簡易檢索 / 詳目顯示

回結果列表
研究生: 李家恩
Jia-En Li
論文名稱: 基於MQTT-SN的簡易安全認證連線傳輸方式
A lightweight secure communication approach on MQTT-SN
指導教授: 王煥宗
Huan-Chun Wang
口試委員: 王煥宗
Huan-Chun Wang
林敬舜
Ching-Shun Lin
高典良
Tain-Lieng Kao
曹孝櫟
Shiao-Li Tsao
學位類別: 碩士
Master
系所名稱: 電資學院 - 電子工程系
Department of Electronic and Computer Engineering
論文出版年: 2020
畢業學年度: 108
語文別: 中文
論文頁數: 67
中文關鍵詞: 物聯網MQTT-SN認證加密
相關次數: 點閱:178下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 在一般的物聯網傳輸協定中通常為明文傳輸,這是非常不安全的,而一般的安全通訊都是建立在BROKER端和Client端之間,這使得Client和Client間的通訊不是那麼安全,這是本論文想要改善的一點。在物聯網中MQTT或MQTT-SN是一種輕量化的通訊協定,對於資源受限的節點是較為友善的,本論文在MQTT-SN的基礎上提供一種安全的連線及點對點加密的通訊方式,透過使用數位簽章(ECDSA)、摘要、密鑰交換(ECDHE)、AEAD(ChaCha20-Poly1305)來實現安全的MQTT-SN,安全的MQTT-SN使得subscriber和publisher間能有點對點加密的通訊,透過演算法的選擇能夠使安全的MQTT-SN和MQTT-TLS相比在運算能力受限的節點上能有好的效能。

    In the general Internet of Things transmission protocol, it is usually plaintext transmission, which is very insecure. The general security communication is established between the BROKER end and the Client end, which makes the communication between Client and Client not so secure and this is the point that this paper wants to improve. In the Internet of Things, MQTT or MQTT-SN is a lightweight communication protocol, which is more friendly to nodes with limited resources. This paper provides a secure connection and point-to-point encrypted communication method based on MQTT-SN. By using digital signature (ECDSA), abstract, key exchange (ECDHE), AEAD (ChaCha20-Poly1305) to achieve a secure MQTT-SN, the secure MQTT-SN enables a somewhat peer-to-peer encrypted communication between subscriber and publisher, through the choice of algorithm can make secure MQTT-SN have better performance than MQTT-TLS on nodes with limited computing power.

    圖目錄 VI 表目錄 VIII 第一章 緒論 1 1.1 研究背景 1 1.2 論文架構 2 第二章 建立安全通訊所需之演算法 3 2.1 數位簽章 3 2.1.1 數位簽章簽名流程 4 2.1.2 數位簽章驗證流程 5 2.1.3 RSA數位簽章演算法簡介 5 2.1.3.1 RSA密鑰生成 6 2.1.3.2 RSA簽名和驗證 6 2.1.4 ECDSA數位簽章演算法簡介 7 2.1.4.1 ECDSA 密鑰產生 7 2.1.4.2 ECDSA 簽名和驗證 7 2.1.5 RSA和ECDSA的比較 8 2.1.5.1 密鑰強度比較 8 2.1.5.2 簽名大小比較 9 2.1.5.3 效能比較 9 2.1.5.4 比較結論 11 2.2 密鑰協商 12 2.2.1 ECDH密鑰協商簡介 12 2.2.1.1 ECDH的安全性 14 2.2.1.1.1 竊聽 14 2.2.1.1.2 中間人攻擊 14 2.2.1.1.3 前向保密 15 2.2.2 ECDHE密鑰協商簡介 15 2.2.2.1 ECDHE的安全性 17 2.3 AEAD認證加密 17 2.3.1 認證加密 17 2.3.1.1 Encryption then MAC 18 2.3.1.2 Encryption and MAC 19 2.3.1.3 MAC then Encryption 20 2.3.2 AEAD認證加密簡介 21 2.3.2.1 AES-GCM簡介 21 2.3.2.2 ChaCha20-Poly1305簡介 21 2.3.2.3 AES-GCM和ChaCha20-Poly1305的效能測試 22 第三章 建立具認證加密之 MQTT-SN傳輸 23 3.1 節點間的安全建立 23 3.2 MQTT/MQTT-SN的連線過程 26 3.3 SAFE MQTT-SN安全連線加密傳輸 27 3.3.1 SAFE MQTT-SN 27 3.3.2 SAFE MQTT-SN流程概述 28 3.3.3 SAFE MQTT-SN connect階段流程 30 3.3.4 SAFE MQTT-SN subscribe階段流程 33 3.3.5 SAFE MQTT-SN publish/receive階段流程 36 3.3.6 SAFE MQTT-SN unsubscribe 階段 37 3.4 SAFE MQTT-SN安全性分析 37 第四章 SAFE MQTT-SN實現 39 4.1 開源函式庫及軟體 39 4.2 RSMB BROKER端修改 39 4.2.1 BROKER端初始化 40 4.2.2 BROKER端connect修改 40 4.2.3 BROKER端subscribe 修改 43 4.2.4 BROKER端unsubscribe修改 47 4.3 Client端實現 48 4.3.1 Client端初始操作 48 4.3.2 Client端connect實現 49 4.3.3 Client端subscribe實現 51 4.3.4 Client端publish實現 53 4.3.5 Client端recieve實現 54 第五章 測試與分析 55 5.1 測試環境 55 5.2 SAFE MQTT-SN功能測試 56 5.3 SAFE MQTT-SN效能測試及比較 62 5.4 SAFE MQTT-SN overhead估算 63 5.5 SAFE MQTT-SN publish/receive加解密的功耗估算 64 第六章 結論及未來展望 65 參考文獻 66

    [1] "Advanted encryption standard.” FIPS 197, US Department of Commerce, Washington, DC", NIST, November 2001.
    [2] Dworkin, M.: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) for confidentiality and authentication. Federal Information Processing Standard Publication FIPS 800-38D, November, 2007, http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    [3] R.L. Rivest, A. Shamir and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", 1977.
    [4] "Crypto suite ECDSA-ECDH security services for air interface communications", International Organization for Standardization/International Electrotechnical Commission ISO/IEC 29167-16:2015 Information technology-Automatic identification and data capture techniques-Part 16.
    [5] I. Blake, G. Seroussi and N. Smart, Elliptic Curves in Cryptography, 2000.
    [6] PlanetMath-Elliptic Curve Diffie-Hellman key exchange.
    [7] Bernstein, D. J.: ChaCha, a variant of Salsa20. Workshop Record of SASC 2008: The State of the Art of Stream Ciphers, http://cr.yp.to/chacha/chacha- 20080128.pdf
    [8] Bernstein, D. J.: The Poly1305-AES message-authentication code. Pages 32-49 in Fast software encryption: 12th international workshop, FSE 2005, http://cr.yp.to/mac/poly1305-20050329.pdf
    [9] H. Krawczyk and P. Eronen, "Hmac-based extract-and-expand key derivation function (hkdf)", 07 2010, [online] Available: https://tools.ietf.org/html/rfc5869.
    [10] MQTT For Sensor Networks (MQTT-SN) Protocol Specification Version 1.2, 2013.
    [11] Eclipse mosquitto, 07 2019, [online] Available: https://mosquit.to.org.
    [12] mosquitto-tls man page, 07 2019, [online] Available: https://mosquitto.org/man/mosquitto-tls-7.html.
    [13] MQTT Version 3.1.1 OASIS Standard, 2014.
    [14] OpenSSL, [online] Available: https://www.openssl.org/
    [15] Mbed TLS, [online] Available:https://tls.mbed.org/
    [16] RSMB, [online] Available: https://mqtt.org/tag/rsmb

    無法下載圖示 全文公開日期 2025/07/28 (校內網路)
    全文公開日期 2025/07/28 (校外網路)
    全文公開日期 2025/07/28 (國家圖書館:臺灣博碩士論文系統)
    QR CODE