跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 史君仲
Chun-Chung Shih
論文名稱: 保護家用IoT 網路的安全機制
MechAnism for household IoT Security Enhancement
指導教授: 張貴雲
Guey-Yun Chang
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
論文出版年: 2017
畢業學年度: 105
語文別: 中文
論文頁數: 48
中文關鍵詞: 樹梅派3入侵偵測入侵防患IoT 安全
外文關鍵詞: Raspberry Pi 3, Intrusion detection, Intrusion response, IoT security
相關次數: 點閱:11下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著網路頻寬、無線網路與其他各種通訊科技的技術結合,任何
    在無線通訊範圍內的惡意攻擊者都很容易去攻擊網路內部的其他無
    線IoT 的裝置。本論文所設計的系統會有sensor 代理人(sensor agent)
    與影子主機(shadow host)。Sensor 代理人(sensor agent) 主要是負責蒐
    集與傳送sensor 裝置的資料到網路當中,而影子主機(shadow host) 是
    當作sensor 代理人(sensor agent) 的虛擬替身。本論文所提出的安全機
    制/系統會利用sensor 代理人與影子主機的身分交換方式來避免sensor
    代理人受到攻擊。也因為sensor 代理人與影子主機的特徵不容易被攻
    擊者給詳細記錄,因此攻擊者很容易會被我們的影子主機給欺騙與困
    住。除此之外,因為成本效益,攻擊者不會花費太多的資源來攻擊一
    個sensor 代理人。攻擊者在入侵到我們真正的sensor agent 之前,需要
    對這些sensor 代理人與影子主機做簡略的掃描與探索,並按照入侵的
    順序來探索這些影子主機。這樣的方式彷彿是將攻擊者困在一個” 迷
    宮”,使攻擊者在達到他攻擊的目標之前(攻擊sensor 代理人),必須先
    經過我們一系列的影子主機。在效能分析當中,我們呈現本篇所提的
    方法/系統是有能力可以在便宜的樹梅派3 去做到一般攻擊的行為的偵
    測與處理。

    With the advent of broadband, wireless networking, and convergence of
    different communication technologies being adopted by HANs, these insiderattack
    incidents have further increased because anyone could breakthrough
    the network and penetrate other insider devices if they are located within
    the wireless communication range. Our proposed security system/mechanism
    uses identity exchange of sensor agents and shadow hosts to redirect the attack.
    Since all the detail and characteristics of every sensor agents and shadow
    hosts cannot not be easily recognized,the attacker may be easily fooled and
    trapped into our shadow hosts. Moreover, it is not cost-effective to assign
    much computing resource to just penetrate one specific sensor agent. This
    forces the attacker to roughly scan and inspect all these shadow hosts one
    by one before reaching to our sensor agents, which resembles a MAZE for
    entrapping the attacker. In our performance analysis, we show that our proposed
    security system/mechanism can even detect and handle general insider
    attacks/intrusion with the limited hardware resources of a Raspberry Pi 3.

    中文摘要i Abstract ii 致謝iii Contents iv List of Figures vi List of Tables vii 1 Introduction 1 1.1 IoT security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 Related work 4 2.1 Preliminary: difference between virtual machine and sandbox . . . . . . 4 2.2 Different types of sandbox implementation . . . . . . . . . . . . . . . . . 5 2.2.1 Sandboxing by jail . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.2 Sandboxing by rule-based execution . . . . . . . . . . . . . . . . 6 2.2.3 Sandboxing by virtual machine . . . . . . . . . . . . . . . . . . 7 2.2.4 Sandboxing by Docker engine . . . . . . . . . . . . . . . . . . . 7 2.3 Open source intrusion detection system (IDS) . . . . . . . . . . . . . . . 8 2.3.1 SNORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3.2 BRO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 iv 2.4 Intrusion response system (IRS) . . . . . . . . . . . . . . . . . . . . . . 9 2.4.1 Notification system . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.4.2 Manual response system . . . . . . . . . . . . . . . . . . . . . . 10 2.4.3 Automated response system . . . . . . . . . . . . . . . . . . . . 10 3 Low cost sandboxing scheme for household IoT networks 11 3.1 Main idea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Intrusion detection system (IDS) . . . . . . . . . . . . . . . . . . . . . . 11 3.3 Intrusion Response System (IRS) . . . . . . . . . . . . . . . . . . . . . . 12 3.4 The detail of MASE (Shadow Host recycling) . . . . . . . . . . . . . . . 13 4 Performance analysis and evaluation 18 4.1 IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.2 IRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.3 Attacks/Intrusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.3.1 Port scanning attack . . . . . . . . . . . . . . . . . . . . . . . . 20 4.3.2 Attack: ping flood (ICMP flood) . . . . . . . . . . . . . . . . . . 20 4.4 Performance evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5 Implementation 24 5.1 System overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5.2 SNORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 5.3 Intrusion detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 5.4 IRS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.5 Identity/Characteristics transfer and checking–IP and MAC addresses setup 29 6 Discussion and conclusion 32 Bibliography 33 Raspberry Pi 3 35

    [1] Gartner 4.9 billion connected ”things” will be in use in 2015, 2014. http://www.
    gartner.com/newsroom/id/2905717.
    [2] Wired News the internet of things is wildly insecure - and often unpatchable,
    2014. http://www.wired.com/2014/01/theres-no-good-way-topatchthe-
    internet-of-things-and-thats-a-\tolerance9999\
    emergencystretch3em\hfuzz.5\p@\vfuzz\hfuzzhuge-problem/.
    [3] The Gaurdian will giving the internet eyes and ears mean the end of privacy?,
    2013. http://www.theguardian.com/technology/2013/may/16/
    internet-of-things-privacy-google.
    [4] BBC News fridge sends spam emails as attack hits smart gadgets, 2014. http:
    //www.bbc.com/news/technology-25780908.
    [5] Security Week hackers attack shipping and logistics firms using malware laden
    handheld scanners, 2016. http://www.securityweek.com/hackersattackshipping-
    and-logistics-firms\tolerance9999\
    emergencystretch3em\hfuzz.5\p@\vfuzz\hfuzz-usingmalware-
    ladenhandheld-scanners.
    [6] Natalia Stakhanova, Samik Basu, and Johnny Wong. A taxonomy of intrusion
    response systems. International Journal of Information and Computer Security,
    1:169–184, 2007.
    33
    [7] Paul Michael Martini and Peter Anthony Martini. Selectively introducing security
    issues in a sandbox environment to elicit malicious application behavior, July 28
    2015. US Patent App. 14/811,797.
    [8] Wikipedia sandbox (computer security), 2017. https://en.wikipedia.
    org/wiki/Sandbox_(computer_security).
    [9] Check Point the sandbox evolved: An advanced solution to defeat the unknown,
    2015. http://blog.checkpoint.com/2015/09/09/thesandbox-
    evolved-an-advanced-solution-to-defeat-the-
    \tolerance9999\emergencystretch3em\hfuzz.5\p@\vfuzz\
    hfuzzunknown/.
    [10] Steven M Silva, Yadong Zhang, Eric Winsborrow, Johnson L Wu, and Craig A
    Schultz. Network infrastructure obfuscation, April 28 2015. a US Patent 9,021,092.
    [11] Hadi Nahari and Ronald L Krutz. Web commerce security: design and development.
    2011.
    [12] Docker platform, 2017. https://docs.docker.com/engine/docker-overview/.
    [13] Surendra Mahajan, Akshay Mhasku Adagale, and Chetna Sahare. Intrusion detection
    system using raspberry pi honeypot in network security. International Journal of
    Engineering Science, 2792, 2016.
    [14] Ar Kar Kyaw, Yuzhu Chen, and Justin Joseph. Pi-ids: evaluation of open-source
    intrusion detection systems on raspberry pi 2. pages 165–170, 2015.
    [15] Richard Lippmann and Andrew Clark. Recent Advances in Intrusion Detection.
    2008.
    [16] TechTarget defense in depth, 2007. http://searchsecurity.
    techtarget.com/definition/defense-in-depth.
    [17] Official snort website, 2017. https://www.snort.org/.

    QR CODE
    :::