Journal of Industrial Convergence (산업융합연구)

DAEHAN Society of Industrial Management (대한산업경영학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on AES-based Mutual Authentication Protocol for IoT Devices

사물인터넷 디바이스를 위한 AES 기반 상호인증 프로토콜

  • Oh, Se-Jin (Dept. of Aeronautical Software Engineering, College of Aeronautical Engineering, Kyungwoon University) ;
  • Lee, Seung-Woo (Dept. of Aeronautical Software Engineering, College of Aeronautical Engineering, Kyungwoon University)
  • 오세진 (경운대학교 항공소프트웨어공학과) ;
  • 이승우 (경운대학교 항공소프트웨어공학과)
  • Received : 2020.07.29
  • Accepted : 2020.10.20
  • Published : 2020.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

The Internet of things (IoT) is the extension of Internet connectivity into various devices and everyday objects. Embedded with electronics, Internet connectivity and other forms of hardware. The IoT poses significant risk to the entire digital ecosystem. This is because so many of these devices are designed without a built-in security system to keep them from being hijacked by hackers. This paper proposed a mutual authentication protocol for IoT Devices using symmetric-key algorithm. The proposed protocol use symmetric key cryptographic algorithm to securely encrypt data on radio channel. In addition, the secret key used for encryption is random number of devices that improves security by using variable secret keys. The proposed protocol blocked attacker and enabled legal deives to communicate because only authenticated devices transmit data by a mutual authentication protocol. Finally, our scheme is safe for attacks such as eavesdropping attack, location tracking, replay attack, spoofing attack and denial of service attack and we confirmed the safety by attack scenario.

사물인터넷(IoT)은 다양한 디바이스와 일상적인 물건을 인터넷 연결하여 인터넷을 확장한 것이며, 전자제품에는 인터넷 연결이 가능하고 다양한 형태의 하드웨어가 내장되어 있다. 이러한 사물인터넷은 디지털 생태계에 중대한 위험을 초래한다. 이들 기기 중 상당수는 공격자의 공격을 막기 위한 보안 시스템이 내장되지 않은 상태로 설계되어 있기 때문이다. 본 논문에서는 사물인터넷 디바이스를 위한 대칭키 기반의 상호인증 프로토콜을 제안한다. 제안 프로토콜은 대칭키 암호 알고리즘을 사용하여 무선상에 전송되는 데이터를 안전하게 암호화한다. 아울러 암호화에 사용된 비밀키는 매 통신마다 디바이스가 생성하는 난수를 비밀키로 사용하여 고정적으로 사용되는 비밀키를 가변적으로 사용함으로써 보안성을 높였다. 제안 프로토콜은 무선상에서 데이터를 전송하기 전에 상호인증 과정을 거쳐 인증된 디바이스만 데이터를 전송하기 때문에 공격자를 차단하고 정상적인 디바이스가 통신이 가능하도록 하였다. 마지막으로 제안된 프로토콜을 공격유형별 시나리오를 통해 도청 공격, 위치추적, 재전송 공격, 스푸핑 공격, 서비스 거부 공격에 안전함을 확인하였다.

Keywords

References

  1. J. M. Blythe & S. D. Johnson. (2018, March). The consumer security index for IoT: A protocol for developing an index to improve consumer decision making and to incentivize greater security provision in IoT devices. Living in the Internet of Things: Cybersecurity of the IoT - 2018. (pp. 1-7). London : IET.
  2. R. Gurunath, M. Agarwal, A. Nandi & D. Samanta. (2018, August). An Overview: Security Issue in IoT Network. 2018 2nd International Conference on I-SMAC(IoT in Social, Mobile, Analytics and Cloud). (pp. 104-107). Palladam : IEEE.
  3. D. D. Lopez et al. (2018). Shielding IoT against Cyber-Attacks: An Event-Based Approach Using SIEM. Wireless Communications and Mobile Computing, 2018, 1-18. DOI:10.1155/2018/3029638
  4. A. A. Hezam & D. Konstantas (2019). A Comprehensive Study of Security and Privacy Guidelines, Threats, and Countermeasures: An IoT Perspective. Journal of Sensor and Actuator Networks, 8(22), 1-38. DOI : 10.3390/jsan8020022
  5. Springer. (2019). Big Data and Internet of Things Security and Forensics: Challenges and Opportunities. [Handbook of Big Data and IoT Security]. Cham : A. Azmoodeh, A. Dehghantanha & K. R. Choo.
  6. K. Tsai, Y. Huang, F. Leu, I. You, Y. Huang & C. Tsai. (2018). AES-128 based Secure Low Power Communication for LoRaWAN IoT Environments. IEEE Access, 6, 45325-45334. DOI : 10.1109/ACCESS.2018.2852563
  7. A. Sadeghi, C. Wachsmann & M. Waidner. (2015, June). Security and privacy challenges in industrial internet of things. 52nd ACM/EDAC/IEEE Design Automation Conference, (pp. 1-6). San Francisco : ACM.
  8. D. H. Kim, J. Y. Cho, J. I. Lim & B. G. Lee. (2016). Developing iot security requirements for service providers. Information, 19(2), 595-603.
  9. H. U. Kim. (2017). A Design of Mutual authentication protocol between heterogeneous services in the internet of things Environment. Doctoral dissertation. Soongsil University, Seoul.
  10. K. H. Lee & J. S. Lee. (2018). Mutual Authentication Method for hash Chain Based Sensors in IoT Environment. Journal of the korea Academia-Industrial cooperation Society, 9(11), 303-309.
  11. S. Y. Min & J. S. Lee. (2018). Device Mutual Authentication and Key Management Techniques in a Smart Home Environment. Journal of the korea Academia-Industrial cooperation Society, 9(10), 661-667.
  12. S. J. Yu, K. S. Park, Y. H. Park & Y. H. Park. (2018). Lightweight User Authentication and Key Agreement Scheme in Wireless Sensor Network Environments. The Journal of Korea Information and Communications Society, 43(12), 2215-2229. DOI : 10.7840/kics.2018.43.12.2215
  13. M. S. Farash, M. Turkanovic, S. Kumari & M. Holbl. (2016). An efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the Internet of Things environment. Ad Hoc Networks, 36(1), 152-176. DOI : 10.1016/j.adhoc.2015.05.014
  14. K. C. Baruah, S. Banerjee, M. P. Dutta & C. T. Bhunia. (2015). An Improved Biometric-based Multi-server Authentication Scheme Using Smart Card. International Journal of Security and Its Applications, 9(1), 397-408. DOI : 10.14257/ijsia.2015.9.1.38
  15. K. H. Lee & J. S. Lee. (2018). Mutual Authentication Method for Hash Chain Based Sensors in IoT Environment. Journal of the Korea Academia-Industrial cooperation Society, 19(11), 303-309. DOI : 10.5762/KAIS.2018.19.11.303
  16. M. El-hajj, A. Fadlallah, M. Chamoun & A. Serhrouchni. (2019). A Survey of Internet of Things (IoT) Authentication Schemes. Sensors, 19(5), 1-43. DOI : 10.3390/s19051141
  17. M. Husamuddin & M. Qayyum. (2017, March). Internet of Things: A study on security and privacy threats. 2017 2nd International Conference on Anti-Cyber Crimes (ICACC). (pp. 93-97). Abha : IEEE.