進階搜尋


 
系統識別號 U0026-1602201709035600
論文名稱(中文) 物聯網之可信賴遠端儲存系統設計與實作
論文名稱(英文) The Design and Implementation of a Trusted Remote Storage System for Internet of Things
校院名稱 成功大學
系所名稱(中) 電腦與通信工程研究所
系所名稱(英) Institute of Computer & Communication
學年度 105
學期 1
出版年 106
研究生(中文) 魏騰昱
研究生(英文) Teng-Yu Wei
學號 Q36031067
學位類別 碩士
語文別 中文
論文頁數 131頁
口試委員 指導教授-陳 敬
召集委員-姜美玲
口試委員-張大緯
口試委員-薛智文
口試委員-王明習
中文關鍵字 物聯網  ARM TrustZone  可信賴第三方模型  安全儲存  遠端儲存 
英文關鍵字 Internet of Things  ARM TrustZone  Trusted Third Party  Secure Storage  Remote Storage 
學科別分類
中文摘要   近年來物聯網的應用與其相關技術已經逐漸成熟並且成為未來的發展趨勢。然而即使如此,物聯網應用目前面臨著最大的困境即在於安全性與隱私性的議題。對於小型區域物聯網以個人行動裝置作為資料儲存伺服器之應用情境而言,安全性與隱私性的議題之重要性更為顯著。因此,若能提出適用於物聯網之資料儲存安全性解決方案,將有機會消除物聯網無法快速普及的因素,進而快速推動物聯網的發展。
  本論文設計之可信賴遠端儲存系統乃基於 ARM TrustZone 之特性在伺服器端與客戶端之間以可信賴第三方模型建構出一套無加密運算之安全認證與授權機制並且採用OP-TEE 之設計以確保資料的儲存空間不會被毀損、竊取或竄改,以適用於小型區域物聯網之應用情境。除此之外,此系統同時包含相對應之通訊協定以及系統應用程式介面,使得物聯網應用程式開發者能夠依據不同的物聯網應用擴充並且操作本系統,以減輕物聯網應用程式開發者之負擔。
  本論文實作內容以 OP-TEE 開放原始碼專案為基礎,建立起可信賴遠端儲存系統。實作內容包含:(1)可信賴遠端儲存伺服器,提供客戶端與伺服器端之間建立起信任模型。(2)可信賴遠端儲存通訊協定,訂定了存取可信賴遠端儲存伺服器之標準程序。(3)可信賴遠端儲存系統應用程式介面,提供物聯網應用程式開發者能夠簡單且彈性地使用本系統開發物聯網應用。
  本論文的貢獻在於設計並實作一可信賴遠端儲存系統,提供小型區域物聯網應用對於資料儲存安全性需求之解決方案,讓物聯網應用不需要依賴企業資源之雲端伺服器並可將儲存伺服器安全地建置在個人行動裝置以減省開發成本並且保有隱私性。
英文摘要 In recent years, the application of Internet of Things (IoT) and its related technology has gradually matured and become the development trend for the future. However, the biggest challenges which IoT faces are personal privacy and security issues. The importance of security and privacy is more significant for the small-area IoT where personal mobile devices are used as data storage servers. Therefore, a solution to secure data storage for the IoT would help promote the development of the IoT.

In this thesis, a trusted remote storage system based on ARM TrustZone is designed to construct an authentication and authorization mechanism between the server and the
client with the trusted third party model. In order to be more suitable for the applications of the small-area IoT scenarios, the implementation of a trusted remote storage system utilized OP-TEE secure file system as the basis to ensure that the data storage space will not be damaged, stolen or tampered. In addition, the system also contains the dedicated communication protocol and application program interfaces which allow IoT developers to expand and operate the system easily for various applications.

The implementation of the trusted remote storage system includes: (1) trusted remote storage server, which provides a trust model between the client and the server; (2) a trusted remote storage protocol, which defines a standardized procedure for access to the trusted remote storage server. (3) trusted remote storage system application program interfaces. IoT application developers can easily and flexibly use or integrate the system in their development.

