Basic Search / Detailed Display

Author: 蔡振華
Chen-Hua Tsai
Thesis Title: 基於霧運算的輕量級物聯網安全通訊框架
A Lightweight Fog-Based Framework for Secure IoT Communications
Advisor: 鄭欣明
Shin-Ming Cheng
Committee: 蕭旭君
Hsu-Chun Hsiao
Chun-Ying Huang
Shin-Ming Cheng
Shan-Hsiang Shen
Degree: 碩士
Department: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
Thesis Publication Year: 2018
Graduation Academic Year: 106
Language: 英文
Pages: 43
Keywords (in Chinese): 霧運算物聯網匿名性惡意霧節點
Keywords (in other languages): Fog computing, Internet of Things, Identity Anonymity, Malicious Fog node
Reference times: Clicks: 259Downloads: 2
School Collection Retrieve National Library Collection Retrieve Error Report

隨著連接的物聯網設備數量的增加,使用者除了享受各種物聯網應用之外,另一 方面,許多資源受限物聯網設備,往往無法有效的提供安全的通訊,而增加了使 用者對安全和隱私的擔憂。所以在物聯網建立安全通信的輕量級通訊協定是必要 的,這個協定必須能提供裝置匿名和身份驗證。本文提出了一個基於霧架構的安 全和輕量級的物聯網通訊(縮寫為 SLAFF )保證身份匿名。SLAFF 提供了 IoT 設備與雲中的認證服務器之間的密鑰交換協議,其包括匿名相互認證並且可以抵 抗惡意霧節點。此外,霧節點可以提供輔助運算的功能,提供支持委外的權限控 制。為確保 SLAFF 不會導致其他漏洞,我們使用 AVISPA 以及 BAN Logic 來驗 證協定的正確性。此外,我們在現有物聯網設備 Arduino YUN 和 Linkit Smart 7688 Duo 上以及 MQTT 協定實作 SLAFF。最後在從計算、通訊成本的角度來比 較 SLAFF 與現有解決方案之間的差異,我們發現 SLAFF 優於現有解決方案,更 適合應用於資源受限的 IoT 設備。

With the increasing number of connected IoT devices, on the one hand, users enjoy various kinds IoT applications, on the other hand, the vulnerability of IoT devices exacerbates users concerns about security and privacy. A lightweight protocol for secure IoT communications providing user anonymity and authentication is a neces- sary must. This thesis proposes a novel framework to support secure and lightweight IoT communications while guaranteeing identity anonymity with the aid of fog-based architecture (abbreviated as SLAFF). In particular, a key exchange protocol between IoT devices and the authentication server in the cloud is provided, which includes anonymous mutual authentication and can resist malicious Fog nodes. Moreover, Fog nodes could provide aided computation, and thus outsource access control is supported in SLAFF. To ensure that no additional vulnerabilities are caused from SLAFF, we apply AVISPA and BAN Logic to verify the correctness of SLAFF. Moreover, we implement SLAFF on the existing IoT devices, Arduino YUN and Linkit Smart 7688 Duo, where communication is achieved using MQTT. After com- paring the performance of SLAFF with the existing solutions from the perspective of computational and communication overheads, we found that SLAFF outperforms the existing solution and is more suitable to be applied on resource-constrained IoT devices.

Chinese Abstract 1 Abstract 2 Table of Contents 3 List of Table 5 Chapter 1 Introduction 7 1.1 IoT scenario and security issues 7 1.2 How Fog facilitates IoT 7 1.3 Currnet Fog-Assisted IoT security-Related issues 8 1.4 Thesis organization 10 Chapter 2 Related Works 11 2.1 Traditionalcloud-basedarchitecture 11 2.2 Modern fog-based architecture 12 Chapter 3 SystemModel 13 3.1 Network model 13 3.2 Attackmodel 14 3.3 Performancemetric 14 Chapter 4 Secure Lightweight Anonymous Fog-Based Framework (SLAFF) for IoT 15 4.1 SessionKeyEstablishment 16 4.2 OutsourcedAccessControl 19 Chapter 5 SecurityAnalysis 21 5.1 BANLogic 21 5.2 Simulation for Formal Security Veri cation Using AVISPA 25 5.3 InformalSecurityAnalysis 31 Chapter 6 PerformanceAnalysis 33 6.1 ExperimentSetup 33 6.2 ComputationalCost 33 6.3 CommnicationOverhead 34 Chapter 7 Implementation 35 Chapter 8 Conclusions 37 References 38

K. Zhang, J. Ni, K. Yang, X. Liang, J. Ren, and X. S. Shen, “Security and privacy in smart city applications: Challenges and solutions,” IEEE Commun. Mag., vol. 55, no. 1, pp. 122–129, Jan. 2017.
[2] P.-Y. Chen, S.-M. Cheng, and K.-C. Chen, “Smart attacks in smart grid com- munication networks,” IEEE Commun. Mag., vol. 50, no. 8, pp. 24–29, Aug. 2014.
[3] ——, “Information fusion to defend intentional attack in Internet of Things,” IEEE Internet Things J., vol. 1, no. 4, pp. 337–348, Aug. 2015.
[4] P. Kumar, A. Braeken, A. Gurtov, J. Iinatti, and P. H. Ha, “Anonymous secure framework in connected smart home environments,” IEEE Trans. Inf. Forensics Security, pp. 968–979, Apr. 2017.
[5] S.-M. C. Kai-Ching Wang, “Kerberos based key management with anonymity for IoT devices in smart hotel,” Master’s thesis, National Taiwan University of Science and Technology, 2017.
[6] Cisco. (2014, May) Fog computing and the Internet of Things: Extend the cloud to where the things are. [Online]. Available: digital/cisco-iox-in-cisco-live-2014-showcasing-fog-computing-at-work
[7] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, “Fog computing and its role in the Internet of Things,” in Proc. ACM Workshop on Mobile Cloud Computing, Aug. 2012, pp. 13–16.
[8] A. V. Dastjerdi and R. Buyya, “Fog computing: Helping the Internet of Things realize its potential,” Computers, vol. 49, no. 8, p. 112–116, Aug. 2016.
[9] C. Wang, S. S. M. Chow, Q. Wang, K. Ren, and W. Lou, “Privacy preserving public auditing for secure cloud storage,” IEEE Trans. Commun., vol. 62, no. 2, pp. 362–375, Feb. 2013.
[10] R. Lu, K. Heung, A. H. Lashkari, and A. A. Ghorbani, “A lightweight privacy- preserving data aggregation scheme for fog computing-enhanced IoT,” IEEE Access, vol. 5, pp. 3302–3312, 2017.
[11] A. Abeshu and N. Chilamkurti, “Deep learning: The frontier for distributed attack detection in Fog-to-Things Computing,” IEEE Commun. Mag., vol. 56, no. 2, pp. 169–175, Feb. 2018.
[12] S. Shen, L. Huang, H. Zhou, S. Yu, E. Fan, and Q. Cao, “Multistage signaling game-based optimal detection strategies for suppressing malware di usion in Fog-Cloud-Based IoT networks,” IEEE Internet Things J., vol. 5, no. 2, pp. 1043–1054, Apr. 2018.
[13] J. Ni, X. Lin, and X. S. Shen, “E cient and secure service-oriented authen- tication supporting network slicing for 5G-enabled IoT,” IEEE J. Sel. Areas Commun., vol. 36, no. 3, pp. 644–657, Mar. 2018.
[14] S.-M. Cheng, P.-Y. Chen, C.-C. Lin, and H.-C. Hsiao, “Tra c-aware patching for cyber security in mobile IoT,” IEEE Commun. Mag., vol. 55, no. 7, pp. 29–35, Jul. 2017.
[15] A. Alrawais, A. Alhothaily, C. Hu, and X. Cheng, “Fog computing for the In- ternet of Things: Security and privacy issues,” IEEE Internet Comput., vol. 21, no. 2, pp. 34–42, Jan. 2017.
[16] M. Mukherjee, R. Matam, L. Shu, L. Maglaras, M. A. Ferrag, N. Choudhury, and V. Kumar, “Security and privacy in fog computing: Challenges,” IEEE Access, vol. 5, pp. 19 293–19 304, Sep. 2017.
[17] S. N. Shirazi, A. Gouglidis, A. Farshad, and D. Hutchison, “The extended cloud: Review and analysis of Mobile Edge Computing and Fog from a security and resilience perspective,” IEEE J. Sel. Areas Commun., vol. 35, no. 11, pp. 2586–2595, Nov. 2017.
[18] J. Ni, K. Zhang, X. Lin, and X. S. Shen, “Securing fog computing for Internet of Things applications: Challenges and solutions,” IEEE Commun. Surveys Tuts., vol. 20, no. 1, pp. 601–628, Jan. 2018.
[19] Y. Guan, J. Shao, G. Wei, and M. Xie, “Data security and privacy in fog computing,” IEEE Netw., 2018, accepted for publication.
[20] Q. Huang, Y. Yang, and L. Wang, “Secure data access control with ciphertext update and computation outsourcing in Fog Computing for Internet of Things,” IEEE Access, vol. 5, pp. 12 941–12 950, Jul. 2017.
[21] C. Zuo, J. Shao, G. Wei, M. Xie, and M. Ji, “CCA-secure ABE with outsourced decryption for fog computing,” Future Generation Computer Systems, vol. 78, pp. 730–738, Jan. 2018.
[22] R.-H. Hsu, J. Lee, T. Q. Quek, and J.-C. Chen, “Recon gurable security: Edge computing-based framework for IoT,” arXiv, Sep. 2017.
[23] L. Lyu, K. Nandakumar, B. Rubinstein, J. Jin, J. Bedo, and M. Palaniswami, “PPFA: Privacy preserving fog-enabled aggregation in smart grid,” IEEE Trans. Ind. Informat., pp. 1–1, Feb. 2018.
[24] Y.-H. Hsu and S.-M. Cheng, “Fog-based anonymous vehicular crowd sensing,” 2018, submitted for publication.
[25] Y.-C. Li and S.-M. Cheng, “Privacy preserved mobile sensing using region-based group signature,” IEEE Access, 2018, submitted for publication.
[26] P. Hu, H. Ning, T. Qiu, H. Song, Y. Wang, and X. Yao, “Security and privacy preservation scheme of face identi cation and resolution framework using Fog Computing in Internet of Things,” IEEE Internet Things J., vol. 4, no. 5, pp. 1143–1155, Oct. 2017.
[27] P. Musale, D. Baek, and B. J. Choi, “Lightweight gait based authentication technique for IoT using subconscious level activities,” in Proc. IEEE WF-IoT 2018, Feb. 2018, pp. 564–567.
[28] S. Banerjee, M. P. Dutta, and C. Bhunia, “An improved smart card based anonymous multi-server remote user authentication scheme,” Int. J. smart home, vol. 9, no. 5, pp. 11–22, May 2015.
[29] A. Braeken, “E cient anonym smart card based authentication scheme for multi-server architecture,” International Journal of Smart Home, vol. 9, no. 9, pp. 177–184, 2015.
[30] F. Wen and D. Guo, “An improved anonymous authentication scheme for tele- care medical information systems,” Journal of medical systems, vol. 38, no. 5, p. 26, Apr. 2014.
[31] M.-C. Chuang and M. C. Chen, “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, vol. 41, no. 4, pp. 1411–1418, 2014.
[32] S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer, “Kerberos authen- tication and authorization system,” in Proc. Project Athena Technical Plan, 1987.
[33] M. B. Tamboli and D. Dambawade, “Secure and e cient CoAP based authenti- cation and access control for internet of things (IoT),” in Proc. IEEE RTEICT 2016, May 2016, pp. 1245–1250.
[34] P. P. Gaikwad, J. P. Gabhane, and S. S. Golait, “3-level secure kerberos au- thentication for smart home systems using IoT,” in Proc. IEEE NGCT 2015, Sep. 2015, pp. 262–268.
[35] K. C. Purohit, S. Bisht, A. Joshi, and J. Bhatt, “Hybrid approach for securing IoT communication using authentication and data con dentiality,” in Proc. IEEE ICACCA 2017, Sep. 2017.
[36] K. O. Bate, N. Kumar, and S. K. Khatri, “Proc. framework for authentication and access control in IoT,” in IEEE TEL-NET 2017, Aug. 2017.
[37] M. Almulhim and N. Zaman, “Proposing secure and lightweight authentication scheme for IoT based E-health applications,” in Proc. IEEE ICACT 2018, Feb. 2018.
[38] Y. Miyazaki, K. Naito, H. Suzuki, and A. Watanabe, “Development of certi - cate based secure communication for mobility and connectivity protocol,” in Proc. IEEE CCNC 2018, Jan. 2018.
[39] A. Tewari and B. B. Gupta, “A robust anonymity preserving authentication protocol for IoT devices,” in Proc. 2018 IEEE ICCE, Jan. 2018, pp. 1–5.
[40] “Arduino Cryptography Library,” crypto.html, accessed 2018-05-25.
[41] X. Sun and N. Ansari, “EdgeIoT: Mobile edge computing for the Internet of Things,” IEEE Commun. Mag., vol. 54, no. 12, pp. 22–29, Dec. 2016.
[42] A. A. Diro, N. Chilamkurti, and Y. Nam, “Analysis of lightweight encryption scheme for Fog-to-Things communication,” IEEE Access, pp. 1–1, Apr. 2018.
[43] G. Peralta, M. Iglesias-Urkia, M. Barcelo, R. Gomez, A. Moran, and J. Bilbao, “Fog computing based e cient IoT scheme for the industry 4.0,” in Proc. IEEE ECMSM 2017, May 2017, pp. 1–6.
[44] D. Dolev and A. C. Yao, “On the security of public key protocols,” in Proc. SFCS 1981, Oct. 1981, pp. 350–357.
[45] M. Burrows and M. Abadi, “A logic of authentication,” Proc. R. Soc. Lond. A, vol. 426, pp. 233–271, Dec 1989.
[46] C. J. F. Cremers, Scyther: Semantics and veri cation of security protocols. Eindhoven University of Technology Eindhoven, Netherlands, 2006.
[47] L. Viganò, “Automated security protocol analysis with the AVISPA tool,” ENTCS, vol. 155, pp. 61–86, May 2006.
[48] “Arduino - ArduinoBoardYÚN,”, accessed: 2018-06-11.
[49] “SLAFF,”, accessed: 2018-07-25.
[50] U. Hunkeler, H. L. Truong, and A. Stanford-Clark, “MQTT-S; a publish/sub- scribe protocol for wireless sensor networks,” in Proc. IEEE COMSWARE 2018, Jan. 2008, pp. 791–798.