Browse > Article
http://dx.doi.org/10.9708/jksci.2020.25.02.113

IoT Authentication System Using Blockchain and TOTP  

Kim, Ho-Gyun (Dept. of Computer Engineering, Pukyong University)
Jung, Soon-Ho (Dept. of Computer Engineering, Pukyong National University)
Abstract
In this paper, we propose the terminal authentication system using blockchain and TOTP(Time-based One-time Password Algorithm) to sustain a continuous authentication between user device and service device. And we experiment this system by using door-lock as a terminal of IoT(Internet of Things). In the future, we can apply this result to several devices of IoT for convenience and security. Although IoT devices frequently used everyday require convenience and security at the same time, it is difficult for IoT devices having features of the low-capacity and light-weight to apply the existing authentication technology requiring a high amount of computation. Blockchain technology having security and integrity have been used as a storage platform, but its authentication cannot be performed when the terminal cannot access any network. We show the method to solve this problem using Blockchain and TOPT.
Keywords
IoT; Authentication Technology; Blockchain; Ethereum; Smart Contract;
Citations & Related Records
연도 인용수 순위
  • Reference
1 ITU-T, "Security framework for the Internet of things based on the gateway model", ITU-T Recommendation X. 1361, pp.4, September 2018.
2 Slock.it, Inc, "BLOCK-CHAIN ENABLED SERVICE PROVIDER SYSTEM", US 2018/0191714 A1, Dec. 28, 2017, Jul. 5, 2018.
3 46halbe, "Chaos Computer Clubs breaks iris recognition system of the Samsung Galaxy S8", CCC, https://www.ccc.de/en/updates/2017/iriden, 2017.
4 Park. Byungju, "IoT industry trends and development prospects", IITP, Weekly Technology Trend 1759 issue, 14p-23p, 2016.
5 S. Keoh, S. Kumar, H. Tschofenig, “Securing the internet of things: A standardization perspective,” IEEE Internet of Things Journal, Vol. 1, No. 3, pp. 265-275, June 2014.   DOI
6 frank, "Chaos Computer Club breaks Apple TouchID", CCC, https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid, 2013.
7 J. Padgette, K. Scarfone, "Guide to Bluetooth Security", NIST Special Publication 800-121 Revision 1, June 2012.
8 D. M'Raihi, S. Machani, M. Fei, J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, May 2011.
9 A. Juels, "RFID Security and Privacy: A Research Survey", IEEE Journal On Selected Areas In Communications, 381-394, March 2006.
10 H. Torstein, "Security and Privacy in RFID Applications", Norwegian University of Science and Technology (NTNU), June 2006.
11 D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache, O. Ranen, "HOTP: An HMAC-Based One-Time Password Algorithm", RFC 4226, December 2005.
12 A. Back, "Hashcash - a denial of service counter-measure", http://www.hashcash.org/papers/hashcash.pdf, August 2002.
13 S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system", October 2008.
14 N. Haller, C.Metz, P.Nesser, M. Straw, "A One-Time Password System", RFC 2289, Faburary 1998.
15 Computer Emergency Response Team (CERT) , "IP Spoofing and Hijacked Terminal Connections", CA-95:01, January 1995.
16 Haller, N., and R. Atkinson, "On Internet Authentication", RFC 1704, October 1994.
17 gluk256, "The Signidice Algorithm", Github, https://github.com/gluk256/misc/blob/master/rng4ethereum/signidice.md
18 Seth Rosenblatt, "Hacker claims you can steal fingerprints with only a camera", cnet, http://www.cnet.com/news/hacker-claimsyou-can-steal-fingerprints-with-only-a-camera/
19 BBC, "Face ID iPhone X 'hack' demoed live with mask by Bkav", BBC, https://www.bbc.com/news/av/technology-41992610/faceid-iphone-x-hack-demoed-live-with-mask-by-bkav