在本論文中,我們提出一種使用輕量化硬體來偵測代理人攻擊的遠端認證方法,融合基於軟體的方法以及基於硬體的方法雙方特點,並且此方法能抵禦大多數無線感測網路遇到的軟體攻擊,硬體相關的攻擊並不在此論文討論範圍內。最後,我們提供數種模擬的數據,這些數據可以讓使用者在安全性以及系統負擔之間做出平衡取捨。 ;Wireless sensor networks have been applied in healthcare monitoring systems, military surveillance systems, and Internet of Things. Sensor nodes are usually deployed in an un monitored geographic area and become attractive targets to an adversary. A major security issue to sensor nodes is a malicious code injection attack that results in fake data delivery and private data disclosure. Software-based remote attestation schemes are used for verifying the firmware integrity of a sensor node and have advantages of flexible system implementation and low deployment cost. However, such schemes are vulnerable to a proxy attack that enables a compromised sensor node to provide a correct integrity evidence through the assistance of colluding. Hardware-based schemes mostly rely on TPM. However, the TPM-based schemes are not suitable for resource-constraint sensor nodes because public key cryptography and complicated operations are involved and consumes the energy of sensor node, particularly battery-equipped sensor nodes. This thesis proposes a lightweight hardware-based remote attestation scheme against the proxy attack. A simple hardware security module executing only symmetric key cryptographic computation is employed in the proposed scheme, and is particularly suitable for resource-constrained sensor nodes. Simulation results demonstrating the effectiveness of the proposed scheme are also provided.
