DOI QR코드

DOI QR Code

M2M 환경의 디바이스 키 보호를 위한 암호 알고리즘 응용 기법

Encryption Algorithm Technique for Device's key Protect in M2M environment

  • 최도현 (숭실대학교 컴퓨터학과) ;
  • 박중오 (동양미래대학 정보통신공학과)
  • Choi, Do-Hyeon (Computer Science, Soongsil University) ;
  • Park, Jung-Oh (Information & Communication Engineering, DongYang Mirae University)
  • 투고 : 2015.08.08
  • 심사 : 2015.10.20
  • 발행 : 2015.10.28

초록

현재 M2M 환경은 다양한 서비스가 기관 및 기업이나 일상생활로 확대되면서 관련 기술의 보안 취약성 발생 가능성이 이슈화되고 있다. 본 논문은 이러한 보안 취약성 문제를 해결하기 위해 M2M 환경의 디바이스 키 보호를 위한 암호 알고리즘 응용 기법을 제안한다. 제안 기법은 타원곡선 암호 기반으로 초기 키 교환과 서명 교환을 통해 보안 세션을 생성하였고, 화이트박스 암호는 보안 세션 키를 이용하여 화이트박스 테이블을 생성하는 암호화에 응용하였다. 암호 알고리즘 적용 결과, 타원곡선 암호는 통신 세션에 대한 경량 화된 상호인증, 세션 키 보호를 제공하고, 화이트 박스 암호는 기존 암호 알고리즘과는 다른 방식으로 암호화에 사용되는 세션 키 보호를 보장하였다. 제안하는 프로토콜은 데이터변조 및 노출, 중간자 공격, 데이터 위조 및 변조 공격에 대해 안전한 장점이 있다.

With the diverse services of the current M2M environment being expanded to the organizations, the corporations, and the daily lives, the possibility of the occurrence of the vulnerabilities of the security of the related technologies have become an issue. In order to solve such a problem of the vulnerability of the security, this thesis proposes the technique for applying the cryptography algorithm for the protection of the device key of the M2M environment. The proposed technique was based on the elliptic curve cryptography Through the key exchange and the signature exchange in the beginning, the security session was created. And the white box cipher was applied to the encryption that creates the white box table using the security session key. Application results cipher algorithm, Elliptic Curve Cryptography provides a lightweight mutual authentication, a session key for protecting the communication session and a conventional white-box cipher algorithm and was guaranteed the session key used to encrypt protected in different ways. The proposed protocol has secure advantages against Data modulation and exposure, MITM(Man-in-the-middle attack), Data forgery and Manipulation attack.

키워드

참고문헌

  1. KISA(Korea Internet Security Agency), "Internet Security Issue", 2012.
  2. Cisco, "Cisco Visual Networking Index: Forecast and Methodology, 2013-2018", Cisco, 2014.
  3. KIET(Korea's Industrial Economy & Trade), "Activating the Internet of Things (IoT)", 2014.
  4. TTA(Telecommunications Technology Association), "Machine-to-Machine(M2M) Security protocol for communication Standardization", 2013.
  5. ITU(International Telecommunication Union), "ITU Kaleidoscope Academic Conference", 2013.
  6. TTA(Telecommunications Technology Association), "ITU-T SG17 International conference", 2014.
  7. ITU-T SG17, "TD 0721, Koji Nakao, Report of Working Party 1/17, Fundamental security Geneva", p.15-24, 2014.
  8. ITU-T SG17, "TD 0722, Sacid Sarikaya, Report of Working Party 2/17, Network and information security, Geneva", p.15-24, 2014.
  9. ETSI, "ETSI TS 102 689 V2.1.1", ETSI, 2013.
  10. ETSI, "ETSI TS 102 690 V2.2.0", ETSI, 2014.
  11. Barbara Pareglio, Ericsson, "Overview of ETSI M2M Architecture", ETSI, 2011.
  12. FI-WARE, "ETSI M2M Architecture Overview", http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/ETSI_M2M_Architecture_Overview, FI-WARE, (2014).
  13. (TTA)Telecommunications Technology Association, "M2M Device Middleware Platform", 2012.
  14. Wen-Quan JIN, Do-Hyeun Kim, "Implementation and Experiment of CoAP Protocol Based on IoT for Verification of Interoperability", The Journal of The Institute of Internet, Broadcasting and Communication, 2014.
  15. Daniel R. L. Brown, "SEC 1: Elliptic Curve Cryptography", Certicom, 2009.
  16. Daniel R. L. Brown, "SEC 2: SEC 2: Recommended Elliptic Curve Domain Parameters", Certicom, 2010.
  17. Kristin, Lauter, "The advantages of elliptic curve cryptography for wireless security", IEEE Wireless communication, 2004.
  18. Seung-Cheol Go, Gilh-Yeon Nam, "Elliptic Curve Cryptography Implementation WIPO Patents" Korea Institude of Information Security & Cryptology, 2011.
  19. NOKIA Corporation, "Method, apparatus and computer program product for efficient elliptic curve cryptography", PCT, WO 2010/0034886, 2010.
  20. ATMEL Corporation, "Modular reduction using a special form of the modulus", PCT, WO 2009/091748, 2009.
  21. Thomson Licensing, "An Apparatus and a emthod for calculating a multiple of a point on Ecliptic Curve", PCT, WO 2009/095492, 2009.
  22. S Chow, et al, "A white-box DES implementation for DRM applications", In Digital Rights Management (pp. 1-15). Springer Berlin Heidelberg, 2003.
  23. Shin hyo-Kim, Yun kyung-Lee, Byung ho-Chung, "Analysis on Trends for White-Box Cryptography and Its Application Technology", ETRI, 2010.
  24. Chow, Stanley, et al, "White-box cryptography and an AES implementation", Selected Areas in Cryptography. Springer Berlin Heidelberg, 2003.
  25. Joye, Marc, "On white-box cryptography", Proceedings of the 1st International Conference Security of Information and Networks, 2008.
  26. Xiao, Yaying and Xuejia Lai, "A secure implementation of white-box AES" Computer Science and its Applications, 2009. CSA 09. 2nd International Conference on IEEE, 2009.