한국융합학회논문지 (Journal of the Korea Convergence Society)

  • 제9권4호
  • /
  • Pages.57-63
  • /
  • 2018
  • /
  • 2233-4890(pISSN)
  • /
  • 2713-6353(eISSN)
한국융합학회 (Korea Convergence Society)
권호 표지
DOI QR코드

DOI QR Code

클라우드 환경에서 서로 다른 IoT 장치간 효율적인 접근제어 기법

An efficient access control techniques between different IoT devices in a cloud environment

  • 정윤수 (목원대학교 정보통신융합공학부) ;
  • 한군희 (백석대학교 정보통신공학과)
  • Jeong, Yoon-Su (Dept. of information Communication & Convergence Engineering, Mokwon University) ;
  • Han, Kun-Hee (Dept. of Information Communication & Engineeringe, Mokwon University)
  • 투고 : 2018.02.28
  • 심사 : 2018.04.20
  • 발행 : 2018.04.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

IoT 장치는 클라우드 환경에서 다양한 역할과 기능을 수행할 수 있도록 여러 분야에서 사용되고 있다. 그러나, IoT 장치를 안정적으로 제어할 수 있는 접근제어에 대한 방안은 아직 구체적으로 제시되고 있지 않은 상황이다. 본 논문에서는 클라우드 환경에서 사용되고 있는 IoT 장치의 안정적인 접근을 수행할 수 있는 계층적 기반의 다단계 속성 접근제어 기법을 제안한다. 제안 방법은 IoT 장치의 원활한 접근을 돕기 위해서 IoT Hub을 두어 IoT 장치에 고유한 ID 키(보안 토큰)를 제공할 뿐만 아니라 수 있도록 하는 X.509 인증서 및 개인 키를 IoT Hub에서 인증하도록 하여 IoT 장치의 개인키를 IoT 장치 외부에서 알 수 없도록 하였다. 성능평가 결과, 제안방법은 기존 기법보다 인증 정확도가 평균 10.5% 향상되었으며 처리 시간도 14.3% 낮은 결과를 얻었다. IoT 속성 수에 따른 IoT Hub의 오버헤드는 기존 기법보다 9.1% 낮은 결과를 얻었다.

IoT devices are used in many areas to perform various roles and functions in a cloud environment. However, a method of access control that can stably control the IoT device has not been proposed yet. In this paper, we propose a hierarchical multi-level property access control scheme that can perform stable access of IoT devices used in a cluster environment. In order to facilitate the access of the IoT device, the proposed method not only provides the ID key (security token) unique to the IoT device by providing the IoT Hub, but also allows the IoT Hub to authenticate the X.509 certificate and the private key, So that the private key of the IoT device can not be seen outside the IoT device. As a result of the performance evaluation, the proposed method improved the authentication accuracy by 10.5% on average and the processing time by 14.3%. The overhead of IoT Hub according to the number of IoT attributes was 9.1% lower than the conventional method.

키워드

참고문헌

  1. R. Neisse, I. N. Fovino, G. Baldini, V. Stavroulaki, P. Vlacheas & R. Giaffreda. (2014). A model-based security toolkit for the internet of things. Proceedings of the 2014 Ninth International Conference on Availability, Reliability and Security, 78-87.
  2. J. Park & R. Sandhu. (2004). The uconabc usage control model. ACM Trans. Inf. Syst. Secur., 7(1), 128-174. https://doi.org/10.1145/984334.984339
  3. B. Anggorojati, N. R. Prasad & R. Prasad. (2014). Secure capability-based access control in the m2m local cloud platform. Proceedings of the 2014 4th International Conference on Wireless Communications, Vehicular Technology, Proceedings of the Information Theory and Aerospace Electronic Systems (VITAE), 1-5.
  4. A. Ouaddah, H. Mousannif, A. A. Elkalam & A. A. Ouahman. (2017). Access control in the internet of things: Big challenges and new opportunities. Computer Networks, 112(-), 237-262. https://doi.org/10.1016/j.comnet.2016.11.007
  5. R. S. Sandhu & P. Samarati. (1994). Access control: Principle and practice. Comm. Mag., 32(9),40-48.
  6. O. J. A. Pinno, A. R. A. Gregio & L. C. E. De Bona. (2017). ControlChain: Blockchain as a Central Enabler for Access Control Authorizations in the IoT. Proceedings of the 2017 IEEE Global Communications Conference, 1-6.
  7. A. Ouaddah, A. A. Elkalam & A. A. Ouahman. (2017). Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT. Cham: Springer International Publishing, 523-533.
  8. A. A. A. El-Aziz & A. Kannan. (2013). A comprehensive presentation to xacml. Proceedings of the Third International Conference on Computational Intelligence and Information Technology (CIIT 2013), 155-161.
  9. D. Hardt. (2012). The oauth 2.0 authorization framework, Internet Requests for Comments. RFC Editor, RFC 6749.
  10. Kantara Initiative, Inc.. (2017). User-managed access (uma). https://kantarainitiative.org/confluence/display/uma/Home.
  11. L. Eschenauer & V. D. Gligor. (2012). A keymanagement scheme for distributed sensor networks. Proceedings of the 9th ACM conference on Computer and communications security, 41-47.
  12. L. Echenauer & V. D. Gligor. (2002). A Key-Management scheme for Distributed sensor networks. Proceedings of the 9th ACM conference on Computer and communications security, 41-47.
  13. H. Chan, A. Perrig & D. Song. (2003). Random key predistribution schemes for Sensor networks. Proceedings of the 2003 IEEE Symposium on Security and Privacy, 197-213.
  14. S. Zhu, S. Setia & S. Jajodia. (2002). A distributed group key managemet protocol for ad hoc networks. Doctoral dissertation., George Mason University, USA.
  15. A. Khalili, J. Katz & W. A. Arbaugh. (2003). Toward Secure key Distribution in Truly Ad-Hoc Networks. Proceedings of the 2003 Symposium on Applications and the Internet Workshops(SAINT'03 Workshops), 342-346.
  16. S. Haller, S. Karnouskos & C. Schroth. (2009). The Internet of Things in an Enterprise Context. Future Internet - FIS 2008 Lecture Notes in Computer Science, 5468, 14-28.
  17. Y. S. Jeong. (2016). An Efficient IoT Healthcare Service Management Model of Location Tracking Sensor. Journal of Digital Convergence, 14(3), 261-267. https://doi.org/10.14400/JDC.2016.14.3.261
  18. Y. S. Jeong. (2016). Measuring and Analyzing WiMAX Security adopt to Wireless Environment of U-Healthcare. Journal of Digital Convergence, 11(3), 279-284. https://doi.org/10.14400/JDPM.2013.11.3.279
  19. Y. S. Jeong, Y. T. Kim & G. C. Park. (2017). A hierarchical property-based multi-level approach method for improves user access control in a cloud environment. Journal of the Korea Convergence Society, 8(11), 7-13. https://doi.org/10.15207/JKCS.2017.8.1.007
  20. Y. S. Jeong. (2017). User Authentication Key Establishment Scheme based on Color Model for Healthcare Environment. Journal of the Korea Convergence Society. 8(3), 115-121. https://doi.org/10.15207/JKCS.2017.8.3.115
  21. Y. S. Jeong. (2016). A Study of An Efficient Clustering Processing Scheme of Patient Disease Information for Cloud Computing Environment. Journal of Convergence for Information Technology, 6(1), 33-38. https://doi.org/10.14801/jaitc.2016.6.2.33