The main contribution of this thesis is the design and implementation of a trusted remote storage system to propose a solution to secure data storage for the applications of smallarea IoT. IoT applications therefore do not need to rely on enterprise cloud server or resources, but can build storage server securely on personal mobile devices to reduce development cost while maintaining privacy.
論文目次 第1章 緒論 1
1.1 研究背景 1
1.2 研究動機與目的 4
1.3 研究方法 6
1.4 章節規劃 7
第2章 相關研究 8
2.1 物聯網信任管理相關研究 8
2.1.1 基於分散式運算之信任管理 9
2.1.2 基於可信賴第三方的信任管理 10
2.1.3 基於信譽之信任管理 11
2.1.4 比較與討論 12
2.2 可信賴執行環境 13
2.2.1 ARM TrustZone 13
2.2.2 可信賴平台模組 15
2.2.3 Intel SGX 16
2.2.4 比較與討論 17
2.3 安全儲存相關研究 18
2.3.1 Secure Block Device 18
2.3.2 Darkroom 20
2.3.3 OESSTCP 21
2.3.4 OP-TEE安全儲存系統 23
2.3.5 比較與討論 24
2.4 討論 25
第3章 架構設計 27
3.1 概述與分析 27
3.1.1 系統操作與情境說明 27
3.1.2 威脅模型與假設 30
3.2 系統架構 34
3.3 可信賴遠端儲存伺服器 38
3.3.1 信任儲存鏈 38
3.3.2 信任模型 40
3.3.3 可信賴遠端儲存伺服器存取介面 44
3.4 可信賴遠端儲存協定 47
3.4.1 伺服器端協定設計 47
3.4.2 客戶端協定設計 51
3.5 可信賴遠端儲存系統應用程式介面 53
3.5.1 伺服器端應用程式介面設計 53
3.5.2 客戶端應用程式介面設計 56
第4章 實作 58
4.1 實作環境 58
4.2 可信賴遠端儲存伺服器 61
4.2.1 可信賴遠端儲存伺服器存取介面 61
4.2.2 信任管理者 73
4.2.3 邏輯裝置 79
4.3 可信賴遠端儲存協定 87
4.3.1 伺服器端協定實作 87
4.3.2 客戶端協定實作 94
4.4 可信賴遠端儲存系統應用程式介面 97
4.4.1 伺服器端應用程式介面實作 97
4.4.2 客戶端應用程式介面實作 101
第5章 系統測試 106
5.1 系統測試環境 106
5.2 系統功能測試 109
5.3 系統效能測試與分析 113
5.4 系統安全性測試與驗證 115
第6章 結論與未來展望 124
6.1 結論 124
6.2 未來展望 125
參考文獻 126

參考文獻 [1] ARM Trusted Firmware, https://github.com/ARM-software/arm-trusted-firmware, accessed on 2016-10-21.
[2] ARM TrustZone white paper, http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf, accessed on 2016-09-11.
[3] Atul Kumar, Dr. U.C. Jaiswal, “An Authentication Scheme Based On Multiple Trusted Third Party”, International Journal of Engineering and Technical Research, 2016.
[4] Authenticated Encryption wiki, https://en.wikipedia.org/wiki/Authenticated_encryption, accessed on 2016-10-21.
[5] Christoph Krauß, Frederic Stumpf, and Claudia Eckert, “Detecting Node Compromise in Hybrid Wireless Sensor Networks Using Attestation Techniques” , In EWSN , vol. 5432 of Lecture Notes in Computer Science, Springer, 2007.
[6] Chroot wiki, https://zh.wikipedia.org/wiki/Chroot, accessed on 2017-2-7.
[7] CMAC wiki, https://tools.ietf.org/html/rfc4493, accessed on 2016-10-21.
[8] Compile, Install, Run Linux Apps on Android, http://geeknizer.com/install-run-linux-applications-on-android/, accessed on 2016-12-10.
[9] COSMOS project, http://iot-cosmos.eu/, accessed on 2016-10-21.
[10] Daniel Hein, Johannes Winter, and Andreas Fitzek, “Secure Block Device - Secure, Flexible, and Efficient Data Storage for ARM TrustZone Systems”, IEEE Trustcom/BigDataSE/ISPA, 2015.
