隨著科技設備的發展，與工作模式漸漸地改變，員工可能在任何地點使用任何資訊設備存取公司的資源。這樣網路邊界早已難以定義的情況下，過往企業們實行的管理模式明顯地已經不適用了。因此，如何讓公司能夠簡單地針對這些各式各樣的存取裝置進行安全管控就是一個很重要的議題了。
在本篇論文中，我們提出了一個基於區塊鏈與智能合約技術的信任管理框架。除了能持續驗證存取資源的可攜式設備使用者外，也能夠針對使用過程中的行為模式進行分析，發現並動態地調整那些可疑的使用者的存取權限。受益於區塊鏈技術的優勢，我們也為這些認證過程中的重要參數與活動記錄添加了不可竄改與可追溯等特性。在設計的過程中，我們也考量了集中式服務架構的風險與成本問題與許多解決方案都缺乏細粒度管控等問題，在我們設計的機制中解決它們。經過我們的實驗測試，儘管我們增加了許多判斷檢查，但在正常使用上幾乎不會感覺到驗證過程增加的時間成本。

Because of device technology improvement and working mode change, employees may access company resources from anywhere using any device. In such a situation where network boundaries have been difficult to define, the management method that companies used to implement is obviously no longer applicable. Therefore, it is an important issue to make it easy for companies to control the security for these various access devices.
In this thesis, we propose a trust management framework based on blockchain and smart contract technologies. In addition to continuously verifying the portable device users who access the resources, the framework can also analyze the behavior patterns during the usage process to find and dynamically adjust the access permission to those suspicious users. Benefiting from the blockchain technology’s advantages, we have also added immutability and traceability to these important parameters and activity records in the authentication process. During the design process, we also considered the risks and costs for a centralized service architecture and the lack of fine-grained in many solutions, and addressed them in the framework we designed. According to our experimental implement, users hardly felt the increased time cost for the verification process in normal use, despite the many additional judgment and check.

摘要 I
Abstract II
Acknowledgement III
Table of Contents IV
List of Figures VI
List of Tables VII
Chapter 1 Introduction 1
1.1 Background 1
1.2 Objective and Contribution 3
Chapter 2 Preliminaries 5
2.1 Bring Your Own Device 5
2.2 Zero Trust Architecture 6
2.3 Blockchain and Smart Contract 7
2.4 Isolation Forest 9
Chapter 3 Literature Review 11
Chapter 4 Proposed Framework 15
4.1 Framework Assumptions 17
4.2 Framework Architecture 17
4.3 Framework Functionality 19
4.3.1 Decentralized OTP 19
4.3.2 Role Token 21
4.4 General Scenario for Proposed Framework 23
4.4.1 System Setup Phase 23
4.4.2 Device Registration Phase 25
4.4.3 Device Authentication Phase 26
4.4.4 Service Access Phase 29
Chapter 5 Experiment and Analysis 34
5.1 Experimental Environment 34
5.2 Prototype Implementation 35
5.3 Response Time Analysis 41
Chapter 6 Conclusion and Future Work 44

[1] S. Tanimoto, S. Yamada, M. Iwashita, T. Kobayashi, H. Sato and A. Kanai, "Risk Assessment of BYOD: Bring Your Own Device," 2016 IEEE 5th Global Conference on Consumer Electronics, pp. 1-4, 2016.
[2] M. I. Ali, S. Kaur, A. Khamparia, D. Gupta, S. Kumar, A. Khanna and F. Al-Turjman, "Security Challenges and Cyber Forensic Ecosystem in IoT Driven BYOD Environment," IEEE Access, vol. 8, pp. 172770-172782, 2020.
[3] S. Mandal, D. A. Khan and S. Jain, “Cloud-Based Zero Trust Access Control Policy: An Approach to Support Work-From-Home Driven by COVID-19 Pandemic,” New Gener, vol. 39, pp. 599–622, 2021.
