IEMEK Journal of Embedded Systems and Applications (대한임베디드공학회논문지)

Institute of Embedded Engineering of Korea (대한임베디드공학회)
권호 표지
DOI QR코드

DOI QR Code

Implementation of a MTM-based secure OTP Generator for IoT Devices

IoT 디바이스를 위한 MTM 기반의 안전한 OTP 생성기 구현

  • Received : 2015.05.07
  • Accepted : 2015.06.08
  • Published : 2015.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we present the implementation of a secure OTP(One Time Password) generator for IoT(Internet of Things) devices. Basically, MTM(Mobile Trusted Module) is used and expanded considering secure IoT services. We combine the MTM architecture with a new hardware-based OTP generation engine. The new architecture is more secure, offering not only the security of devices but also that of the OTP service. We have implemented and verified the MTM-based OTP generator on a real mobile platform embedded with the MTM chip. The proposed method can be used as a solution for enhancing security of IoT devices and services.

Keywords

References

  1. ITU, Internet Reports, "The Internet of Things," 2005.
  2. ITU-T, Recommendation Y.2060, "Overview of Internet of Things," 2012.
  3. P. Middleton, P. Kjeldsen, J. Tully, "Forecast: The Internet of Things, Worldwide," Gartner, 2013.
  4. IEEE Survey: Connected Devices and the Internet of Things, http://www.ieee.org/about/news/2013/26_february_2_2013.html
  5. Economist Intelligence Unit, "The Internet of Things Business Index: A quiet revolution gathers pace," 2013.
  6. J. Guaus, L. Kanniainen, P. Koistinen, P. Laaksonen, K. Murphy, J. Remes, N. Taylor, O. Welin, "Best Practice for Mobile Financial Services: Enrolment Business Model Analysis," Mobey Forum Mobile Financial Services Ltd., 2008.
  7. H. Chai, Z. Lu, Q. Meng, J. Wang, X. Zhang, Z. Zhang, "TEEI-A Mobile Security Infrastructure for TEE Integration," Proceedings of IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 914-920, 2014.
  8. M. Kim, H. Ju, Y. Kim, J. Park, Y. Park, "Design and implementation of mobile trusted module for trusted mobile computing," IEEE Transactions on Consumer Electronics, Vol. 56, No. 8, pp. 134-140, 2010. https://doi.org/10.1109/TCE.2010.5439136
  9. Trusted Computing Group, "TCG Mobile Reference Architecture Specification version 1.0, Revision 1," 2007.
  10. Trusted Computing Group, "TCG Mobile Trusted Module Specification version 1.0, Revision 7.02," 2010.
  11. N. Haller, C. Metz, P. Nesser, M. Straw, "A One-Time Password system," IETF RFC 2289, 1998.
  12. ITU-T, X.1153, "Management framework of a one time password-based authentication service," 2011.
  13. R.H. Weber, "Internet of things-new security and privacy challenges," Computer Law & Security Review, Vol. 26, pp. 23-30, 2010. https://doi.org/10.1016/j.clsr.2009.11.008
  14. D. Gessner, A. Olivereau, A.S. Segura, A. Serbanati, "Trustworthy Infrastructure Services for a Secure and Privacy-respecting Internet of Things", Proceedings of IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 998-1003, 2012.
  15. S. Keoh, S. Kumar, H. Tschofenig, "Securing the internet of things: A standardization perspective," IEEE Internet of Things Journal, Vol. 1, No. 3, pp. 265-275, 2014. https://doi.org/10.1109/JIOT.2014.2323395
  16. ARM, "Building a Secure System using TrustZone Technology," ARM Security Technology, 2009.
  17. KFTC, "Standard for financial microSD v1.1," 2013.
  18. http://motp.sourceforge.net/
  19. http://kelvin.nu/software/potato/