防止物聯網系統憑證的不當複製

Abstract

物聯網服務供應商需要安全機制來防止非法使用他們所提供的服務。一般來說，可以透過驗證使用者的憑證並以此憑證來認證他以提供服務給他。在這個研究之中，我們考慮一種情境，惡意使用者他只幫其中一個裝置支付費用，但他卻把這個裝置的憑證部署到其他的裝置上，藉此方式騙過驗證機制以順利使用物聯網服務供應商提供的服務。 為了處理重複部署憑證的問題，我們在物聯網標準oneM2M定義的安全架構上設計了兩個預防機制。此外我們還將這兩個預防機制實作在物聯網平台OM2M上，並且評估這兩個機制的耗能與效能以便找出最適合的預防機制作為物聯網服務供應商的參考。

The IoT/M2M service providers need security mechanisms to avoid illegal usage of the service. Normally, this can be accomplished by using the certificate to authenticate the device before providing the service. In this research, we consider the situation where a malicious user attempts to pay only for the service of a device but deploy the same certificate for many other devices to access the service illegally. To address this problem of duplicate certificates, we design two prevention mechanisms on top of the security framework defined in the oneM2M standard. Furthermore, we implement these two protection mechanisms on the OM2M platform and evaluate them in terms of their cost and performance in order to find the most suitable one for service providers.