 |
|
|
|
以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:43 、訪客IP:18.217.89.130
姓名 簡丞博(Cheng-Po Chien) 查詢紙本館藏 畢業系所 資訊工程學系 論文名稱 減輕代理人攻擊之具有自適應性與隨機性的基於計算時間無線感測網路遠端檢測方案
(Adaptive and Randomized Time-based Wireless Sensor Networks Remote Attestation Against Proxy Attack)相關論文 檔案 [Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
[檢視]
- 本電子論文使用權限為同意立即開放。
- 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
- 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
摘要(中) 無線感測網路已被廣泛的應用在醫學、科學、軍事與商業應用上。大量的傳
感器節點部署在特定的地理區域以收集用於分析目的的環境數據。然而,傳感器
節點通常部署在公共地理區域,允許攻擊者捕獲傳感器節點。攻擊者可以取的感
測器上的一些敏感資料以及分析感測器上軟體的漏洞。攻擊者也可以對捕獲的感
測器注入惡意程式並重新佈署回感測網路中。受到感染的感測器會對周遭的感測
器傳播惡意程式。這些受感染的感測器將可以互相勾結以執行各種攻擊,像是假
資料傳遞、選擇性封包發送、服務阻斷等。因此我們需要一個檢查感測器是否遭
受感染的安全機制。
基於時間的遠程檢測方案提供了用於檢查感測器上記憶體完整性的機制。感
測器藉由向檢驗者提出記憶體完整性的證明來展示自己是沒有受到入侵的。如果
感測器是遭受到修改,則它無法通過正常程序產生記憶體完整性的證明。另外,
檢驗者需要設置門檻值並藉由測量感測器產生記憶體完整性證明的時間來防止
攻擊者藉由額外的操作來偽造證明。不幸的是,測量的時間很容易受到無線感測
網路中通訊延遲的影響,這可能會導致正常的感測器無法通過檢測。此外,基於
時間的遠端檢測容易受到代理人攻擊。代理人攻擊為攻擊者可以藉由強大的裝置
幫助產生受感染的感測器產生完整性證明,使得受感染的感測器能夠輕易的通過
檢測。
本研究中我們提出了更適應基於時間的遠端檢測方案以及減輕代理人攻擊
的危害。在我們的方案中我們會將整個檢驗方案分成好幾輪並且每一輪的結果都
將被隨機的決定是否要回傳給檢驗者。而那些沒有發送給檢驗者的證明都將通過
回應區塊鏈在後續的證明中進行檢查。提出方案中的關鍵想法為通過多次的時間
測量來避免檢驗者對正常感測器的誤判。除此之外,多輪的方法會耗進受感染電
池的電量並使得攻擊者入侵感測網路變得不再強大。我們還提出了另一種替代方
案,藉由安裝輕量級的安全硬體模組來降低正常感測器進行檢測的耗電量並保持
受感染感測器的耗電量。摘要(英) Wireless sensor network (WSNs) have been widely applied in medical, scientific,
military, and business applications. A huge number of sensor nodes are deployed in
a specific geographic area to collect environmental data for analysis purposes. However,
the sensor nodes are often deployed in a public geographic area that allows
an adversary to physically capture a sensor node. Any software vulnerability and
sensitive data inside the captured node will be identified. The adversary can store
malicious codes in the captured node and redeploy it. The infected sensor node then
spreads the malicious codes; consequently the neighboring nodes are infected with
the malicious codes. These infected sensor nodes can collude each other to perform
a variety of attacks, such as fake data delivery, selective packet forwarding, denial
of service (DoS), etc. A security mechanism used for detecting an infected sensor
node is necessary.
The time-based remote attestation scheme provides a mechanism for checking
the memory integrity of the sensor nodes. During the remote attestation, the memory
integrity of sensor node is endorsed by evidences provided by sensor node. If
the memory content of sensor node is modified, sensor node could not produce the
evidence. In addition, verifier will set threshold and measure time which sensor
nodes produces the evidences of memory integrity that prevents adversary forging
evidence by additional operation. Unfortunately, the measured time is susceptible
to communication delay in WSNs. This may result in the normal sensor nodes fail
the attestation. Furthermore, time-based remote attestation is vulnerable to proxy
attack, which the evidence of memory integrity is able to be generated by the powerful
device of adversary.