[11] Distributed computing wiki, https://en.wikipedia.org/wiki/Distributed_computing, accessed on 2016-10-21.
[12] DTLS wiki, https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security, accessed on 2016-11-18.
[13] Eleftherios Kokoris-Kogias, Orfefs Voutyras, Theodora Varvarigou, “TRM-SIoT: A Scalable Hybrid Trust & Reputation Model for the Social Internet of Things”, IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA), 2016.
[14] Gartner Says Five of Top 10 Worldwide Mobile Phone Vendors Increased Sales in Second Quarter of 2016, http://www.gartner.com/newsroom/id/3415117, accessed on 2016-12-10.
[15] GlobalPlatform TEE Internal Core API Specification v1.1, http://www.globalplatform.org/specificationsdevice.asp, accessed on 2016-10-21.
[16] Hu, W., Corke, P., Shih, W. C., and Overs, L. , ” secfleck: A public key technology platform for wireless sensor networks.”, In EWSN, vol. 5432 of Lecture Notes in Computer Science, Springer, 2009.
[17] Hassan Saad Alqahtani, Paul Sant, “A Multi-Cloud Approach for Secure Data Storage on Smart Device”, IEEE International Conference on Digital Information and Communication Technology and its Applications (DICTAP), 2016.
[18] IEEE, “Towards a definition of the Internet of Things (IoT)”, IEEE Internet Initiative, 2015.
[19] Initialization Vector wiki, https://en.wikipedia.org/wiki/Initialization_vector, accessed on 2016-10-21.
[20] Intel Skylake 微架構處理器小異動,新出貨版本將具備SGX安全功能, http://www.techbang.com/posts/39194-intel-skylake-microarchitecture-processors-will-open-sgx-security-features, accessed on 2016-10-21..
[21] Intel Software Guard Extensions, https://software.intel.com/sites/default/files/332680-002.pdf, accessed on 2016-10-21.
[22] Intel® Software Guard Extensions Official website, https://software.intel.com/en-us/sgx3, accessed on 2016-10-21.
[23] Internet of things wiki, https://en.wikipedia.org/wiki/Internet_of_things, accessed on 2016-10-20.
[24] IPsec wiki, https://en.wikipedia.org/wiki/IPsec, accessed on 2016-11-18.
[25] Junjian Chen, Jingning Liu, Dan Feng, “Design and Implementation of Object-oriented Encryption Storage System Based on Trusted Computing Platform”, IEEE International Conference on Computational Intelligence and Security (CIS), 2010.
[26] Jaebok Shin, Yungu Kim, Wooram Park, Chanik Park, “DFCloud: A TPM-based Secure Data Access Control Method of Cloud Storage in Mobile Devices”, IEEE 4th International Conference on Cloud Computing Technology and Science, 2012.
[27] Jun-Won Ho, Wright .M, S.K. Das, ”ZoneTrust: Fast Zone-Based Node Compromise Detection and Revocation in Wireless Sensor Networks Using Sequential Hypothesis Testing”, IEEE Transactions on Dependable and Secure Computing, Vol. 9, no. 4, pp. 494 - 511, 2012.
[28] Jingpei Wang, Sun Bin, Yang Yu1, Niu Xinxin, “Distributed Trust Management Mechanism for the Internet of Things”, Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering. 2013.
[29] James Kung, SY Chiu, “SFO15-503: Secure storage in OP-TEE”, Linaro, 2015.
[30] J Janusz Furtak, Jan Chudzikiewicz, “Securing transmissions between nodes of WSN using TPM”, IEEE Proceedings of the Federated Conference on Computer Science and Information Systems, 2015.
[31] James King, Ali Ismail Awad, “A Distributed Security Mechanism for Resource-Constrained IoT Devices”, Informatica 40, 2016.
[32] Kerberos wiki, https://en.wikipedia.org/wiki/Kerberos_(protocol), accessed on 2016-10-20.
[33] Kheng Kok Mar, Chee Yong Law, Victoria Chin, “Secure Personal Cloud Storage”, IEEE, The 10th International Conference for Internet Technology and Secured Transactions, 2015.
