研究生: |
蔡振華 Chen-Hua Tsai |
---|---|
論文名稱: |
基於霧運算的輕量級物聯網安全通訊框架 A Lightweight Fog-Based Framework for Secure IoT Communications |
指導教授: |
鄭欣明
Shin-Ming Cheng |
口試委員: |
蕭旭君
Hsu-Chun Hsiao 黃俊穎 Chun-Ying Huang 鄭欣明 Shin-Ming Cheng 沈上翔 Shan-Hsiang Shen |
學位類別: |
碩士 Master |
系所名稱: |
電資學院 - 資訊工程系 Department of Computer Science and Information Engineering |
論文出版年: | 2018 |
畢業學年度: | 106 |
語文別: | 英文 |
論文頁數: | 43 |
中文關鍵詞: | 霧運算 、物聯網 、匿名性 、惡意霧節點 |
外文關鍵詞: | Fog computing, Internet of Things, Identity Anonymity, Malicious Fog node |
相關次數: | 點閱:311 下載:2 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著連接的物聯網設備數量的增加,使用者除了享受各種物聯網應用之外,另一 方面,許多資源受限物聯網設備,往往無法有效的提供安全的通訊,而增加了使 用者對安全和隱私的擔憂。所以在物聯網建立安全通信的輕量級通訊協定是必要 的,這個協定必須能提供裝置匿名和身份驗證。本文提出了一個基於霧架構的安 全和輕量級的物聯網通訊(縮寫為 SLAFF )保證身份匿名。SLAFF 提供了 IoT 設備與雲中的認證服務器之間的密鑰交換協議,其包括匿名相互認證並且可以抵 抗惡意霧節點。此外,霧節點可以提供輔助運算的功能,提供支持委外的權限控 制。為確保 SLAFF 不會導致其他漏洞,我們使用 AVISPA 以及 BAN Logic 來驗 證協定的正確性。此外,我們在現有物聯網設備 Arduino YUN 和 Linkit Smart 7688 Duo 上以及 MQTT 協定實作 SLAFF。最後在從計算、通訊成本的角度來比 較 SLAFF 與現有解決方案之間的差異,我們發現 SLAFF 優於現有解決方案,更 適合應用於資源受限的 IoT 設備。
With the increasing number of connected IoT devices, on the one hand, users enjoy various kinds IoT applications, on the other hand, the vulnerability of IoT devices exacerbates users concerns about security and privacy. A lightweight protocol for secure IoT communications providing user anonymity and authentication is a neces- sary must. This thesis proposes a novel framework to support secure and lightweight IoT communications while guaranteeing identity anonymity with the aid of fog-based architecture (abbreviated as SLAFF). In particular, a key exchange protocol between IoT devices and the authentication server in the cloud is provided, which includes anonymous mutual authentication and can resist malicious Fog nodes. Moreover, Fog nodes could provide aided computation, and thus outsource access control is supported in SLAFF. To ensure that no additional vulnerabilities are caused from SLAFF, we apply AVISPA and BAN Logic to verify the correctness of SLAFF. Moreover, we implement SLAFF on the existing IoT devices, Arduino YUN and Linkit Smart 7688 Duo, where communication is achieved using MQTT. After com- paring the performance of SLAFF with the existing solutions from the perspective of computational and communication overheads, we found that SLAFF outperforms the existing solution and is more suitable to be applied on resource-constrained IoT devices.
K. Zhang, J. Ni, K. Yang, X. Liang, J. Ren, and X. S. Shen, “Security and privacy in smart city applications: Challenges and solutions,” IEEE Commun. Mag., vol. 55, no. 1, pp. 122–129, Jan. 2017.
[2] P.-Y. Chen, S.-M. Cheng, and K.-C. Chen, “Smart attacks in smart grid com- munication networks,” IEEE Commun. Mag., vol. 50, no. 8, pp. 24–29, Aug. 2014.
[3] ——, “Information fusion to defend intentional attack in Internet of Things,” IEEE Internet Things J., vol. 1, no. 4, pp. 337–348, Aug. 2015.
[4] P. Kumar, A. Braeken, A. Gurtov, J. Iinatti, and P. H. Ha, “Anonymous secure framework in connected smart home environments,” IEEE Trans. Inf. Forensics Security, pp. 968–979, Apr. 2017.
[5] S.-M. C. Kai-Ching Wang, “Kerberos based key management with anonymity for IoT devices in smart hotel,” Master’s thesis, National Taiwan University of Science and Technology, 2017.
