近年來，越來越多開發人員開始將區塊鏈與異質技術結合。其中，因為區塊鏈具有高度去中心化與擴展性，故區塊鏈與物聯網整合服務，又稱 B-IoT (Blockchain-driven IoT services)，受到很大的矚目，也有許多實作原型被提出。由於區塊鏈技術仍在發展階段，因此，建置高品質的B-IoT系統困難度較高。在匯集物聯網裝置中的資料時，裝置間互動機制的設計會對資料的安全性、系統的效能與成本造成極大的影響。此外，由於近年來資安攻擊事件頻繁，許多物聯網開發人員選擇依賴於中心化的存取控制服務來確保系統的安全。然而，若越依賴中心化的存取控制機制，系統的可用性與可維護性則越低。基於上述原因，本論文聚焦於在B-IoT中部署區塊鏈節點的邊界伺服器與物聯網裝置的架構，討論三種可行的資料匯集設計樣式。另一方面，也針對物聯網的存取控制議題進行研究，並提出基於區塊鏈的使用者自主管理存取機制與其設計樣式。最後，本論文以「智慧海運」系統為案例，實作實證系統並進行可行性分析，以引導開發人員縮短開發時間，並建置出具高品質與安全性的系統。

There is an increasing number of software developers that take advantage of blockchain technology in their projects. Meanwhile, IoT (Internet of Things) is recognized as one of the most promising application domains for blockchain technology due to the highly distributed and extensible nature of blockchain. When collecting data in the blockchain-driven IoT services (B-IoT), the security, throughput, and cost of the data are highly affected by the underlying design strategies of the communication and interaction mechanisms. Besides, traditionally IoT systems rely on centralized access control services. However, the more reliance on the centralized access control mechanism, the lower availability, and scalability of the system can be. On these grounds, the objective of this thesis is two folds. First, the design issues of data collection among the edge server and IoT devices in the B-IoT system are investigated. Then, this research also suggests a decentralized access control approach for B-IoT based on UMA (User-Managed Access). Finally, the findings are presented following the design pattern format to make them reusable by other developers. To explain how these patterns work, this thesis also introduces an “Intelligent Refrigerated Shipping Containers” scenario. Moreover, the prototype is implemented based on the proposed patterns to demonstrate the feasibility. Also, several experiments are conducted to evaluate the performance of the system. The results show that the proposed patterns are feasible and are able to realize a decentralized access control within a reasonable cost of response time.

摘要 I
Abstract II
誌謝 III
目錄 IV
圖目錄 VII
表目錄 IX
第1章 緒論 1
1.1 研究背景 1
1.2 研究動機 3
1.3 研究目標 8
第2章 技術背景與相關研究 9
2.1 技術背景 9
2.1.1 區塊鏈與以太坊 9
2.1.2 區塊鏈客戶端與同步模式 10
2.1.3 設計樣式 11
2.1.4 使用者自主管理存取 (User-Managed Access, UMA) 12
2.2 相關研究 16
2.2.1 區塊鏈物聯網整合服務 (B-IoT)與樣式 16
2.2.2 區塊鏈與存取控制 17
2.2.3 智慧海運案例 19
第3章 B-IoT的資料匯集設計樣式 21
3.1 On-chain Edge-initiated Invocation (OEI) 22
3.2 On-chain Device-initiated Provision (ODP) 31
3.3 OFF-chain Edge-initiated Invocation (OFEI) 36
第4章 使用者自主管理存取機制與設計樣式 44
4.1 設計考量 44
4.1.1 B-UMA面臨的挑戰 45
4.2 授權機制角色 46
4.3 B-UMA授權流程 49
4.3.1 第一階段 - 資源保護 49
4.3.2 第二階段 - 取得授權 52
4.3.3 第三階段 - 資源存取 55
4.4 B-UMA的智能合約設計樣式 58
4.4.1 授權與資源管理機制分離 58
4.4.2 被授權用戶註冊 62
4.4.3 Token內部檢查 66
第5章 系統實作 70
5.1 區塊鏈與智能合約 70
5.2 實證系統 71
5.2.1 系統架構 71
5.2.2 軟硬體架構 72
5.3 實證系統介面設計 73
5.3.1 B-IoT的資料匯集設計樣式介面設計 74
5.3.2 B-UMA的介面設計 76
第6章 系統評估 79
6.1 B-IoT的資料匯集設計樣式 79
6.1.1 實驗設計 79
6.1.2 N筆資料匯集完成時間比較 80
6.1.3 記憶體使用量比較 82
6.1.4 CPU使用率比較 83
6.1.5 Gas消耗量比較 84
6.1.6 實驗結果 86
6.2 使用者自主管理存取機制案例分析 87
6.2.1 案例說明 87
6.2.2 安全性分析 93
6.2.3 結果與討論 95
第7章 結論 98
參考文獻 99
附錄 104
附錄一 相關發表著作 104

[1] S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system," 2008.
[2] X. Xu, I. Weber, M. Staples, L. Zhu, J. Bosch, L. Bass, C. Pautasso, and P. Rimba, "A taxonomy of blockchain-based systems for architecture design," in 2017 IEEE International Conference on Software Architecture (ICSA), 2017: IEEE, pp. 243-252.
[3] L. Atzori, A. Iera, and G. Morabito, "The internet of things: A survey," Computer networks, vol. 54, no. 15, pp. 2787-2805, 2010.
[4] P. Brody and V. Pureswaran, "Device democracy: Saving the future of the internet of things," IBM, September, 2014.
[5] J. G. Andrews, S. Buzzi, W. Choi, S. V. Hanly, A. Lozano, A. C. Soong, and J. C. J. I. J. o. s. a. i. c. Zhang, "What will 5G be?," vol. 32, no. 6, pp. 1065-1082, 2014.
[6] Ethereum Foundation. "Light Ethereum Subprotocol (LES)." https://github.com/zsfelfoldi/go-ethereum/wiki/Light-Ethereum-Subprotocol-%28LES%29 (accessed February 4, 2020).
[7] H. Sun, S. Hua, E. Zhou, B. Pi, J. Sun, and K. Yamashita, "Using ethereum blockchain in Internet of Things: A solution for electric vehicle battery refueling," in International Conference on Blockchain, 2018: Springer, pp. 3-17.
[8] F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, and M. Stal, Pattern-Oriented Software Architecture - Volume 1: A System of Patterns. Wiley Publishing, 1996, p. 476.
[9] M. Wöhrer and U. Zdun, "Design patterns for smart contracts in the ethereum ecosystem," in 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018: IEEE, pp. 1513-1520.
[10] M. Wohrer and U. Zdun, "Smart contracts: security patterns in the ethereum ecosystem and solidity," in 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE), 2018: IEEE, pp. 2-8.
[11] X. Xu, C. Pautasso, L. Zhu, Q. Lu, and I. Weber, "A Pattern Collection for Blockchain-based Applications," presented at the Proceedings of the 23rd European Conference on Pattern Languages of Programs, Irsee, Germany, 2018.
[12] J. Eberhardt and S. Tai, "On or off the blockchain? Insights on off-chaining computation and data," in European Conference on Service-Oriented and Cloud Computing, 2017: Springer, pp. 3-15.
[13] C.-F. Liao, C.-C. Hung, and K. Chen, "Blockchain and the Internet of Things: A Software Architecture Perspective," in Business Transformation through Blockchain: Springer, 2019, pp. 53-75.
[14] D. C. Schmidt, M. Stal, H. Rohnert, and F. Buschmann, Pattern-Oriented Software Architecture, Patterns for Concurrent and Networked Objects. John Wiley & Sons, 2013.
[15] D. Evans, "The internet of things: How the next evolution of the internet is changing everything," CISCO white paper, vol. 1, no. 2011, pp. 1-11, 2011.
[16] S. Z. S. Idrus, E. Cherrier, C. Rosenberger, and J.-J. Schwartzmann, "A review on authentication methods," 2013.
[17] A. Z. Ourad, B. Belgacem, and K. Salah, "Using blockchain for IOT access control and authentication management," in International Conference on Internet of Things, 2018: Springer, pp. 150-164.
[18] R. Almadhoun, M. Kadadha, M. Alhemeiri, M. Alshehhi, and K. Salah, "A user authentication scheme of iot devices using blockchain-enabled fog nodes," in 2018 IEEE/ACS 15th International Conference on Computer Systems and Applications (AICCSA), 2018: IEEE, pp. 1-8.
[19] Kantara Initiative. "User-Managed Access (UMA) Core Protocol draft-hardjono-oauth-umacore-00." https://tools.ietf.org/html/draft-maler-oauth-umagrant-00 (accessed February 4, 2020).
[20] E. Maler, "Controlling Data Usage with User-Managed Access (UMA)," in W3C Privacy and Data Usage Control Workshop, Cambridge, 2010.
[21] M. A. Khan and K. Salah, "IoT security: Review, blockchain solutions, and open challenges," Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.
[22] F. L. Viktor Trón. "Go-ethereum." https://github.com/ethereum/go-ethereum (accessed February 4, 2020).
[23] V.Buterin. "A Next-Generation Smart Contract and Decentralized Application Platform." https://github.com/ethereum/wiki/wiki/White-Paper (accessed February 4, 2020).
[24] Ethereum Foundation. "Whisper." https://github.com/ethereum/wiki/wiki/Whisper (accessed February 4, 2020).
