KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

IoT Multi-Phase Authentication System Using Token Based Blockchain

블록체인 기반의 토큰을 이용한 IoT 다단계 인증 시스템

  • 박환 (목포대학교 정보보호기술학협동과정) ;
  • 김미선 (목포대학교 정보보호학과) ;
  • 서재현 (목포대학교 정보보호학과)
  • Received : 2018.10.11
  • Accepted : 2019.02.26
  • Published : 2019.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

IoT(Internet of Things) security is becoming increasingly important because IoT potentially has a variety of security threats, including limited hardware specifications and physical attacks. This paper is a study on the certification technology suitable for the lightened IoT environment, and we propose a system in which many gateways share authentication information and issue authentication tokens for mutual authentication using blockchain. The IoT node can be issued an authentication token from one gateway to continuously perform authentication with a gateway in the block-chain network using an existing issued token without performing re-authentication from another gateway participating in the block-chain network. Since we do not perform re-authentication for other devices in a blockchain network with only one authentication, we proposed multi phase authentication consisting of device authentication and message authentication in order to enhance the authentication function. By sharing the authentication information on the blockchain network, it is possible to guarantee the integrity and reliability of the authentication token.

IoT(Internet of Things)는 제한적인 하드웨어 사양과 물리적인 공격을 비롯한 다양한 보안 위협 요인을 잠재적으로 가지고 있으므로 IoT 보안에 대한 중요성이 증가하고 있다. 본 논문은 경량화된 IoT 환경에 적합한 인증 기술에 관한 연구로, 블록체인을 이용하여 다수의 게이트웨이들이 인증 정보를 공유하고, 인증 토큰을 발급하여 상호 인증을 수행하는 시스템을 제안하고자 한다. IoT 노드는 한 게이트웨이로부터 인증 토큰을 발급받음으로써 블록체인 네트워크에 참여한 다른 게이트웨이로부터 재인증을 수행하지 않고 기존 발급 받은 토큰을 사용하여 블록체인 네트워크 내 게이트웨이와 인증을 지속적으로 수행할 수 있다. 한번의 인증만으로 블록체인 네트워크내 다른 장치에 대해 재인증을 수행하지 않으므로 인증 기능을 강화하기 위하여 기기 인증과 메시지 인증으로 구성된 다단계 인증을 제안하였다. 인증 정보를 블록체인 네트워크에 분산 공유함으로써 인증 토큰에 대한 무결성 및 신뢰성을 보장할 수 있다.

Keywords

JBCRIN_2019_v8n6_139_f0001.png 이미지

Fig. 1. Token based IoT Muti-phase Authentication Architecture

JBCRIN_2019_v8n6_139_f0002.png 이미지

Fig. 2. Registration Module

JBCRIN_2019_v8n6_139_f0003.png 이미지

Fig. 3. Authentication Token

JBCRIN_2019_v8n6_139_f0004.png 이미지

Fig. 4. Block and Transaction Structure

JBCRIN_2019_v8n6_139_f0005.png 이미지

Fig. 5. Registration Module Protocol Procedure

JBCRIN_2019_v8n6_139_f0006.png 이미지

Fig 6. Phase 1 Authentication Module

JBCRIN_2019_v8n6_139_f0007.png 이미지

Fig. 7. Phase 1 Authentication Protocol Procedure

JBCRIN_2019_v8n6_139_f0008.png 이미지

Fig. 8. Phase 2 Authentication Protocol Procedure

JBCRIN_2019_v8n6_139_f0009.png 이미지

Fig. 9A. Registration Request Messages

JBCRIN_2019_v8n6_139_f0010.png 이미지

Fig. 9B. Sending Registration Permission Message

JBCRIN_2019_v8n6_139_f0011.png 이미지

Fig. 9C. Phase 1 Authentication Request Message

JBCRIN_2019_v8n6_139_f0012.png 이미지

Fig. 9D. Authetication Complete Message

JBCRIN_2019_v8n6_139_f0013.png 이미지

Fig. 9E. Sending Data Message

JBCRIN_2019_v8n6_139_f0014.png 이미지

Fig. 9F. Data Message Confirmation

JBCRIN_2019_v8n6_139_f0015.png 이미지

Fig. 10A. 1st MITM in Regisrtation Module

JBCRIN_2019_v8n6_139_f0016.png 이미지

Fig. 10B. Registration Failed Due To Invalid MI

JBCRIN_2019_v8n6_139_f0017.png 이미지

Fig. 11A. 2nd MITM in Regisrtation Module

JBCRIN_2019_v8n6_139_f0018.png 이미지

Fig. 11B. Registration Failed Due To Invalid y

JBCRIN_2019_v8n6_139_f0019.png 이미지

Fig. 12A. MITM in Phase 1 Authentication Module

JBCRIN_2019_v8n6_139_f0020.png 이미지

Fig. 12B. Phase 1 Authentication Failed Due To Invalid Token

JBCRIN_2019_v8n6_139_f0021.png 이미지

Fig. 13A. MITM in Phase 2 Authentication Module

JBCRIN_2019_v8n6_139_f0022.png 이미지

Fig. 13B. Sending Crafted Data Message

JBCRIN_2019_v8n6_139_f0023.png 이미지

Fig. 13C. Phase 2 Authentication Failed Due To D

JBCRIN_2019_v8n6_139_f0024.png 이미지

Fig. 14A. Protocol Description

JBCRIN_2019_v8n6_139_f0025.png 이미지

Fig. 14B. Specification

JBCRIN_2019_v8n6_139_f0026.png 이미지

Fig. 14C. Verification Results

Table 1. Protocol Marking and Description

JBCRIN_2019_v8n6_139_t0001.png 이미지

Table 2. Deployment Environment

JBCRIN_2019_v8n6_139_t0002.png 이미지

References

  1. H. Park, Y.-S. Park, J.-B. Kim, M.-S. Kim, and J.-H. Seo, "Smart Livestock Barn Monitoring System," CISC-S'18, pp. 309-312, Jun. 2018.
  2. L. Atzoria, A. Ierab, and G. Morabito, "The Internet of Things: A Survey," Computer Networks, Vol.54, Iss.15, pp.2787- 2805, 2010. https://doi.org/10.1016/j.comnet.2010.05.010
  3. Rolf H. Weber, "Internet of Things - New Security and Privacy Challenges," Computer Law & Security Review, Vol. 26, Iss.1, pp.23-30, 2010. https://doi.org/10.1016/j.clsr.2009.11.008
  4. B.-K. Lee, M.-S. Kim, and J.-H. Seo, "Design and Implementation of The Capability Token based Access Control System in the Internet of Things," Journal of The Korea Institute of Informaion Securty & Cryptology, Vol.25, No.2, Apr. 2015.
  5. J.-B. Kim, M.-S. Kim, and J.-H. Seo, "Resource Management Service Model Implemented for the Internet of Things Services Access Control," Smart Media Journal, Vol.5, No. 3, pp.9-16, Sept. 2016.
  6. Sergio Gusmeroli, Salvatore Piccione, and Domenico Rotondi, "A Capability-based Security Approach to Manage Access Control in the Internet of Things," Mathematical and Computer Modelling 58, pp.1189-1205. Sept. 2013. https://doi.org/10.1016/j.mcm.2013.02.006
  7. Ronghua Xu, Yu Chen, Erik Blasch, and Genshe Chen, "A Federated Capability-based Access Control Mechanism for Internet of Things (IoTs)".
  8. A. Dorri, S. S. Kanhere, and R. Jurdak, "Blockchain in Internet of Things: Challenges and Solutions," arXiv Preprint arXiv: 1608.05187, 2016.
  9. A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram, "Blockchain for IoT Security and Privacy: The Case Study of a Smart Home," In IEEE Percom Workshop on Security Privacy and Trust in the Internet of Thing, 2017.
  10. A. Ouaddah, A. Abou Elkalam, and A. Ait Ouahman, "FairAccess: a New Blockchain-based Access Control Framework for the Internet of Things," Security and Communication Networks, pp.5943-5964, 2017. https://doi.org/10.1002/sec.1748
  11. Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, Bitcoin.org, 2009.
  12. S. Y. Son and Y. T. Shin, "A Study on the Agreement Algorithm for Securing IoT Data Integrity Using Blockchain," Proceedings of Symposium of the Korean Institute of Communications and Information Sciences, pp. 1136-1137, Jun. 2018.
  13. Gavin Lowe, Philippa Broadfoot, Christopher Dilloway, and Mei Lin Hui, "Casper-A Compiler ofr the Analysis of Security Protocols User-User Manual and Tutorial," Oxford University Computing Laboratory, www.cs.ox.ac.uk/gavin.lowe/Security/Casper.
  14. S. J. Oh and T. J. Yun, "An RFID Mutual Authentication Protocol Using Tag's ID," Journal of Security Engineering, Vol.14, No.4m, pp.281-292, Aug. 2017. https://doi.org/10.14257/jse.2017.08.05
  15. F. Hu, "Security and Privacy in Internet of Things (IoTs) Models, Algorithms, and Implementations," CRC Press, New York, 2016.
  16. H. S. Kim, "Security Analysis of SSH Authentication Protocol Using Formal Method," Ph.M Dissertation, Chonnam National University, 2005.
  17. H. W. Kim, "A Design of Mutual Authentication Protocol between Heterogeneous Services in the Internet of Things Environment," Ph.D. Dissertation, Soongsil University, Korea, 2017.
  18. J.-B. Kim, M.-S. Kim, and J.-H. Seo, "Implementation and Evaluation of IoT Service System for Security Enhancement," Jouranl of The Korea Institute of Information Security & Cryptologhy, Vol.27, No.2, pp.181-192, Apr. 2017. https://doi.org/10.13089/JKIISC.2017.27.2.181
  19. Mahdi Aiash, Glenford Mapp, Raphael C.-W. Phan, Aboubaker Lasebae, and Jonathan Loo, "A Formally Verified Device Authentication Protocol Using Casper/FDR," https://eprints.mdx.ac.uk/9049/1/PID2344253.pdf.
  20. M. H. Lim, "The Effect, Problems and Implications of Block Chain Technology," Weekly ICT Trends, Vol.1776, pp.2-13, Dec. 16. 2017.
  21. Parwinder Kaur Dhillon, and Sheetal Kalra, "Secure Multifactor Remote user Authentication Scheme for Internet of Things Environments," Wiley, wileyonlinglibrary.com/journal/dac.
  22. R. Y. Choi and K. J. Kim, "New Lightweight Authentication Protocol based on Ring-LPN Problem in the IoT Environment," http://caislab.kaist.ac.kr/publication/paperfiles/2014/FINAL_0024_RY.pdf.
  23. W. S. Bae and J. Y. Lee, "Verification of Safety in a RFID Security Auhtnetication Protocol Using Session and Public Keys," A Study on the Sigital Policy, Vol. 10, No. 10, November. 2012.
  24. Y. D. You and Y. S. Lee, "Improvement of Mutual Authentication Method between IoT devices and Gateway," Proceedings of Symposium of the Korean Insitute of Communications and Information Sciences, pp. 103-104, June. 2015.