[6] Cisco. (2014, May) Fog computing and the Internet of Things: Extend the cloud to where the things are. [Online]. Available: https://blogs.cisco.com/ digital/cisco-iox-in-cisco-live-2014-showcasing-fog-computing-at-work
[7] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, “Fog computing and its role in the Internet of Things,” in Proc. ACM Workshop on Mobile Cloud Computing, Aug. 2012, pp. 13–16.
[8] A. V. Dastjerdi and R. Buyya, “Fog computing: Helping the Internet of Things realize its potential,” Computers, vol. 49, no. 8, p. 112–116, Aug. 2016.
[9] C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou, “Privacy preserving public auditing for secure cloud storage,” IEEE Trans. Commun., vol. 62, no. 2, pp. 362–375, Feb. 2013.
38
[10] R. Lu, K. Heung, A. H. Lashkari, and A. A. Ghorbani, “A lightweight privacy- preserving data aggregation scheme for fog computing-enhanced IoT,” IEEE Access, vol. 5, pp. 3302–3312, 2017.
[11] A. Abeshu and N. Chilamkurti, “Deep learning: The frontier for distributed attack detection in Fog-to-Things Computing,” IEEE Commun. Mag., vol. 56, no. 2, pp. 169–175, Feb. 2018.
[12] S. Shen, L. Huang, H. Zhou, S. Yu, E. Fan, and Q. Cao, “Multistage signaling game-based optimal detection strategies for suppressing malware di usion in Fog-Cloud-Based IoT networks,” IEEE Internet Things J., vol. 5, no. 2, pp. 1043–1054, Apr. 2018.
[13] J. Ni, X. Lin, and X. S. Shen, “E cient and secure service-oriented authen- tication supporting network slicing for 5G-enabled IoT,” IEEE J. Sel. Areas Commun., vol. 36, no. 3, pp. 644–657, Mar. 2018.
[14] S.-M. Cheng, P.-Y. Chen, C.-C. Lin, and H.-C. Hsiao, “Tra c-aware patching for cyber security in mobile IoT,” IEEE Commun. Mag., vol. 55, no. 7, pp. 29–35, Jul. 2017.
[15] A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog computing for the In- ternet of Things: Security and privacy issues,” IEEE Internet Comput., vol. 21, no. 2, pp. 34–42, Jan. 2017.
[16] M. Mukherjee, R. Matam, L. Shu, L. Maglaras, M. A. Ferrag, N. Choudhury, and V. Kumar, “Security and privacy in fog computing: Challenges,” IEEE Access, vol. 5, pp. 19 293–19 304, Sep. 2017.
[17] S. N. Shirazi, A. Gouglidis, A. Farshad, and D. Hutchison, “The extended cloud: Review and analysis of Mobile Edge Computing and Fog from a security and resilience perspective,” IEEE J. Sel. Areas Commun., vol. 35, no. 11, pp. 2586–2595, Nov. 2017.
[18] J. Ni, K. Zhang, X. Lin, and X. S. Shen, “Securing fog computing for Internet of Things applications: Challenges and solutions,” IEEE Commun. Surveys Tuts., vol. 20, no. 1, pp. 601–628, Jan. 2018.
39
[19] Y. Guan, J. Shao, G. Wei, and M. Xie, “Data security and privacy in fog computing,” IEEE Netw., 2018, accepted for publication.
[20] Q. Huang, Y. Yang, and L. Wang, “Secure data access control with ciphertext update and computation outsourcing in Fog Computing for Internet of Things,” IEEE Access, vol. 5, pp. 12 941–12 950, Jul. 2017.
[21] C. Zuo, J. Shao, G. Wei, M. Xie, and M. Ji, “CCA-secure ABE with outsourced decryption for fog computing,” Future Generation Computer Systems, vol. 78, pp. 730–738, Jan. 2018.
[22] R.-H. Hsu, J. Lee, T. Q. Quek, and J.-C. Chen, “Recon gurable security: Edge computing-based framework for IoT,” arXiv, Sep. 2017.
[23] L. Lyu, K. Nandakumar, B. Rubinstein, J. Jin, J. Bedo, and M. Palaniswami, “PPFA: Privacy preserving fog-enabled aggregation in smart grid,” IEEE Trans. Ind. Informat., pp. 1–1, Feb. 2018.
[24] Y.-H. Hsu and S.-M. Cheng, “Fog-based anonymous vehicular crowd sensing,” 2018, submitted for publication.
[25] Y.-C. Li and S.-M. Cheng, “Privacy preserved mobile sensing using region-based group signature,” IEEE Access, 2018, submitted for publication.
[26] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Security and privacy preservation scheme of face identi cation and resolution framework using Fog Computing in Internet of Things,” IEEE Internet Things J., vol. 4, no. 5, pp. 1143–1155, Oct. 2017.
[27] P. Musale, D. Baek, and B. J. Choi, “Lightweight gait based authentication technique for IoT using subconscious level activities,” in Proc. IEEE WF-IoT 2018, Feb. 2018, pp. 564–567.
[28] S. Banerjee, M. P. Dutta, and C. Bhunia, “An improved smart card based anonymous multi-server remote user authentication scheme,” Int. J. smart home, vol. 9, no. 5, pp. 11–22, May 2015.
40
[29] A. Braeken, “E cient anonym smart card based authentication scheme for multi-server architecture,” International Journal of Smart Home, vol. 9, no. 9, pp. 177–184, 2015.
[30] F. Wen and D. Guo, “An improved anonymous authentication scheme for tele- care medical information systems,” Journal of medical systems, vol. 38, no. 5, p. 26, Apr. 2014.
[31] M.-C. Chuang and M. C. Chen, “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, vol. 41, no. 4, pp. 1411–1418, 2014.
[32] S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer, “Kerberos authen- tication and authorization system,” in Proc. Project Athena Technical Plan, 1987.
[33] M. B. Tamboli and D. Dambawade, “Secure and e cient CoAP based authenti- cation and access control for internet of things (IoT),” in Proc. IEEE RTEICT 2016, May 2016, pp. 1245–1250.
[34] P. P. Gaikwad, J. P. Gabhane, and S. S. Golait, “3-level secure kerberos au- thentication for smart home systems using IoT,” in Proc. IEEE NGCT 2015, Sep. 2015, pp. 262–268.
[35] K. C. Purohit, S. Bisht, A. Joshi, and J. Bhatt, “Hybrid approach for securing IoT communication using authentication and data con dentiality,” in Proc. IEEE ICACCA 2017, Sep. 2017.
[36] K. O. Bate, N. Kumar, and S. K. Khatri, “Proc. framework for authentication and access control in IoT,” in IEEE TEL-NET 2017, Aug. 2017.
[37] M. Almulhim and N. Zaman, “Proposing secure and lightweight authentication scheme for IoT based E-health applications,” in Proc. IEEE ICACT 2018, Feb. 2018.
41
[38] Y. Miyazaki, K. Naito, H. Suzuki, and A. Watanabe, “Development of certi - cate based secure communication for mobility and connectivity protocol,” in Proc. IEEE CCNC 2018, Jan. 2018.
[39] A. Tewari and B. B. Gupta, “A robust anonymity preserving authentication protocol for IoT devices,” in Proc. 2018 IEEE ICCE, Jan. 2018, pp. 1–5.
[40] “Arduino Cryptography Library,” https://rweather.github.io/arduinolibs/ crypto.html, accessed 2018-05-25.
[41] X. Sun and N. Ansari, “EdgeIoT: Mobile edge computing for the Internet of Things,” IEEE Commun. Mag., vol. 54, no. 12, pp. 22–29, Dec. 2016.
[42] A. A. Diro, N. Chilamkurti, and Y. Nam, “Analysis of lightweight encryption scheme for Fog-to-Things communication,” IEEE Access, pp. 1–1, Apr. 2018.
[43] G. Peralta, M. Iglesias-Urkia, M. Barcelo, R. Gomez, A. Moran, and J. Bilbao, “Fog computing based e cient IoT scheme for the industry 4.0,” in Proc. IEEE ECMSM 2017, May 2017, pp. 1–6.
[44] D. Dolev and A. C. Yao, “On the security of public key protocols,” in Proc. SFCS 1981, Oct. 1981, pp. 350–357.
[45] M. Burrows and M. Abadi, “A logic of authentication,” Proc. R. Soc. Lond. A, vol. 426, pp. 233–271, Dec 1989.
[46] C. J. F. Cremers, Scyther: Semantics and veri cation of security protocols. Eindhoven University of Technology Eindhoven, Netherlands, 2006.
[47] L. Viganò, “Automated security protocol analysis with the AVISPA tool,” ENTCS, vol. 155, pp. 61–86, May 2006.
[48] “Arduino - ArduinoBoardYÚN,” https://store.arduino.cc/usa/arduino-yun, accessed: 2018-06-11.
[49] “SLAFF,” https://github.com/iot-slaff/slaff, accessed: 2018-07-25.
42
[50] U. Hunkeler, H. L. Truong, and A. Stanford-Clark, “MQTT-S; a publish/sub- scribe protocol for wireless sensor networks,” in Proc. IEEE COMSWARE 2018, Jan. 2008, pp. 791–798.