- 學位論文
無線嵌入式系統之拓撲管理及安全考量
Topology Management with Security Considerations for Wireless Embedded Systems
摘要
資訊技術發展迅速,相關技術已實用至各種應用中。無線嵌入式系統在各類應用中亦扮演著重要角色。由於成本上之考量,這類系統所搭載的硬體資源有限,也造成了在這類系統設計上,須特別考量其所面對的特殊要求。本論文探討如何在無線嵌入式系統所面臨之不同嚴苛條件(如,無線感測器網路),如何在不傷害安全性之前提下降低系統資源消耗並達成工作目標。本論文首先提出一可與於目前大部分預先共享機制(pre-distribution schemes)整合之金鑰管理辦法以大幅降低系統所需之儲存空間需求。我們以降低資源需求角度出發,在此方法中,通訊金鑰將於需要時再透過溝通將兩把已經預先分享之半金鑰(half key)組合而成。此方法可有效降低系統所需之儲存空間,並大幅提高網路連通機率(connectivity)。此外並顯著地降低當有成員被抓取後所產生之影響。我們亦嘗試將此方法與其他具備佈建知識之管理機制整合,並證明當其他方法與我們方法整合後,此方法可進一步降低系統儲存空間之需求,並改善該方法之安全性與連通機率。本論文的第二部分,提出一個將通訊成本、網路連結性、儲存空間、以及安全實施一併考慮的拓樸管理辦法。此方法可在成員不知道整個網路資訊的情況下建出滿足k-connectivity的拓撲。同時,此方法可透過1-connectivity拓撲(此為該拓撲的子拓撲)確保永遠可找到最低成本之路徑。此方法亦被證明是perfect resilience。最後,針對計算能力有限之系統,本論文思考如何兼顧網路服務品質與安全性。我們提 出一允許使用者依照當下所持有裝置之計算能力來建立安全通道之通道建立機制。我們以延展IPSec之使用者便利性為範例。透過我們的機制,使用者無須攜帶著同一臺設備,即可與遠方之網路安全地依照使用者當時持有設備之能力來挑選安全等級且由使用者規範使用時限之安全通道。在本論文中,每個機制皆有分析所提出方法之資源消耗與效能,並以理論證明驗證所提出機制之安全性。所有的機制並透過一連串之實驗來評估其性能。
並列摘要
In recent years, wireless embedded systems quickly emerge in various application domains because of the advance in hardware and software technology. It is of paramount importance to provide proper system designs in resource allocation, due to their natures in resource limitation. This dissertation targets essential issues in the connecting of wireless embedded systems with limited storage space and knowledge of the entire system environment, such as those for wireless sensor networks. We first propose a half-key pre-distribution scheme (HKPS) to reduce the storage requirements without sacrificing the security needs. HKPS was then integrated with the well-known DDHV-D deployment knowledge model. A topology control algorithm is proposed in the second part of the dissertation to have joint consideration of the communication overheads, network connectivity, storage space, and security enforcement. A k-connected topology could be derived without any global information of the network on any network node, and the cost minimization of packet transmissions could be guaranteed for its 1-connected topology, that is a subgraph of the k-connected topology. Perfect resilience could be proved with the proposed topology control algorithm. In the final part of the dissertation, a tunnel construction mechanism is proposed to balance the computing power and the tunnel security. In particular, an IPSec extension is presented so that users could travel without much restriction. A password authenticated key protocol is proposed, and the performance of the proposed approaches were analyzed and evaluated.
參考文獻
延伸閱讀
- 周峻瑋(2019)。嵌入式系統傳輸介面研究〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu201900156
- 徐志蔚(2005)。無線監測格點之設計與實作--應用Linux嵌入式系統〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2005.00525
- 章任竣(2009)。應用於數位家庭之嵌入式無線感測網路平台〔碩士論文,國立虎尾科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0028-2207200918204100
- Lai, Y. P., Chou, S. I., & Su, G. Y. (2007). How Can Wireless Users Identify Themselves with the Security Issues? -the Integrated Vulnerability Management System. 電腦學刊, 18(2), 3-12. https://www.airitilibrary.com/Article/Detail?DocID=19911599-200707-18-2-3-12-a
- Yeh, J. H. (2008). Mobility Management and Energy Efficiency for Next-Generation All-IP Wireless Networks [doctoral dissertation, National Tsing Hua University]. Airiti Library. https://doi.org/10.6843/NTHU.2008.00602