한국컴퓨터정보학회논문지 (Journal of the Korea Society of Computer and Information)

  • 제25권2호
  • /
  • Pages.113-122
  • /
  • 2020
  • /
  • 1598-849X(pISSN)
  • /
  • 2383-9945(eISSN)
한국컴퓨터정보학회 (Korean Society of Computer Information)
권호 표지
DOI QR코드

DOI QR Code

IoT Authentication System Using Blockchain and TOTP

  • Kim, Ho-Gyun (Dept. of Computer Engineering, Pukyong University) ;
  • Jung, Soon-Ho (Dept. of Computer Engineering, Pukyong National University)
  • 투고 : 2019.12.26
  • 심사 : 2020.01.20
  • 발행 : 2020.02.28
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

이 논문에서는 블록체인과 TOTP(Time-based One-time Password Algorithm)를 이용하여 사용자 장치와 서비스 장치 사이의 지속적인 인증을 유지하는 단말기 인증 시스템을 제시하고 이 사물인터넷의 단말기로서 도어-록에 적용하여 실험하였다. 앞으로 IoT의 여러 장치들에 편리와 보안을 위하여 이 시스템을 적용할 수 있다. 사물인터넷(IoT, Internet of Things) 기술이 발전하면서 사물인터넷 장치들의 편의성과 보안성이 동시에 요구되고 있다. 사물인터넷 장치들은 저용량, 경량의 특징을 가지고 있으나 높은 연산량을 요구하는 기존의 인증기술을 적용하기 어렵기 때문에 사물인터넷 보안에 위협이 되고 있다. 최근 위변조가 불가능한 블록체인 기술로 보안성과 무결성을 제공하는 저장 플랫폼을 적용하였으나 단말기가 네트워크에 접속할 수 없을 때 블록체인을 이용한 인증을 수행할 수 없다. 이 문제점을 블록체인과 TOPT를 이용하여 해결하는 시스템을 보여준다.

In this paper, we propose the terminal authentication system using blockchain and TOTP(Time-based One-time Password Algorithm) to sustain a continuous authentication between user device and service device. And we experiment this system by using door-lock as a terminal of IoT(Internet of Things). In the future, we can apply this result to several devices of IoT for convenience and security. Although IoT devices frequently used everyday require convenience and security at the same time, it is difficult for IoT devices having features of the low-capacity and light-weight to apply the existing authentication technology requiring a high amount of computation. Blockchain technology having security and integrity have been used as a storage platform, but its authentication cannot be performed when the terminal cannot access any network. We show the method to solve this problem using Blockchain and TOPT.

키워드

참고문헌

  1. ITU-T, "Security framework for the Internet of things based on the gateway model", ITU-T Recommendation X. 1361, pp.4, September 2018.
  2. Slock.it, Inc, "BLOCK-CHAIN ENABLED SERVICE PROVIDER SYSTEM", US 2018/0191714 A1, Dec. 28, 2017, Jul. 5, 2018.
  3. 46halbe, "Chaos Computer Clubs breaks iris recognition system of the Samsung Galaxy S8", CCC, https://www.ccc.de/en/updates/2017/iriden, 2017.
  4. Park. Byungju, "IoT industry trends and development prospects", IITP, Weekly Technology Trend 1759 issue, 14p-23p, 2016.
  5. S. Keoh, S. Kumar, H. Tschofenig, “Securing the internet of things: A standardization perspective,” IEEE Internet of Things Journal, Vol. 1, No. 3, pp. 265-275, June 2014. https://doi.org/10.1109/JIOT.2014.2323395
  6. frank, "Chaos Computer Club breaks Apple TouchID", CCC, https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid, 2013.
  7. J. Padgette, K. Scarfone, "Guide to Bluetooth Security", NIST Special Publication 800-121 Revision 1, June 2012.
  8. D. M'Raihi, S. Machani, M. Fei, J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, May 2011.
  9. S. Nakamoto, "Bitcoin: A peer-to-peer electronic cash system", October 2008.
  10. A. Juels, "RFID Security and Privacy: A Research Survey", IEEE Journal On Selected Areas In Communications, 381-394, March 2006.
  11. H. Torstein, "Security and Privacy in RFID Applications", Norwegian University of Science and Technology (NTNU), June 2006.
  12. D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache, O. Ranen, "HOTP: An HMAC-Based One-Time Password Algorithm", RFC 4226, December 2005.
  13. A. Back, "Hashcash - a denial of service counter-measure", http://www.hashcash.org/papers/hashcash.pdf, August 2002.
  14. N. Haller, C.Metz, P.Nesser, M. Straw, "A One-Time Password System", RFC 2289, Faburary 1998.
  15. Computer Emergency Response Team (CERT) , "IP Spoofing and Hijacked Terminal Connections", CA-95:01, January 1995.
  16. Haller, N., and R. Atkinson, "On Internet Authentication", RFC 1704, October 1994.
  17. Seth Rosenblatt, "Hacker claims you can steal fingerprints with only a camera", cnet, http://www.cnet.com/news/hacker-claimsyou-can-steal-fingerprints-with-only-a-camera/
  18. BBC, "Face ID iPhone X 'hack' demoed live with mask by Bkav", BBC, https://www.bbc.com/news/av/technology-41992610/faceid-iphone-x-hack-demoed-live-with-mask-by-bkav
  19. gluk256, "The Signidice Algorithm", Github, https://github.com/gluk256/misc/blob/master/rng4ethereum/signidice.md