隨著資訊科技的進步，智慧型感測裝置與無線通訊技術的成熟，使得物聯網(Internet of Things)時代的來臨，物聯網出現將帶給我們更舒適的生活方式，但由於感測裝置皆被部屬在開放與無人看守的環境中，使得感測裝置很容易受到攻擊，因此在物聯網中很需要一套安全的身分鑑別機制來確保資料的可用性與真實性。而近年來有些相關研究方法被提出，但物聯網有著在短時間內進行頻繁傳輸資料的現象，然而這些過去的研究方法尚未考慮到物聯網這種特別的現象，因為在短時間大量傳資料會使得感測裝置需要頻繁地進行通訊前的身分鑑別，對於資源受限的感測裝置將會耗費相當的資源與時間，因此設計一套有效率的身分鑑別機制是非常重要的。
在本篇論文中，我們設計出一套輕量級連續性身分鑑別協定來解決上述的需求。本研究方法將裝置身分鑑別過程加入時間限制概念，並利用符記(token)與感測設備的動態特徵來針對每次資料傳輸進行連續性身分鑑別機制，達到有效率地身分鑑別，並且我們進行安全性分析有效證明這套方法可以有效增加設備間傳輸資料的安全性。

In recent years, Information Technology (IT) has been developing rapidly. Smart phones, wearable devices, sensors, and wireless network technologies are getting more and more well-developed. As a consequence, we have come to the era of Internet of Things (IoT). The IoT will bring a more convenient and comfortable life. However, the sensors are deployed in unguarded surroundings, in which these devices are easily attacked. In order to ensure the availability and authenticity of information, it is important to establish secure authentication between IoT devices. There are some related approaches have been proposed. In addition, the devices need to regularly transmit sensed data to other devices in a short time period. According to the existing approach, the sensors need to frequently authentication in the beginning of each data transmission session. The resource-limited devices cost respectable resources and time in the course of such authentication. Hence, an effective and lightweight authentication protocol is vital to IoT environment.
In this thesis, we propose a device-based lightweight continuous authentication protocol for IoT environment to address the issues mentioned above. We introduce time-bounded concept in our protocol. We utilize token and the dynamic factor of IoT device to quickly authenticate communicating parties in each session. The security analysis proves that the proposal protocol satisfies security requirements. Hence, the proposed protocol is favorable and effective between devices for IoT environments.

中文摘要I
Abstract II
誌謝 III
Contents IV
List of Figures VI
List of Tables VII
Chapter 1 Introduction 1
Chapter 2 Related Work 6
2.1 IoT Authentication 6
2.2 Continuous Authentication 9
Chapter 3 The Proposed Scheme 11
3.1 Design Concept 11
3.2 Assumptions 15
3.3 Notations 16
3.4 Battery Consumption 18
3.5 The Proposed Authentication Protocol 20
3.5.1 Initialization Phase 20
3.5.2 Static Authentication 21
3.5.3 Continuous Authentication 25
Chapter 4 Protocol Analysis 30
4.1 Security Analysis 30
4.2 Performance Analysis 35
Chapter 5 Discussion 37
5.1 The Proposed Protocol for Gateway Initialized Request 37
5.2 The Proposed Protocol with Anonymity 40
Chapter 6 Conclusion 44
References 45

