Publications-Theses
Article View/Open
Publication Export
Google ScholarTM
NCCU Library
Citation Infomation
Related Publications in TAIR
| Title | 基於W3C Web of Things架構設計智慧家庭閘道器的認證與維運機制 On Authentication and Operations for Smart Home Gateways Based on the W3C Web of Things Architecture |
| Creator | 朱筑筠 Chu, Chu-Yun |
| Contributor | 廖峻鋒 Liao, Chun-Feng 朱筑筠 Chu, Chu-Yun |
| Key Words | 智慧家庭 Web of Things CWMP Smart Home RESTful API OAuth 2.0 JWT |
| Date | 2025 |
| Date Issued | 3-Mar-2025 14:02:51 (UTC+8) |
| Summary | 本研究探討智慧家庭閘道器的管理與安全性,旨在提升其互通性、事件通知 效率及通訊安全。針對 CWMP (CPE WAN Management Protocol)傳統架構在 維運過程中的效率瓶頸,本論文引入 Web of Things (WoT) 的概念,透過 RESTful API 替代 SOAP-based RPC 方法,並採用 WebSocket 和 Webhook 取 代 CWMP 的 Inform 機制,以改善事件通知的靈活性及即時性。此外,引入 OAuth 2.0 和 JSON Web Tokens (JWT) 強化設備間的身份驗證和授權,確保 CPE 與 ACS 之間的通訊安全。在實驗部分,本研究針對原 CWMP 架構與引入 WoT 優化後的系統進行效率和負載的比較,並深入分析兩種通知機制的即時性表現, 透過上述實作,以驗證提升 CWMP 協議系統維運效率和增強其通訊安全性。 This thesis explores the management and security of smart home gateways, aiming to enhance their interoperability, event notification efficiency, and communication security. To address the efficiency bottlenecks in the traditional CWMP (CPE WAN Management Protocol) architecture during operation and maintenance, this thesis introduces the concept of the Web of Things (WoT). The thesis replaces SOAP-based RPC methods with RESTful APIs and substitutes the CWMP Inform mechanism with WebSocket and Webhook to improve the flexibility and real-time performance of event notifications. Furthermore, OAuth 2.0 and JSON Web Tokens (JWT) are implemented to strengthen authentication and authorization between devices, ensuring secure communication between the CPE and ACS. In the experimental phase, the thesis compares the performance and load handling capabilities of the original CWMP architecture with the WoT-optimized system and conducts an in-depth analysis of the real-time performance of the two notification mechanisms. Through these implementations, the thesis validates the improvement of CWMP protocol efficiency and enhances its communication security. |
| 參考文獻 | [1] R. F. Al-Mutawa and F. Albouraey Eassa, "A Smart Home System based on Internet of Things," arXiv e-prints, 2020. [Online]. Available: arXiv:2009.05328. [2] S. K. Datta and C. Bonnet, "Advances in Web of Things for IoT Interoperability," presented at the ICCE-TW, 2018. [3] P. Wang, F. Ye and X. Chen, "A Smart Home Gateway Platform for Data Collection and Awareness," IEEE Communications Magazine, vol. 56, no. 9, pp. 87-93, Sept. 2018, doi: 10.1109/MCOM.2018.1701217. [4] I. Basicevic, "An analysis of the TR069 (CWMP) protocol," in 2023 46th MIPRO ICT and Electronics Convention (MIPRO), Opatija, Croatia, 2023, pp. 460-465, doi: 10.23919/MIPRO57284.2023.10159841 [5] M. Kovatsch, R. Matsukura, M. Lagally, T. Kawaguchi, K. Toumura, and K. Kajimoto, "Web of Things (WoT) Architecture," W3C Recommendation, Apr. 9, 2020. [Online]. Available: https://www.w3.org/TR/wot-architecture/ [6] World Wide Web Consortium, "SOAP Version 1.1," May 8, 2000. [Online]. Available: https://www.w3.org/TR/2000/NOTE-SOAP-20000508/ [7] R. T. Fielding, "Architectural Styles and the Design of Network-based Software Architectures," Ph.D. dissertation, Univ. of California, Irvine, 2000. [8] C. -F. Liao and Y. -R. Chen, "Resource-Oriented Architecture for Smart Home Operations Management Platforms," in 2018 International Conference on Platform Technology and Service (PlatCon), Jeju, Korea (South), 2018, pp. 1-6, doi: 10.1109/PlatCon.2018.8472751. [9] T. Karla and J. Tarnawski, "Soft real-time communication with WebSocket and WebRTC protocols: Performance analysis for web-based control loops," in 2019 24th International Conference on Methods and Models in Automation and Robotics (MMAR), 2019, pp. 1-6 [10] Hillen, Ben & Passchier, Igor & Matthijssen, E.F. & den Hartog, Frank & Selgert, Franklin. (2008). Remote Management of Mobile Devices with Broadband Forum's TR-069. 1 - 19. 10.1109/NETWKS.2008.4763676 [11] I. Ristemi, M. A. Trpkovska and B. Cico, "MyGitIssues Web Application as a Solution in Dealing with Issues on GitHub," in 2019 8th Mediterranean Conference on Embedded Computing (MECO), Budva, Montenegro, 2019, pp. 1- 4, doi: 10.1109/MECO.2019.8760175. 90 [12] T. -Y. Chung et al., "MUL-SWoT: A Social Web of Things Platform for Internet of Things Application Development," in 2014 IEEE International Conference on Internet of Things (iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom), Taipei, Taiwan, 2014, pp. 296-299, doi: 10.1109/iThings.2014.53. [13] L. Sciullo, C. Aguzzi, M. Di Felice and T. S. Cinotti, "WoT Store: Enabling Things and Applications Discovery for the W3C Web of Things," in 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 2019, pp. 1-8, doi: 10.1109/CCNC.2019.8651786. [14] M. Kovatsch, R. Matsukura, M. Lagally, T. Kawaguchi, K. Toumura, and K. Kajimoto, "Web of Things (WoT) Thing Description," W3C Recommendation, Dec. 5, 2023. [Online]. Available: https://www.w3.org/TR/wot-thing- description11/ [15] World Wide Web Consortium (W3C), “Web of Things (WoT) Scripting API,” W3C Working Group Note, Oct. 3, 2023. [Online]. Available: https://www.w3.org/TR/2023/NOTE-wot-scripting-api-20231003/ [16] I. Zyrianoff, L. Gigli, F. Montori, C. Aguzzi, S. Kaebisch and M. Di Felice, "Seamless Integration of RESTful Web Services with the Web of Things," 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), Pisa, Italy, 2022, pp. 427-432, doi: 10.1109/PerComWorkshops53856.2022.9767531. [17] R. Sardar and T. Anees, "Web of Things: Security Challenges and Mechanisms," IEEE Access, vol. 9, pp. 31695-31711, 2021, doi: 10.1109/ACCESS.2021.3057655. [18] J. A. Martins, A. Mazayev and N. Correia, "Hypermedia APIs for the Web of Things," IEEE Access, vol. 5, pp. 20058-20067, 2017, doi: 10.1109/ACCESS.2017.2755259. [19] P. Philippaerts, D. Preuveneers and W. Joosen, "Revisiting OAuth 2.0 Compliance: A Two-Year Follow-Up Study," in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 521-525, doi: 10.1109/EuroSPW59978.2023.00064. [20] K. Dodanduwa and I. Kaluthanthri, "Role of Trust in OAuth 2.0 and OpenID Connect," in 2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS), Colombo, Sri Lanka, 2018, pp. 1-4, doi: 10.1109/ICIAFS.2018.8913384. [21] S. Ahmed and Q. Mahmood, "An authentication based scheme for applications using JSON web token," in 2019 22nd International Multitopic Conference 91 (INMIC), Islamabad, Pakistan, 2019, pp. 1-6, doi: 10.1109/INMIC48123.2019.9022766 [22] Jánoky LV, Levendovszky J, Ekler P. An analysis on the revoking mechanisms for JSON Web Tokens. International Journal of Distributed Sensor Networks. 