DOI QR코드

DOI QR Code

Shuai등의 스마트 홈 환경을 위한 익명성 인증 기법에 대한 프라이버시 취약점 분석

Privacy Vulnerability Analysis on Shuai et al.'s Anonymous Authentication Scheme for Smart Home Environment

  • 최해원 (DGIST 기술벤처경영) ;
  • 김상진 (경운대학교 항공컴퓨터학과) ;
  • 정영석 (경운대학교 항공컴퓨터학과) ;
  • 류명춘 (경운대학교 항공컴퓨터학과)
  • Choi, Hae-Won (Department of Innovation Management, DGIST) ;
  • Kim, Sangjin (Department of Aeronautical Computer Engineering, Kyungwoon University) ;
  • Jung, Young-Seok (Department of Aeronautical Computer Engineering, Kyungwoon University) ;
  • Ryoo, Myungchun (Department of Aeronautical Computer Engineering, Kyungwoon University)
  • 투고 : 2020.07.29
  • 심사 : 2020.09.20
  • 발행 : 2020.09.28

초록

사물인터넷에 기반한 스마트 홈은 아주 흥미로운 연구와 산업 분야의 하나로 급격한 관심을 받아오고 있다. 하지만 무선 통신 채널의 열린 특성 때문에 보안과 프라이버시는 중요한 이슈가 되었다. 이러한 연구를 위한 노력의 일환으로 Shuai등은 타원곡선암호시스템을 사용하는 스마트 홈 환경을 위한 익명성 인증 기법을 제안하였다. Shuai등은 정형화된 검증과 휴리스틱 보안 분석을 제시하고 그들의 기법이 비동기화 공격과 모바일 장치 분석 공격을 포함한 다양한 공격에 안전하고 사용자 익명성과 비추적성을 제시한다고 주장하였다. 하지만, 본 논문에서는 Shuai등의 기법이 사물인터넷 네트워크 환경에서 제시된 사용자 익명성과 비추적성에 초점을 맞춘 취약점을 도출하였다.

Smart home based on Internet of things (IoT) is rapidly emerging as an exciting research and industry field. However, security and privacy have been critical issues due to the open feature of wireless communication channel. As a step towards this direction, Shuai et al. proposed an anonymous authentication scheme for smart home environment using Elliptic curve cryptosystem. They provided formal proof and heuristic analysis and argued that their scheme is secure against various attacks including de-synchronization attack, mobile device loss attack and so on, and provides user anonymity and untraceability. However, this paper shows that Shuai et al.'s scheme does not provide user anonymity nor untraceability, which are very important features for the contemporary IoT network environment.

키워드

참고문헌

  1. H. Kim. (2017). Data Centric Security and Privacy Research Issues for Intelligent Internet of Things. ICSES Interdisciplinary Transactions on Cloud Computing, IoT, and Big Data, 1(1), 1-2.
  2. Y. Kim. (2019). A Study on Smart Contract for Personal Information Protection. Journal of Digital Convergence, 17(3), 215-220. https://doi.org/10.14400/JDC.2019.17.3.215
  3. H. Kim. (2019). Research Issues on Data Centric Security and Privacy Model for Intelligent Internet of Things based Healthcare. ICSES Transactions on Computer Networks and Communications, 5(2), 1-3.
  4. B. Vaidya, J. H. Park, S. S. Yeo & J. Rodrigues. (2011). Robust one-time password authentication scheme using smart card for home network environment. Computer Communications, 34, 326-336. https://doi.org/10.1016/j.comcom.2010.03.013
  5. H. J. Kim & H. S. Kim. (2011). Auth hotp-hotp based authentication scheme over home network environment. Lecture Notes in Computer Science, 6784, 622-637.
  6. B. Vaidya, D. Makrakis & H. T. Mouftah. (2011). Device authentication mechanism for smart energy home area networks. Proc. of IEEE International Conference on Consumer Electronics, 787-788.
  7. I. H. Cho & K. H. Lee. (2019). A Scheme of User Face Recognition using a Moire Phenomenon in IoT Environment. Journal of Digital Convergence, 17(2), 171-176. https://doi.org/10.14400/JDC.2019.17.2.171
  8. F. K. Santoso & N. C. H. Vun. (2015). Securing IoT for smart home system, Proc. of IEEE International Symposium on Consumer Electronics, 1-2.
  9. H. W. Choi, S. Kim & M. Ryoo. (2019). Cryptanalysis and Solution on Secure Communication Scheme for Healthcare System using Wearable Devices, Journal of Digital Convergence, 17(2), 187-194. https://doi.org/10.14400/JDC.2019.17.2.187
  10. W. J. Lee, K. W. Kim & H. Kim. (2012). Ticket-Based Authentication Protocol Using Attribute Information over Home Network. IEMEK Journal of Embedded Systems Applications, 7(1), 53-59. https://doi.org/10.14372/IEMEK.2012.7.1.053
  11. M. Shuai, N. Yu, H. Wang & L. Xiong. (2019). Anonymous authentication scheme for smart home environment with provable security. Computers & Security, 86, 132-146. https://doi.org/10.1016/j.cose.2019.06.002
  12. H. Kim, E. K. Ryu & S. W. Lee, (2011), Security Considerations on Cognitive Radio based on Body Area Networks for u-Healthcare, Journal of Security Engineering, Vol. 10, No. 1, pp. 9-20.
  13. S. Y. Mun, Y. M. Yun, T. H. Han, S. E. Lee, H. J. Chang, S. Y. Song&H. C. Kim, (2017),Public Awareness of Digital Healthcare Services, Journal of Digital Convergence, Vol. 18, No. 4, pp. 621-629.
  14. J. E. Song, S. H. Kim, M. A. Chung & K. I, Chung, (2007), Security issues and its technology trends in u-Healthcare, Electronics and Telecommunications Trends, Vol. 22, No. 1, pp. 119-129.
  15. T. M. Song & S. H. Jang, (2011), u-Healthcare : Issue and Research Trends, Korea Institute for Health and Social Affairs, pp. 119-129.