近年來，資訊科技的發展使設備能夠透過網路相互連結形成物聯網 (Internet of Things, IoT)。物聯網為生活帶來需多便利性，應用涵蓋的領域包含：工業自動化、智慧醫療及長照、智慧城市及智慧運輸等。隨著物聯網的應用愈來愈普及並帶來便利的同時，也充滿許多威脅。大多數的物聯網設備會透過無線通訊技術進行溝通，很容易遭到竊聽攻擊與中間人攻擊，且由於物聯網設備普遍有能源、運算、儲存及頻寬上的限制，無法使用過於複雜的密碼系統。因此，如何設計適用於物聯網設備的輕量化個體鑑別方法，並建立能夠互信的安全溝通連線，為最基本卻又關鍵的問題。
本論文以基於橢圓曲線的自我驗證公開金鑰密碼系統為基礎並遵循NIST標準，提出輕量化的無憑證可鑑別金鑰交換協定，使資源有限的物聯網設備能夠鑑別彼此的個體身分合法性並建立交換金鑰，以用於後續的溝通。本方法除了具備高計算效率、低運算成本及儲存的特點外，更能達到安全通訊的目的並解決物聯網應用上的安全威脅。本論文提出之方法滿足「金鑰安全」、「相互個體鑑別」、「前推安全」、「抵抗中間人攻擊」、「抵抗偽冒攻擊」及「抵抗重送攻擊」安全需求。

The Internet of Things (IoT) integrates various devices to communicate and enables interoperability via networks with each another. The IoT brings much convenience to our daily lives, the usage of IoT also covers different scopes: industrial automation, smart medical care and long-term care, smart city and smart transportation. While IoT applications bring great convenience, it encounters various kinds of threats. Since most IoT devices communicate via wireless communication technology, it is vulnerable to eavesdropping attack and MITM attack. The IoT devices generally can’t afford the complex algorithms due to limitations on computation, storage, bandwidth, and energy consumption. Therefore, to design a lightweight authentication scheme for IoT devices and establish a secure mutual trust communication channel is the first and foremost requirement.
In this thesis, we base on the ECC-based self-certified public key cryptosystems and followed the NIST standard to propose a lightweight certificateless authenticated key exchange solution, enabling constrained IoT devices to verify each other and establish a session key for communication. In addition to achieve high computation efficiency, low computation cost and storage characteristics, the proposed solution can achieve the purpose of secure communication and solve the security threats in IoT applications. The method also satisfies the security requirements of key security, mutual authentication, forward secrecy, man-in-the-middle attack resistance, impersonation attack resistance and reply attack resistance.

[1]L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Computer Networks. vol. 54, no. 15, 2010, pp. 2787–2805.
[2]F. daCosta, Rethinking the Internet of Things: A Scalable Approach to Connecting Everything, Apress, 2013.
[3]Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A survey on security and privacy issues in Internet of Things,” IEEE Internet of Things Journal, vol. 4, no. 5, 2017, pp. 1250–1258.
[4]M. Girault, “Self-certified public keys,” Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques–EUROCRYPT ’91, vol. 547, Brighton, UK, 1991, pp. 490-497.
[5]W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. 22, no.6, 1976, pp. 644-654.
[6]V. Miller, “Use of elliptic curves in cryptography,” Proceedings of the 5th Annual International Cryptology Conference—CRYPTO ’85, vol. 218, Springer-Verlag, Berlin, Heidelberg, New York, 1986, pp. 417-426.
[7]Ν. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, 1987, pp. 203-209.
[8]W. J. Tsaur, “Several security schemes constructed using ECC-based self-certified public key cryptosystems,” Applied Mathematics and Computation, vol. 168, no.1, 2005, pp. 447–464.
[9]A. Shamir, “Identity-based cryptosystems and signature schemes,” Proceedings of the 4th Annual International Cryptology Conference—CRYPTO ’84, Springer-Verlag, New York, 1984, pp. 47–53.
[10]Bluetooth SIG, “Bluetooth Core Specification Versions: 4.2,” https://www.bluetooth.com/specifications/adopted-specifications, 2014, Bluetooth SIG Specification.
[11]National Institute of Standards and Technology (NIST), Recommended elliptic curves for federal government use, 1999.
[12]B. Ndibanje, H. J. Lee, and S. G. Lee, “Security analysis and improvements of authentication and access control in the Internet of things,” Sensors, vol. 14, no. 8, 2014, pp. 14786–14805.
[13]P. Porambage, C. Schmitt, P. Kumar, A. Gurtov, and M. Ylianttila, “Two-phase uuthentication protocol for wireless sensor networks in distributed IoT applications,” Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC), Istanbul, Turkey, 2014, pp. 2728-2733.
[14]J. Liu, Y. Xiao, and C. L. P. Chen, “Authentication and access control in the Internet of Things,” Proceedings of the IEEE 32nd International Conference on Distributed Computing Systems Workshops, Macau, 2012, pp. 588-592.
[15]T. Kothmayr, C. Schmitt, W. Hu, M. Brünig, and G. Carle, “DTLS based security and two-way authentication for the Internet of Things,” Ad Hoc Networks, vol. 11, no. 8, 2013, pp. 2710-2723.
[16]S. F Aghili and H. Mala, “Breaking a lightweight M2M authentication protocol for communications in IIoT environment,” IACR Cryptology ePrint Archive, September 2018.
[17]A. Esfahani, G. Mantas, R. Matischek, F. B. Saghezchi, J. Rodriguez, A. Bicaku, S. Maksuti, M. Tauber, C. Schmittner, and J. Bastos, “A lightweight authentication mechanism for M2M communications in industrial IoT environment,” IEEE Internet of Things Journal, vol. 6, no. 1, 2019, pp. 288–296.
[18]C. F. Lu, T.C. Wu and C.L. Hsu, “Certificateless authenticated group key agreement protocol for unbalanced wireless mobile networks,” WSEAS Transactions on Communications, vol. 8, no. 11, 2009, pp. 1145-1159.
[19]NIST FIPS PUB 180, “Secure Hash Standard,” National Institute of Standards and Technology, U.S. Department of Commerce, DRAFT, 1993.
[20]S. Li, L. Da Xu, and S. Zhao, "The Internet of Things: A survey," Information Systems Frontiers, vol.17, no.2, 2015, pp. 243–259.
[21]S.C. Cha, C.M. Shiung, T.C. Huang, T.Y. Tsai, and T.Y. Hsu, “A user-friendly privacy framework for users to achieve consents with nearby BLE devices,’’ IEEE Access Journal, vol.6, 2018, pp. 20779-20787.
[22]R. Davidson, K. Townsend, C. Wang, and C. Cufí, Getting Started With Bluetooth Low Energy: Tools and Techniques for Low-Power Networking. Sebastopol, CA, USA: O’Reilly, 2014.
[23]National Institute of Standards and Technology (NIST), Descriptions of SHA-256, SHA-384 and SHA512, http://csrc.nist.gov/encryptionishs/sha2S6-3X4-SI2.pdf, 2001.
[24]U.S. Department of Commerce/National Institute of Standards and Technology: Digital Signature Standard (DSS). FIPS-186-3. http://csrc.nist.gov/publications/ fips/fips186-3/fips_186-3.pdf, 2009.
[25]Z. Liu, H. Seo, J. Großchädl, and H. Kim, ‘‘Efficient implementation of NIST-compliant elliptic curve cryptography for sensor nodes,’’ International Conference on Information and Communications Security, vol. 8233, Springer, Berlin, 2013, pp. 302–317.
[26]A. D. L. Piedra, A. Braeken, and A. Touhafi, ‘‘Extending the IEEE 802.15.4 security suite with a compact implementation of the NIST P-192/B-163 elliptic curves,’’ Sensors, vol.13, no. 8, 2013, pp. 9704–9728.
[27]J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of Things (IoT): A vision, architectural elements, and future directions,” Future Generation Computer Systems, vol. 29, no. 7, 2013, pp. 1645–1660.
[28]D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac, “Internet of Things: Vision, applications and research challenges,” Ad Hoc Networks, vol. 10, no. 7, 2012, pp. 1497–1516.
[29]C. Gomez, J. Oller, and J. Paradells, “Overview and evaluation of bluetooth low energy: An emerging low-power wireless technology,” Sensors, vol. 12, no. 9, 2012, pp. 11734–11753.