Session Key Agreement Protocol for IoT Home Devices using Shadow Passwords (그림자 패스워드를 사용한 IoT 홈 디바이스 사이의 세션키 공유 프로토콜)

Seok Won Jung (정석원)

Session Key Agreement Protocol for IoT Home Devices using Shadow Passwords

Journal of Internet of Things and Convergence
Abbr : JKIOTS
2020, 6(2), pp.93-100
Publisher : The Korea Internet of Things Society
Research Area : Engineering > Computer Science > Internet Information Processing
Received : March 12, 2020
Accepted : May 12, 2020
Published : June 30, 2020

Seok Won Jung ¹

¹목포대학교

Candidate

ABSTRACT

Although various home services are developed as increasing the number of home devices with wire and wireless connection, privacy infringement and private information leakage are occurred by unauthorized remote connection. It is almost caused by without of device authentication and protection of transmission data. In this paper, the devices' secret value are stored in a safe memory of a smartphone. A smartphone processes device authentication. In order to prevent leakage of a device's password, a shadow password multiplied a password by the private key is stored in a device. It is proposed mutual authentication between a smartphone and a device, and session key agreement for devices using recovered passwords on SRP. The proposed protocol is resistant to eavesdropping, a reply attack, impersonation attack.

KEYWORDS

IoT, Home Network, Password Base, Device Authentication, Session Key Agreement

Citation status

* References for papers published after 2023 are currently being built.

[report] KATS / 2015 / Smart home industry and standardization trend / KATS

[report] CISCO / 2020 / CISCO Annual Internet Report(2018–2023)

[other] KISA / 2017 / IoT Security Guide for Household Appliances

[web] / https://owasp.org/www-pdf-archive/OWASP-IoT-Top -10-2018-final.pdf / https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf

[other] / 2015 / MQTT 3.1.1 specification / OASIS

[other] Z. Shelby / 2014 / Constrained Application Protocol(CoAP) / RFC 7252

[other] E. Rescorla / 2012 / Datagram Transport Layer Security Version 1. 2 / RFC 6347

[journal] X. Sun / 2012 / A security authentication scheme in machine-to-machine home network service / Secur. Comm. . Netw 8 : 2678~2686

[confproc] M. Zhao / 2016 / Physical Unclonable Function Based Authentication Protocol for Unit IoT and Ubiquitous IoT / Proceedings of the 2016 International Conference on Identification / IIIKI : 179~184

[confproc] M. A. Muhal / 2018 / Physical Unclonable Function Based Authentication Scheme for Smart Devices in Internet of Things / Proceedings of the 2018 IEEE International Conference on Smart Internet of Things(SmartIoT) : 160~165

[journal] M. A. Jan / 2019 / A payload-based mutual authentication scheme for Internet of Things / Future Gen. Comput. Syst 92 : 1028~1039

[journal] 이근호 / 2019 / A Scheme for Information Protection using Blockchain in IoT Environment / 사물인터넷융복합논문지 / 한국사물인터넷학회 5(2) : 33~39

[journal] L. Lamport / 1981 / Password Authentication with Insecure Communication / Communications of the ACM 24(11) : 770~772

[journal] W. Diffie / 1976 / New Directions in Cryptography / IEEE Trans. on Information Theory IT-22(6) : 644~654

[confproc] T. Wu / 1998 / The Secure Remote Password Protocol / Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium : 97~111

[other] T. Wu / 2002 / SRP-6 : Improvements and Refinements to the Secure Remote Password Protocol / Submission to the IEEE P1363 Working Group

KJCKorea
Journal Central

Journal of Internet of Things and Convergence 2023 KCI Impact Factor : 0.89