Browse > Article
http://dx.doi.org/10.14372/IEMEK.2015.10.4.199

Implementation of a MTM-based secure OTP Generator for IoT Devices  

Kim, Young-Sae (ETRI)
Han, Jin-Hee (ETRI)
Jeon, Yong-Sung (ETRI)
Kim, Jung-Nyu (ETRI)
Publication Information
IEMEK Journal of Embedded Systems and Applications / v.10, no.4, 2015 , pp. 199-206 More about this Journal
Abstract
In this paper, we present the implementation of a secure OTP(One Time Password) generator for IoT(Internet of Things) devices. Basically, MTM(Mobile Trusted Module) is used and expanded considering secure IoT services. We combine the MTM architecture with a new hardware-based OTP generation engine. The new architecture is more secure, offering not only the security of devices but also that of the OTP service. We have implemented and verified the MTM-based OTP generator on a real mobile platform embedded with the MTM chip. The proposed method can be used as a solution for enhancing security of IoT devices and services.
Keywords
MTM; OTP; Security; IoT;
Citations & Related Records
연도 인용수 순위
  • Reference
1 ITU, Internet Reports, "The Internet of Things," 2005.
2 ITU-T, Recommendation Y.2060, "Overview of Internet of Things," 2012.
3 P. Middleton, P. Kjeldsen, J. Tully, "Forecast: The Internet of Things, Worldwide," Gartner, 2013.
4 IEEE Survey: Connected Devices and the Internet of Things, http://www.ieee.org/about/news/2013/26_february_2_2013.html
5 Economist Intelligence Unit, "The Internet of Things Business Index: A quiet revolution gathers pace," 2013.
6 J. Guaus, L. Kanniainen, P. Koistinen, P. Laaksonen, K. Murphy, J. Remes, N. Taylor, O. Welin, "Best Practice for Mobile Financial Services: Enrolment Business Model Analysis," Mobey Forum Mobile Financial Services Ltd., 2008.
7 H. Chai, Z. Lu, Q. Meng, J. Wang, X. Zhang, Z. Zhang, "TEEI-A Mobile Security Infrastructure for TEE Integration," Proceedings of IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 914-920, 2014.
8 M. Kim, H. Ju, Y. Kim, J. Park, Y. Park, "Design and implementation of mobile trusted module for trusted mobile computing," IEEE Transactions on Consumer Electronics, Vol. 56, No. 8, pp. 134-140, 2010.   DOI
9 Trusted Computing Group, "TCG Mobile Reference Architecture Specification version 1.0, Revision 1," 2007.
10 Trusted Computing Group, "TCG Mobile Trusted Module Specification version 1.0, Revision 7.02," 2010.
11 N. Haller, C. Metz, P. Nesser, M. Straw, "A One-Time Password system," IETF RFC 2289, 1998.
12 ITU-T, X.1153, "Management framework of a one time password-based authentication service," 2011.
13 R.H. Weber, "Internet of things-new security and privacy challenges," Computer Law & Security Review, Vol. 26, pp. 23-30, 2010.   DOI   ScienceOn
14 KFTC, "Standard for financial microSD v1.1," 2013.
15 D. Gessner, A. Olivereau, A.S. Segura, A. Serbanati, "Trustworthy Infrastructure Services for a Secure and Privacy-respecting Internet of Things", Proceedings of IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 998-1003, 2012.
16 S. Keoh, S. Kumar, H. Tschofenig, "Securing the internet of things: A standardization perspective," IEEE Internet of Things Journal, Vol. 1, No. 3, pp. 265-275, 2014.   DOI
17 ARM, "Building a Secure System using TrustZone Technology," ARM Security Technology, 2009.
18 http://motp.sourceforge.net/
19 http://kelvin.nu/software/potato/