[1] C. Perera, C. H. Liu, and S. Jayawardena, "The Emerging Internet of Things Marketplace From an Industrial Perspective: A Survey," IEEE Transactions on Emerging Topics in Computing, vol. 3, no. 4, pp. 585-598, Dec. 2015.
[2] L. Coetzee and J. Eksteen, "The Internet of Things - Promise for the Future? An Introduction," in Proceedings of the IST-Africa Conference, Gaborone, Botswana, 2011, pp. 1-9.
[3] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications," IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347-2376, 2015.
[4] R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, "Internet of things (IoT) Security: Current Status, Challenges and Prospective Measures," in Proceedings of the 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, United Kingdom, 2015, pp. 336-341.
[5] M. Abomhara and G. M. Koien, "Security and Privacy in the Internet of Things: Current Status and Open Issues," in Proceedings of the 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS), Aalborg, Denmark, pp. 1-8.
[6] I. Alqassem and D. Svetinovic, "A Taxonomy of Security and Privacy Requirements for the Internet of Things (IoT)," in Proceedings of the 2014 IEEE International Conference on Industrial Engineering and Engineering Management, Bandar Sunway, SGR, Malaysia, 2014, pp. 1244-1248.
[7] V. L. Shivraj, M. A. Rajan, M. Singh, and P. Balamuralidhar, "One Time Password Authentication Scheme Based on Elliptic Curves for Internet of Things (IoT)," in Proceedings of the 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW), Riyadh, Saudi Arabia, 2015, pp. 1-6.
[8] I. Traore, I. Woungang, Y. Nakkabi, M. S. Obaidat, A. A. E. Ahmed, and B. Khalilian, "Dynamic Sample Size Detection in Learning Command Line Sequence for Continuous Authentication," IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), vol. 42, no. 5, pp. 1343-1356, Oct. 2012.
[9] A. B. Buduru and S. S. Yau, "An Effective Approach to Continuous User Authentication for Touch Screen Smart Devices," in Proceedings of the 2015 IEEE International Conference on Software Quality, Reliability and Security (QRS), Vancouver, BC, Canada, 2015, pp. 219-226.
[10] S. Mondal and P. Bours, "Continuous Authentication and Identification for Mobile Devices: Combining Security and Forensics," in Proceedings of the 2015 IEEE International Workshop on Information Forensics and Security (WIFS), Rome, Italy, 2015, pp. 1-6.
[11] S. Mondal and P. Bours, "Continuous Authentication in a Real World Settings," in Proceedings of the 2015 Eighth International Conference on Advances in Pattern Recognition (ICAPR), Kolkata,WB, India, 2015, pp. 1-6.
[12] M. L. Brocardo, I. Traore, and I. Woungang, "Toward a Framework for Continuous Authentication Using Stylometry," in Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications, Victoria, BC, Canada, 2014, pp. 106-115.
[13] O. O. Bamasag and K. Youcef-Toumi, "Towards Continuous Authentication in Internet of Things Based on Secret Sharing Scheme," in Proceedings of the WESS'15: Workshop on Embedded Systems Security, Pittsburgh, PA, United States, 2015, pp. 1-8.
[14] L. Atzori, A. Iera, and G. Morabito, "The Internet of Things: A Survey," Computer Networks, vol. 54, no. 15, pp. 2787-2805, Oct. 2010.
[15] H. Khemissa and D. Tandjaoui, "A Lightweight Authentication Scheme for E-Health Applications in the Context of Internet of Things," in Proceedings of the 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies, Cambridge, United Kingdom, 2015, pp. 90-95.
[16] H. Khemissa and D. Tandjaoui, "A Novel Lightweight Authentication Scheme for Heterogeneous Wireless Sensor Networks in the Context of Internet of Things," in Proceedings of the 2016 Wireless Telecommunications Symposium (WTS), London, United Kingdom, 2016, pp. 1-6.
[17] P. N. Mahalle, N. R. Prasad, and R. Prasad, "Threshold Cryptography-based Group Authentication (TCGA) Scheme for the Internet of Things (IoT)," in Proceedings of the 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE), Aalborg, Denmark, 2014, pp. 1-5.
[18] P. Porambage, C. Schmitt, P. Kumar, A. Gurtov, and M. Ylianttila, "Two-phase Authentication Protocol for Wireless Sensor Networks in Distributed IoT Applications," in Proceedings of the 2014 IEEE Wireless Communications and Networking Conference (WCNC), Istanbul, Turkey, 2014, pp. 2728-2733.
[19] H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," RFC 2104, Internet Engineering Task Force (IETF), 1997. [Online]. Available: https://www.rfc-editor.org/rfc/rfc2104.txt
[20] E. Rescorla and N. Modadugu, "Datagram Transport Layer Security Version 1.2," RFC 6347, Internet Engineering Task Force (IETF), 2012. [Online]. Available: https://www.rfc-editor.org/rfc/rfc6347.txt
[21] T. Kothmayr, C. Schmitt, W. Hu, M. Brünig, and G. Carle, "DTLS based security and two-way authentication for the Internet of Things," Ad Hoc Networks, vol. 11, no. 8, pp. 2710-2723, Nov. 2013.
[22] E.-J. Goh, "Encryption Schemes from Bilinear Maps," Stanford University, USA, 2007.
[23] P. Paillier, "Public-Key Cryptosystems Based on Composite Degree Residuosity Classes," in Advances in Cryptology — EUROCRYPT ’99. vol. 1592, Berlin, Germany: Springer-Verlag, 1999, pp. 223-238.
[24] Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, National Institute of Standards and Technology (NIST), 2001. [Online]. Available: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[25] P. Kumar, A. Gurtov, J. Iinatti, M. Ylianttila, and M. Sain, "Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments," IEEE Sensors Journal, vol. 16, no. 1, pp. 254-264, Jan. 2016.
[26] P. Gope and T. Hwang, "Untraceable Sensor Movement in Distributed IoT Infrastructure," IEEE Sensors Journal, vol. 15, no. 9, pp. 5340-5348, Sep. 2015.
[27] Y. Kawamoto, H. Nishiyama, N. Kato, Y. Shimizu, A. Takahara, and T. Jiang, "Effectively Collecting Data for the Location-Based Authentication in Internet of Things," IEEE Systems Journal, Early Access Articles. DOI:10.1109/JSYST.2015.2456878, 2015.
[28] T. Shimshon, R. Moskovitch, L. Rokach, and Y. Elovici, "Continuous Verification Using Keystroke Dynamics," in Proceedings of the 2010 International Conference on Computational Intelligence and Security (CIS), Nanning, China, 2010, pp. 411-415.
[29] C. Shen, Z. Cai, and X. Guan, "Continuous Authentication for Mouse Dynamics: A Pattern-growth Approach," in Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, MA, United States, 2012, pp. 1-12.
[30] K. O. Bailey, J. S. Okolica, and G. L. Peterson, "User Identification and Authentication Using Multi-modal Behavioral Biometrics," Computers & Security, vol. 43, pp. 77-89, Jun. 2014.
[31] K. Niinuma, U. Park, and A. K. Jain, "Soft Biometric Traits for Continuous User Authentication," IEEE Transactions on Information Forensics and Security, vol. 5, no. 4, pp. 771-780, Dec. 2010.
[32] K. Mock, B. Hoanca, J. Weaver, and M. Milton, "Real-time Continuous Iris Recognition for Authentication Using an Eye Tracker," in Proceedings of the 2012 ACM Conference on Computer and Communications security, Raleigh, NC, United States, 2012, pp. 1007-1009.
[33] Secure Hash Standard (SHS), Federal Information Processing Standards Publication 180-4, National Institute of Standards and Technology (NIST) 2015. [Online]. Available: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
[34] M. Passing and F. Dressler, "Experimental Performance Evaluation of Cryptographic Algorithms on Sensor Nodes," in Proceedings of the 2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems, Vancouver, BC, Canada, 2006, pp. 882-887.