Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.8.329

Design and Implementation of CoAP Authorization Framework Based on OAuth 2.0  

Kim, Kyoung-Han (한국기술교육대학교 컴퓨터공학부)
Lim, Hyun-Kyo (한국기술교육대학교 컴퓨터공학부)
Heo, Joo-Seong (한국기술교육대학교 컴퓨터공학부)
Han, Youn-Hee (한국기술교육대학교 컴퓨터공학부)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.8, 2017 , pp. 329-342 More about this Journal
Abstract
Recently, interest and investment in the Internet of Things (IoT) have increased significantly, and security issues are constantly being raised. As a solution, the IETF ACE Working Group is establishing the ACE framework standard, which is a new security framework for various constrained IoT environments based on the existing OAuth 2.0. However, additional work is required to apply the ACE framework, which proposes a new lightweight security system, to the existing Internet environment, and this additional cost is a factor that hinders the application of OAuth 2.0 to the IOT environment. Therefore, we propose an IoT authentication framework based on OAuth 2.0's existing development motivation, and implement a proposal framework based on CoAPthon and analyze its performance.
Keywords
IoT; OAuth 2.0; CoAP; CoAPthon;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Howon Kim, and Dong Kyue Kim, "IoT technology and security," Review of KIISC, Vol.22, No.1, pp.7-31. 2012.
2 D. Hart, The OAuth 2.0 Authorization Framework, IETF RFC 6749, Oct., 2012.
3 IETF ACE WG [Internet], https://datatracker.ietf.org/wg/ace/
4 SooHyun Ahn and Kwanghjo Kim, "A Method of lightweight DTLS protocol for IoT," KIISC CS-Conference Papers, ISC-W'14, v.0. 2014.
5 A. Capossele, V. Cervo, G. D. Cicco, and C. Petrioli, Security as a CoAP resource: An optimized DTLS implementation for the IoT, IEEE International Conference on Communications (ICC), 2015.
6 Z. Shelby, K. Hartke, and C. Bormann, The Constrained Application Protocol (CoAP), RFC 7252, Jun., 2014.
7 SeokKap Ko, IETF CoAP Newest Standard Technology, OSIA Standards & Technology Review, Vol.28, No.4, pp.74-86, 2015.
8 C. Bormann and Z. Shelby, "Block-Wise Transfers in the Constrained Application Protocol (CoAP)," IETF RFC 7252, Aug., 2016.
9 E. Hammer-Lahav (Ed.), The OAuth 1.0 Protocol, IETF RFC 5849, Apr., 2010.
10 L. Seitz, G. Selander, and E. Wahlstroem, Authentication and Authorization for Constrained Environments (ACE), draftietf-ace-oauth-authz-04, October 2016.
11 C. Bormann, P. Hoffman, Concise Binary Object Representation (CBOR), IETF RFC7049, Oct., 2013.
12 J. Schaad, CBOR Object Signing and Encryption (COSE), draft-ietf-cose-msg-23, Oct., 2016.
13 J. Richer (Ed.), OAuth 2.0 Token Introspection, RFC 7662, Oct., 2015.
14 Californium [Internet], https://github.com/eclipse/californium.git.
15 CoAPthon [Internet], https://github.com/Tanganelli/CoAPthon.
16 G. Tanganelli, C. Vallati, and E. Mingozzi, CoAPthon: Easy Development of CoAP-based IoT Applications with Python, IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015.
17 M. Jones, D. Hardt, The OAuth 2.0 Authorization Framework: Bearer Token Usage, RFC 6750, Oct., 2012.
18 K. Hartke, Observing Resources in the Constrained Application Protocol (CoAP), IETF RFC 7641, Sep., 2015.
19 python-oauth2 [Internet], https://github.com/wndhydrnt/python-oauth2.
20 H. Tschofenig, The OAuth 2.0 Bearer Token Usage over the Constrained Application Protocol (CoAP), draft-tschofenigace-oauth-bt-00, Jul., 2014.