[4] K. Bicakci, Y. Uzunay and M. Khan, "Towards Zero Trust: The Design and Implementation of a Secure End-Point Device for Remote Working," 2021 International Conference on Information Security and Cryptology, pp. 28-33, 2021.
[5] Y. Wang, J. Wei and K. Vangury, “Bring Your Own Device Security Issues and Challenges,” 2014 IEEE 11th Consumer Communications and Networking Conference, pp. 80-85, 2014.
[6] J. Kindervag and S. Balaouras, “No More Chewy Centers: Introducing the Zero Trust Model of Information Security,” Forrester Research, vol. 3, 2010.
[7] K. Downer and M. Bhattacharya, “BYOD Security: A Study of Human Dimensions,” Informatics, Vol. 9, No. 1, 2022.
[8] C. Buck, C. Olenberger, A. Schweizer, F. Völter and T. Eymann, “Never Trust, Always Verify: A Multivocal Literature Review on Current Knowledge and Research Gaps of Zero-Trust,” Computers & Security, Vol. 110, Article ID 102436, 2021.
[9] E. Bertino and K. Brancik, “Services for Zero Trust Architectures - A Research Roadmap,” 2021 IEEE International Conference on Web Services, pp. 14-20, 2021.
[10] E. Logota, G. Mantas, J. Rodriguez and H. Marques, “Analysis of the Impact of Denial of Service Attacks on Centralized Control in Smart Cities,” International Wireless Internet Conference, pp. 91-96, 2014.
[11] F. Zhou, H. Chen and Z. Jiang, “A Tamper-Resistant and Decentralized Service for Cloud Storage Based on Layered Blockchain,” International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 482-493, 2020.
[12] M. I. Ali and S. Kaur, “BYOD Cyber Threat Detection and Protection Model,” 2021 International Conference on Computing, Communication, and Intelligent Systems, pp. 211-218, 2021.
[13] G. M. Masilo, S. Simelane-Mnisi, A. Mji and I. Mokgobu, “Students’ Behavioural Intention and Challenges to Bring Your Own Device (BYOD) In Higher Education During COVID-19 and Beyond,” World Transaction on Engineering and Technology Education, Vol. 19, No. 1, pp. 10-15, 2021.
[14] B. Alotaibi and H. Almagwashi, "A Review of BYOD Security Challenges, Solutions and Policy Best Practices," 2018 1st International Conference on Computer Applications & Information Security, pp. 1-6, 2018.
[15] M. Ketel, “Enhancing BYOD Security Through SDN,” SoutheastCon 2018, pp. 1-2, 2018.
[16] R. Kumar and H. Singh, “A Proactive Procedure to Mitigate the BYOD Risks on the Security of an Information System,” ACM SIGSOFT Software Engineering Notes, Vol. 40, No. 1, pp. 1-4, 2015.
[17] C. Lyon and M. Osterman, “Security BYOD: Be Your Own Defense,” Proceedings of the 42nd annual ACM SIGUCCS conference on User services, pp. 29-32, 2014.
[18] L. Chen, Z. Dai, M. Chen and N. Li, “Research on the Security Protection Framework of Power Mobile Internet Services Based on Zero Trust,” 2021 6th International Conference on Smart Grid and Electrical Automation, pp. 65-68, 2021.
[19] P. Zhang, C. Tian, T. Shang, L. Liu, L. Li, W. Wang and Y. Zhao, “Dynamic Access Control Technology Based on Zero-Trust Light Verification Network Model,” 2021 International Conference on Communications, Information System and Computer Engineering, pp. 712-715, 2021.
[20] A. Wylde, “Zero Trust: Never Trust, Always Verify,” 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, pp. 1-4, 2021.
[21] B. Chen, S. Qiao, J. Zhao, D. Liu, X. Shi, M. Lyu, H. Chen, H. Lu and Y. Zhai, “A Security Awareness and Protection System for 5G Smart Healthcare Based on Zero-Trust Architecture,” IEEE Internet of Things Journal, Vol. 8, No. 13, pp. 10248-10263, 2021.
[22] Q. Yao, Q. Wang, X. Zhang and J. Fei, “Dynamic Access Control and Authorization System Based on Zero-Trust Architecture,” 2020 International Conference on Control, Robotics and Intelligent System, pp. 123-127, 2020.
[23] A. Technologies, “The 6 Business and Security Benefits of Zero Trust,” TechrePublic, [Online] Available: https://www.techrepublic.com/resource-library/whitepapers/the-6-business-and-security-benefits-of-zero-trust [Accessed 10 July 2022].
[24] S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System," Bitcoin, [Online] Available: https://bitcoin.org/bitcoin.pdf. [Accessed 10 July 2022].
[25] J. Zarrin, H. W. Phang, L. B. Saheer and B. Zarrin, “Blockchain for Decentralization of Internet: Prospects, Trends, and Challenges,” Cluster Computing, Vol. 24, No. 4, pp. 2841-2866, 2021.
[26] Z. Zheng, S. Xie, H. Dai, X. Chen and H. Wang, “An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends,” 2017 IEEE International Congress on Big Data, pp. 557-564, 2017.
[27] N. Szabo, “Smart Contracts: Building Blocks for Digital Markets,” Phonetic Sciences Amsterdam, [Online] Available: http://www.fon.hum.uva.nl [Accessed 10 July 2022].
[28] “Ethereum Whitepaper,” Ethereum, 2014, [Online] Available: https://ethereum [Accessed 10 July 2022].
[29] R. Richard, H. Prabowo, A. Trisetyarso and B. Soewito, “Smart Contract Development Model and the Future of Blockchain Technology,” 2020 the 3rd International Conference on Blockchain Technology and Applications, pp. 34-39, 2020.
[30] V. Chandola, A. Banerjee and V. Kumar, “Anomaly Detection: A Survey,” ACM computing surveys, Vol. 41, No. 3, pp. 1-58, 2009.
[31] F. T. Liu, K. M. Ting and Z. H. Zhou, “Isolation Forest,” 2008 Eighth IEEE International Conference on Data Mining, pp. 413-422, 2008.
[32] R. Gao, T. Zhang, S. Sun and Z. Liu, “Research and Improvement of Isolation Forest in Detection of Local Anomaly Points,” Journal of Physics: Conference Series, Vol. 1237, No. 5, pp. 1-7, 2019.
[33] G. Costantino, F. Martinelli, A. Saracino and D. Sgandurra, “Towards enforcing on-the-fly policies in BYOD environments,” 2013 9th International Conference on Information Assurance and Security, pp. 61-65, 2013.
[34] E. B. Koh, J. Oh, and C. Im, “A Study on Security Threats and Dynamic Access Control Technology for Byod, Smart-Work Environment,” Proceedings of the International MultiConference of Engineers and Computer Scientists, Vol. 2, pp. 1-6, 2014.
[35] S. Chung, S. Chung, T. Escrig, Y. Bai and B. Endicott-Popovsky, “2TAC: Distributed Access Control Architecture for “Bring Your Own Device” Security,” 2012 ASE/IEEE International Conference on BioMedical Computing, pp. 123-126, 2012.
[36] F. Jamal, M. T. Abdullah, A. Abdullah and Z. M. Hanapi, “Enhanced Bring Your Own Device (Byod) Environment Security Based on Blockchain Technology,” International Journal of Engineering & Technology, Vol. 7, No. 4.31, pp. 74-79, 2018.
[37] C. Huang, L. Xue, D. Liu, X. Shen, W. Zhuang, R. Sun and B. Ying, “Blockchain-Assisted Transparent Cross-Domain Authorization and Authentication for Smart City,” IEEE Internet of Things Journal, 2022.
[38] “Geth Documentation”, Geth, [Online] Available: https://geth.ethereum.org/ [Accessed 10 July 2022].