隨著物聯網的快速發展，目前在家庭、醫院以及工廠等環境皆有可能看見被大量部署的感測裝置，藉由這些感測裝置以蒐集環境中的各種數據，我們能夠分析這些數據作後續利用。然而，這些大量部署於環境中且具有連線能力的感測裝置，已經成為有心人士的攻擊目標，雖然感測裝置製造商會定期發布新版韌體以修補漏洞，但若感測裝置之管理者疏於更新，則仍可能造成讓攻擊者造成危害。

然而，目前感測裝置之韌體更新機制未臻完善，因此我們必須確保在安裝新版本韌體前，以可靠方法驗證韌體完整性，以及韌體是否確實由其製造商所提供。否則，一旦感測裝置安裝了由攻擊者所提供的惡意韌體，可能會導致感測裝置功能停擺，甚至是使得感測裝置成為攻擊者發動後續網路攻擊的跳板。

綜合上述，本論文發展了一套基於訊息佇列遙測傳輸(Message Queuing Telemetry Transport, MQTT)協定架構之安全物聯網韌體更新機制，以確保感測裝置製造商提供的新版韌體能夠有效率地推送至目標型號的感測裝置。另外，在協定中利用橢圓曲線迪菲-赫爾曼金鑰交換(Elliptic Curve Diffie-Hellman Key Exchange, ECDH)、數位簽章(Digital Signature)及金鑰雜湊訊息鑑別碼(Keyed-hash Message Authentication Code, HMAC)等方法，以完成裝置對裝置的身分鑑別。若韌體在推送的過程中遭人竄改，或是韌體的發布者並非原感測裝置製造商，透過本論文設計的協定皆可檢驗出來，因此確保了攻擊者所提供的惡意韌體不會被安裝於感測裝置之上。最後，本論文亦對所設計的協定進行安全性分析，驗證協定可抵擋常見的竊聽攻擊、中間人攻擊、重送攻擊、偽冒攻擊等常見手法。

With the rapid advancements in Internet of Things (IoT), there are a lot of sensors deployed in each environment such as home, hospitals, and factories. By using these sensors, we can collect different kinds of data from the environment and analyze it later. However, these sensors which have functionality to connect Internet have become attacked targets by malicious hacker. Although the manufacturers release new version of firmware to resolve vulnerability for specific sensors, the administrator of sensors may ignore the importance of firmware update. As a result, sensors are still under threat of attacks.

Nevertheless, the firmware update mechanism for sensors is not perfect nowadays. We must assure that a reliable method to verify the integrity and provider of firmware. Otherwise, if sensors install malicious firmware, they will be out of order or controlled by attackers to launch attacks in the future.

To sum up, this thesis designs a secure IoT firmware update mechanism based on Message Queuing Telemetry Transport(MQTT) protocol. It assures that new version of firmware provided by manufacturers can be pushed to corresponding sensors efficiently. We use Elliptic Curve Diffie-Hellman Key Exchange(ECDH), Digital Signature, and Keyed-hash Message Authentication Code(HMAC) algorithms in the protocol to accomplish machine-to-machine authentication. If firmware is modified or provided by attackers, our proposed protocol will detect it. Consequently, we promise that malicious firmware won’t be installed on sensors. Finally, we adopt a security analysis for our protocol, and confirm that our proposed protocol can defend common attacks such as Eavesdropping Attack, Man-in-the-middle Attack, Replay Attack, and Impersonation Attack.

摘要 I
Abstract II
誌謝 III
目錄 IV
圖目錄 VI
表目錄 VII
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機與目標 1
1.3 章節介紹 3
第二章 密碼學相關理論與技術 4
2.1 橢圓曲線迪菲-赫爾曼金鑰交換 4
2.2 數位簽章 5
第三章 MQTT協定 6
3.1 MQTT協定介紹 6
3.2 MQTT之控制封包結構 7
3.3 MQTT之服務品質等級 10
3.4 MQTT之保留旗標 11
3.5 MQTT之清除會談旗標 12
第四章 文獻探討 13
4.1 MQTT協定適用性 13
4.2 裝置對裝置的身分鑑別機制 14
4.3 物聯網韌體更新機制及情境 15
第五章 物聯網韌體更新協定設計 16
5.1 設計概念 16
5.2 協定角色 18
5.3 前提假設 21
5.4 修改MQTT協定 22
5.5 符號定義 23
5.6 韌體更新協定 24
5.6.1 初始化階段 24
5.6.2 訂閱階段 25
5.6.3 第一階層：製造商伺服器與訊息中繼站之通訊 26
5.6.3.1 金鑰協商階段 26
5.6.3.2 韌體推送階段 29
5.6.4 第二階層：訊息中繼站與閘道器之通訊 30
5.6.4.1 金鑰協商階段 30
5.6.4.2 韌體推送階段 33
5.6.5 第三階層：閘道器與感測裝置之通訊 34
5.6.5.1 韌體推送階段 35
第六章 安全性分析 37
6.1 竊聽攻擊之防禦 37
6.2 金鑰安全性 37
6.3 中間人攻擊之防禦 37
6.4 重送攻擊之防禦 38
6.5 偽冒攻擊之防禦 39
6.6 前向安全性 39
第七章 結論 41
參考文獻 42