In this study, we proposed remote attestation that more adaptive time-based
remote attestation scheme and counteract the proxy attack of sensor nodes. Our
scheme is designed in a multiple-round approach which a whole remote attestation
will be divided into several round and at end of each round the round evidences
will be randomly determined to be sent to the verifier or not. Those evidence which
does not sent to the verifier will be check through the subsequent evidences which
produce by the response block chaining. The key idea in proposed scheme is that
misjudgment of normal node is avoided through multiple round time measurement.
Additionally, multiple-round approach can exhaust the battery of the compromised
nodes and makes the malicious intrusion become significantly less powerful. We also
proposed alternative scheme which install the lightweight hardware secure modules
before employed to reduce the power consumption of normal sensor nodes and remain
the power consumption of compromised sensor nodes.關鍵字(中) ★ 基於計算時間遠端檢測
★ 代理人攻擊關鍵字(英) ★ Time-based Remote Attestation
★ Proxy Attack論文目次 1 緒論 1
1.1 研究動機. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 本研究主要貢獻. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 論文的組織. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2 相關背景知識與遠端檢測方案文獻回顧 4
2.1 相關背景知識. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.1 單向雜湊函式. . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1.2 訊息鑑別碼. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.3 密文區塊鏈. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.4 硬體安全模組. . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1.5 無線感測網路模型. . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2 遠端檢測方案文獻回顧. . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.2.1 軟體式的遠端檢測方案. . . . . . . . . . . . . . . . . . . . . . . 11
2.2.2 硬體式的遠端檢測方案. . . . . . . . . . . . . . . . . . . . . . . 17
2.2.3 現有遠端檢測方案之總結. . . . . . . . . . . . . . . . . . . . . . 20
3 多回合隨機回應鏈遠端檢測方案 21
3.1 假設與攻擊模式. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.1.1 假設. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.1.2 攻擊模式. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.2 多回合隨機回應鏈遠端檢測方案. . . . . . . . . . . . . . . . . . . . . . . 23
3.3 多回合隨機回應鏈機制. . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3.4 方案中檢查碼計算函式介紹. . . . . . . . . . . . . . . . . . . . . . . . . 25
3.5 回應判定標準. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.6 安全性分析. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.6.1 預先計算攻擊. . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.6.2 重送攻擊. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.6.3 壓縮攻擊. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.6.4 代理人攻擊. . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.7 效能分析. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.8 與現有基於時間的遠端檢測方案的比較. . . . . . . . . . . . . . . . . . . . 31
4 動態隨機亂數填補遠端檢測方案 32
4.1 假設. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.2 動態隨機亂數填補遠端檢測方案. . . . . . . . . . . . . . . . . . . . . . . 34
4.3 動態隨機亂數填補機制. . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.4 動態隨機亂數填補遠端檢測方案詳細步驟. . . . . . . . . . . . . . . . . . . 35
4.5 安全性分析. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.5.1 預先計算攻擊與重送攻擊. . . . . . . . . . . . . . . . . . . . . . 38
4.5.2 壓縮攻擊. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.5.3 代理人攻擊. . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.6 效能分析. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.7 與現有基於計算時間的硬體式檢測方案的比較. . . . . . . . . . . . . . . . . 39
4.8 與多回合隨機回應鏈遠端檢測方案的比較. . . . . . . . . . . . . . . . . . . 40
5 結論 41
5.1 本論文貢獻. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.2 未來研究方向. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
參考文獻 43參考文獻 [1] A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, “SWATT: Software-based Attestation for Embedded Devices,” Proceedings of the 25th IEEE Symposium on Security and Privacy, pp. 272–282, 2004.
[2] FIPS 198, “The Keyed-Hash Message Authentication Code (HMAC),” NIST, US Department of Commerce, Washington, D.C., 2002.
[3] FIPS 140-2, “Security Requirements for Cryptographic Modules,” NIST, US Department of Commerce, Washington, D.C., 2001.
[4] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, “A Survey on Sensor Networks,” IEEE Communications Magazine, pp.102-114, 2002.
[5] A. Seshadri, M. Luk, A. Perrig, L. V. Doorn, and P. Khosla, “SCUBA: Secure Code Update by Attestation in Sensor Network,” Proceedings of the 5th ACM Workshop on Wireless Security, pp. 85–94, 2006.
[6] C. Castelluccia, A. Francillon, D. Perito, and C. Soriente, “On the Difficulty of Software-based Attestation of Embedded Device,” Proceeding of the 16th ACM Conference on Computer and Communication Security, pp. 400–409, 2009.
[7] H. Tan, W. Hu, and S. Jha, “A TPM-enabled Remote Attestation Protocol (TRAP) in Wireless Sensor Networks,” Proceeding of the 6th ACM Conference on Performance Monitoring and Measurement of Heterogeneous Wireless and Wired Network, pp. 9–16, 2011.
[8] Trusted Computing Group, “TCG Specification Architecture Overview,” TCG Specification Revision 1.4, 2007.
[9] P. H. Yang and S. M. Yen, “Memory Attestation of Wireless Sensor Nodes through Trusted Remote Agents,” IET Information Security, Vol. 11, Issue 6, pp. 338–344, 2017.
[10] Y. Li, J. M. McCune, and A. Perrig, “VIPER: Verifying the Integrity of PERipherals’ Firmware,” Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 3–16, 2011.
[11] Y. Yang, X. Wang, S. Zhu, and G. Gao, “Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks,” Proceedings of the 26th IEEE Symposium on Reliable Distributed System, pp. 219–230, 2007.
[12] V. Raghunathan, C. Schurgers, S. Park, and M. B. Srivastava, “Energy Aware Wireless Microsensor Networks,” IEEE Signal Processing Magazine, vol. 19, issue 2, pp. 40–50, 2002.
[13] F. Francillon and C. Castelluccia, “Code Injection Attacks on Harvard-Architecture Device,” Proceedings of the 15th ACM Conference on Computer and Communication Security, pp. 15–26, 2008.
[14] M. Mitzenmacher and E. Upfal, “Probability and Computing: Randomized Algorithm and Probabilistic Analysis,” New York: Cambridge University Press, pp. 33–34, 2005.
[15] D. Berenguer, “panStamp AVR 2. Technical Details,” https://github.com/panStamp/panstamp/wiki/panStamp-AVR-2.-Technical-details.
[16] Atmel, “8–bit AVR Microcontrollers ATmega328/P Datasheet Complete,”http://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-42735-8-bit-AVR-Microcontroller-ATmega328-328P_Datasheet.pdf.
[17] Texas Instruments, “CC1101 Low-Power Sub-1 GHz RF Transceiver Datasheet (Rev. I),” http://www.ti.com/lit/ds/symlink/cc1101.pdf.
[18] J. P. Kaps and B. Sunar, “Energy Consumption of AES and SHA-1 for Ubiquitous Computing,” Proceedings of the Emerging Directions in Embedded and Ubiquitous Computing, pp. 372–381, 2006.
[19] W. Stalling, “Cryptography and Network Security: Principles and Practice (5th edition),” New Jersey: Prentice Hall, 2010.
[20] S. Prasanna and S. Rao, “An Overview of Wireless Sensor Networks Applications and Security,” International Journal of Soft Computing and Engineering, Vol. 2, Issue 2, pp. 538–540, 2012.
[21] Y. G. Choi, J. Kang, and D. Nyang. “Proactive Code Verification Protocol in Wireless Sensor Network,” Proceedings of the International Conference on Computational Science and its Applications, Vol. Part II, pp. 1085–1096, 2007.
[22] K. E. Defrawy, A. Francillon, D. Perito, and G. Tsudik, “SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust,” Proceedings of the 19th Annual Network and Distributed System Security Symposium, Vol. 12, pp. 1–15, 2012.
[23] J. Kong, F. Koushanfar, P. K. Pendyala, A. R. Sadeghi, and C. Wachsmann, “PUFatt: Embedded Platform Attestation Based on Novel Processor-Based PUFs,” Proceedings of the 51st Annual Design Automation Conference, pp. 1–6, 2014.
[24] F. Armknecht, R. Maes, A. R. Sadeghi, B. Sunar, and P. Tuyls, “Memory Leakage-resilient Encryption Based on Physically Unclonable Functions,” In Advances in Cryptology–ASIACRYPT ’09, pp. 685–702, 2009.指導教授 顏嵩銘(Sung-Ming Yen) 審核日期 2018-7-23 推文 plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
網路書籤 Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit