研究生: |
田懋祥 TIAN MAO XIANG |
---|---|
論文名稱: |
低功率藍牙安全攻防競賽系統之設計與實作 On Design and Implementation of a Wargame System for Bluetooth Low Energy Applications |
指導教授: |
查士朝
Shi-Cho Cha 洪政煌 Cheng-Huang Hung |
口試委員: |
鄭欣明
ZHENG XIN MING 葉國暉 SHE YE GUO HUI |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2018 |
畢業學年度: | 106 |
語文別: | 中文 |
論文頁數: | 56 |
中文關鍵詞: | 低功率藍牙 、資訊安全 、攻防系統 、自動部署 |
外文關鍵詞: | BLESecurity, AttackandDefenseSystem, AutomaticDeployment |
相關次數: | 點閱:188 下載:7 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
近年來常有wargame的競賽,以考驗參賽者對資訊安全的知識。但是,當要準備有關於物聯網的競賽題目時,必須花費很多時間在設定環境與設備、燒入韌體。本論文針對物聯網安全中的一個核心技術-低功率藍牙(Bluetooth Low Energy,簡稱BLE),並基於BLE設備之資訊安全,提出並且實作一個低功率藍牙安全攻防系統框架,以便能夠快速生成多項BLE相關的wargame題目。按照本論文框架所實作的系統,能夠利用燒入客製化的韌體進而模擬現實中BLE相關的資安威脅,讓使用者擁有自己的作業環境進行挑戰解題,以便從挑戰學習相關知識。藉由虛擬機的自動部署技術和環境虛擬化,能夠減少人工操作、隔離使用者的執行環境、減少互相干擾的狀況。此外,依本研究架構所實作的系統,只需約20秒,就能夠迅速部署一個wargame題目,而有效的減少許多繁瑣的工作。
Wargame competition has become a popular form to testify partici-pants security skills. However, when designing the wargame competi-tion for IoT security, we may need to setup a large amount of hardwarewith firmware for the competition. Moreover, people need to spend alot of time on changing the firmware of the device and have the diffi-culty of isolating each user’s environment separately.
Therefore, this study focuses on BLE security and proposes a sys-tem for deployment wargame competition for BLE security. The pro-posed system can flashes a customized firmware to simulate the realword scenarios of the BLE security. Consequently, the system can cre-ate a simulative environment with several BLE vulnerabilities rapidly.Users can then try to exploit the vulnerabilities in the simulative envi-ronment to demonstrate their familiarity of BLE security. Moreover, asthe proposed system utilize visualization technologies, the system canprovide isolated environment for different users and reduce interfer-ence among the users.
Furthermore, we have implemented the proposed system and con-ducted a performance test for verification. Compared with flashing thefirmware to each device manually, this study can deploy the environ-ments for BLE security wargame competition in 20 seconds. That is,this study contributes to simplifying the overall process of launching awargame for BLE security.
[1]S. Jasek, “Blue picking - hacking bluetooth smartlocks,” 2017, visited on 2018-05-20. [Online]. Available:https://conference.hitb.org/hitbsecconf2017ams/materials/D2T3%20-%20Slawomir%20Jasek%20-%20Blue%20Picking%20-%20Hacking%20Bluetooth%20Smart%20Locks.pdf
[2]A. Labs, BlueBorne, visited on 2018-04-20. [Online]. Available:https://www.armis.com/blueborne/
[3]“Ctf wiki,” visited on 2018-04-20. [Online]. Available:https://ctf-wiki.github.io/ctf-wiki
[4]E. D. Security, “Btlejuice,” visited on 2018-04-20. [Online].Available:https://github.com/DigitalSecurity/btlejuice
[5]“Kvm,” visited on 2018-04-20. [Online]. Available:http://www.linux-kvm.org/page/Main_Page
[6]“libvirt virtualization api,” visited on 2018-05-20. [Online].Available:http://libvirt.org/
[7]“Qemu,” visited on 2018-04-20. [Online]. Available:http://wiki.qemu.org/Main_Page.
[8]“Comparison of xen, kvm, and qemu,” visited on 2018-06-8. [Online]. Available:https://www.researchgate.net/figure/Comparison-of-Xen-KVM-and-QEMU_fig1_281177318
[9]“nrf52832-mdk documentation,” visited on 2018-05-20. [On-line]. Available:https://github.com/makerdiary/nrf52832-mdk43
[10]“nrf51822,” visited on 2018-04-20. [Online]. Available:https://www.nordicsemi.com/chi/node_176/Bluetooth-R/nRF51822
[11]“Mbed開 發nrf51-dongle,” visited on 2018-04-20. [Online]. Available:https://os.mbed.com/platforms/Nordic-nRF51-Dongle/
[12]M. O’Leary, “Innovative pedagogical approaches to a capstonelaboratory course in cyber operations,” in Proceedings of the2017 ACM SIGCSE Technical Symposium on Computer ScienceEducation, ser. SIGCSE ’17. New York, NY, USA: ACM, 2017,pp. 429‒434, visited on 2018-05-20. [Online]. Available:http://doi.acm.org/10.1145/3017680.3017720
[13]C. Pham, D. Tang, K.-i. Chinen, and R. Beuran, “Cyris: A cyberrange instantiation system for facilitating security training,” inProceedings of the Seventh Symposium on Information andCommunication Technology, ser. SoICT ’16. New York, NY, USA:ACM,2016, pp.251‒258, visitedon2018-05-20.[Online].Available:http://doi.acm.org/10.1145/3011077.3011087
[14]“Mbed,” visited on 2018-05-20. [Online]. Available:https://www.mbed.com/
[15]“Gcc arm,” visited on 2018-04-20. [Online]. Avail-able:https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads
[16]“mbed-cli,” visited on 2018-04-20. [Online].Available:https://github.com/ARMmbed/mbed-cli
[17]“Jlink driver,” visited on 2018-04-20. [Online]. Available:https://www.segger.com/downloads/jlink/44
[18]“nrf5x command line tools,” visited on 2018-04-20. [On-line]. Available:http://infocenter.nordicsemi.com/pdf/nRF5x_Command_Line_Tools_v1.3.pdf
[19]“Docker images and layers,” visited on 2018-04-20. [On-line]. Available:https://docs.docker.com/storage/storagedriver/#images-and-layers
[20]E. Styger, “Tutorial: Ble pairing the raspberry pi 3model b with hexiwear,” 2016, visited on 2018-05-20. [Online]. Available:https://mcuoneclipse.com/2016/12/19/tutorial-ble-pairing-the-raspberry-pi-3-model-b-with-hexiwear/
[21]noVNC, “Vnc client using html5 (web sockets, canvas) withencryption (wss://) support.” visited on 2018-05-20. [Online].Available:https://github.com/novnc/noVNC
[22]“Flask (a python microframework),” visited on 2018-05-20.[Online]. Available:http://flask.pocoo.org/
[23]“Jinja2 ( a full featured template engine for python),” visited on2018-05-20. [Online]. Available:http://jinja.pocoo.org/
[24]“Gunicorn - python wsgi http server for unix,” visited on2018-05-20. [Online]. Available:http://gunicorn.org/45