Browse > Article
http://dx.doi.org/10.20465/KIOTS.2020.6.2.093

Session Key Agreement Protocol for IoT Home Devices using Shadow Passwords  

Jung, Seok Won (Department of Information Security Engineering, Mokpo National University)
Publication Information
Journal of Internet of Things and Convergence / v.6, no.2, 2020 , pp. 93-100 More about this Journal
Abstract
Although various home services are developed as increasing the number of home devices with wire and wireless connection, privacy infringement and private information leakage are occurred by unauthorized remote connection. It is almost caused by without of device authentication and protection of transmission data. In this paper, the devices' secret value are stored in a safe memory of a smartphone. A smartphone processes device authentication. In order to prevent leakage of a device's password, a shadow password multiplied a password by the private key is stored in a device. It is proposed mutual authentication between a smartphone and a device, and session key agreement for devices using recovered passwords on SRP. The proposed protocol is resistant to eavesdropping, a reply attack, impersonation attack.
Keywords
IoT; Home Network; Password Base; Device Authentication; Session Key Agreement;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 KATS, Smart home industry and standardization trend, KATS Technical Report, Vol.74, 2015.
2 CISCO, CISCO Annual Internet Report(2018-2023), 2020.
3 KISA, IoT Security Guide for Household Appliances, 2017.
4 https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf
5 MQTT 3.1.1 specification. OASIS. 2015.
6 Z.Shelby, K.Hartke and C.Bormann, "Constrained Application Protocol (CoAP)," RFC 7252, 2014.
7 E.Rescorla and N.Modadugu, "Datagram Transport Layer Security Version 1.2," RFC 6347, 2012.
8 X.Sun, S.Men, C.Zhao and Z.Zhou, "A security authentication scheme in machine-to-machine home network service." Secur. Comm.. Netw., Vol.8, pp.2678-2686, 2012.
9 M.Zhao, X.Yao, H.Liu and H.Ning, "Physical Unclonable Function Based Authentication Protocol for Unit IoT and Ubiquitous IoT." In Proceedings of the 2016 International Conference on Identification, IIIKI, pp.179-184, 2016.
10 M.A.Muhal, X.Luo, Z.Mahmood and A.Ullah, "Physical Unclonable Function Based Authentication Scheme for Smart Devices in Internet of Things." In Proceedings of the 2018 IEEE International Conference on Smart Internet of Things(SmartIoT), pp.160-165, 2018.
11 M.A.Jan, F.Khan, M.Alam and M.Usman, "A payload-based mutual authentication scheme for Internet of Things." Future Gen. Comput. Syst., Vol.92, pp.1028-1039, 2019.   DOI
12 K.Lee, "A Scheme for Information Protection using Blockchain in IoT Environment," Jour. of The Korea Internet of Things Society, Vol.5, No.2, pp.33-39, 2019.   DOI
13 L.Lamport, "Password Authentication with Insecure Communication," Communications of the ACM, Vol.24, No.11, pp.770-772, 1981.   DOI
14 W.Diffie and M.E.Hellman, "New Directions in Cryptography," IEEE Trans. on Information Theory, Vol.IT-22, No.6, pp.644-654, 1976.
15 T.Wu, "The Secure Remote Password Protocol," Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pp.97-111, 1998.
16 T.Wu, "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol," Submission to the IEEE P1363 Working Group, 2002.