| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 簡丞博 | zh_TW |
| DC.creator | Cheng-Po Chien | en_US |
| dc.date.accessioned | 2018-7-23T07:39:07Z | |
| dc.date.available | 2018-7-23T07:39:07Z | |
| dc.date.issued | 2018 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=105522027 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 無線感測網路已被廣泛的應用在醫學、科學、軍事與商業應用上。大量的傳
感器節點部署在特定的地理區域以收集用於分析目的的環境數據。然而,傳感器
節點通常部署在公共地理區域,允許攻擊者捕獲傳感器節點。攻擊者可以取的感
測器上的一些敏感資料以及分析感測器上軟體的漏洞。攻擊者也可以對捕獲的感
測器注入惡意程式並重新佈署回感測網路中。受到感染的感測器會對周遭的感測
器傳播惡意程式。這些受感染的感測器將可以互相勾結以執行各種攻擊,像是假
資料傳遞、選擇性封包發送、服務阻斷等。因此我們需要一個檢查感測器是否遭
受感染的安全機制。
基於時間的遠程檢測方案提供了用於檢查感測器上記憶體完整性的機制。感
測器藉由向檢驗者提出記憶體完整性的證明來展示自己是沒有受到入侵的。如果
感測器是遭受到修改,則它無法通過正常程序產生記憶體完整性的證明。另外,
檢驗者需要設置門檻值並藉由測量感測器產生記憶體完整性證明的時間來防止
攻擊者藉由額外的操作來偽造證明。不幸的是,測量的時間很容易受到無線感測
網路中通訊延遲的影響,這可能會導致正常的感測器無法通過檢測。此外,基於
時間的遠端檢測容易受到代理人攻擊。代理人攻擊為攻擊者可以藉由強大的裝置
幫助產生受感染的感測器產生完整性證明,使得受感染的感測器能夠輕易的通過
檢測。
本研究中我們提出了更適應基於時間的遠端檢測方案以及減輕代理人攻擊
的危害。在我們的方案中我們會將整個檢驗方案分成好幾輪並且每一輪的結果都
將被隨機的決定是否要回傳給檢驗者。而那些沒有發送給檢驗者的證明都將通過
回應區塊鏈在後續的證明中進行檢查。提出方案中的關鍵想法為通過多次的時間
測量來避免檢驗者對正常感測器的誤判。除此之外,多輪的方法會耗進受感染電
池的電量並使得攻擊者入侵感測網路變得不再強大。我們還提出了另一種替代方
案,藉由安裝輕量級的安全硬體模組來降低正常感測器進行檢測的耗電量並保持
受感染感測器的耗電量。 | zh_TW |
| dc.description.abstract | Wireless sensor network (WSNs) have been widely applied in medical, scientific,
military, and business applications. A huge number of sensor nodes are deployed in
a specific geographic area to collect environmental data for analysis purposes. However,
the sensor nodes are often deployed in a public geographic area that allows
an adversary to physically capture a sensor node. Any software vulnerability and
sensitive data inside the captured node will be identified. The adversary can store
malicious codes in the captured node and redeploy it. The infected sensor node then
spreads the malicious codes; consequently the neighboring nodes are infected with
the malicious codes. These infected sensor nodes can collude each other to perform
a variety of attacks, such as fake data delivery, selective packet forwarding, denial
of service (DoS), etc. A security mechanism used for detecting an infected sensor
node is necessary.
The time-based remote attestation scheme provides a mechanism for checking
the memory integrity of the sensor nodes. During the remote attestation, the memory
integrity of sensor node is endorsed by evidences provided by sensor node. If
the memory content of sensor node is modified, sensor node could not produce the
evidence. In addition, verifier will set threshold and measure time which sensor
nodes produces the evidences of memory integrity that prevents adversary forging
evidence by additional operation. Unfortunately, the measured time is susceptible
to communication delay in WSNs. This may result in the normal sensor nodes fail
the attestation. Furthermore, time-based remote attestation is vulnerable to proxy
attack, which the evidence of memory integrity is able to be generated by the powerful
device of adversary.
In this study, we proposed remote attestation that more adaptive time-based
remote attestation scheme and counteract the proxy attack of sensor nodes. Our
scheme is designed in a multiple-round approach which a whole remote attestation
will be divided into several round and at end of each round the round evidences
will be randomly determined to be sent to the verifier or not. Those evidence which
does not sent to the verifier will be check through the subsequent evidences which
produce by the response block chaining. The key idea in proposed scheme is that
misjudgment of normal node is avoided through multiple round time measurement.
Additionally, multiple-round approach can exhaust the battery of the compromised
nodes and makes the malicious intrusion become significantly less powerful. We also
proposed alternative scheme which install the lightweight hardware secure modules
before employed to reduce the power consumption of normal sensor nodes and remain
the power consumption of compromised sensor nodes. | en_US |
| DC.subject | 基於計算時間遠端檢測 | zh_TW |
| DC.subject | 代理人攻擊 | zh_TW |
| DC.subject | Time-based Remote Attestation | en_US |
| DC.subject | Proxy Attack | en_US |
| DC.title | 減輕代理人攻擊之具有自適應性與隨機性的基於計算時間無線感測網路遠端檢測方案 | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | Adaptive and Randomized Time-based Wireless Sensor Networks Remote Attestation Against Proxy Attack | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |