한국융합학회논문지 (Journal of the Korea Convergence Society)

  • 제9권7호
  • /
  • Pages.69-75
  • /
  • 2018
  • /
  • 2233-4890(pISSN)
  • /
  • 2713-6353(eISSN)
한국융합학회 (Korea Convergence Society)
권호 표지
DOI QR코드

DOI QR Code

스마트 팩토리 엔터티를 위한 블록체인 기반의 효율적인 역할기반 접근제어

Efficient RBAC based on Block Chain for Entities in Smart Factory

  • 이용주 (충북대학교 전자계산학과) ;
  • 이상호 (충북대학교 전자계산학과)
  • Lee, YongJoo (Dept of Computer Science, Chungbuk National University) ;
  • Lee, Sang-Ho (Dept of Computer Science, Chungbuk National University)
  • 투고 : 2018.05.30
  • 심사 : 2018.07.20
  • 발행 : 2018.07.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

스마트 팩토리 내의 디바이스를 비롯한 다양한 엔터티 들은 보다 활동적이고 능동적으로 발전하고 있어서, 엔터티의 특성에 맞는 세분화된 접근제어가 필요하지만 기존의 디바이스에 대한 접근제어는 세분화된 접근제어가 부족하고, 사용자에 대한 접근제어는 절차가 복잡하고 가변적인 내용을 빠르게 적용하기에 어려움이 많다. 이 논문에서는 스마트 팩토리 엔터티에 최적화되어 효율성과 보안성을 유지할 수 있는 접근제어 방법을 제안한다. 기존에 PKC(Public Key Certificate)의 속성부여를 위해 정의되었던 AC(Attribute Certificate)를 PAC(Permission AC)로 확장하여 각 역할에 부여하여 통합관리가 용이한 RBAC(Role-basedAccessControl)를 제안한다. 또한 ACI(AC Issuer)의 디지털 서명된 PAC를 블록체인 기반의 모델에 적용하여 배포함으로써 수시로 바뀌는 엔터티의 역할에 대한 접근 및 권한 부여를 빠르고 정확하게 확인 및 반영할 수 있는 블록체인 기반의 RBAC-PAC 모델을 제안 한다. 기존연구와 효율성 측면에서 비교 분석하였고, 특히 엔터티 수가 많고 권한 갱신이 빈번할수록 효율성이 높아진 것을 확인하였다.

The key technology of Industry 4.0, Smart factory is evaluated as the driving force of our economic development hereafter and a lot of researches have been established. Various entities including devices, products and managers exist in smart factory, but roles of these entities may be continuous or variable and can become extinct not long after. Existing methods for access control are not suitable to adapt to the variable environment. If we don't consider certain security level, important industrial data can be the targets of attacks. We need a new access control method satisfying desired level of efficiency and security without excessive system loads. In this paper, we propose a new RBAC-PAC which extend AC defined for PKC to the authority attribute of roles. We distribute PACs for roles through block chain method to provide the efficient access control. We verified that RBAC-PAC is more efficient in the smart factory with large number of entities which need a frequent permission update.

키워드

참고문헌

  1. Y. J. Cho. (2017). National Smart Factory Strategy for The 4th Industrial Revolution. Joutnal of Korea Information Science society, 41.
  2. S. H. Hong. & H. J. Shin. (2017). Analysis of the Vulnerability of the IoT by the Scenario. Journal of the Korea Convergence Society, l8(9), 1-7.
  3. J. Park. & K. Lee. (2017). Realization of user-centered smart factory system using motion recognition. Joutnal of Convegence. &(6). pp.153-158.
  4. S. H. Lee. & D. W. Lee. (2016). A study on u-Health Fusion Field based on Internet of Thing. Journal of the Korea Convergence Society, l7(4), 19-24.
  5. I. S. Jeon. (2016). Curriculum Development for Smart Factory Informaton Security Awareness Training. Journal of KIISC, 26(5).
  6. O. Novo. (2018). Blockchain Meets IoT: An Architecture for Scalable Access Management in IoT. IEEE IoT Journal, 5(2).
  7. S. H. Hong & S. H. Park. (2017). The Research on Blockchain-based secure IoT authentication. Journal of the Korea Convergence Society, l8(11), 57-62.
  8. S. K. Hong & C. R. Seo. (2018). Developing a Blockchain based Accounting and Tax Information in the 4th Industrial Revolution. Joutnal of the Korea Convegence Society, 9(3), 45-51.
  9. K. Blockchains. (2016). Blockchains and Smart Contracts for the Internet of Things. IEEE Access, 4, 2292-2303. https://doi.org/10.1109/ACCESS.2016.2566339
  10. D. F. Ferraiolo. (2001). Proposed NIST Standard for Role-Based Access Control. ACM Tranon InfoSystemSecurity, 14(3), 224-274.
  11. Y. S. Jeong. (2018). User Privacy Security Scheme using Double Replication Key in the Cloud Environment. Journal of the Korea Convergence Society, 9(4), 9-14. https://doi.org/10.15207/JKCS.2018.9.4.009
  12. R. Sandhu. & C. Youman. (1996). Role-Based Access Control Models. IEEE Computer, 29(2).
  13. H. Kim. & S. Pan. (2016). Technology Trends, Research and Design of AIM Framework for Authentication Information Management. Journal of Digital Convergence, 14(7), 373-383. https://doi.org/10.14400/JDC.2016.14.7.373
  14. N. H. Kim. (2018). Secure MQTT protocol based on Attribute-based Encryption Scheme. Journal of KIISE, 45(3), 195-199. https://doi.org/10.5626/JOK.2018.45.3.195
  15. Y. S. Jeong. & K. H. Han. (2017). A hierarchical property based multi-level approach method for improves user access control in a cloud environment. Journal of the Korea Convergence Society, l8(11), 67-73.
  16. J. P. Cruz. & Y. Kaji. (2018). Role-based Access Control using Smart Contract. IEEE Access, 6, 12240-12251. https://doi.org/10.1109/ACCESS.2018.2812844
  17. J. Jung & J. Kim, (2015). A study on Development of Certification Schemes for Cloud Security, Journal of Digital Convergence, 13(6). 81-89. https://doi.org/10.14400/JDC.2015.13.6.81
  18. S. Farrell. & T. C. Dublin. (2010). An Internet Attribute Certificate Profile for Authorization. IETF.:RFC 5755.