2018;14(9). doi:10.1177/1550147718801535 [23] D. Guinard, V. Trifa and E. Wilde, "A resource oriented architecture for the Web of Things," 2010 Internet of Things (IOT), Tokyo, Japan, 2010, pp. 1-8, doi: 10.1109/IOT.2010.5678452. [24] F. Paganelli, S. Turchi and D. Giuli, "A Web of Things Framework for RESTful Applications and Its Experimentation in a Smart City," IEEE Systems Journal, vol. 10, no. 4, pp. 1412-1423, Dec. 2016, doi: 10.1109/JSYST.2014.2354835. [25] C. Pautasso, O. Zimmermann, and F. Leymann, "Restful web services vs. 'big' web services: Making the right architectural decision," in the 17th International Conference on World Wide Web*, 2008, pp. 805-814 [26] L. Gao, C. Zhang, and L. Sun, "RESTful Web of Things API in Sharing Sensor Data," in 2011 International Conference on Internet Technology and Applications, Wuhan, China, 2011, pp. 1-4. doi: 10.1109/ITAP.2011.6006157. [27] L. Cruz-Piris, D. Rivera and M. Vega-Barbas, "Methodology for massive configuration of OAuth 2.0 tokens in large IoT scenarios," in 2020 16th International Conference on Intelligent Environments (IE), Madrid, Spain, 2020, pp. 5-12, doi: 10.1109/IE49459.2020.9154940 [28] P. Solapurkar, "Building secure healthcare services using OAuth 2.0 and JSON web token in IOT cloud scenario," in 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I), Greater Noida, India, 2016, pp. 99-104, doi: 10.1109/IC3I.2016.7917942 [29] C. -F. Liao and W. Yi Ching, “Toward a CWMP and OAuth Compatible Operations Management Architecture for Smart Home Services” |
| Description | 碩士 國立政治大學 資訊科學系 111753113 |
| 資料來源 | http://thesis.lib.nccu.edu.tw/record/#G0111753113 |
| Type | thesis |
| dc.contributor.advisor | 廖峻鋒 | zh_TW |
| dc.contributor.advisor | Liao, Chun-Feng | en_US |
| dc.contributor.author (Authors) | 朱筑筠 | zh_TW |
| dc.contributor.author (Authors) | Chu, Chu-Yun | en_US |
| dc.creator (作者) | 朱筑筠 | zh_TW |
| dc.creator (作者) | Chu, Chu-Yun | en_US |
| dc.date (日期) | 2025 | en_US |
| dc.date.accessioned | 3-Mar-2025 14:02:51 (UTC+8) | - |
| dc.date.available | 3-Mar-2025 14:02:51 (UTC+8) | - |
| dc.date.issued (上傳時間) | 3-Mar-2025 14:02:51 (UTC+8) | - |
| dc.identifier (Other Identifiers) | G0111753113 | en_US |
| dc.identifier.uri (URI) | https://nccur.lib.nccu.edu.tw/handle/140.119/155967 | - |
| dc.description (描述) | 碩士 | zh_TW |
| dc.description (描述) | 國立政治大學 | zh_TW |
| dc.description (描述) | 資訊科學系 | zh_TW |
| dc.description (描述) | 111753113 | zh_TW |
| dc.description.abstract (摘要) | 本研究探討智慧家庭閘道器的管理與安全性,旨在提升其互通性、事件通知 效率及通訊安全。針對 CWMP (CPE WAN Management Protocol)傳統架構在 維運過程中的效率瓶頸,本論文引入 Web of Things (WoT) 的概念,透過 RESTful API 替代 SOAP-based RPC 方法,並採用 WebSocket 和 Webhook 取 代 CWMP 的 Inform 機制,以改善事件通知的靈活性及即時性。此外,引入 OAuth 2.0 和 JSON Web Tokens (JWT) 強化設備間的身份驗證和授權,確保 CPE 與 ACS 之間的通訊安全。在實驗部分,本研究針對原 CWMP 架構與引入 WoT 優化後的系統進行效率和負載的比較,並深入分析兩種通知機制的即時性表現, 透過上述實作,以驗證提升 CWMP 協議系統維運效率和增強其通訊安全性。 | zh_TW |
