (WSNs) have been widely applied in medical, scientific,
    military, and business applications. A huge number of sensor nodes are deployed in
    a specific geographic area to collect environmental data for analysis purposes. However,
    the sensor nodes are often deployed in a public geographic area that allows
    an adversary to physically capture a sensor node. Any software vulnerability and
    sensitive data inside the captured node will be identified. The adversary can store
    malicious codes in the captured node and redeploy it. The infected sensor node then
    spreads the malicious codes; consequently the neighboring nodes are infected with
    the malicious codes. These infected sensor nodes can collude each other to perform
    a variety of attacks, such as fake data delivery, selective packet forwarding, denial
    of service (DoS), etc. A security mechanism used for detecting an infected sensor
    node is necessary.

    The time-based remote attestation scheme provides a mechanism for checking
    the memory integrity of the sensor nodes. During the remote attestation, the memory
    integrity of sensor node is endorsed by evidences provided by sensor node. If
    the memory content of sensor node is modified, sensor node could not produce the
    evidence. In addition, verifier will set threshold and measure time which sensor
    nodes produces the evidences of memory integrity that prevents adversary forging
    evidence by additional operation. Unfortunately, the measured time is susceptible
    to communication delay in WSNs. This may result in the normal sensor nodes fail
    the attestation. Furthermore, time-based remote attestation is vulnerable to proxy
    attack, which the evidence of memory integrity is able to be generated by the powerful
    device of adversary.

    In this study, we proposed remote attestation that more adaptive time-based
    remote attestation scheme and counteract the proxy attack of sensor nodes. Our
    scheme is designed in a multiple-round approach which a whole remote attestation
    will be divided into several round and at end of each round the round evidences
    will be randomly determined to be sent to the verifier or not. Those evidence which
    does not sent to the verifier will be check through the subsequent evidences which
    produce by the response block chaining. The key idea in proposed scheme is that
    misjudgment of normal node is avoided through multiple round time measurement.
    Additionally, multiple-round approach can exhaust the battery of the compromised
    nodes and makes the malicious intrusion become significantly less powerful. We also
    proposed alternative scheme which install the lightweight hardware secure modules
    before employed to reduce the power consumption of normal sensor nodes and remain
    the power consumption of compromised sensor nodes.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML136檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明