請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/54636
標題: | 安全、私密儲存且有效率的無線感測網路系統 Secure, Privacy-Preserving, and Efficient Wireless Sensor Networks System |
作者: | Yao-Tung Tsou 鄒耀東 |
指導教授: | 郭斯彥 |
關鍵字: | 無線感測網路,資料私密性,網路安全,資料完整性,範圍詢問,Top-k詢問,阻斷服務攻擊, Wireless Sensor Networks,Data Privacy,Network Security,Data Correctness,Range Query,Top-k Qeury,DoS Attacks, |
出版年 : | 2015 |
學位: | 博士 |
摘要: | 由於感測節點本身資源受限且伴隨著不同屬性及安全層級的隨意佈建,使得確保感測網路中資料通訊安全與存取控制變得格外重要;因此,在本論文中我們的目標是發展一安全、私密儲存且有效率的無線感測網路系統來解決現今未被妥善處理的安全性與效率性的議題。
首先,我們提出一安全機制,叫做MoteSec-Aware,用來解決安全網路協定與資料存取控制議題;MoteSec-Aware主要透過虛擬計數管理者來控制不重覆增加的計數器,並運用此計數器來偵測重送與壅塞攻擊;此外,當使用者想要存取儲存在儲存節點記憶體內的資料,MoteSec-Aware可提供一有效率的鍵值配對方法來驗證使用者的權限。 接下來考慮到存放在儲存節點記憶體內的資料安全,我們將資料加密後儲存在記憶體內,並針對加密資料提出一安全的功能化top-k詢問機制,叫做PCTopk;此安全詢問機制可在兩層感測網路架構下進行多維度資料詢問,並保留資料私密性與完整性。PCTopk運用順序保留對稱加密機制來加密資料,並建構一階層驗證樹,只允許儲存節點可以在加密的環境下有系統地進行資料處理,並使得詢問者可以有效率地驗證詢問結果的完整性。 為了豐富系統的使用性,針對在兩階層感測網路架構下,我們進一步提出了一有效率且安全的機制,叫做SER,來提供匿名範圍詢問;SER可以抵抗多種知名攻擊並允許可以在資料加密的情況下進行資料處理。SER主要可以預防敵人得到存放在儲存節點記憶體內的資料、當被俘虜的儲存節點做出不正常的行為時偵測出他們、在不知道詢問者的身分的情況下驗證他們的權限。此外,我們以限制函數為基礎的驗證方法並被配合以TinyECC為基礎的環狀簽章來建構出環狀過濾驗證機制,使得詢問者可以隱藏他們的身分並允許儲存節點不受到阻斷服務攻擊。 Ensuring the security of communication and access control in Wireless Sensor Networks (WSNs) is of paramount importance due to the resource-restricted sensor nodes and due to nodes ubiquitous and pervasive deployment with varying attributes and degrees of security required. In this thesis, our goal will be to develop a “Secure, Privacy-Preserving, and Efficient Wireless Sensor Networks System” by addressing some problems not well solved in the literature. We first propose a secure mechanism, called MoteSec-Aware, to address the security issues of secure network protocol and data access control. MoteSec-Aware aims to detect replay and jamming attacks by using a virtual counter manager with a synchronized incremental counter. It also provides an efficient solution by using Key-Lock Matching method to authenticate various rights for a user who wants to access the data stored in storage nodes’ memories. In the sequence, with the consideration of the data being stored in terms of the ciphertext format in storage nodes’ memories for preserving data privacy, we develop a query model, called PCTopk, for functional top-k query with a combination of multiple conditions/dimensions in two-tiered sensor networks to simultaneously preserve data privacy and correctness (i.e., authenticity and integrity). PCTopk constructs a layered authentication tree, cooperated with an order-preserving symmetric encryption technique, for only permitting storage nodes to systematically process inquired data over encryption domain and enabling querists to efficiently verify the authentic and complete query results. To enrich the utilization of our system, we also provide an efficient and secure mechanism, called SER, for anonymous range query in two-tiered sensor networks with the functionality of resisting several known attacks while still providing required operations directly operates on encrypted data for requested queries. SER mainly prevents adversaries from gaining the information processed by or stored in storage nodes’ memories, detects the compromised storage nodes when they misbehave, and verifies the querists’ privileges without knowing their identities when they query a storage node. In addition, we modified Constrained Function-based Authentication (CFA) and incorporated it in the TinyECC-based ring signature, named RFV, to enable querists to hide their identities and enable storage nodes to resist DoS attacks. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/54636 |
全文授權: | 有償授權 |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-104-1.pdf 目前未授權公開取用 | 9.32 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。