| dc.description.abstract (摘要) | This thesis explores the management and security of smart home gateways, aiming to enhance their interoperability, event notification efficiency, and communication security. To address the efficiency bottlenecks in the traditional CWMP (CPE WAN Management Protocol) architecture during operation and maintenance, this thesis introduces the concept of the Web of Things (WoT). The thesis replaces SOAP-based RPC methods with RESTful APIs and substitutes the CWMP Inform mechanism with WebSocket and Webhook to improve the flexibility and real-time performance of event notifications. Furthermore, OAuth 2.0 and JSON Web Tokens (JWT) are implemented to strengthen authentication and authorization between devices, ensuring secure communication between the CPE and ACS. In the experimental phase, the thesis compares the performance and load handling capabilities of the original CWMP architecture with the WoT-optimized system and conducts an in-depth analysis of the real-time performance of the two notification mechanisms. Through these implementations, the thesis validates the improvement of CWMP protocol efficiency and enhances its communication security. | en_US |
| dc.description.tableofcontents | 致謝 1 ABSTRACT 3 圖目錄 6 表目錄 8 第1章 緒論 9 1.1 研究背景 9 1.2 研究動機 10 1.3 研究目標 11 第2章 技術背景與相關研究 15 2.1 CWMP 15 2.1.1 CWMP 基本架構概述 15 2.1.2 CWMP 主要功能 16 2.2 WEB OF THINGS (WOT) 17 2.2.1 WoT Architecture 18 2.2.2 Thing Description 18 2.2.3 WoT Scripting API 20 2.2.4 OAuth 2.0 和JWT 21 2.3 相關研究應用 24 第3章 系統設計 26 3.1 CWMP 方法與WOT資源模型的轉換設計 26 3.3.1 CWMP 對應WoT資源模型的映射關係 28 3.3.2 靜態式描述文件與動態式描述文件 31 3.3.3 基於CWMP RPC的靜態式描述文件設計 33 3.2 資源操作的邏輯實現 44 3.2.1 動態操作邏輯基於Thing Description的實現 46 3.3 基於 WEBSOCKET、WEBHOOK的事件通知機制 53 3.3.1 Event 事件機制 54 3.3.2 原有的Inform事件通知機制 55 3.3.3 基於 Web Event Notification 的事件處理設計 56 3.4 基於OAUTH2.0的存取控制和授權機制 62 3.4.1 OAuth 2.0 與 JWT 的介紹 62 3.4.2 TD 中的OAuth2.0 定義 64 3.4.3 JWT 的生成與使用流程 65 3.4.4 事件通知的應用場景 67 3.4.5 WebSocket和 Webhook的JWT驗證差異 69 第4章 系統實作 70 4.1 開發環境 70 4.2 使用OAUTH2.0 設定的實作環境 72 4.3.1 新系統設定 76 4.3.2 DU模組更新 78 4.3.4 故障與無回應管理 80 4.3.5 通知傳達失敗機制 80 第5章 系統評估 82 5.1 ACS發送不同CPE數量請求的回應時間 82 5.2 ACS對不同DU數量進行更新的網路流量 83 5.3 不同訂閱通知機制的人數比例延遲比較 84 5.4 安全機制比較 86 第6章 結論與未來工作 88 6.1 結論 88 6.2 未來工作 89 參考文獻 90 | zh_TW |
| dc.format.extent | 3853143 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.source.uri (資料來源) | http://thesis.lib.nccu.edu.tw/record/#G0111753113 | en_US |
| dc.subject (關鍵詞) | 智慧家庭 | zh_TW |
| dc.subject (關鍵詞) | Web of Things | en_US |
| dc.subject (關鍵詞) | CWMP | en_US |
| dc.subject (關鍵詞) | Smart Home | en_US |
| dc.subject (關鍵詞) | RESTful API | en_US |
| dc.subject (關鍵詞) | OAuth 2.0 | en_US |
| dc.subject (關鍵詞) | JWT | en_US |
| dc.title (題名) | 基於W3C Web of Things架構設計智慧家庭閘道器的認證與維運機制 | zh_TW |
| dc.title (題名) | On Authentication and Operations for Smart Home Gateways Based on the W3C Web of Things Architecture | en_US |
| dc.type (資料類型) | thesis | en_US |
| dc.relation.reference (參考文獻) | [1] R. F. Al-Mutawa and F. Albouraey Eassa, "A Smart Home System based on Internet of Things," arXiv e-prints, 2020. [Online]. Available: arXiv:2009.05328. [2] S. K. Datta and C. Bonnet, "Advances in Web of Things for IoT Interoperability," presented at the ICCE-TW, 2018. [3] P. Wang, F. Ye and X. Chen, "A Smart Home Gateway Platform for Data Collection and Awareness," IEEE Communications Magazine, vol. 56, no. 9, pp. 87-93, Sept. 2018, doi: 10.1109/MCOM.2018.1701217. [4] I. Basicevic, "An analysis of the TR069 (CWMP) protocol," in 2023 46th MIPRO ICT and Electronics Convention (MIPRO), Opatija, Croatia, 2023, pp. 460-465, doi: 10.23919/MIPRO57284.2023.10159841 [5] M. Kovatsch, R. Matsukura, M. Lagally, T. Kawaguchi, K. Toumura, and K. Kajimoto, "Web of Things (WoT) Architecture," W3C Recommendation, Apr. 9, 2020. [Online]. Available: https://www.w3.org/TR/wot-architecture/ [6] World Wide Web Consortium, "SOAP Version 1.1," May 8, 2000. [Online]. Available: https://www.w3.org/TR/2000/NOTE-SOAP-20000508/ [7] R. T. Fielding, "Architectural Styles and the Design of Network-based Software Architectures," Ph.D. dissertation, Univ. of California, Irvine, 2000. [8] C. -F. Liao and Y. -R. Chen, "Resource-Oriented Architecture for Smart Home Operations Management Platforms," in 2018 International Conference on Platform Technology and Service (PlatCon), Jeju, Korea (South), 2018, pp. 1-6, doi: 10.1109/PlatCon.2018.8472751. [9] T. Karla and J. Tarnawski, "Soft real-time communication with WebSocket and WebRTC protocols: Performance analysis for web-based control loops," in 2019 24th International Conference on Methods and Models in Automation and Robotics (MMAR), 2019, pp. 1-6 [10] Hillen, Ben & Passchier, Igor & Matthijssen, E.F. & den Hartog, Frank & Selgert, Franklin. (2008). Remote Management of Mobile Devices with Broadband Forum's TR-069. 1 - 19. 10.1109/NETWKS.2008.4763676 [11] I. Ristemi, M. A. Trpkovska and B. Cico, "MyGitIssues Web Application as a Solution in Dealing with Issues on GitHub," in 2019 8th Mediterranean Conference on Embedded Computing (MECO), Budva, Montenegro, 2019, pp. 1- 4, doi: 10.1109/MECO.2019.8760175. 90 [12] T. -Y. Chung et al., "MUL-SWoT: A Social Web of Things Platform for Internet of Things Application Development," in 2014 IEEE International Conference on Internet of Things (iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom), Taipei, Taiwan, 2014, pp. 296-299, doi: 10.1109/iThings.2014.53. [13] L. Sciullo, C. Aguzzi, M. Di Felice and T. S. Cinotti, "WoT Store: Enabling Things and Applications Discovery for the W3C Web of Things," in 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 2019, pp. 1-8, doi: 10.1109/CCNC.2019.8651786. [14] M. Kovatsch, R. Matsukura, M. Lagally, T. Kawaguchi, K. Toumura, and K. Kajimoto, "Web of Things (WoT) Thing Description," W3C Recommendation, Dec. 5, 2023. [Online]. Available: https://www.w3.org/TR/wot-thing- description11/ [15] World Wide Web Consortium (W3C), “Web of Things (WoT) Scripting API,” W3C Working Group Note, Oct. 3, 2023. [Online]. Available: https://www.w3.org/TR/2023/NOTE-wot-scripting-api-20231003/ [16] I. Zyrianoff, L. Gigli, F. Montori, C. Aguzzi, S. Kaebisch and M. Di Felice, "Seamless Integration of RESTful Web Services with the Web of Things," 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), Pisa, Italy, 2022, pp. 427-432, doi: 10.1109/PerComWorkshops53856.2022.9767531. [17] R. Sardar and T. Anees, "Web of Things: Security Challenges and Mechanisms," IEEE Access, vol. 9, pp. 31695-31711, 2021, doi: 10.1109/ACCESS.2021.3057655. [18] J. A. Martins, A. Mazayev and N. Correia, "Hypermedia APIs for the Web of Things," IEEE Access, vol. 5, pp. 20058-20067, 2017, doi: 10.1109/ACCESS.2017.2755259. [19] P. Philippaerts, D. Preuveneers and W. Joosen, "Revisiting OAuth 2.0 Compliance: A Two-Year Follow-Up Study," in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands, 2023, pp. 521-525, doi: 10.1109/EuroSPW59978.2023.00064. [20] K. Dodanduwa and I. Kaluthanthri, "Role of Trust in OAuth 2.0 and OpenID Connect," in 2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS), Colombo, Sri Lanka, 2018, pp. 1-4, doi: 10.1109/ICIAFS.2018.8913384. [21] S. Ahmed and Q. Mahmood, "An authentication based scheme for applications using JSON web token," in 2019 22nd International Multitopic Conference 91 (INMIC), Islamabad, Pakistan, 2019, pp. 1-6, doi: 10.1109/INMIC48123.2019.9022766 [22] Jánoky LV, Levendovszky J, Ekler P. An analysis on the revoking mechanisms for JSON Web Tokens. International Journal of Distributed Sensor Networks. 2018;14(9). doi:10.1177/1550147718801535 [23] D. Guinard, V. Trifa and E. Wilde, "A resource oriented architecture for the Web of Things," 2010 Internet of Things (IOT), Tokyo, Japan, 2010, pp. 1-8, doi: 10.1109/IOT.2010.5678452. [24] F. Paganelli, S. Turchi and D. Giuli, "A Web of Things Framework for RESTful Applications and Its Experimentation in a Smart City," IEEE Systems Journal, vol. 10, no. 4, pp. 1412-1423, Dec. 2016, doi: 10.1109/JSYST.2014.2354835. [25] C. Pautasso, O. Zimmermann, and F. Leymann, "Restful web services vs. 'big' web services: Making the right architectural decision," in the 17th International Conference on World Wide Web*, 2008, pp. 805-814 [26] L. Gao, C. Zhang, and L. Sun, "RESTful Web of Things API in Sharing Sensor Data," in 2011 International Conference on Internet Technology and Applications, Wuhan, China, 2011, pp. 1-4. doi: 10.1109/ITAP.2011.6006157. [27] L. Cruz-Piris, D. Rivera and M. Vega-Barbas, "Methodology for massive configuration of OAuth 2.0 tokens in large IoT scenarios," in 2020 16th International Conference on Intelligent Environments (IE), Madrid, Spain, 2020, pp. 5-12, doi: 10.1109/IE49459.2020.9154940 [28] P. Solapurkar, "Building secure healthcare services using OAuth 2.0 and JSON web token in IOT cloud scenario," in 2016 2nd International Conference on Contemporary Computing and Informatics (IC3I), Greater Noida, India, 2016, pp. 99-104, doi: 10.1109/IC3I.2016.7917942 [29] C. -F. Liao and W. Yi Ching, “Toward a CWMP and OAuth Compatible Operations Management Architecture for Smart Home Services” | zh_TW |