| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 楊博宏 | zh_TW |
| DC.creator | Po-Hung Yang | en_US |
| dc.date.accessioned | 2018-6-21T07:39:07Z | |
| dc.date.available | 2018-6-21T07:39:07Z | |
| dc.date.issued | 2018 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=100582006 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 無線感測網路已被採用於各類商業、科學與軍事的應用中,主要可被用來監視特定區域與蒐集關鍵資料。惡意程式注入攻擊一直威脅著感測節點的安全性,並導致偽造資料的傳遞與洩漏私密資料等安全性議題。攻擊者可以將惡意程式存入一個含有軟體漏洞的感測節點之中,例如經由實體擄獲的方式。這些惡意程式更可進一步地轉換成蠕蟲並經由一個受感染的感測節點將惡意程式散播開來;最後,整個感測網路將被攻陷。在叢集式無線感測網路架構中,攻擊者透過惡意程式控制中繼站將可以攻陷整個叢集網路,因此中繼站將成為攻擊者的首要目標。一個可以抵禦上述安全威脅的檢驗機制儼然已是不可或缺的需求。
遠程證實方法可被用來驗證程式記憶體內容的完整性,驗證者可以檢驗遠程證實者是否處於預期中的正常執行環境。證實者必須提出完整性證明的依據,藉此表明它的可信度。基於軟體型式的遠程證實方法,由於建置成本較低,因此特別適用於計算資源有限的感測節點。然而,目前已有許多與其相關的安全性漏洞與實務上的限制被提出。基於硬體可信賴平台模組的遠程證實協定是另一個常見的機制,並且可以摒除基於軟體型式方法的限制。但是,可信賴平台模組將需要較高的計算代價與較高的硬體成本,因此較不適用於無線感測網路的應用中。
為了結合現有各種遠程證實方法之優點,本論文提出幾項基於輕量化硬體可信賴代理人的遠程證實方法。由於該可信賴代理人不需執行任何繁複的密碼運算並且僅需配置少量的參數儲存空間,因此特別適用於計算資源受限的小型裝置,例如無線感測器。特別值得一提的是,時間與空間兩項物理因素都被應用於本研究的提案方法中。基於時間因素之設計,遠程證實方法的程序可被確保執行於一個未被干擾的環境中,並且不受資料傳遞時導致的時間延遲所影響。基於空間因素之設計,證實者可以免於閒置記憶體空間被攻擊者利用的風險,此外還能增進記憶體利用率。實驗結果完全呈現本提案方法的有效性,效率分析也指出計算資源受限的證實者僅需消耗相對少量的能源即可完成遠程證實程序。 | zh_TW |
| dc.description.abstract | Wireless sensor networks (WSNs) have been applied in various commercial, scientific, and military applications for surveillance and critical data collection. Malicious code injection attack threatens sensor nodes and results in fake data delivery or private data disclosure. An adversary injects malicious codes into a sensor node with some software-based vulnerabilities (e.g., buffer overflow). The malicious codes can further be converted to a worm that propagates itself via the victim; consequently compromising the WSN. In a cluster-based WSN, the cluster heads become attractive targets for the adversary because injection of malicious codes into a cluster head leads to a compromise of the cluster network. Evidently, a security mechanism against the aforementioned threats is urgently desired.
Remote attestation scheme used for verifying the integrity of program memory contents is a promising mechanism against the malicious code injection attack. The scheme enables a verifier to remotely check whether a prover behaves in an expected manner. The prover must provide a guarantee of integrity-related evidences for justifying its trustworthiness. For resource-constrained sensor nodes, low-cost software-based schemes are preferred; unfortunately, several weaknesses and limitations of the schemes in practice have been identified. Alternative trusted platform module (TPM)-based schemes potentially address the deficiencies of the software-based schemes. However, the TPM-based schemes are impractical for certain WSN applications primarily because of the high computational overhead and high hardware cost.
This dissertation proposes several remote attestation schemes that combine the advantages of the existing remote attestation schemes. The proposed schemes depend on a lightweight hardware-based trusted agent appointed by the verifier. The trusted agent is particularly suitable for small devices because it need not execute any complicated cryptographic computation and requires some parameter storage. Time and space effects are applied in the proposed schemes. The time effect enables the remote attestation scheme to be executed in an untampered environment. The space effect protects provers from exploitation of unused program memory space; in addition, the memory utilization can be enhanced. Experimental results demonstrate the effectiveness of the proposed schemes. Furthermore, performance analysis indicates the energy consumed by resource-constrained provers is very low. | en_US |
| DC.subject | 嵌入式裝置 | zh_TW |
| DC.subject | 惡意程式 | zh_TW |
| DC.subject | 遠程證實 | zh_TW |
| DC.subject | 可信賴計算平台 | zh_TW |
| DC.subject | 無線感測網路 | zh_TW |
| DC.subject | Embedded devices | en_US |
| DC.subject | Malicious code | en_US |
| DC.subject | Remote attestation | en_US |
| DC.subject | Trusted computing platform | en_US |
| DC.subject | Wireless sensor network | en_US |
| DC.title | 基於輕量化硬體可信賴代理人之感測網路遠程證實方法 | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | Remote Attestation Schemes by Using Lightweight Hardware-based Trusted Agents for Sensor Networks | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |