物聯網安全通訊標準與應用

The Standards and Applications of Secure Communications for Internet of Things

陳志華(Chi-Hua Chen)；林邦曄(Bon-Yeh Lin)；吳錦松(Chin-Song Wu)；蕭之彥(Chih-Yen Hsiao)

物聯網 ； 閘道器 ； 探索模組 ； 資訊安全模組 ； 雙向認證 ； Internet of Things ； Gateway ； Discovery Module ； Security Module ； Mutual Authentication

資訊安全通訊

23卷2期（2017 / 04 / 01）

93 - 112

繁體中文

有鑑於介接各式各樣的物聯網終端設備和應用服務，並考量物聯網通訊的安全性，以提升傳輸資料的隱密性、完整性、不可否認性。本研究將參考國際物聯網標準作法，並提出一套三層式架構的物聯網系統，此系統包含有伺服器系統、閘道器、以及終端設備。其中，伺服器系統將可經由中介軟體服務設備與閘道器、終端設備通訊。閘道器和終端設備分別包含通訊模組、探索模組、連線管理模組、資訊安全模組、登錄模組、控制模組、通知模組、設定模組、以及資料模組，以廣泛應用在各種物聯網服務。本研究運用探索模組、連線管理模組、通訊模組，將可探索出網路內的其他終端設備，並與探索到的終端設備建立連線。此外，本研究設計控制模組、資料模組，將可依據共通的控制指令和應用資料內容，對各個終端設備進行控制和管理，並可取得每個終端設備的即時狀態和資訊。並且，本研究設計推播服務設備和通知模組，將可建立非連線導向的單向推播機制，主動將訊息發送至目的設備。最後，在資訊安全考量下，設計資訊安全設備和資訊安全模組，將可進行雙向授權和認證，以確認連線設備可被允許的存取控制列表，並且結合加解密技術保護資料傳輸。

Due to the connections and communications of a variety of Internet of Things (IoT) devices, this study proposes a three-tier IoT system which includes servers, gateways, and devices. The servers can communicate with gateways and devices through middleware server. The gateways and devices include communication module, discovery module, connection management module, security module, registry module, control module, notification module, configuration module and data module for a variety of IoT services and applications. In this study, the discovery module, connection management module and communication module can be used to discover the devices in the local area network and to connect with the discovered devices. Furthermore, common control signals and data schemes can be defined and implemented in the control module and data module to retrieve the real-time information and status of each device for device control and management. Moreover, this study designs a push service server and notification module to obtain a connectionless single-direction push mechanism for actively publishing messages to a target device. Finally, a security server and security modules are designed to perform mutual authorization and authentication according to access control lists and to combine with encryption and decryption techniques for the protection of data transmission.

1. oneM2M, “TS 0001: Functional Architecture,” v1.13.1, 2016.
2. AllSeen Alliance, “Compliance & Certification Program for AllJoyn Certified - Program Management Document,” version 4.0, 2015.
3. Open Interconnect Consortium, “OIC Core Specification,” v1.0.0, 2015..
4. oneM2M, “TS 0009: HTTP Protocol Binding,” v1.5.1, 2016.
5. oneM2M, “TS 0008: CoAP Protocol Binding,” v1.3.2, 2016..
6. oneM2M, “TS 0010: MQTT Protocol Binding,” v1.5.1, 2016.
7. Porter, M.E.,Heppelmann, J.E.(2014).How smart, connected products are transforming competition.Harvard Business Review,92(11),64-88.
8. Porter, M.E.,Heppelmann, J.E.(2015).How smart, connected products are transforming companies.Harvard Business Review,93(10),97-114.