Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

BLE-OTP Authorization Mechanism for iBeacon Network Security

iBeacon 네트워크 보안을 위한 BLE-OTP 인증 메커니즘

  • 정현희 (성균관대학교 전자전기컴퓨터공학과) ;
  • 신동렬 (성균관대학교 정보통신대학) ;
  • 조광수 (연세대학교 정보대학원) ;
  • 남춘성 (연세대학교 IT정책전략연구소)
  • Received : 2014.10.21
  • Accepted : 2015.05.29
  • Published : 2015.08.15
⟨ Previous Next ⟩

Abstract

Machine to Machine (M2M) technology has gained attention due to the fast diffusion of Internet of Things (IoT) technologies and smart devices. Most wireless network experts believe that Bluetooth Low Energy (BLE) Communications technology in an iBeacon network has amazing advantages in terms of providing communication services at a low cost in smartphone applications. Specifically, BLE does not require any pairing process during its communication phases, so it is possible to send a message to any node without incurring additional transmissions costs if they are within the BLE communication range. However, BLE does not require any security verification during communication, so it has weak security. Therefore, a security authorization process would be necessary to obtain customer confidence. To provide security functions for iBeacon, we think that the iBeacon Message Encryption process and a Decryption (Authorization) process should be designed and implemented. We therefore propose the BLE message Authorization Mechanism based on a One Time Password Algorithm (BLE-OTP). The effectiveness of our mechanism is evaluated by conducting a performance test on an attendance system based on BLE-OTP.

사물인터넷(IoT)의 급속한 확산과 스마트 디바이스의 보급으로 인해서 실생활의 사물 간 통신에 대한 관심이 고조되고 있다. 특히, iBeacon의 BLE(Bluetooth Low Energy) 통신을 이용한 다양한 서비스가 스마트폰 앱으로 많이 등장하고 있다. BLE 통신은 페어링과정이 필요하지 않기 때문에 통신 범위 안에 BLE 통신이 가능한 모든 스마트 디바이스들에게 메시지 전송이 가능하다. 따라서 이 메시지를 수신한 사용자가 악의적인 목적을 가지고 사용될 수 있기 때문에 이를 위한 보안 방법이 필요하다. iBeacon에 보안 방법을 적용하기 위해서는 iBeacon 메시지의 암호화 방법과 이를 인증하기 위한 방안이 동시에 적용되어야 한다. 따라서 본 논문에서는 OTP(One Time Password) 방법을 적용한 보안 방안을 제안한다. 또한 이를 적용한 출결시스템을 통해 제안한 방법으로 성능측정을 함으로서 이 보안 방법의 유효함을 증명 한다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. D. Y. Kim, S. H. Kim, at el., "Internet of Things Technology and Development Direction," KICS, Journal of Information and Communication, Vol. 28, No. 9, pp. 49-57. Sept. 2011. (major in Korean)
  2. C. S. Pyo, H. Y. Kang, at el., "IoT(M2M) Technology Trends and Development Prospects," KICS, Journal of Information and Communication, Vol. 30, No. 8, pp. 3-10. Sept. 2013. (in Korean)
  3. Mubaloo, "Beacons: The Technical Overview," [Online]. Available: http://mubaloo.com/news-info/beaconsthe-technical-overview-white-paper
  4. Andy Cavallini, "iBeacons Bible 1.0," [Online]. Available: http://meetingofideas.wordpress.com/
  5. "Beacon, emerging as a critical infrastructure location-based services," Communication promation bureau Media industry promation department, Trend and prospect:broadcast.communication.propagation, No. 73, pp. 30-40, Apr. 2014.
  6. "Specification of the bluetooth system core v4.0," Bluetooth SIG, June 2010, [Online]. Available: http://www.bluetooth.com
  7. Y. S. Han, "NFC standard technology analysis and forecasts," Korea Multimedia Society, Journal of Korea Multimedia Society, Vol. 16, No. 3, pp. 17-23, Sept. 2012. (in Korean)
  8. TTAS, "Road map for the one time password standards," Telecommunications Technology Association, Dec. 2011.
  9. J. J. Kim, E. Y. Cho, at el., "Secure Authentication Mechanism using a Location Information of Device and an OTP Algorithm for Home Network Environment," Proc. of the KISS Fall Conference, KISS, Sept. 2007. (in Korean)
  10. J. S. Lee, M. S. Lee, at el, "Anti-Phishing Solution Using Server-Side OTP Authentication," Korea Computer Congress, KIISE, Jun. 2008. (in Korean)
  11. TTAS, "One-time password(OTP) authentication service integration framework," Telecommunications Technology Association, Dec. 2009.
  12. TTAS, "Algorithm Profile for a one-time password," Telecommunications Technology Association, Dec. 2012.
  13. Rebecca.co, "System and method for checking attendance using location-based local wireless communication," The Patent Application Number : 101340 6190000, Dec 2013.
  14. S. J. Park, "Attendance Check System based on Smartphone using QR code," Korean Association of Information Education, Journal of The Korean Assocaition of Information Education, Vol. 18, No. 2, pp. 325-334, Jun. 2014. (in Korean) https://doi.org/10.14352/jkaie.2014.18.2.325
  15. Y. B. Lee, "A Attendance-Absence Checking System using the Self-organizing Face Recognition," KOCON.a, Journal of The Korea Contents Association, Vol. 10, No. 3, pp. 72-79, Mar. 2010. (in Korean) https://doi.org/10.5392/JKCA.2010.10.3.072
  16. H. J. Kim, H. S. Kim, "AUTHHOTP-HOTP Based Authentication Scheme over Home Network Environment," ICCSA 2011, Proc. of Lecture Notes in Computer Science, Vol. 6784, pp. 622-637, 2011.
  17. H. J. Kim, H. S. Kim, "HOTP-Based Key Agreement Protocol Over Home Network," FutureTech 2012, Lecture Notes in Electrical Engineering, Vol. 164, pp. 171-179, 2012.

Cited by

  1. A novel secure and efficient hash function with extra padding against rainbow table attacks 2018, https://doi.org/10.1007/s10586-017-0886-4
  2. A Secure BLE Integration Authentication System for a BLE Device Control Server based on Physical Web and Eddystone vol.43, pp.10, 2016, https://doi.org/10.5626/JOK.2016.43.10.1094