Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Device Authentication System in IoT environment

IoT 환경의 단말 인증 시스템

  • Dong-Yeon, Kang (Department of Information Security, Tongmyong University) ;
  • Ji-Soo, Jeon (Department of Information Security, Tongmyong University) ;
  • Sung-Hwa, Han (Department of Information Security, Tongmyong University)
  • Received : 2022.11.28
  • Accepted : 2022.12.14
  • Published : 2023.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.

IoT는 전통적인 정보 서비스뿐만 아니라 다양한 분야에서 활용되고 있다. 특히 스마트 홈, 스마트 해양, 스마트 에너지나 스마트 팜 등 많은 융합 IT 분야에서 IoT 기술을 활용하고 있다. IoT 기반 정보 서비스의 서버에 대하여, 지정된 프로토콜을 사용하는 IoT 단말은 신뢰된 객체이다. 그래서 악의적 공격자는 인가되지 않은 IoT device를 사용하여 IoT 기반 정보 서비스 접근, 인가되지 않은 중요 정보에 접근 후 이를 변조하거나 외부에 유출할 수 있다. 본 연구에서는 이러한 문제점을 개선하기 위하여 IoT 기반 정보 서비스에서 사용하는 IoT 단말 인증 시스템을 제안한다. 본 연구에서 제안하는 IoT 단말 인증 시스템은 MAC address 등의 식별자 기반 인증을 적용한다. 본 연구에서 제안하는 IoT 단말 인증 기능을 사용하면, 인증된 IoT 단말만 서버에 접근할 수 있다. 본 연구는 비인가 IoT 단말의 세션을 종료하는 방식을 적용하므로, 보다 안전한 단말 인증 방식인 접근 차단에 대한 추가연구가 필요하다.

Keywords

References

  1. A. Zaslavsky, C. Perera and D. Georgakopoulos, "Sensing as a Service and Big Data," in Proceedings of International Conference on Advances in Cloud Computing (ACC), Bangalore, India, 2013.
  2. T. Yoo and H. Chang, "The IT convergence framework design in the internet of things environment," EURASIP Journal on Wireless Communications and Networking, vol. 1, pp. 1-10, Feb. 2013. DOI: 10.1186/1687-1499-2013-53.
  3. D. Mohapatra and B. Subudhi, "Development of a Cost Effective IoT-based Weather Monitoring System," IEEE Consumer Electronics Magazine, vol. 11, no. 5, pp. 81-86, Sep. 2022. DOI: 10.1109/MCE.2021.3136833.
  4. A. M. Joshi, P. Jain and S. P. Mohanty, "Secure-iGLU: A Secure Device for Noninvasive Glucose Measurement and Automatic Insulin Delivery in IoMT Framework," in Proceedings of 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), Limassol, Cyprus, pp. 440-445, Jul. 2020. DOI: 10.1109/ISVLSI49217.2020.00-17.
  5. D. A. Vyas, D. Bhatt, and D. Jha, "IoT: Trends, Challenges and Future Scope," International Journal of Computer Science & Communication, no. 7, vol. 1, pp. 186-197, Sep.-Mar. 2015-2016. DOI: 10.090592/IJCSC.2016.028.
  6. W. Alnahari and M. T. Quasim, "Authentication of IoT Device and IoT Server Using Security Key," in Proceedings of 2021 International Congress of Advanced Technology and Engineering (ICOTEN), Taiz, Yemen, pp. 1-9, 2021. DOI: 10.1109/ICOTEN52080.2021.9493492.
  7. R. Khan, S. U. Khan, R. Zaheer, and S. Khan, "Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges," in Proceedings of 2012 10th international conference on frontiers of information technology, Islamabad, Pakistan, pp. 257-260, 2012. DOI: 10.1109/FIT.2012.53.
  8. S. Hameed, F. I. Khan, and B. Hameed, "Understanding Security Requirements and Challenges in Internet of Things (IoTs): A review," Journal of Computer Networks and Communications, vol. 2019, 9629381, Jan. 2019. DOI: 10.1155/2019/9629381.
  9. S. Tweneboah-Koduah, K. E. Skouby, and R. Tadayoni, "Cyber Security Threats to IoT Applications and Service Domains," Wireless Personal Communications, vol. 95, no.1, pp. 169-185, May 2017. DOI: 10.1007/s11277-017-4434-6.
  10. J. Ahamed and A. V. Rajan, "Internet of Things (IoT): Application systems and security vulnerabilities," in Proceedings of 2016 5th International conference on electronic devices, systems and applications (ICEDSA), Ras Al Khaimah, United Arab Emirates, pp. 1-5, Dec. 2016. DOI: 10.1109/ICEDSA.2016.7818534.
  11. B. Ondiege, M. Clarke, and G. Mapp, "Exploring a New Security Framework for Femote Patient Monitoring Devices," Computers, vol. 6, no. 1, 11, Feb. 2017. DOI: 10.3390/computers6010011.
  12. A. I. Newaz, A. K. Sikder, M. A. Rahman, and A. S. Uluagac, "A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses," ACM Transactions on Computing for Healthcare, vol. 2, no. 3, pp. 1-44, Jul. 2021. DOI: 10.1145/3453176.
  13. M. Imdad, D. W. Jacob, H. Mahdin, Z. Baharum, S. M. Shaharudin, and M. S. Azmi, "Internet of things (IoT); security requirements, attacks and counter measures," Indonesian Journal of Electrical Engineering and Computer Science, vol. 18, no. 3, pp. 1520-1530, Jun. 2020. DOI: 10.11591/ijeecs.v18.i3.pp1520-1530.
  14. M. M. Hossain, M. Fotouhi, and R. Hasan, "Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things," in Proceedings of 2015 ieee world congress on services, New York: NY, USA, pp. 21-28, 2015. DOI: 10.1109/SERVICES.2015.12.