於軟體定義網路環境中基於信任度演算法實現可信工控物聯網之建置

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：35

、訪客IP：3.138.204.208

姓名

王亭文(Ting-Wen Wang) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

於軟體定義網路環境中基於信任度演算法實現可信工控物聯網之建置
(Using Trust Level Algorithm to Build Reliable Industrial IoT in SDN Environment)

相關論文

★ 設計與實作結合Kubernetes應用之多執行緒連線負載平衡器	★ 設計與實作基於Zabbix網路監控平台之自動化路由黑洞機制
★ 智慧共同照護之實現: 以資料驅動為基礎之 AI 糖尿病個案管理模式	★ 設計與實作基於驗證路由資訊一致性之自動化 BGP 路由過濾策略與安全機制

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2026-8-23以後開放)

摘要(中)

因應工業 4.0 來臨，越來越多物聯網設備出現在工業系統中來進行智慧製造，但大量的設備造成了網路管理人員的負擔，且物聯網設備的資源不足使得設備內建防護能力不足，容易受到惡意人士的侵入及控制，導致資料竊取、竄改等情事發生，甚至是利用受害節點來癱瘓整體的工控網路，種種的資安事件都可能影響到企業的營收。
但由於工控系統與傳統資訊系統的要求不同，以及防護能力不足的物聯網設備使得工控系統漏洞百出，不過現有資安產品並無法直接應用於工控系統中，因此我們根據工控物聯網的特性及要求來設計相應的資安策略。本論文首先提出在軟體定義網路 (Software-defined Networking, SDN) 的環境下整合大型且擁有異質性的工控物聯網網路，並基於零信任框架來設計系統架構以建立工控系統上的可信傳輸。對於網路上的節點採用雙因素認證 (Two-factor authentication) 的方式，以防止陌生節點加入至規範的工控網路中。考量到設備入侵的情況，即使認證後的設備，本論文會以集中式控制器持續蒐集設備的操作行為，實施細粒度的身分存取控管，利用信任度演算法與信任衰減的設計來衡量設備的信任度，並基於信任度的高低來動態調整設備在網路中的存取控制策略，以此方式來確保整體網路節點的傳輸安全以及資料完整性。
經實驗證明，基於 SDN 的安全架構替工控物聯網提升了網路管理效率，並以集中式控制器來緩解工控物聯網可能遭受到的資安攻擊，本研究亦針對監測任務的資源消耗進行評估，結果顯示能以相對低成本與低侵入式的方式來實現該系統，以保障工控物聯網的網路安全性。

摘要(英)

In response to the arrival of Industry 4.0, more and more IoT devices are appearing in industrial systems for smart manufacturing, but the large number of devices places a burden on network managers, and the lack of resources for IoT devices leads to insufficient built-in protection, and the devices are easily controlled by malicious people, which may lead to data theft, tampering, or even the use of victim nodes to paralyze the entire industrial control network. All kinds of information security incidents may affect the revenue of enterprises.
However, due to the different requirements of industrial control system and traditional information system, as well as the insufficient resources of IoT devices, which make the industrial control system full of loopholes, and the existing information security products are not directly applicable to industrial control system, so the relative information security strategy should be designed according to the characteristics and requirements of industrial control IoT. In this paper, we propose to integrate heterogeneous IoT device more effectively in a software- defined network environment, and design the system architecture based on a zero-trust architecture to establish trusted transmission on IoT systems. For the nodes on the network, we use two-factor authentication to effectively prevent unauthorized nodes from joining the supervised network. Considering the situation of device intrusion, even after device authentication, this thesis will continue to collect the operational behavior of devices with a centralized controller and implement fine-grained identity access control. The trust level algorithm and trust decay design are used to measure the trust level of devices more effectively and dynamically adjust the access control policy of devices in the network according to the trust level.
The experiment show that the SDN-based security architecture improves the network management efficiency of IoT and effectively avoids and mitigates possible information security attacks on IoT using the centralized controller.

