簡易檢索 / 詳目顯示

研究生: 劉啟賢
Chi-Hsein Liu
論文名稱: 結合私有追蹤伺服器和智慧合約驅動設計之物聯網設備安全韌體升級系統
A Secure Firmware Upgrade Scheme with Private-tracker-governed and Smart-contract-driven design for Blockchain-enabled IoT Devices
指導教授: 陸敬互
Ching-Hu Lu
蕭弘清
Horng-Ching Hsiao
口試委員: 陸敬互
Ching-Hu Lu
蕭弘清
Horng-Ching Hsiao
鐘聖倫
Sheng-Luen Chung
廖峻鋒
Chun-Feng Liao
林俊叡
Raymund Lin
學位類別: 碩士
Master
系所名稱: 電資學院 - 電機工程系
Department of Electrical Engineering
論文出版年: 2017
畢業學年度: 106
語文別: 中文
論文頁數: 56
中文關鍵詞: 物聯網韌體升級韌體驗證區塊鏈智慧合約商業模式
外文關鍵詞: firmware upgrade, firmware validation
相關次數: 點閱:297下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 在物聯網逐漸成熟的時代,物聯網裝置的開發廠商著重於縮短產品開發週期,常忽略其產品可能會有安全漏洞,造成產品在面臨網路攻擊時,造成物聯網裝置故障或使用者隱私洩漏。因此,各產品的韌體維護廠商不時升級韌體版本以應付層出不窮的網路攻擊,進而維護產品安全性。因此本研究針對未來大規模物聯網的韌體裝置升級提出了一個安全、有效率且易於擴展的對策,透過「成員制 (membership-based) 分散式韌體下載」提供安全且可擴展的韌體分享,並結合「基於智慧合約 (smart contract-driven) 之快速韌體驗證」可免除重複驗證發生以快速回應韌體驗證需求。此外,為了將未來韌體維護與升級的商業模式納入考量,本研究也基於區塊鍊智慧合約建立一個「區塊鏈強化 (Blockchain-enhanced) 之彈性擴充功能付費機制」,使未來韌體維護廠商可以藉由韌體升級與升級來獲利。在系統具體實現上,首先「成員制分散式韌體下載」主要為了避免傳統集中式檔案分享伺服器的服務個數受限,成員制且分散式peer to peer韌體下載可強化分享資訊的可擴展性,同時要求裝置註冊成員,利用成員機制配合成員監控,抑制分散式分享時分享群組間的惡意攻擊。當分享群組間的成員有異常狀態時,韌體維護廠商端可藉由本研究提出之監控指標分析其危害程度,危害程度大者可限制該成員的下載權利。接下來,「基於智慧合約之快速韌體驗證」可在裝置成功取得韌體後,從區塊鏈資料中,利用智慧合約的機制,取得韌體驗證所需內容,進行該韌體的嚴正性 (integrity) 檢查,通過檢查表示韌體完整並不包含惡意內容,才進行韌體安裝。此快速韌體驗證機制可完全避免重複驗證,成功達到高效率的有效驗證。最後,「區塊鏈強化之彈性擴充功能付費機制」主要利用區塊鏈上的智慧合約具備寄存加密貨幣的功能,因此裝置可以在每次韌體升級或升級時自行付費,費用以加密貨幣計算,廠商因為獲利的誘因更可定期推出強化功能供使用者自行透過智慧合約購買,此機制將有利促成供需雙方雙贏的契機。


    With the rapidly increasing number of Internet of Things (IoT) devices, developers of today's IoT devices focus on shortening the product development cycle, but often ignoring security vulneracilities in their products, which may cause device failure or user privacy leak when encountering cyber attacks. Keeping the firmware of an IoT device up-to-date has been considered one best way to protect the device against the attacks. To ensure secure and efficient firmware upgrade for an IoT device, this study proposes a hybrid and novel distribution and validating scheme, including membership-based distributed firmware sharing and smart-contract-driven firmware validation on a blockchain. This hybrid approach incorporates a blockchain into a peer-to-peer network. The membership-based distributed firmware sharing takes the advantage of private trackers which require membership to join a peer-to-peer network for scalable and secure firmware distribution. Through membership management, a private tracker can monitor the behavior of all IoT member devices. The smart-contract-driven firmware validation utilizes a smart contract on a blockchain to improve validation efficiency and scalability to avoid the bottleneck inherent in a centralized scheme. Evaluation of the study has shown that the proposed approach is more secure and efficient than the existing studies. Furthermore, in order to further consider future business model in firmware maintenance and upgrade, this study also proposes “blockchain-enhanced autonomous and flexible extension” by leveraging smart contracts on a blockchain which makes firmware upgrade profitable and provides automous and flexible firmware upgrade for IoT vendors, which in turn mitigates the burden of device firmware providers. The enhanced features will be released on a regular basis for profit-taking which lead to win-win opportunities for both suppliers and comsumers.

