Please use this identifier to cite or link to this item:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/67237
Title: | 物聯綱中對動態使用者與裝置的高效金鑰管理 An Efficient Key Management Scheme for Dynamic Users and Devices in Internet of Things |
Authors: | Yi-Hsuan Kung 龔逸軒 |
Advisor: | 蕭旭君(Hsu-Chun Hsiao) |
Keyword: | 物聯網,團體金鑰管理, Internet of Things,Group Key Management, |
Publication Year : | 2017 |
Degree: | 碩士 |
Abstract: | 隨著物聯網的發展,為了防止未授權者取得裝置所收集的敏感資
訊,建立存取控制成為重要的課題。實行存取控制時,若裝置與使用 者間能夠建立加解密資料用的共享金鑰、裝置以此金鑰對資料進行加 密並傳輸加密的資料、且擁有存取權的使用者們皆可使用此金鑰進行 解密,則能夠免於依賴一個需要隨時在線上處理認證與存取控制的單 位。然而,現行的團體金鑰管理系統並沒有辦法有效率地處理因物聯 網規模的擴張及現實環境中使用者與裝置之間動態變化的存取關係而 引出的新挑戰。在這篇論文中,我們提出的方法其核心發想源自於觀 察出,現實中擁有類似屬性的裝置―例如功能性類似或擁有相同隱私 層級―通常擁有相似的存取條件限制或由同一群使用者所使用。藉由 裝置分類的技術將所有裝置分類至數量固定的群組中,能夠在維持理 想的安全層級下有效減少系統處理變化時所耗費的資源。此篇論文提 供理論上的數據分析以及展示可行性、利用Alljoyn 框架的概念實作。 With the widespread of Internet of Things (IoT) devices that collect sensitive data, access control is more crucial than ever to safeguard such data from unauthorized use. To enforce access control policies without an on-line trusted entity, one promising approach is to maintain a group key shared between the device and its current subscribers, such that the device can encrypt its data and only users with the same group key can access the encrypted data. However, prior group key management schemes fail to efficiently address new challenges introduced by the scale of IoT and the dynamic memberships of both users and devices. This thesis proposes an efficient group key management method to accommodate multiple users as well as devices and to handle frequent membership changes. Inspired by the observation that devices with similar functionalities often have similar access permissions, the core idea of the proposed method is to integrate existing group key management scheme with device grouping techniques to improve efficiency while maintaining a decent security level. The thesis provides both theoretical analysis and a proof-of-concept implementation based on Alljoyn, an open-source IoT communication framework to demonstrate the feasibility of the proposed method. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/67237 |
DOI: | 10.6342/NTU201702761 |
Fulltext Rights: | 有償授權 |
Appears in Collections: | 資訊工程學系 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
ntu-106-1.pdf Restricted Access | 1.88 MB | Adobe PDF |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.