關鍵字(中)

★ 工業物聯網
★ 軟體定義網路
★ 零信任框架
★ 信任衰減

關鍵字(英)

★ Industrial Internet of Things
★ Software-defined networking
★ Zero trust architecture
★ Trust value and time decay

論文目次

摘要 I
Abstract II
致謝辭 III
目錄 IV
圖目錄 VI
表目錄 VIII
第一章前言 1
1-1 研究背景 1
1-2 研究動機 2
1-3 研究目的 3
1-4 預期貢獻 5
1-5 論文架構 5
第二章相關文獻 6
2-1 威脅模型 6
2-2 軟體定義網路 12
2-3 OpenFlow 14
2-4 零信任架構 15
2-5 多重要素驗證 16
2-6 信任度管理 17
第三章系統設計 22
3-1 系統架構 22
3-2 身分認證管理 26
3-3 信任度計算 29
第四章實驗設計 36
4-1 系統配置 36
4-2 威脅模型 39
4-3 實驗環境配置 42
4-4 安全分析 51
4-5 系統性能分析 52
第五章結論 54
第六章未來展望 55
6-1 研究限制 55
6-2 未來研究 55
參考文獻 56
附錄 62

參考文獻

[1] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of Things (IoT): A vision, architectural elements, and future directions,” Future Gener. Comput. Syst., vol. 29, no. 7, pp. 1645–1660, Sep. 2013, doi: 10.1016/j.future.2013.01.010.
[2] C. J. Turner, J. Oyekan, L. Stergioulas, and D. Griffin, “Utilizing Industry 4.0 on the Construction Site: Challenges and Opportunities,” IEEE Trans. Ind. Inform., vol. 17, no. 2, pp. 746–756, Feb. 2021, doi: 10.1109/TII.2020.3002197.
[3] Y. Liu, X. Ma, L. Shu, G. P. Hancke, and A. M. Abu-Mahfouz, “From Industry 4.0 to Agriculture 4.0: Current Status, Enabling Technologies, and Research Challenges,” IEEE Trans. Ind. Inform., vol. 17, no. 6, pp. 4322–4334, Jun. 2021, doi: 10.1109/TII.2020.3003910.
[4] T. R. Wanasinghe, R. G. Gosine, L. A. James, G. K. I. Mann, O. de Silva, and P. J. Warrian, “The Internet of Things in the Oil and Gas Industry: A Systematic Review,” IEEE Internet Things J., vol. 7, no. 9, pp. 8654–8673, Sep. 2020, doi: 10.1109/JIOT.2020.2995617.
[5] J. Rabatel, S. Bringay, and P. Poncelet, “Anomaly detection in monitoring sensor data for preventive maintenance,” Expert Syst. Appl., vol. 38, no. 6, pp. 7003–7015, Jun. 2011, doi: 10.1016/j.eswa.2010.12.014.
[6] A. Chehri and G. Jeon, “The Industrial Internet of Things: Examining How the IIoT Will Improve the Predictive Maintenance,” in Innovation in Medicine and Healthcare Systems, and Multimedia, Singapore, 2019, pp. 517–527. doi: 10.1007/978-981-13-8566-7_47.
[7] E. Cardillo and A. Caddemi, “Feasibility Study to Preserve the Health of an Industry 4.0 Worker: a Radar System for Monitoring the Sitting-Time,” in 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0 IoT), Jun. 2019, pp. 254–258. doi: 10.1109/METROI4.2019.8792905.
[8] F. Meneghello, M. Calore, D. Zucchetto, M. Polese, and A. Zanella, “IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices,” IEEE Internet Things J., vol. 6, no. 5, pp. 8182–8201, Oct. 2019, doi: 10.1109/JIOT.2019.2935189.
[9] Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu, and W. Lv, “Edge Computing Security: State of the Art and Challenges,” Proc. IEEE, vol. 107, no. 8, pp. 1608–1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.
[10] “蒸發 78 億! 台積電中毒事件抓出元兇|天下雜誌,” 天下雜誌. [Online]. Available: https://www.cw.com.tw/article/5091491 (accessed Mar. 14, 2022).
[11] P. Mahesh et al., “A Survey of Cybersecurity of Digital Manufacturing,” Proc. IEEE, vol. 109, no. 4, pp. 495–516, Apr. 2021, doi: 10.1109/JPROC.2020.3032074.
[12] “Claroty Biannual ICS Risk & Vulnerability Report: 1H 2021.” [Online]. Available: https://security.claroty.com/1H-vulnerability-report-2021 (accessed May 02, 2022).
[13] M. Mercuri et al., “2-D Localization, Angular Separation and Vital Signs Monitoring Using a SISO FMCW Radar for Smart Long-Term Health Monitoring Environments,” IEEE Internet Things J., vol. 8, no. 14, pp. 11065–11077, Jul. 2021, doi:
10.1109/JIOT.2021.3051580.
[14] H.-Y. Li, W. Xu, Y. Cui, Z. Wang, M. Xiao, and Z.-X. Sun, “Preventive Maintenance
Decision Model of Urban Transportation System Equipment Based on Multi-Control
Units,” IEEE Access, vol. 8, pp. 15851–15869, 2020, doi: 10.1109/ACCESS.2019.2961433.
[15] M. Baddeley, R. Nejabati, G. Oikonomou, M. Sooriyabandara, and D. Simeonidou, “Evolving SDN for Low-Power IoT Networks,” in 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), Jun. 2018, pp. 71–79. doi: 10.1109/NETSOFT.2018.8460125.
[16] D. Wu et al., “Towards Distributed SDN: Mobility Management and Flow Scheduling in Software Defined Urban IoT,” IEEE Trans. Parallel Distrib. Syst., vol. 31, no. 6, pp. 1400–1418, Jun. 2020, doi: 10.1109/TPDS.2018.2883438.
[17] P. Bull, R. Austin, E. Popov, M. Sharma, and R. Watson, “Flow Based Security for IoT Devices Using an SDN Gateway,” in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Aug. 2016, pp. 157–163. doi: 10.1109/FiCloud.2016.30.
[18] B. Chen et al., “A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture,” IEEE Internet Things J., vol. 8, no. 13, pp. 10248– 10263, Jul. 2021, doi: 10.1109/JIOT.2020.3041042.
[19] Y. Weiyong et al., “Active Access Control for the Operational Security in Industrial Control Systems,” in 2020 Chinese Automation Congress (CAC), Nov. 2020, pp. 2086– 2090. doi: 10.1109/CAC51589.2020.9326747.
[20] G. Culot, F. Fattori, M. Podrecca, and M. Sartor, “Addressing Industry 4.0 Cybersecurity Challenges,” IEEE Eng. Manag. Rev., vol. 47, no. 3, pp. 79–86, 2019, doi: 10.1109/EMR.2019.2927559.
[21] M. Anagnostopoulos, G. Kambourakis, and S. Gritzalis, “New facets of mobile botnet: architecture and evaluation,” Int. J. Inf. Secur., vol. 15, no. 5, pp. 455–473, Oct. 2016, doi: 10.1007/s10207-015-0310-0.
[22] M. Nobakht, C. Russell, W. Hu, and A. Seneviratne, “IoT-NetSec: Policy-Based IoT Network Security Using OpenFlow,” in 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Mar. 2019, pp. 955– 960. doi: 10.1109/PERCOMW.2019.8730724.
[23] M. Al-Shaboti, I. Welch, A. Chen, and M. A. Mahmood, “Towards Secure Smart Home IoT: Manufacturer and User Network Access Control Framework,” in 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA),May 2018, pp. 892–899. doi: 10.1109/AINA.2018.00131.
[24] “The Modbus Organization.” [Online]. Available: https://modbus.org/ (accessed Aug. 12,
2022).
[25] “DNP3 Protocol.” [Online]. Available: https://www.dnp.org/About/Overview-of-DNP3-
Protocol (accessed Aug. 12, 2022).
[26] “What is OPC?” OPC Foundation. [Online]. Available:
https://opcfoundation.org/about/what-is-opc/ (accessed Aug. 12, 2022).
[27] Z. Jadidi and Y. Lu, “A Threat Hunting Framework for Industrial Control Systems,” IEEE
Access, vol. 9, pp. 164118–164130, 2021, doi: 10.1109/ACCESS.2021.3133260.
[28] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National
Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207.
[29] “Threat landscape for industrial automation systems. Statistics for H2 2021 | Kaspersky
ICS CERT.” [Online]. Available: https://ics-
cert.kaspersky.com/publications/reports/2022/03/03/threat-landscape-for-industrial-
automation-systems-statistics-for-h2-2021/ (accessed May 02, 2022).
[30] O. Cabana et al., “Threat Intelligence Generation Using Network Telescope Data for Industrial Control Systems,” IEEE Trans. Inf. Forensics Secur., vol. 16, pp. 3355–3370,
2021, doi: 10.1109/TIFS.2021.3078261.
[31] G. M. Makrakis, C. Kolias, G. Kambourakis, C. Rieger, and J. Benjamin, “Industrial and
Critical Infrastructure Security: Technical Analysis of Real-Life Security Incidents,” IEEE
Access, vol. 9, pp. 165295–165325, 2021, doi: 10.1109/ACCESS.2021.3133348.
[32] “2020 Unit 42 IoT Threat Report.” [Online]. Available:
https://start.paloaltonetworks.com/unit-42-iot-threat-report (accessed May 03, 2022).
[33]“Nokia: Threat Intelligence Report 2020,” OneStore. [Online]. Available:
https://onestore.nokia.com/asset/210088 (accessed May 04, 2022).
