在物聯網越來越普及的這個時代，我們所面臨的資安問題不再侷限在個人電腦上，家中的電視冰箱等都有可能成為駭客攻擊的對象。當企業將自家產品傳感器佈署在管轄不到的範圍中，企業要如何確保所佈署的傳感器是否被入侵？若傳感器接收的訊息會傳送至企業內部的伺服器，攻擊者便有可能進一步滲透到企業內部。
在正常情況下，傳感器每隔一段固定時間，傳送特定封包格式（beacon）來告訴伺服器目前此傳感器還在線上。由於傳感器不在企業能夠防禦的範圍內，攻擊者能夠拿到實體的機器，若攻擊者將實體記憶體的內容全數載下，透過反編譯技術將原始碼重現，傳感器內部的行為攻擊者是能夠完全模仿的。
為了防止特定封包格式被模仿，本文提出以一次性密碼（One Time Password）來替代，並透過傳送執行檔的方式以及亂數的驗證來確保客戶端所執行的程式是安全的。在第四章會介紹一次性密碼的傳送以及偵測。

In this era of increasingly popular Internet of things, we are facing the problem of security which is no longer limited to personal computers, on the contrary home TVs, refrigerators and so forth may also be the objects of hacker attacks. When the enterprises deployed sensors on their own product out of the controllable range, how does the enterprises make sure that the deployment of the sensor is not invaded? If the messages captured by the sensor were ready to be sent to the server in the enterprise, the attacker could probably able to penetrate into the enterprise further.
Under normal circumstances, the sensor will send a specific packet format (beacon) during a fixed period of time, to tell the server that the sensor is still online. Because the sensor is not within the defense range of the enterprise, the attacker may be able to grab the entity of the machine. If the attacker loaded all the contents of the physical memory and reproduced the source code through the disassembly techniques, the behaviors within the sensor would be able to be imitated by the attacker completely.
In order to prevent a particular format of packets from being imitated, this article proposes an alternative method to ensure that the program executed by the client is secure by using the One Time Password mechanism, sending executable files and verifying of the random numbers. In the fourth chapter, the transmission and detection of the one-time passwords will be introduced.

[1] Z. Dawy, W. Saad, A. Ghosh, J. G. Andrews, and E. Yaacoub, "Towards massive machine type cellular communications" in IEEE Wireless Communications Magazine, 2016.
[2] OVH DDoS. [Online]. Available: http://www.ithome.com.tw/news/108660
[3] KrebsOnSecurity Hit With Record DDoS. [Online]. Available: https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
[4] R. H. Weber, "Internet of things–new security and privacy challenges" Computer Law & Security Review, 2010.
[5] Marketing Opportunities for the Internet of Things. [Online]. Available: http://www.ironpaper.com/webintel/articles/marketing-opportunities-for-the-internet-of-things/
[6] Kai Zhao , Lina Ge, "A Survey on the Internet of Things Security" in International Conference on Computational Intelligence and Security, 2013.
[7] Teng Xu, James B. Wendt, and Miodrag Potkonjak, "Security of IoT systems: design challenges and opportunities" in International Conference on Computer-Aided Design, 2014.
[8] Zhi-Kai Zhang, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei Hsu, Chong-Kuan Chen, Shiuhpyng Shieh, "IoT Security: Ongoing Challenges and Research Opportunities" in International Conference on Service-Oriented Computing and Applications, 2014.
[9] M.U. Farooq, Muhammad Waseem, Anjum Khairi, Sadia Mazhar, "A Critical Analysis on the Security Concerns of Internet of Things (IoT)" in International Journal of Computer Applications, 2015.
[10] Rabi Prasad Padhy, Manas Ranjan Patra, Suresh Chandra Satapathy, "Cloud Computing: Security Issues and Research Challenges" in International Journal of Computer Science and Information Technology & Security, 2011.
[11] Bhupendra Singh Thakur, Sapna Chaudhary, "Content Sniffing Attack Detection in Client and Server Side: A Survey" in International Journal of Advanced Computer Research, 2013
[12] Abdul Fuad Abdul Rahman, Maslina Daud, Madihah Zulfa Mohamad, "Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework" in International Conference on Internet of things and Cloud Computing, 2016.
[13] Freddy K Santoso, Nicholas C H Vun , "Securing IoT for Smart Home System" in International Symposium on Consumer Electronics, 2015.
[14] Ari Luotonen and Kevin Altis, "World-Wide Web Proxies" in Computer Networks and ISDN Systems, 1994.
[15] Hal Roberts, Ethan Zuckerman, Jillian York, Robert Faris and John Palfrey, "2010 Circumvention Tool Usage Report", 2010.
[16] Markus Hager, Maik Debes, Sebastian Schellenberg and Jochen Seitz, "IP-based access to sensor networks enabled by a transparent proxy server", in International Conference on Information Networking, 2013.
[17] Encrypting One Time Passwords (EOTP). [Online]. Available: https://defuse.ca/eotp.htm.
[18] Leslie Lamport, "Password authentication with insecure communication", Communications of the ACM, 1981.
[19] Shubham Srivastava, "On the generation of alphanumeric one time passwords" in International Conference on Inventive Computation Technologies, 2016.
[20] Wikipedia. RSA (cryptosystem) - Wikipedia, the free encyclopedia[Online]. Available: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
[21] Jae Woo Park, Young Tae Yun. Apparatus and method for detecting self-executable compressed file [Online]. Available: https://www.google.com/patents/US20080127038
[22] Wikipedia. /dev/random - Wikipedia, the free encyclopedia[Online]. Available: https://en.wikipedia.org/wiki//dev/random#cite_note-3
[23] urandom. [Online]. Available: https://linux.die.net/man/4/urandom
[24] Arati Baliga, Pandurang Kamat and Liviu Iftode, "Lurking in the Shadows: Identifying Systemic Threats to Kernel Data (Short Paper)" in Symposium on Security and Privacy, 2007.
[25] Raspberry Pi. [Online]. Available: https://en.wikipedia.org/wiki/Raspberry_Pi
[26] Anders Fongen, "Identity Management and Integrity Protection in the Internet of Things" in International Conference on Emerging Security Technologies, 2012.
[27] Whitfield Diffie, Paul C. Van Oorschot, Michael J. Wiener, "Authentication and Authenticated Key Exchanges" in Designs, Codes and Cryptography, pp 107–125, 1992.
[28] Yaman Sharaf-Dabbagh and Walid Saad, "On the authentication of devices in the Internet of things" in International Symposium on A World of Wireless, Mobile and Multimedia Networks, 2016.