    中文摘要 i Abstract ii 致謝 iii 圖目錄 vi 表格目錄 viii 第一章 簡介 1 1.1 研究動機 1 1.2 相關文獻 3 1.3 本研究貢獻與架構 7 第二章 系統設計理念與架構簡介 8 第三章 相關背景技術 11 3.1 非對稱加密技術與電子簽章 11 3.2 分散式下載技術 13 3.3 區塊鏈與智慧合約 15 第四章 基於成員資格之可擴展的分散式韌體分享 19 4.1 物聯網裝置流程 19 4.2 成員資格申請流程 21 4.3 瀏覽器自動化輔助操作 22 4.4 私有伺服器與監控功能 24 第五章 智慧合約驅動之高效率韌體驗證 28 5.1 智慧合約發佈流程 29 5.2 驗證用智慧合約之架構與功能 30 5.3 智慧合約驅動驗證流程 32 第六章 基於智慧合約之自主且彈性功能強化 34 6.1 收費用增強功能智慧合約之架構與功能 34 6.2 智慧合約安全議題 37 第七章 實驗與綜合展示成果 39 7.1 基於成員資格之可擴展的分散式韌體分享成果展示 39 7.2 智慧合約驅動之高效率韌體驗證成果展示 42 7.3 基於智慧合約之自主且彈性功能強化成果展示 46 第八章 結論與未來研究方向 50 參考文獻 52 附錄 55 發表著作與作品列表 56

    [1] T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, "Security Challenges in the IP-based Internet of Things," Wireless Personal Communications, journal article vol. 61, no. 3, pp. 527-542, December 01 2011.
    [2] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, "Blockchain for IoT security and privacy: The case study of a smart home," in 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), 2017, pp. 618-623.
    [3] S. H. Hashemi, F. Faghri, P. Rausch, and R. H. Campbell, "World of Empowered IoT Users," in 2016 IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI), 2016, pp. 13-24.
    [4] M. S. Ali Dorri, Salil S. Kanhere, Raja Jurdak. BlockChain: A distributed solution to automotive security and privacy [Online].
    [5] B. Lee and J.-H. Lee, "Blockchain-based secure firmware update for embedded devices in an Internet of Things environment," The Journal of Supercomputing, journal article vol. 73, no. 3, pp. 1152-1167, March 01 2017.
    [6] S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system," ed, 2008.
    [7] M. A. Prada-Delgado, A. Vázquez-Reyes, and I. Baturone, "Trustworthy firmware update for Internet-of-Thing Devices using physical unclonable functions," in 2017 Global Internet of Things Summit (GIoTS), 2017, pp. 1-5.
    [8] H. Chandra, E. Anggadjaja, P. S. Wijaya, and E. Gunawan, "Internet of Things: Over-the-Air (OTA) firmware update in Lightweight mesh network protocol for smart urban development," in 2016 22nd Asia-Pacific Conference on Communications (APCC), 2016, pp. 115-118.
    [9] B. Cohen, "Incentives build robustness in BitTorrent," in Workshop on Economics of Peer-to-Peer systems, 2003, vol. 6, pp. 68-72.
    [10] A. K. Sharma and A. P. N. Sharma, "Bit Torrent (Peer to Peer Network): Antipiracy and Anonymity," International Journal of Science and Research, 2013.
    [11] S. Hatahet, A. Bouabdallah, and Y. Challal, "A new worm propagation threat in BitTorrent: modeling and analysis," Telecommunication Systems, journal article vol. 45, no. 2, pp. 95-109, October 01 2008.
    [12] K. Wong, K. Yeung, and Y. Choi, "Solutions to swamp poisoning attacks in BitTorrent networks," Proc. of the 2009 Intl. MultiConf. of Engineers and Computer Scientists, pp. 360-363, 2009.
    [13] P. Dhungel, D. Wu, and K. W. Ross, "Measurement and mitigation of bittorrent leecher attacks," Computer Communications, vol. 32, no. 17, pp. 1852-1861, 2009.
    [14] F. R. Santos, W. L. da Costa Cordeiro, L. P. Gaspary, and M. P. Barcellos, "Choking polluters in bittorrent file sharing communities," in Network Operations and Management Symposium (NOMS), 2010 IEEE, 2010, pp. 559-566: IEEE.
    [15] P. Dhungel, X. Hei, D. Wu, and K. W. Ross, "A Measurement Study of Attacks on BitTorrent Seeds," in 2011 IEEE International Conference on Communications (ICC), 2011, pp. 1-5.
    [16] R. L. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communications of the ACM, vol. 21, no. 2, pp. 120-126, 1978.
    [17] N. van Someren and I. Harvey, "Firmware validation," ed: Google Patents, 2002.
    [18] B. S. Nevis and M. Albrecht, "Secure method of updating bios by using a simply authenticated external module to further validate new firmware code," ed: Google Patents, 2003.
    [19] D. C. Cromer, H. J. Locker, R. S. Springfield, and R. D. Waltermann, "System and Method for Securely Updating Firmware Devices by Using a Hypervisor," ed: Google Patents, 2007.
    [20] M. D. Marr, P. Vincent, M. T. Corddry, and J. R. Hamilton, "Firmware validation from an external channel," ed: Google Patents, 2015.
    [21] B. C. Choi, S. H. Lee, J. C. Na, and J. H. Lee, "Secure firmware validation and update for consumer devices in home networking," IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 39-44, 2016.
    [22] A. Azaria, A. Ekblaw, T. Vieira, and A. Lippman, "Medrec: Using blockchain for medical data access and permission management," in Open and Big Data (OBD), International Conference on, 2016, pp. 25-30: IEEE.
    [23] S. Huckle, R. Bhattacharya, M. White, and N. Beloff, "Internet of things, blockchain and shared economy applications," Procedia Computer Science, vol. 98, pp. 461-466, 2016.
    [24] M. Conoscenti, A. Vetrò, and J. C. De Martin, "Blockchain for the Internet of Things: a Systematic Literature Review," 2016.
    [25] M. S. P. Singh and M. E. Naidu, "A Review: Performance analysis of various Cryptographic Symmetric Algorithms," 2017.
    [26] M. Alam, I. Jahan, L. J. Rozario, and I. Jerin, "A Comparative Study of RSA and ECC and Implementation of ECC on Embedded Systems," algorithms, vol. 1, p. 2, 2014.
    [27] K. Bhirud, D. Kulkarni, R. Pawar, and P. Patil, "Data Security Using Elliptic Curve Cryptography," 2016.
    [28] D. Mahto, D. A. Khan, and D. K. Yadav, "Security Analysis of Elliptic Curve Cryptography and RSA," in Proceedings of the World Congress on Engineering, 2016, vol. 1.
    [29] C. Harris, "Institutional Solutions to Free-Riding in Peer-to-Peer Networks: A Case Study of Online 'Pirate' Communities," presented at the GMU Working Paper in Economics, 2017.
    [30] S. Wolchok and J. A. Halderman, "Crawling BitTorrent DHTs for Fun and Profit," in WOOT, 2010.
    [31] L. Wang and J. Kangasharju, "Real-world sybil attacks in BitTorrent mainline DHT," in Global Communications Conference (GLOBECOM), 2012 IEEE, 2012, pp. 826-832: IEEE.
    [32] L. Wang and J. Kangasharju, "Inference on the Network Evolution in BitTorrent Mainline DHT," arXiv preprint arXiv:1412.0103, 2014.
    [33] H. Zhang, J. Shi, L. Ye, and X. Du, "PPBD: A piracy preventing system for BT DHT networks," in INFOCOM, 2013 Proceedings IEEE, 2013, pp. 1806-1814: IEEE.
    [34] S. King and S. Nadal, "Ppcoin: Peer-to-peer crypto-currency with proof-of-stake," self-published paper, August, vol. 19, 2012.
    [35] N. Szabo, "Formalizing and securing relationships on public networks," First Monday, vol. 2, no. 9, 1997.
    [36] K. Christidis and M. Devetsikiotis, "Blockchains and smart contracts for the internet of things," IEEE Access, vol. 4, pp. 2292-2303, 2016.
    [37] N. Atzei, M. Bartoletti, and T. Cimoli, "A Survey of Attacks on Ethereum Smart Contracts (SoK)," in Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings, M. Maffei and M. Ryan, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2017, pp. 164-186.
    [38] D. Guan, J. Wang, Y. Zhang, and J. Dong, "Understanding BitTorrent Download Performance," in Seventh International Conference on Networking (icn 2008), 2008, pp. 330-335.
    [39] L. Wang and J. Kangasharju, "Real-world sybil attacks in BitTorrent mainline DHT," in Global Communications Conference (GLOBECOM), 2012 IEEE, 2012, pp. 826-832: IEEE.

    QR CODE