Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

A Secure BLE Integration Authentication System for a BLE Device Control Server based on Physical Web and Eddystone

Physical Web과 Eddystone 기반 BLE 디바이스 컨트롤 서버를 위한 안전한 BLE 통합 인증 시스템

  • 남춘성 (성균관대학교 컨버젼스연구소) ;
  • 정현희 (성균관대학교 전자전기컴퓨터공학과) ;
  • 신동렬 (성균관대학교 정보통신대학)
  • Received : 2016.04.26
  • Accepted : 2016.08.01
  • Published : 2016.10.15
⟨ Previous Next ⟩

Abstract

Physical Web and Eddystone can be serviced by a single integrated application on the device by using their servers' URL. However, they have a limitation that their servers must be customized for service characteristics on a case by case basis. In other words, regardless of the service selected for BLE, it should have a modified linkage application for each device. Hence, we think that a new integrated service platform, which is able to link and support its Beacon from the central server and is also able to support its application, is needed for achieving better service quality. This platform consists of push (Broadcasting for Beacon service) parts and pull (Connection) parts to establish communication. Especially, Pull should be operated and controlled under the authorization (secure) management for safe and trustable communication. It means that BLE must have its new authorization communications protocol to protect its data as much as possible. In this paper, we propose a BLE integrated authorization protocol for a BLE device control server based on Physical Web and Eddystone.

Physical Web과 Eddystone은 하나의 통합된 어플리케이션에서 URL을 통해 각각의 서버에서 서비스를 구현하는 방식으로 단 하나의 어플리케이션으로 작동할 수 있다. 하지만, 각 BLE 디바이스의 역할을 위해서는 BLE 디바이스에 맞는 어플리케이션이 따로 존재해야만 한다. 이를 극복하기 위해 BLE 디바이스 컨트롤 서버를 통해 각 제조사와 Beacon을 연동하고 통합된 어플리케이션을 지원하기 위한 새로운 플랫폼이 필요하다. 이는 Beacon의 서비스를 위한 Push(Broadcasting)와 관리를 위한 Pull(Connection)을 모두 담당하게 해야 되며, 특히 Pull과 같은 경우에는 권한을 통해서 관리가 가능해야 한다. 이를 위해 BLE 통신에서 새롭고 안전한 통신 프로토콜이 필요하다. 이에 본 논문은 Physical Web 및 Eddystone 기반의 BLE 디바이스 컨트롤 서버에서 보안이 적용된 기기 제어를 위한 BLE 통합 인증 시스템을 제안한다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. D.Y.Kim, S.H.Kim, at el., "Internet of Things Technology and Development Direction," KICS, Journal of Information and Communication, Vol. 28, No. 9, pp. 49-57. Sept. 2011. (in Korean)
  2. C.S.Pyo, H.Y.Kang. at el., "IoT(M2M) Technology Trends and Development Prospects," KICS, Journal of Information and Communication, Vol. 30, No. 8, pp. 3-10. Sept. 2013. (in Korean)
  3. Andy Cavallini "iBeacons Bible 2.0" [Online] Available: https://meetingofideas.files.wordpress.com/2014/06/ibeacon-bible-2-0.pdf (downloaded 2016, Aug. 4)
  4. "Beacon, emerging as a critical infrastructure location-based services," Communication promation bureau Media industry promation department, Trend and prospect: broadcast.communication.propagation, No. 73, pp. 30-40, Apr. 2014.
  5. "Bluetooth core specification," [Online]. Available : https://www.bluetooth.com/specifications/bluetoothcore-specification
  6. "Eddystone Protocol Specification," [Online]. Available: https://github.com/google/eddystone
  7. H.Jung, H.S.Kim, "Secure Hash-Based Password Authentication Protocol Using Smartcards," Proc. of ICCSA 2011 LNCS 6786, pp. 593-606, 2011.
  8. H.Jung, H.S.Kim, "Smartcard-Based User Authentication Protocol over Home Network," Proc. of Future Information Technology, Application, and Service, Vol. 164, pp. 181-189, 2012.
  9. C.G.Ma, D.Wang, S.D.Zhao, "Security flaws in two improved remote user authentication schemes using smart cards," International Journal of Communication Systems, Vol. 27, pp. 2215-2227, Nov. 2012.
  10. "Physical Web Project," [Online]. Available: http://google.github.io/physical-web/
  11. "Physical Web Github," [Online]. Available: https://github.com/google/physical-web
  12. G.H.Woo, "Using Guide of Google's Physical Web," communications protocols Lab, Kyungpook University, Dec 2014. [Online]. Available: http://protocol.knu.ac.kr/tech/CPL-TR-14-06-Physical-Web.pdf (downloaded 2016, Aug. 4)
  13. G.K.Muhammad, M.F.Sheik, I.Y.Chong, "WoO Based IoT Service Provisioning with the Cooperation of Physical Web," Proc. of KCC 2015, pp. 1179-1181, Jun. 2015.
  14. S.J.Kim, D.E.Cho, "Technology Trends for IOT Security," The Journal of the Korea Contents Association, Vol. 13, No. 1, pp. 31-35, Korea, Mar. 2015. (in Korean)
  15. H.Jung, D.R.Shin, K.S.Cho, C.S.Nam, "BLE-OTP Authorization Mechanism for iBeacon Network Security," Journal of KIISE, Vol. 42, No. 8, pp. 979-989, Seoul, Korea, Aug. 2015. https://doi.org/10.5626/JOK.2015.42.8.979
  16. M. Mrissa, L. Medini, Jean-Paul Jamont, N. le sommer, J. Laplac, "An Avatar Architecture for the Web of Things," IEEE Internet Computing, Vol. 16, Apr. 2015.
  17. A. Freier, P. Karlton, P. Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0," Request for Comments 6101, Aug 2011. [Online]. Available: https://tools.ietf.org/html/rfc6101 (downloaded 2016, Aug. 4)
  18. E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.3," Request for Comments (Internet-Draft), Dec 2015. [Online]. Available: https://tools.ietf.org/html/draft-ietf-tls-rfc5246-bis-00 (downloaded 2016, Aug. 4)
  19. S.W.Kim, Y.W.Lim, H.K.Lim, "Security and Future Direction on Physical Web," Proc. of KIIT Summer Conference, pp. 326-328, Jun. 2015. (in Korean)