電機資訊學院: 電機工程學研究所指導教授: 郭斯彥鄒耀東Tsou, Yao-TungYao-TungTsou2017-03-062018-07-062017-03-062018-07-062015http://ntur.lib.ntu.edu.tw//handle/246246/276535由於感測節點本身資源受限且伴隨著不同屬性及安全層級的隨意佈建，使得確保感測網路中資料通訊安全與存取控制變得格外重要；因此，在本論文中我們的目標是發展一安全、私密儲存且有效率的無線感測網路系統來解決現今未被妥善處理的安全性與效率性的議題。 首先，我們提出一安全機制，叫做MoteSec-Aware，用來解決安全網路協定與資料存取控制議題；MoteSec-Aware主要透過虛擬計數管理者來控制不重覆增加的計數器，並運用此計數器來偵測重送與壅塞攻擊；此外，當使用者想要存取儲存在儲存節點記憶體內的資料，MoteSec-Aware可提供一有效率的鍵值配對方法來驗證使用者的權限。 接下來考慮到存放在儲存節點記憶體內的資料安全，我們將資料加密後儲存在記憶體內，並針對加密資料提出一安全的功能化top-k詢問機制，叫做PCTopk；此安全詢問機制可在兩層感測網路架構下進行多維度資料詢問，並保留資料私密性與完整性。PCTopk運用順序保留對稱加密機制來加密資料，並建構一階層驗證樹，只允許儲存節點可以在加密的環境下有系統地進行資料處理，並使得詢問者可以有效率地驗證詢問結果的完整性。 為了豐富系統的使用性，針對在兩階層感測網路架構下，我們進一步提出了一有效率且安全的機制，叫做SER，來提供匿名範圍詢問；SER可以抵抗多種知名攻擊並允許可以在資料加密的情況下進行資料處理。SER主要可以預防敵人得到存放在儲存節點記憶體內的資料、當被俘虜的儲存節點做出不正常的行為時偵測出他們、在不知道詢問者的身分的情況下驗證他們的權限。此外，我們以限制函數為基礎的驗證方法並被配合以TinyECC為基礎的環狀簽章來建構出環狀過濾驗證機制，使得詢問者可以隱藏他們的身分並允許儲存節點不受到阻斷服務攻擊。Ensuring the security of communication and access control in Wireless Sensor Networks (WSNs) is of paramount importance due to the resource-restricted sensor nodes and due to nodes ubiquitous and pervasive deployment with varying attributes and degrees of security required. In this thesis, our goal will be to develop a “Secure, Privacy-Preserving, and Efficient Wireless Sensor Networks System” by addressing some problems not well solved in the literature. We first propose a secure mechanism, called MoteSec-Aware, to address the security issues of secure network protocol and data access control. MoteSec-Aware aims to detect replay and jamming attacks by using a virtual counter manager with a synchronized incremental counter. It also provides an efficient solution by using Key-Lock Matching method to authenticate various rights for a user who wants to access the data stored in storage nodes’ memories. In the sequence, with the consideration of the data being stored in terms of the ciphertext format in storage nodes’ memories for preserving data privacy, we develop a query model, called PCTopk, for functional top-k query with a combination of multiple conditions/dimensions in two-tiered sensor networks to simultaneously preserve data privacy and correctness (i.e., authenticity and integrity). PCTopk constructs a layered authentication tree, cooperated with an order-preserving symmetric encryption technique, for only permitting storage nodes to systematically process inquired data over encryption domain and enabling querists to efficiently verify the authentic and complete query results. To enrich the utilization of our system, we also provide an efficient and secure mechanism, called SER, for anonymous range query in two-tiered sensor networks with the functionality of resisting several known attacks while still providing required operations directly operates on encrypted data for requested queries. SER mainly prevents adversaries from gaining the information processed by or stored in storage nodes’ memories, detects the compromised storage nodes when they misbehave, and verifies the querists’ privileges without knowing their identities when they query a storage node. In addition, we modified Constrained Function-based Authentication (CFA) and incorporated it in the TinyECC-based ring signature, named RFV, to enable querists to hide their identities and enable storage nodes to resist DoS attacks.9539625 bytesapplication/pdf論文公開時間: 2015/8/11論文使用權限: 同意有償授權(權利金給回饋學校)無線感測網路資料私密性網路安全資料完整性範圍詢問Top-k詢問阻斷服務攻擊Wireless Sensor NetworksData PrivacyNetwork SecurityData CorrectnessRange QueryTop-k QeuryDoS Attacksthesishttp://ntur.lib.ntu.edu.tw/bitstream/246246/276535/1/ntu-104-D99921018-1.pdf