Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Design of Secure Communication for Device Management Based on IoT

사물인터넷 기반 디바이스 관리를 위한 안전한 통신 프로토콜 설계

  • 박중오 (성결대학교 파이데이아학부) ;
  • 최도현 (숭실대학교 컴퓨터학과) ;
  • 홍찬기 (가톨릭관동대학교 의료IT학과)
  • Received : 2020.10.15
  • Accepted : 2020.11.20
  • Published : 2020.11.28
Download PDF
⟨ Previous Next ⟩

Abstract

The IoT technology is a field that applies and converges the technologies in the existing industrial environment, instead of new technologies. The IoT technology is releasing various application services converged with other industries such as smart home, healthcare, construction, and automobile, and it is also possible to secure the work efficiency and convenience of users of IoT-based technologies. However, the security threats occurring in the IoT-based technology environment are succeeding to the vulnerability of the existing wireless network environment. And the occurrence of new and variant attacks in the combination with the ICT convergence environment, is causing damages. Thus, in the IoT technology-based environment, it would be necessary to have researches on the safe transmission of messages in the communication environment between user and device, and device and device. This thesis aims to design a safe communication protocol in the IoT-based technology environment. Regarding the suggested communication protocol, this thesis performed the safety analysis on the attack techniques occurring in the IoT technology-based environment. And through the performance evaluation of the existing PKI-based certificate issuance system and the suggested communication protocol, this thesis verified the high efficiency(about 23%) of communication procedure. Also, this thesis verified the reduced figure(about 65%) of the issued quantity of certificate compared to the existing issuance system and the certificate management technique.

사물인터넷 기술은 신규 기술이 아닌 기존 산업 환경에 있는 기술을 응용하여 융합하는 분야다. 사물인터넷기술은 스마트 홈, 헬스케어, 건설, 자동차 등 타 산업과 융화된 다양한 응용서비스가 출시되고 있으며, 사물인터넷 기반기술을 이용하는 사용자로 부터 업무 효율성 및 사용자 편의성도 확보할 수 있다. 그러나 사물인터넷 기반기술 환경에서 발생하는 보안위협은 기존 무선 네트워크 환경에서 발행하는 취약점을 계승하고 있으며, ICT융합환경과 접목되어 신규 및 변종 공격이 발생하여 이에 따른 피해가 발생하고 있다. 그러므로 사물인터넷 기술 기반의 환경에서는 사용자와 디바이스, 디바이스와 디바이스 통신 환경에서 안전하게 메시지를 전송할 수 있는 연구가 필요하다. 본 논문에서는 사물인터넷 기반기술 환경에서 디바이스 관리를 위한 안전한 통신 프로토콜을 설계하도록 한다. 제안한 통신 프로토콜에 대해 사물인터넷 기술기반 환경에서 발생하는 공격기법에 대한 안전성 분석을 수행하였다. 그리고 기존 PKI-기반 인증서 발급시스템과 제안한 통신 프로토콜의 성능평가를 통해 통신절차에서 약 23%의 높은 효율성을 확인하였다. 또한 인증서 발급량에 따른 인증서 관리기법 대비 기존 발급시스템 대비 약 65%의 감소된 수치를 확인하였다.

Keywords

References

  1. B. W. Jin, J. O. Park & M. S. Jun. (2017). A Study on Authentication Management and Communication Method using AKI Based Verification System in Smart Home Environment. The Journal of The Institute of Internet, Broadcasting and Communication, 16(6), 25-31, DOI : 10.7236/JIIBC.2016.16.6.25
  2. T. H Kim, J. H Hong & H. Y. Jung. (2015). Trend in Trustworthy Communication for the Next-Generation. Electronics and Telecommunications Trends, 30(4), 129-139.
  3. T. H. J. Kim et al. (2013). Accountable key infrastructure (AKI) a proposal for a public-key validation infrastructure. In Proceedings of the 22nd international conference on World Wide Web (pp. 679-690).
  4. Y. T. Kim. (2015.). Secure Messenger System using Attribute Based Encryption. Journal of Security Engineering, 12(5), 469-486, https://doi.org/10.14257/jse.2015.10.05
  5. S. E. Ponta, H. Plate & A. Sabetta. (2018, September). Beyond metadata: Code-centric and usage-based analysis of known vulnerabilities in open-source software. In 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME) (pp. 449-460). IEEE.
  6. Y. Yang, L. Wu, G. Yin, L. Li & H. Zhao. (2017). A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal, 4(5), 1250-1258. DOI : 10.1109/JIOT.2017.2694844
  7. K. H. Lee, ( 2013). A Security Threats in Wireless Charger Systems in M2M. Journal of the Korea Convergence Society, 4(1), 27-31. DOI : 10.15207/JKCS.2013.4.1.027
  8. Malcolm Shore. (2017). IoT Common Security Principle v1.0, KISA.
  9. J. I. Lee. (2015). Convergent Case Study of Research and Education: Internet of Things Based Wireless Device Forming Research. Journal of the Korea Convergence Society, 6(4), 1-7, https://doi.org/10.15207/JKCS.2015.6.4.001
  10. CoAP(Constrained Application Protocol), IETF(Internet Engineering Task Force, http://www.ietf.org)
  11. L. A. Tawalbeh, F. Muheidat, M. Tawalbeh & M. Quwaider. (2020). IoT Privacy and security: Challenges and solutions. Applied Sciences, 10(12), 4102. https://doi.org/10.3390/app10124102
  12. B. K. Rios & J. Butts. (2017). When IoT Attacks: understanding the safety risks associated with connected devices. Proceedings of Black Hat USA. https://www.blackhat.com/docs/us-17/wednesday/us-17-Rios-When-IoT-Attacks-Understanding-The-Safety-Risks-Associated-With-Connected-Devices.pdf
  13. D. Y. Kang & J. H. Hwang. (2019). A Study on Priority of Certification Criteria for IoT Security Certification Service. The Journal of the Korea Contents Association, 19(7), 13-21. https://doi.org/10.5392/JKCA.2019.19.07.013
  14. Y. An. (2016). A Strong Biometric-based Remote User Authentication Scheme for Telecare Medicine Information Systems with Session Key Agreement. International Journal of Internet, Broadcasting and Communication, 8(3), 41-49, DOI : 10.7236/IJIBC.2016.8.3.41
  15. Common Criteria Recognition Arrangement. (2017). Common Criteria for Information Technology Security Evaluation. Part 1 : Introduction and general model, CCMB-2017-04-001.