[1] B.-C. Choi, S.-H. Lee, J.-C. Na, and J.-H. Lee, “Secure firmware validation and update for consumer devices in home networking,” IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 39-44, 2016.
[2] A. Mohan, “Cyber Security for Personal Medical Devices Internet of Things,” Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on. pp. 372-374, 2014.
[3] “IoT security threats are skyrocketing, AT&T reveals, ” [Online]. Available:http://www.fiercewireless.com/wireless/iot-security-threats-are-skyrocketing-at-t-reveals (Accessed: March, 2017)
[4] “Gartner Identifies the Top 10 Internet of Things Technologies for 2017 and 2018, ” [Online]. Available: http://www.gartner.com/newsroom/id/3221818 (Accessed: March, 2017)
[5] M. Steger, C. Boano, M. Karner, J. Hillebrand, W. Rom, and K. Romer, “SecUp: Secure and Efficient Wireless Software Updates for Vehicles,” Digital System Design (DSD), 2016 Euromicro Conference on. pp. 628-636, 2016.
[6] 「為何駭客特別愛用IoT裝置當作攻擊跳板，裝置管理權責劃分不易是主因」[Online]. Available: http://www.ithome.com.tw/news/112861 (Accessed: March, 2017)
[7] H. Krawczyk, M. Bellare, and R. Canetti, “RFC 2104: HMAC: Keyed-hashing for message authentication,” 1997. [Online]. Available: https://tools.ietf.org/html/rfc2104 (Accessed: April, 2017)
[8] “SEC 1: Elliptic Curve Cryptography, ” [Online]. Available: http://www.secg.org/sec1-v2.pdf (Accessed: May, 2017)
[9] “MQTT Version 3.1.1 Plus Errata 01, ” [Online]. Available: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html (Accessed: April, 2017)
[10] “HiveMQ MQTT Essentials, ” [Online]. Available: http://www.hivemq.com/blog/mqtt-essentials/ (Accessed: April, 2017)
[11] S. Lee, H. Kim, D.-K. Hong, and H. Ju,, “Correlation analysis of MQTT loss and delay according to QoS level,” Information Networking (ICOIN), 2013 International Conference on. pp. 714-717, 2013.
[12] P. Thota, and Y. Kim, “Implementation and Comparison of M2M Protocols for Internet of Things,” Applied Computing and Information Technology/3rd Intl Conf on Computational Science/Intelligence and Applied Informatics/1st Intl Conf on Big Data, Cloud Computing, Data Science & Engineering (ACIT-CSII-BCD), 2016 4th Intl Conf on. pp. 43-48, 2016.
[13] “The Constrained Application Protocol, ” [Online]. Available: https://tools.ietf.org/html/rfc7252 (Accessed: April, 2017)
[14] A. J. Poulter, S. J. Johnston, and S. J. Cox, “SRUP: The secure remote update protocol,” Internet of Things (WF-IoT), 2016 IEEE 3rd World Forum on. pp. 42-47, 2016.
[15] A. Niruntasukrat, C. Issariyapat, P. Pongpaibool, K. Meesublak, P. Aiumsupucgul, and A. Panya, “Authorization mechanism for MQTT-based Internet of Things,” Communications Workshops (ICC), 2016 IEEE International Conference on. pp. 290-295, 2016.
[16] M. Singh, M. Rajan, V. Shivraj, and P. Balamuralidhar,“Secure MQTT for Internet of Things (IoT), ” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on. pp. 746-751, 2015
[17] A. K. Ranjan, and M. Hussain, “Terminal Authentication in M2M Communications in the Context of Internet of Things,” Procedia Computer Science, vol. 89, pp. 34-42, 2016.
[18] Lavanya, Natarajan, “Lightweight Authentication for COAP based IOT,” Proceedings of the 6th International Conference on the Internet of Things(IoT), pp. 167-168, 2016.
[19] Omaimah Omar Bamasag and Kamal Youcef-Toumi, “Towards Continuous Authentication in Internet of Things Based on Secret Sharing Scheme,” Proceedings of the 2015 Workshop on Embedded Systems Security (WESS'15), Amsterdam, The Netherlands, 2015.
[20] I. Butun, M. Erol-Kantarci, B. Kantarci, and H. Song, “Cloud-centric multi-level authentication as a service for secure public safety device networks,” IEEE Communications Magazine, vol. 54, no. 4, pp. 47-53, 2016.
[21] J. L. Hernandez-Ramos, M. P. Pawlowski, A. J. Jara, A. F. Skarmeta, and L. Ladid, “Toward a Lightweight Authentication and Authorization Framework for Smart Objects,” IEEE Journal on Selected Areas in Communications, vol. 33, no. 4, pp. 690-702, 2015.
[22] P. Kumar, A. Gurtov, J. Iinatti, M. Ylianttila, and M. Sain, “Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments,” IEEE Sensors Journal, vol. 16, no. 1, pp. 254-264, 2016.
[23] H. Chandra, E. Anggadjaja, P. S. Wijaya, and E. Gunawan, “Internet of Things: Over-the-Air (OTA) firmware update in Lightweight mesh network protocol for smart urban development,” Communications (APCC), 2016 22nd Asia-Pacific Conference on. pp. 115-118, 2016.
[24] R. Hassan, K. Markantonakis, and R. N. Akram, “Can You Call the Software in Your Device be Firmware?,” e-Business Engineering (ICEBE), 2016 IEEE 13th International Conference on. pp. 188-195, 2016.
[25] D. K. Nilsson, L. Sun, and T. Nakajima, “A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs,” GLOBECOM Workshops, pp. 1-5, 2008.