Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Secure Key Management Framework in USN Environment using Certificateless Public Keys

USN 환경에서 비인증서 공개키를 사용하는 보안키 관리 프레임워크

  • Published : 2009.12.15
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose the secure key management framework to connect USN with different network. Although connected USN with different network has no CA (Certificate Authority), it is important to use public key based cryptography system because this network consists of numerous devices. The proposed mechanisms focus on device authentication and public/private key management without existing PKI system of IP network. To solve no CA and certificate problems, the IDC (Identity Based Cryptography) concept is adopted in our proposed mechanism. To verify the possibility of realization, we make an effort to implement the proposed mechanisms to real system. In the test bed, both USN and PLC network are connected to IP network; and proposed mechanisms are implemented to PLC and sensor devices. Through this test using the proposed mechanism, we met the similar performance with symmetric algorithms on key generation and update process. Also, we confirmed possibility of connection between different network and device authentication.

본 논문에서는 USN과 기존 네트워크간 연동을 위한 보안키 관리 프레임워크를 제안한다. USN과 기존 네트워크간 연동은 다양하고 많은 디바이스로 구성되기 때문에, 인증기관(Certificate Authority, CA)의 부재에도 불구하고 공개키 기반의 암호기술이 사용되어야 한다. 제안된 메커니즘은 IP 네트워크의 PKI 시스템의 지원을 받지 못하는 상황에서의 공개키/개인키 관리와 디바이스간 인증에 초점을 두고 있으며, 인증기관 부재의 문제를 해결하기 위해 신원기반 암호화 개념을 도입하였다. 또한, 실제 네트워크에서의 적용가능성 검증에 초점을 두어 USN과 IP 네트워크 그리고 PLC네트워크를 연동하여 테스트베드를 구축하고, 제안 메커니즘을 적용하여 테스트하였다. 이러한 테스트를 통해 보안키 생성, 업데이트 과정에서 대칭키 기반 알고리즘과 유사한 성능을 확인하였고, 네트워크연동 및 장비인증이 가능함을 화인하였다.

Keywords

References

  1. G. Mulligan, "The 6LoWPAN architecture," Proceedings of the 4th workshop on Embedded networked sensor, pp.78-82, 2007
  2. L. Eschenauer and V. Gligor, "A Key-Management Scheme for Distributed Sensor Networks," Proc. Ninth ACM Conf. Computer and Comm. Security, 2002
  3. H. Chan, A. Perrig, and D.Song, "Random Key Predistribution Schemes for Sensor Networks," Proc. IEEE Symp. Security and Privacy, May 2003
  4. Korea Standard, "High Speed Power Line Communication MAC and PHY," KS X4600-1, 2006
  5. A. Shamir, "Identity-based Cryptosystems and Signature Scheme," Proceedings of CRYPTO '84, LNCS 196, pp.47-53, Springer-Verlag, 1984
  6. K. J. Kim, J. Kim, W. D. Yeo, "ID based Cryptography System," 2005 Tech-Issue Emerging S&T Report, KISTI, Dec.2005. (in korean)
  7. D. Bonech and M. Franklin, "Identity-based Encryption from Weil Pairing," Proceedings of CRYPTO 2001, LNCS 2139, pp.213-229, Springer-Verlag, 2001
  8. C. Cocks, "An Identity Based Encryption Scheme Based on Quadratic Residues," Proceedings of IMA 2001, LNCS 2260, pp.360-363, Springer-Verlag, 2001
  9. C. Gentry and A. Silverberg, "Hierarchical ID-Based Cryptography," Proceedings of ASIACRYPT 2002, LNCS 2501, pp.548-566, Springer-Verlag, 2002
  10. M. Bellare, C. Namprempre and G. Neven., "Security Proofs for identity-based identification and signature Scheme," Proceedings of Eurocrypt 2004, LNCS 3027, pp.268-286, Springer-Verlag, 2004
  11. ZigBee Security Services Specification, V1.0, Dec. 2004
  12. A. M. Fiskiran and R. B. Lee, "Workload Characterization of Elliptic Curve Cryptography and other Network Security Algorithm for Constrained Environments," WWC-5, pp.127-137, 2002
  13. M. Rosing, "Implementing Elliptic Curve Crypto graphy," MANNING, 1999