Author: |
賴柏融 Po-Jung Lai |
---|---|
Thesis Title: |
基於區塊鏈技術之物聯網裝置身分管理系統 Device Identity Management System in Blockchain-based IoT Enviroment |
Advisor: |
羅乃維
Nai-Wei Lo |
Committee: |
查士朝
Shi-Cho Cha 吳宗成 Tzong-Chen Wu |
Degree: |
碩士 Master |
Department: |
管理學院 - 資訊管理系 Department of Information Management |
Thesis Publication Year: | 2018 |
Graduation Academic Year: | 106 |
Language: | 中文 |
Pages: | 51 |
Keywords (in Chinese): | 物聯網 、區塊鏈 、身分管理系統 、階層決定式錢包 |
Keywords (in other languages): | Internet of Things, Blockcchain, Identity Management System, Hierarchical Deterministic Wallets |
Reference times: | Clicks: 431 Downloads: 10 |
Share: |
School Collection Retrieve National Library Collection Retrieve Error Report |
隨著物聯網的快速發展,越來越多的物聯網應用逐漸融入人們的生活中,而隱藏在這些應用背後的物聯網裝置也不斷地增加。透過這些裝置所蒐集的各種數據,物聯網應用得以提供各式各樣的便利服務。然而,這些大量部署於開放環境中,且具有連線功能的物聯網裝置,經常成為許多攻擊者的目標。故這些物聯網裝置需要一套身分管理系統來對其進行識別與管理,並基於此系統建立起其他安全機制。
然而,傳統的身分管理系統並不適用於物聯網環境的種種特性,因此適用於物聯網裝置的身分管理系統是必須的。該系統必須能夠給予各個不同的裝置一個唯一的身分,且該身分同時能表達其所有者為誰,藉此才能夠確認到底是哪一裝置發生狀況,以及又該通知哪位所有者。此外,該系統也必須確保該身分的資料完整性及身分的可信度,否則一旦身分資料遭到竄改,可能會導致使用者無法再相信該系統所提供之身分。
綜合上述,本研究設計了一套基於區塊鏈技術之物聯網裝置身分管理系統,藉由區塊鏈技術來確保身分的資料完整性,以及解決節點間信任的問題。另外,利用比特幣改進協定(Bitcoin Improved Protocol, BIP)中的階層決定式錢包(Hierarchical Deterministic Wallets, HD Wallets)來產生大量的金鑰對,並以此當作唯一的身分來分發給各個物聯網裝置。而該身分在被分發時,也會被儲存到區塊鏈中,故裝置能夠以該身分與其他裝置進行互動,其他裝置會將該裝置提供的身分與區塊鏈中的身分資料進行比對,以驗證身分是否合法。最後,本研究亦對所設計的系統進行安全性分析與討論,以確保系統可以抵擋常見的資安攻擊手法如竊聽攻擊、重送攻擊和中間人攻擊,以及討論於實務上可能會面臨的各種狀況。
With the rapid advancements in Internet of Things (IoT), there are more and more IoT applications fit into people’s lives, and the same as the IoT devices with those IoT applications. Also, IoT applications could provide people kinds of convenient services by the data collected through those IoT devices. However, these IoT devices have functionality to connect the Internet and usually being massively deployed into open area, and they will become the target of malicious hacker easily. Therefore, it must be identified and controlled by an identity management system, and build other security mechanisms based on the system.
Nevertheless, the traditional identity management system is not suitable for IoT environment due to the kinds of its characteristic. So the identity management system for IoT is needed. The system must identify each device by an unique identity which also can indicate the owner of the device, so it can identify which device has problems and who should be notified. Besides, the system must also make sure the integrity and reliability of identity. Otherwise, once the system failure of the integrity, no one will trust the identity provided by it.
To sum up, this thesis designs a device identity management system in blockchain-based IoT environment. The proposed system is using blockchain to protect the integrity of identity and solve the problem of trust between nodes. Moreover, it generates a lot of key pairs as the unique identity of device using Hierarchical Deterministic Wallets that is defined in Bitcoin Improved Protocol. When the identity was assigned to a device, it will be store into blockchain. Therefore, the device can use its identity to interact with other devices, and those devices can check the validation of the received identity by comparing the identity stored in blockchain. Finally, this thesis adopts a security analysis for the proposed system, and confirms that the proposed system can defend common attacks such as Eavesdropping Attack, Replay Attack, and Man-in-the-middle Attack. Also, this thesis discusses several situations which should be concerned in practice for the proposed system.
[1] P. Middleton, P. Kjeldsen, and J. Tully, "Forecast: The internet of things, worldwide, 2013," Gartner Research, 2013.
[2] H. Boujezza, A.-M. Modher, H. K. B. Ayed, and L. Saidane, "A taxonomy of identities management systems in IOT," in 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA), 2015, pp. 1-8: IEEE.
[3] J. Liu, Y. Xiao, and C. P. Chen, "Authentication and access control in the internet of things," in Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on, 2012, pp. 588-592: IEEE.
[4] P. Butkus, "A user centric identity management for Internet of things," in IT Convergence and Security (ICITCS), 2014 International Conference on, 2014, pp. 1-4: IEEE.
[5] S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system," 2008.
[6] Bitcoin official website [Online]. Available: https://bitcoin.org/en/ (Accessed: June, 2018)
[7] Ethereum official website [Online]. Available: https://www.ethereum.org/ (Accessed: June, 2018)
[8] J. Torres, R. Macedo, M. Nogueira, and G. Pujolle, "Identity Management Requirements in Future Internet," ResearchGate, 2012.
[9] J. Torres, M. Nogueira, and G. Pujolle, "A survey on identity management for the future network," IEEE Communications Surveys & Tutorials, vol. 15, no. 2, pp. 787-802, 2013.
[10] Y. Cao and L. Yang, "A survey of identity management technology," in Information Theory and Information Security (ICITIS), 2010 IEEE international conference on, 2010, pp. 287-293: IEEE.
[11] G. Alpár, J.-H. Hoepman, and J. Siljee, "The identity crisis. security, privacy and usability issues in identity management," arXiv preprint arXiv:1101.0427, 2011.
[12] M. Leo, F. Battisti, M. Carli, and A. Neri, "A federated architecture approach for Internet of Things security," in Euro Med Telco Conference (EMTC), 2014, 2014, pp. 1-5: IEEE.
[13] P. Fremantle, B. Aziz, J. Kopecký, and P. Scott, "Federated identity and access management for the internet of things," in Secure Internet of Things (SIoT), 2014 International Workshop on, 2014, pp. 10-17: IEEE.
[14] X. Zhu, Y. Badr, J. Pacheco, and S. Hariri, "Autonomic identity framework for the internet of things," in Cloud and Autonomic Computing (ICCAC), 2017 International Conference on, 2017, pp. 69-79: IEEE.
[15] K. Christidis and M. Devetsikiotis, "Blockchains and smart contracts for the internet of things," Ieee Access, vol. 4, pp. 2292-2303, 2016.
[16] T. M. Fernández-Caramés and P. Fraga-Lamas, "A Review on the Use of Blockchain for the Internet of Things," IEEE Access, 2018.
[17] P. Wuille. (June, 2018). Bitcoin Improved Protocol 32 - Hierarchical Deterministic Wallets [Online]. Available: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki