Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Mutual Authentication Method for Hash Chain Based Sensors in IoT Environment

IoT 환경에서 해시 체인 기반 센서 상호 인증 기법

  • 이광형 (서일대학교 소프트웨어공학과) ;
  • 이재승 (숭실대학교 컴퓨터공학과)
  • Received : 2018.09.17
  • Accepted : 2018.11.02
  • Published : 2018.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Internet of Things technology is an intelligent service that connects all objects to the Internet and interacts with them. It is a technology that can be used in various fields, such as device management, process management, monitoring of restricted areas for industrial systems, as well as for navigation in military theaters of operation. However, because all devices are connected to the Internet, various attacks using security vulnerabilities can cause a variety of damage, such as economic loss, personal information leaks, and risks to life from vulnerability attacks against medical services or for military purposes. Therefore, in this paper, a mutual authentication method and a key-generation and update system are applied by applying S/Key technology based on a hash chain in the communications process. A mutual authentication method is studied, which can cope with various security threats. The proposed protocol can be applied to inter-peer security communications, and we confirm it is robust against replay attacks and man-in-the-middle attacks, providing data integrity against well-known attacks in the IoT environment.

사물인터넷 기술은 모든 사물을 인터넷에 연결하고 상호 작용하는 지능형 서비스로 군사지역의 탐색 목적은 물론 산업시스템에서의 디바이스 관리, 공정 관리, 비인가 지역의 모니터링 등 다양한 분야에 활용 가능한 기술이다. 하지만, 모든 기기들이 인터넷에 연결됨에 따라, 보안 취약점을 이용하는 다양한 공격으로 경제적 손실이나 개인정보 유출 등 다양한 피해를 발생 시키고 있으며, 추후 의료 서비스나 군사적 목적의 취약점 공격을 이용할 경우 인명 피해까지 발생할 수 있다. 따라서, 제안하는 논문에서는 통신 과정에서 해시체인 기반의 S/Key기술을 적용하여 디바이스간 상호인증과 키 생성과 갱신 등의 시스템을 도입함으로서 다양한 보안위협에 대응할 수 있는 상호인증 방법에 대해 연구 하였다. 제안하는 프로토콜은 이기종간 보안 통신에 적용 가능하며, IoT 환경에서 잘 알려진 공격인 재사용 공격, 중간자 공격, 데이터 무결성 등에 안전함을 확인할 수 있었다.

Keywords

SHGSCZ_2018_v19n11_303_f0001.png 이미지

Fig. 1. Initial design based on hash chain

SHGSCZ_2018_v19n11_303_f0002.png 이미지

Fig. 2. Sensor Node -MN Authentication Protocol

SHGSCZ_2018_v19n11_303_f0003.png 이미지

Fig. 3. Sensor-MN Communication Protocol

Table 1. Proposed Notation

SHGSCZ_2018_v19n11_303_t0001.png 이미지

Table 2. Security Analysis

SHGSCZ_2018_v19n11_303_t0002.png 이미지

References

  1. YICK, Jennifer; MUKHERJEE, Biswanath; GHOSAL, Dipak. Wireless sensor network survey. Computer networks, 52.12: 2292-2330. 2008. DOI: https://doi.org/10.1016/j.comnet.2008.04.002
  2. ZHANG, Zhi-Kai, et al. IoT security: ongoing challenges and research opportunities. In: Service-Oriented Computing and Applications (SOCA), 2014 IEEE 7th International Conference on. IEEE, pp. 230-234. 2014. DOI: https://doi.org/10.1109/soca.2014.58
  3. XU, Teng; WENDT, James B.; POTKONJAK, Miodrag. Security of IoT systems: Design challenges and opportunities. In: Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design. IEEE Press, pp. 417-423. 2014. DOI: https://doi.org/10.1109/iccad.2014.7001385
  4. RIAHI, Arbia, et al. A systemic approach for IoT security. In: Distributed Computing in Sensor Systems (DCOSS), 2013 IEEE International Conference on. IEEE, pp. 351-355. 2013. DOI: https://doi.org/10.1109/dcoss.2013.78
  5. MAHMOUD, Rwan, et al. Internet of things (IoT) security: Current status, challenges and prospective measures. In: Internet Technology and Secured Transactions (ICITST), 2015 10th International Conference for. IEEE, pp. 336-341. 2015. DOI: https://doi.org/10.1109/icitst.2015.7412116
  6. ZHAO, Kai; GE, Lina. A survey on the internet of things security. In: Computational Intelligence and Security (CIS), 2013 9th International Conference on. IEEE, pp. 663-667. 2013. DOI: https://doi.org/10.1109/cis.2013.145
  7. WURM, Jacob, et al. Security analysis on consumer and industrial iot devices. In: Design Automation Conference (ASP-DAC), 2016 21st Asia and South Pacific. IEEE, pp. 519-524. 2016. DOI: https://doi.org/10.1109/aspdac.2016.7428064
  8. RIAHI, Arbia, et al. A systemic and cognitive approach for IoT security. In: Computing, Networking and Communications (ICNC), 2014 International Conference on. IEEE, pp. 183-188. 2014. DOI: https://doi.org/10.1109/iccnc.2014.6785328
  9. YAO, Xuanxia, et al. A lightweight multicast authentication mechanism for small scale IoT applications. IEEE Sensors Journal, 13.10: 3693-3701. 2013. DOI: https://doi.org/10.1109/jsen.2013.2266116
  10. N. Haller, Bellcore, The S/KEY One-Time Password System, February 1995. DOI: https://doi.org/10.17487/rfc1760
  11. PARK, Joonggil. The development of a one-time password mechanism improving on S/KEY. Korea Institute of Information Security & Cryptology, 9.2: 25-35. 1999.
  12. ZHANG, Yuan, et al. Training Demand Analysis for Airlines Safety Manager Based on Improved OTP Model. In: International Conference on Human-Computer Interaction. Springer, Cham, pp. 334-342. 2018. DOI: https://doi.org/10.1007/978-3-319-92285-0_46
  13. Pawani Porambage, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, Mika Ylianttila, "Two-phase Authentication Protocol for Wireless Sensor Networks in Distributed IoT Applications", IEEE Wireless Communications and Networking Conference (WCNC), 04. 06. 2014. DOI: https://doi.org/10.1109/wcnc.2014.6952860
  14. Farash, Mohammad Sabzinejad, Turkanovic Muhamed, Kumari Saru, and Marko Holbl. "An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment." Ad Hoc Networks 36, 152-176. 2016. DOI: https://doi.org/10.1016/j.adhoc.2015.05.014
  15. Baruah, Khanjan Ch, Banerjee Subhasish, Dutta Manash P, Bhunia Chandan T. "An improved biometric-based multi-server authentication scheme using smart card." International Journal of Security and Its Applications 9.1, 397-408. 2015. DOI: https://doi.org/10.14257/ijsia.2015.9.1.38