KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Interoperable Security Framework for Heterogeneous IoT Platforms

이종 사물인터넷 플랫폼 간 보안 상호운용을 위한 프레임워크

  • 오세라 (세종대학교 정보보호학과) ;
  • 김영갑 (세종대학교 정보보호학과)
  • Received : 2017.12.20
  • Accepted : 2018.02.09
  • Published : 2018.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Due to the dramatic advancement of IoT (Internet of Things), it is expected that tens of billions of IoT devices will be connected by the year 2024. Furthermore, as IoT technologies evolves, the security management in IoT platforms has become a critical issue. For example, there are interworking problems between heterogeneous IoT platforms caused by differences from communication protocols, security policies, etc. in each platform. In addition, unsecured interworking can cause major security issues including the information leakage. In this paper, in order to solve these problems, a security interworking architecture is proposed and implemented in both FIWARE and oneM2M, which are representative IoT platforms. First, the security architecture of FIWARE is analyzed and implemented, and then the security framework based on OAuth 2.0 is developed on Mobius platform. Finally, in order to validate the proposed security interworking architecture, a LED (Light-Emitting Diode) example, where the LED is controlled by only authorized users, is developed. The proposed architecture can be extended to the diverse IoT platforms and devices.

IoT(Internet of Things)의 급격한 발달로 인하여 2024년까지 수백억 개의 IoT 디바이스가 만들어질 것으로 예측되고 있으며, 그러한 IoT 디바이스들에 영향을 미칠 수 있는 IoT 플랫폼의 중요성이 부각되고 있다. 현재 FIWARE, oneM2M, AllJoyn 등의 많은 IoT 플랫폼이 개발되고 있지만 이런 환경에서는 각 IoT 플랫폼의 통신 프로토콜, 보안 정책 등이 상이한 이종성(Heterogeneity)으로 인해 데이터를 연동하거나 보안 인터워킹을 수행하기가 어렵다. 보안이 고려되지 않은 인터워킹은 각종 개인, 기업 정보의 유출 등 심각한 문제를 야기할 수 있다. 이러한 문제를 해결하기 위해, 본 논문에서는 IoT 플랫폼 중에서도 대표적인 IoT 플랫폼인 FIWARE와 oneM2M을 대상으로 보안 인터워킹 구조를 제안하고 구현하였다. 본 논문에서는 해당 보안 인터워킹 구조에서 사용하는 FIWARE의 보안 아키텍처를 분석하고 구현하여 시사점을 도출하고, 현재 공식적인 보안 컴포넌트가 존재하지 않는 oneM2M 플랫폼에 OAuth 2.0 기반의 보안 프레임워크를 개발하였다. 또한, 본 논문에서 제안한 방법을 LED(Light-Emitting Diode) 예제로 개발하여 oneM2M 플랫폼과 FIWARE 플랫폼 간의 인증 및 인가 인터워킹을 수행하였다. 구현된 LED 예제는 인가 받은 사용자에게만 제어될 수 있도록 만들어졌으며, 향후에는 LED 이외의 스마트 홈의 CCTV, 도어 락(Door Lock)과 같이 다양한 디바이스 및 다양한 IoT 플랫폼(예를 들어, Watson IoT, IoTivity, AllJoyn 등)에 적용이 필요하다.

Keywords

References

  1. S.-R Oh and Y.-G Kim, "Security Requirements for Internet of Things," IEEE 2017 Platform Technology and Service (PlatCon), pp.1-6, February 2017.
  2. IDC (International Data Corporation), "Worldwide Semiannual Internet of Things Spending Guide," [Internet], https://www.idc.com/getdoc.jsp?containerId=IDC_P29475.
  3. Cisco, "The Internet of Things," [Internet], https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FI NAL.pdf.
  4. oneM2M, "Latest Draft Specifications," [Internet], http://www.onem2m.org/technical/latest-drafts.
  5. D. Hardt. RFC6749: The OAuth 2.0 Authorization Framework. 2012.
  6. FIWARE, "Security Architecture," [Internet], https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Security_Architecture.
  7. I. T. Hwang and Y.-G. Kim, "Analysis of Security Standardization for the Internet of Things," IEEE 2017 Platform Technology and Service (PlatCon), pp.1-6, February, 2017.
  8. J. H. Kim, S.-C. Choi, N.-M. Sung, and J. S. Yun, "Standard Interworking Technologies for Internet of Things," The Journal of The Korean Institute of Communication Sciences, Vol.33, pp.55-64, 2016.
  9. D. G. Lee, D.-H. Kim, and T.-M. Chung, "A Proposal for a Method of Interworking with DDS on IoT Platforms," Proceedings of Symposium of the Korean Institute of Communications and Information Sciences, Vol.60, pp.385-386, 2016.
  10. K.-H. Kim, H.-K. Lim, J.-S. Heo, and Y.-H. Han, "Design and Implementation of CoAP Authorization Framework Based on OAuth 2.0," Tr. Comp. and Comm. Sys., Vol.6, pp.329-342, 2017.
  11. S. Sciancalepore, G. Piro, D. Caldarola, G. Boggia, and G. Bianchi, "OAuth-IoT: an access control framework for the Internet of Things based on open standards," Computers and Communications (ISCC), pp.676-681, 2017.
  12. S. W. Jung and S. Jung, "Personal OAuth authorization server and push OAuth for Internet of Things," International Journal of Distributed Sensor Networks, Vol.13, pp.1-11, 2017.
  13. P. Solapurkar, "Building Secure Healthcare Services Using OAuth 2.0 and JSON Web Token in IOT Cloud Scenario," Contemporary Computing and Informatics (IC3I), pp.99-104, 2016.
  14. F. Fernandez, A. Alonso, L. Marco, and J. Salvachua, "A Model to Enable Application-scoped Access Control as a Service for IoT Using OAuth 2.0," Innovations in Clouds, Internet and Networks (ICIN), pp.322-324, 2017.
  15. J. S. Yun, R. C. Teja, N. Chen, N.-M. Sung, and J. H. Kim, "Interworking of oneM2M-based IoT Systems and Legacy Systems for Consumer Products," Information and Communication Technology Convergence (ICTC), pp.423-428, October, 2016.
  16. oneM2M, "TS-0012: Base Ontology v3.3.0," 2017.
  17. oneM2M, "TS-0014: LWM2M Interworking v3.1.0," 2017.
  18. oneM2M, "TS-0021: oneM2M and AllJoyn Interworking v2.0.0," 2016.
  19. oneM2M, "TS-0024: OIC Interworking v2.0.1," 2017.
  20. oneM2M, "TS-0026: 3GPP Interworking v0.2.0," 2017.
  21. oneM2M, "TS-0030: Generic Interworking v0.2.0," 2017.
  22. oneM2M, "TS-0033: Proximal IoT Interworking v0.1.0," 2017.
  23. oneM2M, "TR-0027: DDS usage in oneM2M system v0.2.0," 2016.
  24. oneM2M, "TR-0042: WoT Interworking v0.0.1," 2017.
  25. oneM2M, "TR-0043: Modbus Interworking v0.1.0," 2017.
  26. OCEAN (Open alliance for iot standard), "LED Sample," [Internet], http://www.iotocean.org/download/?tab1=2.