簡易檢索 / 詳目顯示

研究生: 陳柏盛
Po-Sheng Chen
論文名稱: 一個使用區塊鏈技術進行物聯網裝置資料授權與取消的可信賴授權架構
A trustworthy authorization framework for IoT devices with the blockchain technology
指導教授: 查士朝
Shi-Cho Cha
口試委員: 羅乃維
Nai-Wei Lo
鄭欣明
Shin-Ming Cheng
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2019
畢業學年度: 107
語文別: 中文
論文頁數: 83
中文關鍵詞: 物聯網MQTTOAuth授權區塊鏈智慧合約
外文關鍵詞: Internet of Things, MQTT, OAuth, Authorization, Blockchain, Smart Contract
相關次數: 點閱:280下載:4
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  •   在現今的時代,物聯網裝置隨處可見,不僅行動電話能發送即時訊息,就連配戴於手上之手錶也具有上網的功能。如若能讓使用者取得這些由物聯網裝置所搜集而來之資料,進而了解某些即時訊息,將能為使用者添增許多便利性。如高速公路上之車量監控感測器,分析各時段之即時車流,使得用路人能更清楚目前各路段之車流量的情況。
      但並非所有資料皆為使用者所想與他人分享,使用者可能會只想授予其中一部分資料,或者某段時間內只能讓他人存取特定資料。然而,既有之物聯網協定無法滿足此種需求。因此,本研究提出一個基於區塊鏈的架構,讓他人可以透過MQTT協定,向其閘道器去要求使用者資料,而該閘道器可以參考OAuth 2.0標準,讓資料擁有者授權予他人存取其受保護之資料,並能在任意時間撤消授權,以達到使用者能動態地分享其資料的需求。而目前採用區塊鏈技術,將授權流程所產生之資料、參數皆以智慧合約方式存入區塊鏈當中,在日後紛爭發生時,能提出有力證據,保障當事雙方。
      除了以上的貢獻,本研究還考量到一般家庭之閘道器皆串接於網路服務供應商之路由器,被分配為內部IP,無法被直接存取,故本研究採用反向連接的方式,使得被授權方能夠突破此限制,順利取得受保護資料;另外,本研究還考量到閘道器於區塊鏈中之隱私,在每一次的授權要求產生時,產生一次性帳號,並利用此帳號設置了一個名為代理之智慧合約,使得其在區塊鏈中變得不可被追縱。


      As advances of IoT technologies, people can utilize sensors embedded in an IoT device to obtain context information of the device. In the state of the art, people may use MQTT protocol to subscribe context information of an IoT device. Therefore, the IoT device can send sensed data to the subscribers. However, providing context information sensed by an IoT devices may bring privacy risks to nearby users. Moreover, current MQTT specification does not specify access control mechanisms for owners of data sources to control who can subscribe data origined from the sources.
      In light of this, this study proposes a blockchain-based scheme for a user to authorize others to access data originated from the sensors in the user's home. In the proposed scheme, this study assumes that a user connects sensors in his/her home to a home gateway. Also, the sensors publish data to the home gateway through the MQTT protocol. Remote requesters can use the MQTT protocol to subscribe data of the sensors through the home gateway. When the gateway receives the subscription requests, the gateway uses the OAuth protocol to ensure that the user allows the requesters to subscribe the data. The authorization requests and results are kept in the blockchain. Therefore, people can use the data in the blockchain to resolve the dispute between the user and the requesters.
      Moreover, this thesis has the following contributions: First, this thesis enable a home gateway to generate transient account to access the blockchain. Therefore, people cannot track transactions issued by a geteway. In addition, this thesis addresses the issue that a home gateway is usually protected by a NAT device. Therefore, requesters cannot connect to the gateway to scribe sensor data. In this case, this thesis enables home gateways to connect to requesters or other intermediate servers to publish sensed data. To sum up, this thesis can hopefully resolve the deficiencies of the MQTT protocol in the home automation scenario.

    摘要 Abstract 致謝 目錄 圖目錄 表目錄 第一章 緒論 1.1. 研究背景與動機 1.2. 研究目的與貢獻 1.3. 章節介紹 第二章 背景知識與文獻探討 2.1. 物聯網傳輸協定 2.2. OAuth 2.3. 區塊鏈與智慧合約 2.4. MyDataChain 2.5. 相關作法探討 第三章 問題定義與需求分析 3.1. 情境描述 3.2. 系統功能需求分析 第四章 主要系統架構與流程 4.1. 系統架構 4.2. 系統主要流程 4.3. 刷新令牌流程 4.4. 授權撤消流程 第五章 架構實作與效能分析 5.1. 系統環境 5.2. 主要授權流程驗證 5.3. 刷新令牌流程驗證 5.4. 授權撤消流程驗證 5.5. 效能分析 第六章 安全性及隱私評估 6.1. 安全性評估 6.2. 隱私評估 第七章 結論與未來展望 7.1. 結論 7.2. 未來展望 參考文獻

    [1] S. Pai, Y. Sharma, S. Kumar, R. M. Pai and S. Singh, "Formal Verification of OAuth 2.0 using Alloy," International Conference on Communication Systems and Network Technologies, pp. 655-659, 2011.
    [2] A. Niruntasukrat, C. Issariyapat, P. Pongpaibool, K. Meesublak, P. Aiumsupucgul and A. Panya, "Authorization mechanism for MQTT-based Internet of Things," 2016 IEEE International Conference on Communications Workshops (ICC), pp. 290-295, 2016.
    [3] S.-C. Cha, C.-L. Chang and T.-J. Huang, "Enhancing OAuth with the Blockchain Technologies," 2019.
    [4] V. Karagiannis, P. Chatzimisios, F. Vazquez-Gallego and J. Alonso-Zarate, "A Survey on Application Layer Protocols for the Internet of Things," Transaction on IoT and Cloud computing, vol. 3, no. 1, pp. 11-17, 2015.
    [5] M. B. Yassein, M. S. Shatnawi and D. Al-zoubi, "Application Layer Protocols for the Internet of Things: A survey," 2016 International Conference on Engineering & MIS (ICEMIS), pp. 1-4, 2016.
    [6] "MQTT - Wikipedia," 29 05 2019. [Online]. Available: https://zh.wikipedia.org/wiki/MQTT. [Accessed 25 06 2019].
    [7] A. Banks and R. Gupta, "MQTT Version 3.1.1," OASIS, [Online]. Available: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/csprd02/mqtt-v3.1.1-csprd02.html#_Toc385349835. [Accessed 25 06 2019].
    [8] "Constrained Application Protocol - Wikipedia," 24 05 2019. [Online]. Available: https://en.wikipedia.org/wiki/Constrained_Application_Protocol. [Accessed 25 06 2019].
    [9] S. Z., F. B. and S. D., "RFC 7252 - The Constrained Application Protocol (CoAP) - IETF Tools," [Online]. Available: https://tools.ietf.org/html/rfc7252. [Accessed 25 06 2019].
    [10] "XMPP - Wikipedia," 24 06 2019. [Online]. Available: https://en.wikipedia.org/wiki/XMPP. [Accessed 25 06 2019].
    [11] H. D., "RFC 6749 - The OAuth 2.0 Authorization Framework - IETF Tools," [Online]. Available: https://tools.ietf.org/html/rfc6749. [Accessed 25 06 2019].
    [12] Y. Feng and M. Sathiamoorthy, "A security analysis of the OAuth protocol," 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), pp. 271-276, 2013.
    [13] S. Jonnada, R. Dantu and P. Shrestha, "An OAuth-Based Authorization Framework for Access Control in Remote Collaboration Systems," 2018 National Cyber Summit (NCS), pp. 38-44, 2018.
    [14] S.-R. Oh and Y.-G. Kim, "Interoperable OAuth 2.0 Framework," 2019 International Conference on Platform Technology and Service (PlatCon), pp. 1-5, 2019.
    [15] M. Calabretta, R. Pecori and L. Veltri, "A Token-based Protocol for Securing MQTT Communications," 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1-6, 2018.
    [16] Y. Upadhyay, A. Borole and D. Dileepan, "MQTT Based Secured Home Automation System," 2016 Symposium on Colossal Data Analysis and Networking (CDAN), pp. 1-4, 2016.
    [17] M. Collina, G. E. Corazza and A. Vanelli-Coralli, "Introducing the QEST broker: Scaling the IoT by bridging MQTT and REST," 2012 IEEE 23rd International Symposium on Personal, Indoor and Mobile Radio Communications-(PIMRC), pp. 36-41, 2012.
    [18] R. Neisse, G. Steri and G. Baldini, "Enforcement of security policy rules for the internet of things," 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 165-172, 2014.
    [19] H. M. S., B. B. M. and K. R. Kundhavai, "Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs," 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2244-2250, 2018.
    [20] P. Solapurkar, "Building secure healthcare services using OAuth 2.0 and JSON web token in IOT cloud scenario," 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I), pp. 99-104, 2016.
    [21] P. Fremantle, B. Aziz, J. Kopeck´ and P. Scott, "Federated Identity and Access Management for the Internet of Things," 2014 International Workshop on Secure Internet of Things, pp. 10-17, 2014.
    [22] A. Bhawiyuga, M. Data and A. Warda, "Architectural design of token based authentication of MQTT protocol in constrained IoT device," 2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA), pp. 1-4, 2017.

    QR CODE