博碩士論文 104522052 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:14 、訪客IP:3.80.218.53
姓名 李東岳(Dong-Yue Li)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱 可執行於未授權物聯網裝置之認證機制
(Perform Trusted Work over Untrusted IoT Devices)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2022-6-30以後開放)
摘要(中) 在物聯網越來越普及的這個時代,我們所面臨的資安問題不再侷限在個人電腦上,家中的電視冰箱等都有可能成為駭客攻擊的對象。當企業將自家產品傳感器佈署在管轄不到的範圍中,企業要如何確保所佈署的傳感器是否被入侵?若傳感器接收的訊息會傳送至企業內部的伺服器,攻擊者便有可能進一步滲透到企業內部。
在正常情況下,傳感器每隔一段固定時間,傳送特定封包格式(beacon)來告訴伺服器目前此傳感器還在線上。由於傳感器不在企業能夠防禦的範圍內,攻擊者能夠拿到實體的機器,若攻擊者將實體記憶體的內容全數載下,透過反編譯技術將原始碼重現,傳感器內部的行為攻擊者是能夠完全模仿的。
為了防止特定封包格式被模仿,本文提出以一次性密碼(One Time Password)來替代,並透過傳送執行檔的方式以及亂數的驗證來確保客戶端所執行的程式是安全的。在第四章會介紹一次性密碼的傳送以及偵測。
摘要(英)
In this era of increasingly popular Internet of things, we are facing the problem of security which is no longer limited to personal computers, on the contrary home TVs, refrigerators and so forth may also be the objects of hacker attacks. When the enterprises deployed sensors on their own product out of the controllable range, how does the enterprises make sure that the deployment of the sensor is not invaded? If the messages captured by the sensor were ready to be sent to the server in the enterprise, the attacker could probably able to penetrate into the enterprise further.
Under normal circumstances, the sensor will send a specific packet format (beacon) during a fixed period of time, to tell the server that the sensor is still online. Because the sensor is not within the defense range of the enterprise, the attacker may be able to grab the entity of the machine. If the attacker loaded all the contents of the physical memory and reproduced the source code through the disassembly techniques, the behaviors within the sensor would be able to be imitated by the attacker completely.
In order to prevent a particular format of packets from being imitated, this article proposes an alternative method to ensure that the program executed by the client is secure by using the One Time Password mechanism, sending executable files and verifying of the random numbers. In the fourth chapter, the transmission and detection of the one-time passwords will be introduced.
關鍵字(中) ★ IoT 安全
★ IoT 認證
★ 一次性密碼
關鍵字(英) ★ IoT security
★ IoT authentication
★ One Time password
論文目次
摘要 i
Abstract ii
致謝 iii
目錄 iv
圖目錄 vi
表目錄 vii
一、 緒論 1
二、 相關研究 4
三、 背景介紹 6
3-1 代理伺服器 6
3-2 One Time Password 7
3-3 RSA 7
3-4 Executable Compression and Encryption 8
3-5 Pseudo-Random Number Generator 9
3-6 Raspberry Pi 9
四、 系統設計 10
4-1 佈署階段流程 10
4-2 認證階段流程 13
4-3 強化認證機制 14
五、 實驗分析 16
5-1 偽造OTP封包 16
5-2 效能分析 20
六、 討論 23
6-1 低成本 23
6-2 安全議題 23
6-3 未來研究 24
七、 結論 25
八、 參考文獻 26
參考文獻
[1] Z. Dawy, W. Saad, A. Ghosh, J. G. Andrews, and E. Yaacoub, "Towards massive machine type cellular communications" in IEEE Wireless Communications Magazine, 2016.
[2] OVH DDoS. [Online]. Available: http://www.ithome.com.tw/news/108660
[3] KrebsOnSecurity Hit With Record DDoS. [Online]. Available: https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
[4] R. H. Weber, "Internet of things–new security and privacy challenges" Computer Law & Security Review, 2010.
[5] Marketing Opportunities for the Internet of Things. [Online]. Available: http://www.ironpaper.com/webintel/articles/marketing-opportunities-for-the-internet-of-things/
[6] Kai Zhao , Lina Ge, "A Survey on the Internet of Things Security" in International Conference on Computational Intelligence and Security, 2013.
[7] Teng Xu, James B. Wendt, and Miodrag Potkonjak, "Security of IoT systems: design challenges and opportunities" in International Conference on Computer-Aided Design, 2014.
[8] Zhi-Kai Zhang, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei Hsu, Chong-Kuan Chen, Shiuhpyng Shieh, "IoT Security: Ongoing Challenges and Research Opportunities" in International Conference on Service-Oriented Computing and Applications, 2014.
[9] M.U. Farooq, Muhammad Waseem, Anjum Khairi, Sadia Mazhar, "A Critical Analysis on the Security Concerns of Internet of Things (IoT)" in International Journal of Computer Applications, 2015.
[10] Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy, "Cloud Computing: Security Issues and Research Challenges" in International Journal of Computer Science and Information Technology & Security, 2011.
[11] Bhupendra Singh Thakur, Sapna Chaudhary, "Content Sniffing Attack Detection in Client and Server Side: A Survey" in International Journal of Advanced Computer Research, 2013
[12] Abdul Fuad Abdul Rahman, Maslina Daud, Madihah Zulfa Mohamad, "Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework" in International Conference on Internet of things and Cloud Computing, 2016.
[13] Freddy K Santoso, Nicholas C H Vun , "Securing IoT for Smart Home System" in International Symposium on Consumer Electronics, 2015.
[14] Ari Luotonen and Kevin Altis, "World-Wide Web Proxies" in Computer Networks and ISDN Systems, 1994.
[15] Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris and John Palfrey, "2010 Circumvention Tool Usage Report", 2010.
[16] Markus Hager, Maik Debes, Sebastian Schellenberg and Jochen Seitz, "IP-based access to sensor networks enabled by a transparent proxy server", in International Conference on Information Networking, 2013.
[17] Encrypting One Time Passwords (EOTP). [Online]. Available: https://defuse.ca/eotp.htm.
[18] Leslie Lamport, "Password authentication with insecure communication", Communications of the ACM, 1981.
[19] Shubham Srivastava, "On the generation of alphanumeric one time passwords" in International Conference on Inventive Computation Technologies, 2016.
[20] Wikipedia. RSA (cryptosystem) - Wikipedia, the free encyclopedia[Online]. Available: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
[21] Jae Woo Park, Young Tae Yun. Apparatus and method for detecting self-executable compressed file [Online]. Available: https://www.google.com/patents/US20080127038
[22] Wikipedia. /dev/random - Wikipedia, the free encyclopedia[Online]. Available: https://en.wikipedia.org/wiki//dev/random#cite_note-3
[23] urandom. [Online]. Available: https://linux.die.net/man/4/urandom
[24] Arati Baliga, Pandurang Kamat and Liviu Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data (Short Paper)" in Symposium on Security and Privacy, 2007.
[25] Raspberry Pi. [Online]. Available: https://en.wikipedia.org/wiki/Raspberry_Pi
[26] Anders Fongen, "Identity Management and Integrity Protection in the Internet of Things" in International Conference on Emerging Security Technologies, 2012.
[27] Whitfield Diffie, Paul C. Van Oorschot, Michael J. Wiener, "Authentication and Authenticated Key Exchanges" in Designs, Codes and Cryptography, pp 107–125, 1992.
[28] Yaman Sharaf-Dabbagh and Walid Saad, "On the authentication of devices in the Internet of things" in International Symposium on A World of Wireless, Mobile and Multimedia Networks, 2016.
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2017-7-17
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明