研究生: |
李家恩 Jia-En Li |
---|---|
論文名稱: |
基於MQTT-SN的簡易安全認證連線傳輸方式 A lightweight secure communication approach on MQTT-SN |
指導教授: |
王煥宗
Huan-Chun Wang |
口試委員: |
王煥宗
Huan-Chun Wang 林敬舜 Ching-Shun Lin 高典良 Tain-Lieng Kao 曹孝櫟 Shiao-Li Tsao |
學位類別: |
碩士 Master |
系所名稱: |
電資學院 - 電子工程系 Department of Electronic and Computer Engineering |
論文出版年: | 2020 |
畢業學年度: | 108 |
語文別: | 中文 |
論文頁數: | 67 |
中文關鍵詞: | 物聯網 、MQTT-SN 、認證 、加密 |
相關次數: | 點閱:178 下載:0 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
在一般的物聯網傳輸協定中通常為明文傳輸,這是非常不安全的,而一般的安全通訊都是建立在BROKER端和Client端之間,這使得Client和Client間的通訊不是那麼安全,這是本論文想要改善的一點。在物聯網中MQTT或MQTT-SN是一種輕量化的通訊協定,對於資源受限的節點是較為友善的,本論文在MQTT-SN的基礎上提供一種安全的連線及點對點加密的通訊方式,透過使用數位簽章(ECDSA)、摘要、密鑰交換(ECDHE)、AEAD(ChaCha20-Poly1305)來實現安全的MQTT-SN,安全的MQTT-SN使得subscriber和publisher間能有點對點加密的通訊,透過演算法的選擇能夠使安全的MQTT-SN和MQTT-TLS相比在運算能力受限的節點上能有好的效能。
In the general Internet of Things transmission protocol, it is usually plaintext transmission, which is very insecure. The general security communication is established between the BROKER end and the Client end, which makes the communication between Client and Client not so secure and this is the point that this paper wants to improve. In the Internet of Things, MQTT or MQTT-SN is a lightweight communication protocol, which is more friendly to nodes with limited resources. This paper provides a secure connection and point-to-point encrypted communication method based on MQTT-SN. By using digital signature (ECDSA), abstract, key exchange (ECDHE), AEAD (ChaCha20-Poly1305) to achieve a secure MQTT-SN, the secure MQTT-SN enables a somewhat peer-to-peer encrypted communication between subscriber and publisher, through the choice of algorithm can make secure MQTT-SN have better performance than MQTT-TLS on nodes with limited computing power.
[1] "Advanted encryption standard.” FIPS 197, US Department of Commerce, Washington, DC", NIST, November 2001.
[2] Dworkin, M.: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) for confidentiality and authentication. Federal Information Processing Standard Publication FIPS 800-38D, November, 2007, http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
[3] R.L. Rivest, A. Shamir and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", 1977.
[4] "Crypto suite ECDSA-ECDH security services for air interface communications", International Organization for Standardization/International Electrotechnical Commission ISO/IEC 29167-16:2015 Information technology-Automatic identification and data capture techniques-Part 16.
[5] I. Blake, G. Seroussi and N. Smart, Elliptic Curves in Cryptography, 2000.
[6] PlanetMath-Elliptic Curve Diffie-Hellman key exchange.
[7] Bernstein, D. J.: ChaCha, a variant of Salsa20. Workshop Record of SASC 2008: The State of the Art of Stream Ciphers, http://cr.yp.to/chacha/chacha- 20080128.pdf
[8] Bernstein, D. J.: The Poly1305-AES message-authentication code. Pages 32-49 in Fast software encryption: 12th international workshop, FSE 2005, http://cr.yp.to/mac/poly1305-20050329.pdf
[9] H. Krawczyk and P. Eronen, "Hmac-based extract-and-expand key derivation function (hkdf)", 07 2010, [online] Available: https://tools.ietf.org/html/rfc5869.
[10] MQTT For Sensor Networks (MQTT-SN) Protocol Specification Version 1.2, 2013.
[11] Eclipse mosquitto, 07 2019, [online] Available: https://mosquit.to.org.
[12] mosquitto-tls man page, 07 2019, [online] Available: https://mosquitto.org/man/mosquitto-tls-7.html.
[13] MQTT Version 3.1.1 OASIS Standard, 2014.
[14] OpenSSL, [online] Available: https://www.openssl.org/
[15] Mbed TLS, [online] Available:https://tls.mbed.org/
[16] RSMB, [online] Available: https://mqtt.org/tag/rsmb