[34] W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, and Y. A. Bangash, “An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software- Defined Security,” IEEE Internet Things J., vol. 7, no. 10, pp. 10250–10276, Oct. 2020,
doi: 10.1109/JIOT.2020.2997651.
[35] J. Granjal, E. Monteiro, and J. Sá Silva, “Security for the Internet of Things: A Survey of
Existing Protocols and Open Research Issues,” IEEE Commun. Surv. Tutor., vol. 17, no.
3, pp. 1294–1312, 2015, doi: 10.1109/COMST.2015.2388550.
[36] “2021 NSA Cybersecurity Year in Review,” p. 28. [Online]. Available:
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-
View/Article/2921744/nsa-releases-2021-cybersecurity-year-in-review/
[37] D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, “Software-Defined Networking: A Comprehensive Survey,” Proc. IEEE, vol. 103,
no. 1, pp. 14–76, Jan. 2015, doi: 10.1109/JPROC.2014.2371999.
[38] S. Al-Rubaye, E. Kadhum, Q. Ni, and A. Anpalagan, “Industrial Internet of Things Driven by SDN Platform for Smart Grid Resiliency,” IEEE Internet Things J., vol. 6, no. 1, pp.
267–277, Feb. 2019, doi: 10.1109/JIOT.2017.2734903.
[39] M. Ibrar, L. Wang, G.-M. Muntean, J. Chen, N. Shah, and A. Akbar, “IHSF: An Intelligent
Solution for Improved Performance of Reliable and Time-Sensitive Flows in Hybrid SDN- Based FC IoT Systems,” IEEE Internet Things J., vol. 8, no. 5, pp. 3130–3142, Mar. 2021, doi: 10.1109/JIOT.2020.3024560.
[40] L. Fawcett, S. Scott-Hayward, M. Broadbent, A. Wright, and N. Race, “Tennison: A Distributed SDN Framework for Scalable Network Security,” IEEE J. Sel. Areas Commun., vol. 36, no. 12, pp. 2805–2818, Dec. 2018, doi: 10.1109/JSAC.2018.2871313.
[41] “OpenFlow: enabling innovation in campus networks: ACM SIGCOMM Computer Communication Review: Vol 38, No 2.” [Online]. Available: https://dl.acm.org/doi/abs/10.1145/1355734.1355746 (accessed Jul. 03, 2022).
[42]“openflow-spec-v1.3.0.pdf.” Accessed: May 30, 2022. [Online]. Available: https://opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.3.0.pdf
[43] S. Chaudhari, S. S. Tomar, and A. Rawat, “Design, implementation and analysis of multi layer, Multi Factor Authentication (MFA) setup for webmail access in multi trust networks,” in 2011 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC), Apr. 2011, pp. 27–32. doi: 10.1109/ETNCC.2011.5958480.
[44] J. Torres, M. Nogueira, and G. Pujolle, “A Survey on Identity Management for the Future Network,” IEEE Commun. Surv. Tutor., vol. 15, no. 2, pp. 787–802, 2013, doi: 10.1109/SURV.2012.072412.00129.
[45] E. Erdem and M. T. Sandıkkaya, “OTPaaS—One Time Password as a Service,” IEEE Trans. Inf. Forensics Secur., vol. 14, no. 3, pp. 743–756, Mar. 2019, doi: 10.1109/TIFS.2018.2866025.
[46] K. Boakye-Boateng, E. Kuada, E. Antwi-Boasiako, and E. Djaba, “Encryption Protocol for Resource-Constrained Devices in Fog-Based IoT Using One-Time Pads,” IEEE Internet Things J., vol. 6, no. 2, pp. 3925–3933, Apr. 2019, doi: 10.1109/JIOT.2019.2893172.
[47] W.-J. Tsaur, “A Flexible User Authentication Scheme for Multi-server Internet Services,” in Networking — ICN 2001, Berlin, Heidelberg, 2001, pp. 174–183. doi: 10.1007/3-540- 47728-4_18.
[48] Y. Xie et al., “A Logic Resistive Memory Chip for Embedded Key Storage With Physical Security,” IEEE Trans. Circuits Syst. II Express Briefs, vol. 63, no. 4, pp. 336–340, Apr. 2016, doi: 10.1109/TCSII.2015.2503707.
[49] R. Yaich, “Trust Management Systems: a Retrospective Study on Digital Trust,” in Cyber- Vigilance and Digital Trust: Cyber Security in the Era of Cloud Computing and IoT, Wiley, 2019, pp. 51–103. doi: 10.1002/9781119618393.ch2.
[50] S. Burikova et al., “A Trust Management Framework for Software Defined Networks-based Internet of Things,” in 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Oct. 2019, pp. 0325–0331. doi: 10.1109/IEMCON.2019.8936207.
[51] J. Astorga, M. Barcelo, A. Urbieta, and E. Jacob, “How to Survive Identity Management in the Industry 4.0 Era,” IEEE Access, vol. 9, pp. 93137–93151, 2021, doi: 10.1109/ACCESS.2021.3092203.
[52] Z. Xiaojian, C. Liandong, F. Jie, W. Xiangqun, and W. Qi, “Power IoT security protection architecture based on zero trust framework,” in 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP), Jan. 2021, pp. 166–170. doi: 10.1109/CSP51677.2021.9357607.
[53] M. M. Hassan, S. Huda, S. Sharmeen, J. Abawajy, and G. Fortino, “An Adaptive Trust Boundary Protection for IIoT Networks Using Deep-Learning Feature-Extraction-Based Semisupervised Model,” IEEE Trans. Ind. Inform., vol. 17, no. 4, pp. 2860–2870, Apr. 2021, doi: 10.1109/TII.2020.3015026.
[54] V. Sharma, G. Choudhary, Y. Ko, and I. You, “Behavior and Vulnerability Assessment of Drones-Enabled Industrial Internet of Things (IIoT),” IEEE Access, vol. 6, pp. 43368– 43383, 2018, doi: 10.1109/ACCESS.2018.2856368.
[55] A. A. Adewuyi, H. Cheng, Q. Shi, J. Cao, Á. MacDermott, and X. Wang, “CTRUST: A Dynamic Trust Model for Collaborative Applications in the Internet of Things,” IEEE Internet Things J., vol. 6, no. 3, pp. 5432–5445, Jun. 2019, doi: 10.1109/JIOT.2019.2902022.
[56] H. Wang, J. Jiang, and W. Li, “A Dynamic Trust Model Based on Time Decay Factor,” in
2018 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet
of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), Oct. 2018, pp. 2048–2051. doi: 10.1109/SmartWorld.2018.00343.
[57] M. Işik and H. Dağ, “A recommender model based on trust value and time decay: Improve the quality of product rating score in E-commerce platforms,” in 2017 IEEE International Conference on Big Data (Big Data), Dec. 2017, pp. 1946–1955. doi: 10.1109/BigData.2017.8258140.
[58] International Electrotechnical Commission, International Electrotechnical Commission, and Technical Committee 65, Industrial communication networks--network and system security. Part 2-1, Part 2-1,. Geneva: International Electrotechnical Commission, 2010.
[59] Y. Zhou, G. Cheng, Y. Zhao, Z. Chen, and S. Jiang, “Toward Proactive and Efficient DDoS Mitigation in IIoT Systems: A Moving Target Defense Approach,” IEEE Trans. Ind. Inform., vol. 18, no. 4, pp. 2734–2744, Apr. 2022, doi: 10.1109/TII.2021.3090719.
[60] F. Khan, M. A. Jan, A. ur Rehman, S. Mastorakis, M. Alazab, and P. Watters, “A Secured and Intelligent Communication Scheme for IIoT-enabled Pervasive Edge Computing,” IEEE Trans. Ind. Inform., vol. 17, no. 7, pp. 5128–5137, Jul. 2021, doi:
10.1109/TII.2020.3037872.
[61] Q. Tian et al., “New Security Mechanisms of High-Reliability IoT Communication Based
on Radio Frequency Fingerprint,” IEEE Internet Things J., vol. 6, no. 5, pp. 7980–7987,
Oct. 2019, doi: 10.1109/JIOT.2019.2913627.
[62] C. Boudagdigue, A. Benslimane, A. Kobbane, and J. Liu, “Trust Management in Industrial
Internet of Things,” IEEE Trans. Inf. Forensics Secur., vol. 15, pp. 3667–3682, 2020, doi:
10.1109/TIFS.2020.2997179.
[63] “MQTT - The Standard for IoT Messaging.” [Online]. Available: https://mqtt.org/
(accessed Jul. 22, 2022).
[64] “Yubico,” Yubico. [Online]. Available: https://www.yubico.com/ (accessed Jul. 21, 2022).
[65] “Modbus Master Simulator.” [Online]. Available:
https://www.modbustools.com/modbus_poll.html (accessed Aug. 12, 2022).
[66] “Modbus Slave Simulator.” [Online]. Available:
https://www.modbustools.com/modbus_slave.html (accessed Aug. 12, 2022).
[67] A. Yosef, “DNS Amplification Lab.” Jun. 29, 2022. Accessed: Jul. 19, 2022. [Online].
Available: https://github.com/Avielyo10/DNS-Amplification-Lab

指導教授

蔡邦維(Pang-Wei Tsai)

審核日期

2022-8-25

推文