[25] Ethereum Foundation. "w3f." https://github.com/w3f/messaging/ (accessed February 4, 2020).
[26] A. M. Antonopoulos and G. Wood, Mastering ethereum: building smart contracts and dapps. O'Reilly Media, 2018.
[27] Truffle Blockchain Group. "Ganache." https://www.trufflesuite.com/ganache (accessed February 4, 2020).
[28] D. Puthal and S. P. J. I. P. Mohanty, "Proof of Authentication: IoT-Friendly Blockchains," vol. 38, no. 1, pp. 26-29, 2019.
[29] C. Alexander, The timeless way of building. New York: Oxford University Press, 1979.
[30] E. Gamma, Design patterns: elements of reusable object-oriented software. Pearson Education India, 1995.
[31] L. Cruz-Piris, D. Rivera, I. Marsa-Maestre, E. De La Hoz, and J. Velasco, "Access control mechanism for IoT environments based on modelling communication procedures as resources," Sensors, vol. 18, no. 3, p. 917, 2018.
[32] Kantara Initiative, "Kantara Initiative." [Online]. Available: https://kantarainitiative.org/.
[33] K. R. Özyılmaz and A. J. a. p. a. Yurdakul, "Designing a blockchain-based IoT infrastructure with Ethereum, Swarm and LoRa," 2018.
[34] M. Wöhrer and U. Zdun, "Design patterns for smart contracts in the ethereum ecosystem," 2018.
[35] OpenID Foundation. "OpenID." https://openid.net/ (accessed November 1, 2019).
[36] S. Cirani, M. Picone, P. Gonizzi, L. Veltri, and G. Ferrari, "Iot-oas: An oauth-based authorization service architecture for secure services in iot scenarios," IEEE sensors journal, vol. 15, no. 2, pp. 1224-1234, 2014.
[37] A. Z. Ourad, B. Belgacem, and K. Salah, "IOT Access control and Authentication Management via blockchain."
[38] V. A. Siris, D. Dimopoulos, N. Fotiou, S. Voulgaris, and G. C. Polyzos, "OAuth 2.0 meets Blockchain for Authorization in Constrained IoT Environments," arXiv preprint arXiv:1905.01665, 2019.
[39] N. Tapas, G. Merlino, and F. Longo, "Blockchain-based IoT-cloud authorization and delegation," in 2018 IEEE International Conference on Smart Computing (SMARTCOMP), 2018: IEEE, pp. 411-416.
[40] P. Dittmer, M. Veigt, B. Scholz-Reiter, N. Heidmann, and S. Paul, "The intelligent container as a part of the Internet of Things," in 2012 IEEE International Conference on Cyber Technology in Automation, Control, and Intelligent Systems (CYBER), 2012: IEEE, pp. 209-214.
[41] Chainlink Ltd SEZC. "Chainlink." https://chain.link/ (accessed February 4, 2020).
[42] A. Ekblaw, A. Azaria, J. D. Halamka, and A. Lippman, "A Case Study for Blockchain in Healthcare:“MedRec” prototype for electronic health records and medical research data," in Proceedings of IEEE open & big data conference, 2016, vol. 13, p. 13.
[43] E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A. De Caro, D. Enyeart, C. Ferris, G. Laventman, and Y. Manevich, "Hyperledger fabric: a distributed operating system for permissioned blockchains," in Proceedings of the Thirteenth EuroSys Conference, 2018: ACM, p. 30.
[44] Status Research & Development GmbH. "Status." https://status.im/ (accessed February 4, 2020).
[45] brainbot labs Est. "Raiden network." https://raiden.network/ (accessed February 4, 2020).
[46] M. Jones and D. Hardt, "The oauth 2.0 authorization framework: Bearer token usage," RFC 6750, October, 2012.
[47] D. Meyer. "Sign and validate data with solidity." https://github.com/pubkey/eth-crypto/blob/master/tutorials/signed-data.md (accessed February 4, 2020).
[48] Ethereum Foundation. "Security Considerations in Solidity." https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#abstraction-and-false-positives (accessed February 4, 2020).
[49] Ethereum Foundation. "Remix." https://remix.ethereum.org/ (accessed February 4, 2020).
[50] D. Meyer. "eth-crypto." https://github.com/pubkey/eth-crypto?fbclid=IwAR0Qka4PQAAeWK95c-EQwxakZCJlpQgkac-IU-GAsQ5GUrdYq6WJsSWIqhY#txdatabycompiled (accessed February 4, 2020).
[51] A. Bluchet. "pidusage." https://www.npmjs.com/package/pidusage (accessed February 4, 2020).
[52] OpenZeppelin. "solidity-jwt." https://github.com/OpenZeppelin/solidity-jwt (accessed February 4, 2020).
[53] MythX. "MythX." https://mythx.io/ (accessed February 4, 2020).