| 摘要(英) |
In this era of increasingly popular Internet of things, we are facing the problem of security which is no longer limited to personal computers, on the contrary home TVs, refrigerators and so forth may also be the objects of hacker attacks. When the enterprises deployed sensors on their own product out of the controllable range, how does the enterprises make sure that the deployment of the sensor is not invaded? If the messages captured by the sensor were ready to be sent to the server in the enterprise, the attacker could probably able to penetrate into the enterprise further.
Under normal circumstances, the sensor will send a specific packet format (beacon) during a fixed period of time, to tell the server that the sensor is still online. Because the sensor is not within the defense range of the enterprise, the attacker may be able to grab the entity of the machine. If the attacker loaded all the contents of the physical memory and reproduced the source code through the disassembly techniques, the behaviors within the sensor would be able to be imitated by the attacker completely.
In order to prevent a particular format of packets from being imitated, this article proposes an alternative method to ensure that the program executed by the client is secure by using the One Time Password mechanism, sending executable files and verifying of the random numbers. In the fourth chapter, the transmission and detection of the one-time passwords will be introduced. |
| 參考文獻 |
[1] Z. Dawy, W. Saad, A. Ghosh, J. G. Andrews, and E. Yaacoub, "Towards massive machine type cellular communications" in IEEE Wireless Communications Magazine, 2016.
[2] OVH DDoS. [Online]. Available: http://www.ithome.com.tw/news/108660
[3] KrebsOnSecurity Hit With Record DDoS. [Online]. Available: https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
[4] R. H. Weber, "Internet of things–new security and privacy challenges" Computer Law & Security Review, 2010.
[5] Marketing Opportunities for the Internet of Things. [Online]. Available: http://www.ironpaper.com/webintel/articles/marketing-opportunities-for-the-internet-of-things/
[6] Kai Zhao , Lina Ge, "A Survey on the Internet of Things Security" in International Conference on Computational Intelligence and Security, 2013.
[7] Teng Xu, James B. Wendt, and Miodrag Potkonjak, "Security of IoT systems: design challenges and opportunities" in International Conference on Computer-Aided Design, 2014.
[8] Zhi-Kai Zhang, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei Hsu, Chong-Kuan Chen, Shiuhpyng Shieh, "IoT Security: Ongoing Challenges and Research Opportunities" in International Conference on Service-Oriented Computing and Applications, 2014.
[9] M.U. Farooq, Muhammad Waseem, Anjum Khairi, Sadia Mazhar, "A Critical Analysis on the Security Concerns of Internet of Things (IoT)" in International Journal of Computer Applications, 2015.
[10] Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy, "Cloud Computing: Security Issues and Research Challenges" in International Journal of Computer Science and Information Technology & Security, 2011.
[11] Bhupendra Singh Thakur, Sapna Chaudhary, "Content Sniffing Attack Detection in Client and Server Side: A Survey" in International Journal of Advanced Computer Research, 2013
[12] Abdul Fuad Abdul Rahman, Maslina Daud, Madihah Zulfa Mohamad, "Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework" in International Conference on Internet of things and Cloud Computing, 2016.
[13] Freddy K Santoso, Nicholas C H Vun , "Securing IoT for Smart Home System" in International Symposium on Consumer Electronics, 2015.
[14] Ari Luotonen and Kevin Altis, "World-Wide Web Proxies" in Computer Networks and ISDN Systems, 1994.
[15] Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris and John Palfrey, "2010 Circumvention Tool Usage Report", 2010.
[16] Markus Hager, Maik Debes, Sebastian Schellenberg and Jochen Seitz, "IP-based access to sensor networks enabled by a transparent proxy server", in International Conference on Information Networking, 2013.
[17] Encrypting One Time Passwords (EOTP). [Online]. Available: https://defuse.ca/eotp.htm.
[18] Leslie Lamport, "Password authentication with insecure communication", Communications of the ACM, 1981.
[19] Shubham Srivastava, "On the generation of alphanumeric one time passwords" in International Conference on Inventive Computation Technologies, 2016.
[20] Wikipedia. RSA (cryptosystem) - Wikipedia, the free encyclopedia[Online]. Available: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
[21] Jae Woo Park, Young Tae Yun. Apparatus and method for detecting self-executable compressed file [Online]. Available: https://www.google.com/patents/US20080127038
[22] Wikipedia. /dev/random - Wikipedia, the free encyclopedia[Online]. Available: https://en.wikipedia.org/wiki//dev/random#cite_note-3
[23] urandom. [Online]. Available: https://linux.die.net/man/4/urandom
[24] Arati Baliga, Pandurang Kamat and Liviu Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data (Short Paper)" in Symposium on Security and Privacy, 2007.
[25] Raspberry Pi. [Online]. Available: https://en.wikipedia.org/wiki/Raspberry_Pi
[26] Anders Fongen, "Identity Management and Integrity Protection in the Internet of Things" in International Conference on Emerging Security Technologies, 2012.
[27] Whitfield Diffie, Paul C. Van Oorschot, Michael J. Wiener, "Authentication and Authenticated Key Exchanges" in Designs, Codes and Cryptography, pp 107–125, 1992.
[28] Yaman Sharaf-Dabbagh and Walid Saad, "On the authentication of devices in the Internet of things" in International Symposium on A World of Wireless, Mobile and Multimedia Networks, 2016. |
[Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
[檢視]
plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit