Author: |
許勝翔 Sheng-Hsiang Hsu |
---|---|
Thesis Title: |
基於MQTT協定架構之安全物聯網韌體更新機制 A Secure IoT Firmware Update Mechanism based on MQTT Protocol |
Advisor: |
羅乃維
Nai-Wei Lo |
Committee: |
吳宗成
Tzong-Chen Wu 查士朝 Shi-Cho Cha |
Degree: |
碩士 Master |
Department: |
管理學院 - 資訊管理系 Department of Information Management |
Thesis Publication Year: | 2017 |
Graduation Academic Year: | 105 |
Language: | 中文 |
Pages: | 54 |
Keywords (in Chinese): | 物聯網 、韌體更新 、身分鑑別 、感測裝置 、訊息佇列遙測傳輸 |
Keywords (in other languages): | Internet of Things, Firmware Update, Authentication, Sensors, Message Queuing Telemetry Transport |
Reference times: | Clicks: 941 Downloads: 20 |
Share: |
School Collection Retrieve National Library Collection Retrieve Error Report |
隨著物聯網的快速發展,目前在家庭、醫院以及工廠等環境皆有可能看見被大量部署的感測裝置,藉由這些感測裝置以蒐集環境中的各種數據,我們能夠分析這些數據作後續利用。然而,這些大量部署於環境中且具有連線能力的感測裝置,已經成為有心人士的攻擊目標,雖然感測裝置製造商會定期發布新版韌體以修補漏洞,但若感測裝置之管理者疏於更新,則仍可能造成讓攻擊者造成危害。
然而,目前感測裝置之韌體更新機制未臻完善,因此我們必須確保在安裝新版本韌體前,以可靠方法驗證韌體完整性,以及韌體是否確實由其製造商所提供。否則,一旦感測裝置安裝了由攻擊者所提供的惡意韌體,可能會導致感測裝置功能停擺,甚至是使得感測裝置成為攻擊者發動後續網路攻擊的跳板。
綜合上述,本論文發展了一套基於訊息佇列遙測傳輸(Message Queuing Telemetry Transport, MQTT)協定架構之安全物聯網韌體更新機制,以確保感測裝置製造商提供的新版韌體能夠有效率地推送至目標型號的感測裝置。另外,在協定中利用橢圓曲線迪菲-赫爾曼金鑰交換(Elliptic Curve Diffie-Hellman Key Exchange, ECDH)、數位簽章(Digital Signature)及金鑰雜湊訊息鑑別碼(Keyed-hash Message Authentication Code, HMAC)等方法,以完成裝置對裝置的身分鑑別。若韌體在推送的過程中遭人竄改,或是韌體的發布者並非原感測裝置製造商,透過本論文設計的協定皆可檢驗出來,因此確保了攻擊者所提供的惡意韌體不會被安裝於感測裝置之上。最後,本論文亦對所設計的協定進行安全性分析,驗證協定可抵擋常見的竊聽攻擊、中間人攻擊、重送攻擊、偽冒攻擊等常見手法。
With the rapid advancements in Internet of Things (IoT), there are a lot of sensors deployed in each environment such as home, hospitals, and factories. By using these sensors, we can collect different kinds of data from the environment and analyze it later. However, these sensors which have functionality to connect Internet have become attacked targets by malicious hacker. Although the manufacturers release new version of firmware to resolve vulnerability for specific sensors, the administrator of sensors may ignore the importance of firmware update. As a result, sensors are still under threat of attacks.
Nevertheless, the firmware update mechanism for sensors is not perfect nowadays. We must assure that a reliable method to verify the integrity and provider of firmware. Otherwise, if sensors install malicious firmware, they will be out of order or controlled by attackers to launch attacks in the future.
To sum up, this thesis designs a secure IoT firmware update mechanism based on Message Queuing Telemetry Transport(MQTT) protocol. It assures that new version of firmware provided by manufacturers can be pushed to corresponding sensors efficiently. We use Elliptic Curve Diffie-Hellman Key Exchange(ECDH), Digital Signature, and Keyed-hash Message Authentication Code(HMAC) algorithms in the protocol to accomplish machine-to-machine authentication. If firmware is modified or provided by attackers, our proposed protocol will detect it. Consequently, we promise that malicious firmware won’t be installed on sensors. Finally, we adopt a security analysis for our protocol, and confirm that our proposed protocol can defend common attacks such as Eavesdropping Attack, Man-in-the-middle Attack, Replay Attack, and Impersonation Attack.
[1] B.-C. Choi, S.-H. Lee, J.-C. Na, and J.-H. Lee, “Secure firmware validation and update for consumer devices in home networking,” IEEE Transactions on Consumer Electronics, vol. 62, no. 1, pp. 39-44, 2016.
[2] A. Mohan, “Cyber Security for Personal Medical Devices Internet of Things,” Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on. pp. 372-374, 2014.
[3] “IoT security threats are skyrocketing, AT&T reveals, ” [Online]. Available:http://www.fiercewireless.com/wireless/iot-security-threats-are-skyrocketing-at-t-reveals (Accessed: March, 2017)
[4] “Gartner Identifies the Top 10 Internet of Things Technologies for 2017 and 2018, ” [Online]. Available: http://www.gartner.com/newsroom/id/3221818 (Accessed: March, 2017)
[5] M. Steger, C. Boano, M. Karner, J. Hillebrand, W. Rom, and K. Romer, “SecUp: Secure and Efficient Wireless Software Updates for Vehicles,” Digital System Design (DSD), 2016 Euromicro Conference on. pp. 628-636, 2016.
[6] 「為何駭客特別愛用IoT裝置當作攻擊跳板,裝置管理權責劃分不易是主因」[Online]. Available: http://www.ithome.com.tw/news/112861 (Accessed: March, 2017)
[7] H. Krawczyk, M. Bellare, and R. Canetti, “RFC 2104: HMAC: Keyed-hashing for message authentication,” 1997. [Online]. Available: https://tools.ietf.org/html/rfc2104 (Accessed: April, 2017)
[8] “SEC 1: Elliptic Curve Cryptography, ” [Online]. Available: http://www.secg.org/sec1-v2.pdf (Accessed: May, 2017)
[9] “MQTT Version 3.1.1 Plus Errata 01, ” [Online]. Available: http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html (Accessed: April, 2017)
[10] “HiveMQ MQTT Essentials, ” [Online]. Available: http://www.hivemq.com/blog/mqtt-essentials/ (Accessed: April, 2017)
[11] S. Lee, H. Kim, D.-K. Hong, and H. Ju,, “Correlation analysis of MQTT loss and delay according to QoS level,” Information Networking (ICOIN), 2013 International Conference on. pp. 714-717, 2013.
[12] P. Thota, and Y. Kim, “Implementation and Comparison of M2M Protocols for Internet of Things,” Applied Computing and Information Technology/3rd Intl Conf on Computational Science/Intelligence and Applied Informatics/1st Intl Conf on Big Data, Cloud Computing, Data Science & Engineering (ACIT-CSII-BCD), 2016 4th Intl Conf on. pp. 43-48, 2016.
[13] “The Constrained Application Protocol, ” [Online]. Available: https://tools.ietf.org/html/rfc7252 (Accessed: April, 2017)
[14] A. J. Poulter, S. J. Johnston, and S. J. Cox, “SRUP: The secure remote update protocol,” Internet of Things (WF-IoT), 2016 IEEE 3rd World Forum on. pp. 42-47, 2016.
[15] A. Niruntasukrat, C. Issariyapat, P. Pongpaibool, K. Meesublak, P. Aiumsupucgul, and A. Panya, “Authorization mechanism for MQTT-based Internet of Things,” Communications Workshops (ICC), 2016 IEEE International Conference on. pp. 290-295, 2016.
[16] M. Singh, M. Rajan, V. Shivraj, and P. Balamuralidhar,“Secure MQTT for Internet of Things (IoT), ” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on. pp. 746-751, 2015
[17] A. K. Ranjan, and M. Hussain, “Terminal Authentication in M2M Communications in the Context of Internet of Things,” Procedia Computer Science, vol. 89, pp. 34-42, 2016.
[18] Lavanya, Natarajan, “Lightweight Authentication for COAP based IOT,” Proceedings of the 6th International Conference on the Internet of Things(IoT), pp. 167-168, 2016.
[19] Omaimah Omar Bamasag and Kamal Youcef-Toumi, “Towards Continuous Authentication in Internet of Things Based on Secret Sharing Scheme,” Proceedings of the 2015 Workshop on Embedded Systems Security (WESS'15), Amsterdam, The Netherlands, 2015.
[20] I. Butun, M. Erol-Kantarci, B. Kantarci, and H. Song, “Cloud-centric multi-level authentication as a service for secure public safety device networks,” IEEE Communications Magazine, vol. 54, no. 4, pp. 47-53, 2016.
[21] J. L. Hernandez-Ramos, M. P. Pawlowski, A. J. Jara, A. F. Skarmeta, and L. Ladid, “Toward a Lightweight Authentication and Authorization Framework for Smart Objects,” IEEE Journal on Selected Areas in Communications, vol. 33, no. 4, pp. 690-702, 2015.
[22] P. Kumar, A. Gurtov, J. Iinatti, M. Ylianttila, and M. Sain, “Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments,” IEEE Sensors Journal, vol. 16, no. 1, pp. 254-264, 2016.
[23] H. Chandra, E. Anggadjaja, P. S. Wijaya, and E. Gunawan, “Internet of Things: Over-the-Air (OTA) firmware update in Lightweight mesh network protocol for smart urban development,” Communications (APCC), 2016 22nd Asia-Pacific Conference on. pp. 115-118, 2016.
[24] R. Hassan, K. Markantonakis, and R. N. Akram, “Can You Call the Software in Your Device be Firmware?,” e-Business Engineering (ICEBE), 2016 IEEE 13th International Conference on. pp. 188-195, 2016.
[25] D. K. Nilsson, L. Sun, and T. Nakajima, “A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs,” GLOBECOM Workshops, pp. 1-5, 2008.