[34] Lustre wiki, https://en.wikipedia.org/wiki/Lustre_(file_system), accessed on 2016-10-20.
[35] Mingqiu Song, Xiangpei Hu, Jiahua Li, Guishi Deng, “An Authentication Model Involving Trusted Third Party for M-Commerce”, IEEE Sixth International Conference on the Management of Mobile Business, 2007.
[36] M.Thamizhselvan, R.Raghuraman, S.Gershon Manoj, P.Victer Paul, “A Novel Security Model for Cloud using Trusted Third Party Encryption”, IEEE Sponsored 2nd International Conference on Innovations in Information Embedded and Communication Systems, 2015.
[37] Manyam Thaile, O.B.V. Ramanaiah, “Node Compromise Detection Based on NodeTrust in Wireless Sensor Networks”, IEEE International Conference on Computer Communication and Informatics, 2016.
[38] Merkle Tree wiki, https://en.wikipedia.org/wiki/Merkle_tree, accessed on 2016-10-21.
[39] Nesrine Kaaniche, Aymen Boudguiga, Maryline Laurent, “ID-Based Cryptography for Secure Cloud Data Storage”, IEEE Sixth International Conference on Cloud Computing, 2013.
[40] PUF wiki, https://en.wikipedia.org/wiki/Physical_unclonable_function, accessed on 2016-11-20.
[41] QEMU wiki, https://en.wikipedia.org/wiki/QEMU, accessed on 2016-11-20.
[42] Reactor pattern wiki, https://en.wikipedia.org/wiki/Reactor_pattern, accessed on 2016-11-18.
[43] Reputation system wiki, https://en.wikipedia.org/wiki/Reputation_system, accessed on 2016-10-20.
[44] Rohit Jain, Sunil Prabhakar, “Guaranteed Authenticity and Integrity of Data from Untrusted Servers”, IEEE 30th International Conference on Data Engineering (ICDE), May 2014.
[45] Susmita J A Nair, Anitha K L, Rosita F Kamala, “Trusted Third Party Authentication in Cloud Computing”, International Journal of Engineering Research & Technology, November 2013.
[46] TAP wiki, https://en.wikipedia.org/wiki/TUN/TAP, accessed on 2016-11-20.
[47] Tiago Brito, Nuno O. Duarte, Nuno Santos, “ARM TrustZone for Secure Image Processing on the Cloud”, IEEE 35th Symposium on Reliable Distributed Systems Workshops, 2016.
[48] TLS wiki, https://en.wikipedia.org/wiki/Transport_Layer_Security, accessed on 2016-11-18.
[49] Top 10 Reasons People Aren’t Embracing the IoT, http://www.ioti.com/iot-trends-and-analysis/top-10-reasons-people-aren-t-embracing-iot, IoT Institute, 2016.
[50] TPM wiki, https://en.wikipedia.org/wiki/Trusted_Platform_Module, accessed on 2016-10-20.
[51] TTP model wiki, https://en.wikipedia.org/wiki/Trusted_third_party, accessed on 2016-11-18.
[52] UUID wiki, https://en.wikipedia.org/wiki/Universally_unique_identifier, accessed on 2016-11-18.
[53] V Sriram, Ganesh Narayan, K Gopinath, “SAFIUS - A secure and accountable filesystem over untrusted storage”, in Security in Storage Workshop. SISW ’07. Fourth International IEEE, 2007.
[54] virtio wiki, https://wiki.libvirt.org/page/Virtio, accessed on 2016-11-20.
[55] Wireless security wiki, https://en.wikipedia.org/wiki/Wireless_security, accessed on 2016-11-18.
[56] XTerm wiki, https://zh.wikipedia.org/wiki/Xterm, accessed on 2016-11-20.
[57] 物聯網之信賴挑戰, http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=3461, IT’s通訊, 2015.
[58] 政府機關(構)資通安全責任等級分級作業規定, http://www.rootlaw.com.tw/LawContent.aspx?LawID=A040020001002900-1040120, 行政院國家資通安全技術服務中心, 2015.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2017-02-17起公開。
  • 同意授權校外瀏覽/列印電子全文服務,於2017-02-17起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw