KR20160134895A - Security communication apparatus of internet of things environment and method thereof - Google Patents

Security communication apparatus of internet of things environment and method thereof Download PDF

Info

Publication number
KR20160134895A
KR20160134895A KR1020150066491A KR20150066491A KR20160134895A KR 20160134895 A KR20160134895 A KR 20160134895A KR 1020150066491 A KR1020150066491 A KR 1020150066491A KR 20150066491 A KR20150066491 A KR 20150066491A KR 20160134895 A KR20160134895 A KR 20160134895A
Authority
KR
South Korea
Prior art keywords
encryption
object device
security
key
key block
Prior art date
Application number
KR1020150066491A
Other languages
Korean (ko)
Other versions
KR101688118B1 (en
Inventor
강남희
문주식
임혁
Original Assignee
주식회사 퓨쳐시스템
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 퓨쳐시스템 filed Critical 주식회사 퓨쳐시스템
Priority to KR1020150066491A priority Critical patent/KR101688118B1/en
Publication of KR20160134895A publication Critical patent/KR20160134895A/en
Application granted granted Critical
Publication of KR101688118B1 publication Critical patent/KR101688118B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

According to the present invention, a secure communication apparatus in an Internet of Things (IoT) environment includes an object device included in the IoT environment and a virtual machine which is built by virtualizing the object device and generating a secure session with the object device through a pre-shared key (PSK). The virtual machine includes a handshake module which executes an authentication operation regarding another object device used as a communication target instead of a handshaking operation and generates a secure key block including an encryption key for encrypting transmission and reception data between the object device and the other object device. The object device includes an encryption/decryption module which transmits and receives data with the other object device by using the secure key block.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a security communication apparatus in an Internet environment,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication device, and more particularly, to a secure communication device and a method thereof in an object internet environment.

As daily-life objects around us connect to the Internet, our lives have changed dramatically. The Internet of Things (IoT) is a paradigm that connects all other devices, including smart devices, to the Internet.

Since most of the devices are embedded in existing objects in case of providing the Internet service of objects by connecting the newly appearing peripheral objects to the Internet, the CPU, memory, Computing resources such as batteries are limited.

In particular, resources such as batteries include maintenance issues, so reducing energy consumption is considered a key factor in reducing the cost of things Internet services and providing a stable service.

In this situation, devices with limited resources are supplied with power depending on the battery, so that the wireless communication network technology (representative: IEEE 802.15.4 (Zigbee)) and the Internet are interlinked so that data can be transmitted with a minimum energy .

Considering the characteristics of a communication environment in which an LLN (Low Power and Lossy Network) environment based on the IEEE 802.15.4 standard is interworked with the Internet through a 6-LowWPAN (Low-Power Wireless Personal Area Network) gateway, It is necessary to design a system considering the situation of LLN environment where resource limitation is more necessary than the Internet which has almost no internet.

Standard protocols such as IPsec, Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) standardized by the IETF are used to provide end-to-end cryptographic transmission of communication subjects in the Internet environment. Especially, among these security protocols, TLS and DTLS are attracting attention for establishing a crypto session between programs running in an end-to-end device of the Internet environment.

The details of the TLS protocol are described in "RFC 5746", and the details of the DTLS protocol are described in "RFC 6347".

In this case, when the TLS or DTLS protocol is applied to the Internet environment of objects, the protocol used in the Internet environment is reused, and thus compatibility can be enhanced. However, since TLS and DTLS protocols are not limited to computing resources and are used in Internet environments with high network performance, objects with limited computing resources such as CPU, memory, and battery. When implementing TLS or DTLS in the Internet environment, There are restrictions.

First, since there is no previously shared security key when the connection between the communication subjects is first, each subject must mutually authenticate with the public key based method and share the security key. The public key based method is compared with the symmetric key based method Since a lot of calculations are required, it is difficult to carry out the CPU and the RAM in a limited lightweight device.

TLS and DTLS determine which algorithm to use when transmitting data through a handshake protocol. Since TLS and DTLS need to implement all known security algorithms, it is necessary to implement various security algorithms in a lightweight device But there is a limitation in the implementation of both.

In order to transmit a large message during data flight in a wireless communication environment adopting the IEEE802.15.4 standard, fragmentation must be performed to 20-30 frames having a maximum transmission frame size of 127 bytes, If a frame is lost, the flight must start again from the beginning, thus degrading network performance.

For this reason, the time required to complete the flight of the handshake in the LLN environment is relatively longer than the time that is performed in the existing Internet system environment, and the data retransmission consumes the battery quickly, thereby deteriorating the quality of the object internet environment.

SUMMARY OF THE INVENTION The present invention has been made in order to solve the above problems, and it is an object of the present invention to provide a lightening device for TLS or DTLS, It is aimed to improve the performance of the Internet environment of objects by performing the virtualization through the built virtual machine.

It is another object of the present invention to enable secure communication between terminal ends of a communication object even if all the modules required for TLS or DTLS protocols are not mounted on a lightening device with limited resources.

According to an aspect of the present invention, there is provided a secure communication device in an Internet environment, including: an object device included in an Internet of Things (IOT) environment; And a virtual machine constructed by virtualizing the object device and forming a security session with the object device through a PSK (Pre Shared Key), wherein the virtual device performs handshaking, And a handshake module for generating a secret key block including an encryption key for encrypting transmission / reception data between the object device and the other object device, the object device comprising: And an encryption / decryption module for transmitting / receiving data to / from the counterpart device by using a security key block.

In the present invention, the virtualization device detects the connection to the object device through the assigned static IP address, tracks the current IP of the object device, and manages connection to the object device by pairing the static IP and the current IP And an object management module for managing the object.

The virtualization apparatus may further include a change cipher spec module for transmitting an encryption initiation command using the encryption key to the encryption / decryption module, and when the encryption / decryption module receives the encryption initiation command, And the transmission / reception data is encrypted using a security key block.

In the present invention, the virtualization device includes an alert module for outputting an error message when an error occurs in data transmission / reception through the secure session with the object device; And a virtual encryption / decryption module (Record Layer) for performing encryption / decryption of the security key block and an authentication result of the third party device.

In the present invention, the virtualization device encrypts the security key block with the PSK.

In the present invention, the handshake module may include a first hello message for confirming communication availability of the third party device, a first authentication message including a response to the first hello message, a certificate of the third party device or a public key, A second authentication message including the certificate of the object apparatus or the key information encrypted with the public key, and an encryption start message informing that the public key is encrypted according to the negotiated security method.

In the present invention, the handshake module may further include a second hello message including a verification request message for the first hello message and verification data for the first hello message to perform handshaking.

In the present invention, the handshake module performs the authentication and security key block generation in a public key based manner, and the encryption / decryption module transmits / receives data in a symmetric key based manner using the security key block.

The virtualization apparatus may further include an object management module that shares the PSK with the object device when the object device is network-registered.

In the present invention, the security key block may include at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification.

In the present invention, the object device transmits the data encrypted using the encryption algorithm and the encryption key for encryption to the other object, or transmits the integrity value generated using the integrity algorithm and the security key for integrity verification to the object device And transmits it to the other device.

According to an aspect of the present invention, there is provided a secure communication method in an Internet environment of objects, which comprises: a virtualization device constructed by virtualizing an object device included in an Internet of Things (IOT) environment; a handshaking Performing authentication for a third party device to be a communication target; Generating a security key block including an encryption key for encrypting transmission / reception data between the object device and the other object device after the authentication is completed; And transmitting and receiving data encrypted by the object device using the secret key block to and from the other object device.

The method may further include encrypting the security key block with a PSK (Pre Shared Key) and transmitting the encryption key block to the object device after the step of generating the security key block.

The method may further include transmitting an encryption initiation command using the encryption key after the step of generating the security key block, and when the encryption initiation command is received, encrypting the transmission / reception data using the security key block .

In the present invention, the step of performing the authentication may include: a first hello message for confirming whether or not the communication of the other object device is possible; a response message for the response to the first hello message, 1 authentication message; And transmitting and receiving a second authentication message including the certificate of the object apparatus or the key information encrypted with the public key, and an encryption initiation message informing that the public key is encrypted according to the negotiated security method.

The step of performing authentication in the present invention may further include transmitting and receiving a second hello message including a verification request message for the first hello message and verification data for the first hello message, .

In the present invention, the step of performing the authentication and the step of generating the secure key block are performed in a public key based manner, and the transmitting and receiving step is performed in a symmetric key based manner.

The present invention is characterized by further comprising the step of constructing the virtualization device to share the PSK with the object device at the time of network registration of the object device before performing the authentication.

The transmitting and receiving may include transmitting data encrypted using an encryption algorithm included in the security key block and a security key for encryption to the counterpart device; Or transmitting the data encrypted using the integrity algorithm and the security key for integrity verification included in the security key block to the counterpart device.

According to the present invention, in a process of establishing a security session for a lightening device of the object Internet environment, operations requiring relatively more resources, such as handshaking, are performed through a virtualization device that is built in advance in response to the lightening device, The performance of the environment can be improved.

Further, according to the present invention, there is an effect that secure communication can be securely performed between end points of communication without installing all TLS or DTLS protocols in a lightweight device having limited resources.

In addition, according to the present invention, there is no need for the weight saving device to transmit many messages of handshaking required for establishment of secure communication, so that the power required for data transmission is reduced, and the light- It is effective.

1 is a view schematically showing the configuration of a secure communication apparatus in an object Internet environment according to the present embodiment.
2 is a diagram schematically illustrating a configuration of a virtualization apparatus according to an embodiment of the present invention for communication based on TLS or DTLS protocol.
FIG. 3 is a diagram schematically illustrating a configuration of a device for communicating based on a TLS or DTLS protocol according to an embodiment of the present invention; FIG.
FIG. 4 is a flowchart illustrating a handshaking process between two virtual machines in an object Internet environment according to the present embodiment.
5 is a flowchart illustrating an implementation procedure of a security session opening method between two lightweighting devices in an Internet environment of objects according to the present embodiment.
FIG. 6 and FIG. 7 are flowcharts illustrating an implementation procedure of a security session establishment method between one lightweight device and one server in the Internet environment of objects according to the present embodiment.

It should be noted that, in the specification of the present invention, the same reference numerals as in the drawings denote the same elements, but they are numbered as much as possible even if they are shown in different drawings.

Meanwhile, the meaning of the terms described in the present specification should be understood as follows.

The word " first, "" second," and the like, used to distinguish one element from another, are to be understood to include plural representations unless the context clearly dictates otherwise. The scope of the right should not be limited by these terms.

It should be understood that the terms "comprises" or "having" does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

It should be understood that the term "at least one" includes all possible combinations from one or more related items. For example, the meaning of "at least one of the first item, the second item and the third item" means not only the first item, the second item, or the third item, but also the first item, the second item, Means a combination of all items that can be presented from two or more of them.

First, before explaining embodiments of the present invention in detail, an object Internet environment to which the present invention is applied will be briefly described.

Internet of Thing (IoT) means that each object capable of wireless communication is connected and intelligent communication is performed. The Internet is characterized by heterogeneous interconnection networks such as various sensors and mobile devices. Because of this feature, various private standards are created and implemented for each object device by manufacturer, making it difficult to interoperate smoothly between different kinds of devices. Therefore, in order to implement the true object Internet concept, a unified standard platform that is independent of the characteristics of the manufacturer or object device is needed.

To solve these problems, the concept of Web of Things (WoT), which integrates all objects into the Web, has been proposed. In the IETF Constrained Restful Environment (CoRE) working group, we are standardizing a lightweight web protocol called Constrained Application Protocol (CoAP) as a way of standardizing message transmission in the WoT environment. CoAP is a protocol for providing web services in a constrained environment such as sensor, and it is based on Representational State Transfer (REST) format like HTTP.

In addition, in the transmission technology for lightweight Internet devices, IETF standardizes CoAP and OASIS MQTT. CoAP uses UDP and MQTT uses TCP as a socket protocol. Therefore, DTLS, a cryptographic session protocol for UDP and TLS, a cryptographic session protocol for TCP, are considered in the Internet environment of objects.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.

FIG. 1 is a diagram schematically illustrating a configuration of a secure communication apparatus in an object Internet environment according to an embodiment of the present invention. FIG. 2 is a diagram illustrating a configuration of a virtualization apparatus according to an embodiment of the present invention for communication based on TLS or DTLS protocol FIG. 3 is a diagram schematically showing a configuration of a device for communicating based on a TLS or DTLS protocol according to an embodiment of the present invention. Referring to FIG.

As shown in FIG. 1, the network of the object Internet environment is largely divided into an LLN (Low-Power and Lossy Network) area and an Internet (Internet) area, and the secure communication device in the object- A first object device 10 and a second object device 20 corresponding to a lightening device operating in the area, a router 30 interlinking an LLN environment and an Internet environment through a 6LowPAN gateway, and a first object device 10, A first virtual machine 11 and a second virtual machine 21 are constructed corresponding to the first and second object devices 20 and 20, respectively.

The first and second weir devices 10 and 20 may be sensors included in the object Internet environment or may include a wireless sensor having mobility.

The object Internet environment according to the present embodiment may include one or more object devices and one or more virtual devices corresponding to the object devices. Hereinafter, a communication situation between two lightweight objects will be described. Particularly, since the first and second virtual web browsers 10 and 20 have substantially the same configuration as the second virtual web browsers 21 and 21, Only the configuration of the first virtualization device 11 will be described.

Referring to FIG. 2, the first virtualization device 11 according to the present embodiment includes a handshake module 11b to perform handshaking of the first object device 10, It is possible to authenticate the twin appliance 20 and generate a security key block including an encryption key for encrypting transmission / reception data between the first and second object devices 10 and 20. [

That is, in order to perform secure communication using the TLS or DTLS protocol, it is necessary to perform a process of generating an authentication and a security key block for a communication partner through handshaking. Since this operation requires a lot of resources, The first virtualization device 11 of the first virtualization device 11 may perform handshaking in place of the object devices 10 and 20 including the handshake module 11b.

3, the first object device 10 includes an encryption / decryption module 10b, and the encryption / decryption module 10b encrypts the second virtual device 11 using a security key block generated through the first virtualization device 11, It is possible to encrypt or decrypt transmission / reception data with the object apparatus 20. [

As described above, in the present embodiment, since the handshaking is performed through the first virtual machine 11, the second object apparatus 20 (20) can perform the handshaking without degrading the network through the first object apparatus 10, ) And secure communication is possible.

FIG. 4 is a flowchart illustrating a handshaking process between two virtual machines in an object Internet environment according to the present embodiment.

Referring to FIG. 4, when the first virtualization device 11 and the second virtualization device 21 perform handshaking through the DTLS protocol, the first virtualization device 11 and the second virtualization device 11 may perform the handshaking through the DTLS protocol. The second virtualization device 21 exchanges six flights (S1 to S6).

That is, the first virtual machine 11 and the second virtual machine 21 are connected to each other via a first hello message for confirming whether or not the communication between the object devices 10 and 20 as communication partners is possible, A first hello message including a verification request message for the hello message, a second hello message including verification data for the first hello message, a response to the second hello message, and a first certificate including the certificate or public key of the object device 10, And performs a handshaking through transmission / reception of an encryption initiation message informing that the second authentication message including the authentication message and the certificate of the object device 10, 20 or the key information encrypted with the public key is encrypted with the negotiated security method .

Specifically, assuming that the first virtualization device 11 requests the second virtualization device 21 for handshaking, the first virtualization device 11 first confirms whether or not the second object device 20 can communicate The second virtualization device 21 transmits a first hello message to the second virtualization device 21 in response to the first hello message to respond to a denial of service attack, (HelloVerifyRequest) (S2).

Then, the first virtualization device 11 transmits the second hello message including the verification data for the first hello message to the second virtualization device 21 (S3), and the second virtualization device 21 transmits the second hello message to the second virtualization device 21 (Hello message) for confirming whether or not communication of the first object apparatus 10 is possible in response to the second hello message (S4-1).

Then, the second virtualization device 21 transmits a certificate to the first virtualization device 11 (S4-2) for authentication to the second object device 20 (S4-2) The second virtual appliance 21 sends a second object appliance key exchange (second object appliance KeyExchange) message to the first virtual appliance 11 (if the second object appliance 20 does not have a certificate or the certificate is for signing only) (S4-3) and request a certificate (Certificate Request) of the first object apparatus 10 to confirm whether the first object apparatus 10 is a trustworthy object (S4-4).

Then, the second virtualization device 21 transmits a second object appliance hello completion (second object appliance HelloDone) message indicating that the message transmission is completed (S4-5).

Next, the first virtualization device 11 selects one of the certificates stored according to the request of the second virtualization device 21 and transmits the selected certificate to the second virtualization device 21 (S5-1) (The first object device KeyExchange) to be used for the key exchange (S5-2), encrypts the secret key included in the certificate of the first object device 10 and the signature signed by the private key of the first object device 10 Value (CertificateVerify) to the second virtualization device 21 (S5-3).

(ChangeCipherSpec, Finished) (S5-4, S5-5), and the second virtual machine 21 notifies the second virtual machine 21 that the negotiated security method will be applied The first object device 10 is verified by decrypting the signature value of the first object device 10 using the public key included in the first certificate and if the first object device 10 is determined to be legitimate, S5-4, and S5-5 (ChangeCipherSpec, Finished) (S6-1, S6-2).

In the case where the first virtualization device 11 and the second virtualization device 21 handshake through the TLS protocol, the above-described process uses the DTLS protocol. In the case where the first virtualization device 11 and the second virtualization device 21 handshake through the TLS protocol, And performs authentication and security key block generation for the counterpart apparatuses 10 and 20.

In addition, the first virtualization device 11 further includes a change cipher spec module 11c so that, after completion of the above-described handshaking, an encryption start command using the encryption key included in the security key block is transmitted to the first object device To the encryption / decryption module 10b of the encryption / decryption module 10, and the encryption / decryption module 10b encrypts the transmission / reception data using the corresponding security key block when receiving the encryption initiation command.

The first virtualization device 11 includes an alert module 11d for outputting an error message when an error occurs in data transmission / reception through the secure session with the first apparatus 10, And a virtual encryption / decryption (Record layer) module 11e for performing encryption or decryption on the authentication result and the security key block.

In addition, in the present embodiment, the first object device 10 and the first virtual device 11 are connected to an application module (application module) for transferring application layer data to the encryption / decryption module 10b or the virtual encryption / decryption module 11e 10a, and 11a, respectively.

As described above, in the present embodiment, since the first virtual machine 11 constructed by virtualizing the first object device 10 includes all the modules substantially required for the secure communication, the first object device 10 can acquire the second But may be implemented using limited resources including only modules necessary for encrypting or decrypting transmission / reception data itself with the object device 20.

To this end, in the present embodiment, when the first object device 10 or the second object device 20 is registered in the network, the first virtual device having the same operating system as each of the object devices 10 and 20 11 and the second virtualization device 21 are constructed.

That is, when the user wishes to use the new object devices 10 and 20 for the first time in the object internet environment, the object devices 10 and 20 must be registered in the object internet environment. In this embodiment, 10 and 20 are registered in the network, the virtual devices 11 and 21 corresponding to the object devices 10 and 20 are built in advance in the cloud.

Specifically, in the present embodiment, a virtualization device can be constructed through various known or otherwise unknown methods, and this is not a core part of the present embodiment, so a detailed description of the implementation process will be omitted.

In this embodiment, each time a new object device 10 or 20 is registered in the object Internet environment, the virtual device 11 or 21 corresponding to the object device 10 or 20 is constructed, while the object device 10 20 and the virtual machines 11, 21 by setting the respective PSKs (Pre-Shared Key) in the virtual machines 11, 21 corresponding to the virtual machines 11, Open.

In other words, it is possible to form a separate session for communication with each of the virtual devices 11 and 21 in addition to the end-to-end communication session between the first and second object devices 10 and 20 described later.

Therefore, the virtual encryption / decryption module 11e can encrypt the security key block generated by the handshake module 11b with the PSK shared with the first object device 10 and transmit the encrypted PSK to the first object device 10. [

As described above, in the present embodiment, since the PSK is set when the virtual machines 11 and 21 are constructed, the object devices 10 and 20 need not perform a complicated process of generating the secret keys, 20 and the virtualization devices 11, 21 are enabled.

On the other hand, since the first virtualization device 11 and the second virtualization device 21 are respectively installed in the cloud and are relatively unlimited in resource utilization, authentication and authentication of the counterpart devices 10 and 20 are performed in a public key- You can perform security key block generation.

That is, since the public key based method requires more computation than the symmetric key based method, it is difficult to perform the operations in the object devices 10 and 20 having limited resources such as the CPU and the RAM. Therefore, in this embodiment, It is possible to generate an authentication and security key block for the object devices 10 and 20 to be initially connected through the less restrictive first virtualization device 11 and the second virtualization device 21. [

Specifically, the first virtual device 11 and the second virtual device 21 generate an authentication and security key block through handshaking shown in FIG. 4, and transmit the generated security key block to the first object device 10 and the second object apparatus 20, respectively.

At this time, since the virtualization devices 11 and 21 encrypt the security key block with the PSK shared with the object devices 10 and 20 corresponding to each other and transmit the encrypted security key block to the corresponding object devices 10 and 20, The first object device 10 and the second object device 20 share the same security key block.

The first and second object devices 10 and 20 exchange encrypted data using the security key block received from the virtual devices 11 and 21, respectively.

At this time, since the first and second object devices 10 and 20 have acquired the same security key block as described above, it is possible to establish a security session based on a symmetric key-based scheme rather than a public key-based scheme.

The virtualization devices 11 and 21 in the present embodiment manage various information such as an ID, an owner, and a firmware version for each of the object devices 10 and 20 in order to proxy the object devices 10 and 20 And a thing-and-equipment management module 11f.

The object device management module 11f stores the integrity verification values (HMAC (f / W, PSK)) for verifying the firmware integrity of the first object device 10, Since the management module stores the firmware integrity verification value of the second object device 20, the first virtual device 11 and the second virtual device 21 can confirm the integrity of each of the object devices 10 and 20 by handshaking Can be verified.

Specifically, the virtualization devices 11 and 21 request a verification value including an identifier (ID d), a random number (RN), time and spatial information (TS) of the corresponding object devices 10 and 20, And receives verification values as shown in Equation (1) from each of the object devices (10, 20).

Figure pat00001

In the equation (1), Hash is an algorithm for receiving inputs of various sizes and mapping them to fixed size data, RN is a random number, ∥ is a bit concatenation operator, TS is time and spatial information, HMAC (f / W, PSK) Means integrity verification value keyed hash of firmware (f / W) using PSK.

In the present embodiment, the integrity value of each of the object devices 10 and 20 is generated through the HMAC method. However, the integrity value is not limited thereto. Therefore, an Integrity Check Value (ICV), a Cipher MAC (CMAC) Or a verification value according to various methods not described in the above may be used.

In addition, the above-described object apparatus management module 11f may manage the connection to the first object apparatus 10. That is, when the first object device 10 is a object device of the type held by the user, the first virtual device 11 needs to manage the communication access information of the first object device 10 that changes according to the movement of the user.

In particular, the first object apparatus 10 actually existing in the physical space receives a connection request from the outside through a URL (Uniform Resource Locator) (for example, coap: //myhome.com/sensor1) It is difficult to map the corresponding URL since it uses the private IP or the IP which is frequently changed due to the mobility. Therefore, in the present embodiment, the object device management module 11f of the first virtual device 11 installed in the cloud environment Manages the connection to the first object device 10 using the fixed IP assigned from the cloud service provider.

Specifically, in the present embodiment, the URL is mapped to a static IP allocated to the first virtual device 11, and the object device management module 11f uses the fixed IP to map the first object device 10 existing in the physical space, Lt; / RTI >

The object device management module 11f continuously tracks the current IP of the first object device 10 and pairs the fixed IP and the current IP of the first object device 10 to connect the first object device 10 to the first object device 10 Can be managed.

That is, when the first virtual appliance 11 requests opening of the security session from the second object appliance 20, the first virtual appliance 11 can track the paired current IP and notify the first object appliance 10 of the request.

For example, when the second virtualization device 21 requests opening of a security session with the first object device 10 in response to a request from the second object appliance 20, the second virtualization device 21 transmits, The first virtualization device 11 requests the communication via the URL mapped to the static IP of the first virtualization device 11, so that the first virtualization device 11 actually receives the security session establishment request. Then, the first virtualization device 11 notifies the first object device 10 of the request for opening a secure session through the current IP of the first object device 10 paired with the fixed IP.

In addition, in the present embodiment, when the first object device 10 periodically or changes in the IP so that the first virtual appliance 11 can continuously track the current IP of the first object device 10, IP may be reported to the first virtualization device 11.

In addition, when the first object device 10 is requested to open a security session from the second object device 20, when the first object device 10 is in a sleep state, the first virtual device 11 uses a virtual proxy function, The first object device 10 may transmit the first object device 10 to the second object device 20 (substantially the second virtual device) Can be opened.

In this embodiment, the security key block generated through the handshaking between the first virtual machine 11 and the second virtual machine 21 includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, One.

The first object device 10 encrypts the data using the encryption algorithm of the secure key block and the encryption key for encryption received from the first virtual device 11 and transmits the encrypted data to the second object device 20, The second object device 20 transmits the integrity value of the corresponding data to the second object device 20 using the algorithm and the security key for integrity verification and the second object device 20 transmits the same security key block as the first object device 10 It is possible to receive the encrypted data from the first object device 10 using the second data and confirm the integrity of the data.

Particularly, in this embodiment, the first and second object apparatuses 10 and 20 are feature apparatuses included in Class 0 or Class 1 defined by the IETF.

Objects Because the Internet environment includes various heterogeneous devices, the range of services that can be provided depending on the resource constraints of each device and the security factors to be considered may vary. Therefore, in the Light-Weight Implementation Guidance (LWIG) working group of the IETF standardization organization, devices constituting the Internet environment of objects are classified into Class 0 to Class 2 according to the limited degree of resources.

In particular, Class 0 is the most resource-constrained device and it is difficult to install encryption algorithm. Class 1 is a device that can be equipped with lightweight cryptographic algorithm. It is a device that has memory less than 10KiB and maximum loadable code size is 100KiB or less. .

That is, in this embodiment, the virtualization device is constructed in the cloud so as to correspond to each object device in the object Internet environment including the object device included in the Class 0 or Class 1 resource constrained.

As described above, in the object Internet environment according to the present embodiment, when a lightweight device such as the first object device 10 or the second object device 20 requires a large amount of resources to perform directly, or a complicated handshaking is performed in the cloud 1 virtualization device 11 and the second virtualization device 21, the protocol such as TLS or DTLS can be directly applied to the Internet without affecting the network performance.

Since the first and second object devices 10 and 20 open a security session directly using the security key block received from the virtual devices 11 and 21, It can be the subject of decryption.

In the above description, a secure session is established between the first object device 10 and the second object device 20 operating in the LLN area of the object Internet environment, but the present invention is not limited thereto.

That is, not only a case where both the first and second object devices 10 and 20 operate in the LLN area, but also a server in which an object device in the LLN area operates in the Internet area, The present invention can also be applied to a case of communicating with a device.

Specifically, if the first object-oriented apparatus 10 is a lightening device of the LLN area and establishes a security session with a server (not shown) of the Internet area, since the server has sufficient computing capability, it is unnecessary to construct a separate virtualization apparatus. The first virtual machine 11 performs authentication and security key block creation directly with the server in response to the request for opening the secure session of the one-object machine 10, and the first object machine 10 uses the generated secret key block You will be able to communicate with the server.

5 is a flowchart illustrating an implementation procedure of a security session opening method between two lightweighting devices in an Internet environment of objects according to the present embodiment.

As shown in FIG. 5, the first object device 10 requests the first virtual device 11 to open a security session for the second object device 20, which is a target of secure communication (S10).

Particularly, in the present embodiment, the first virtual machine 11 is constructed in the cloud and the encrypted communication between the first object machine 10 and the first virtual machine 11 is performed in the network registration of the first object device 10 The first object device 10 encrypts data including the above-mentioned request in the first PSK and transmits the encrypted data to the first virtual device 11. [

The first virtualization device 11 decrypts the encrypted data of the first object device 10 by using the first PSK shared with the first object device 10 and creates a secure session with the second virtual device 21. [ (S20).

At this time, the first virtualization device 11 requests the second object device 20 to establish a security session at the request of the first object device 10, but the fixed IP of the lightweight device according to the present embodiment is connected to the virtual device Respectively.

Therefore, the fixed IP of the second object appliance 20 is allocated to the second virtualization appliance 21, so that the second virtual appliance 21 requests the establishment of the secure session.

Then, the second virtualization device 21 notifies the second object device 20 that the security session establishment request has been received (S30).

Likewise, when the second virtual machine 21 is installed in the cloud and the second PSK for encrypted communication between the second object machine 20 and the second virtual machine 21 is established The second object NW 20 encrypts the data including the above-mentioned information in the second PSK and transmits it to the second object NW 20.

Then, when the security session is opened from the second-party object apparatus 20 (S40), the first virtualization apparatus 11 and the second virtualization apparatus 21 establish a security session.

Specifically, the first virtual device 11 and the second virtual device 21 perform authentication and security key block generation for the counterpart devices 10 and 20 (S50) The second virtualization device 21 performs the authentication and security key block generation in a public key based manner.

In other words, the first virtualization device 11 and the second virtualization device 21 have not shared the security key in advance, and the mutual authentication and the security key block must be created using the public key based method. However, And the second virtualization device 21 are constructed in the cloud and relatively limited resources such as the first object device 10 and the second object device 20 are relatively small, Authentication and security key block generation can be performed on the object devices 10 and 20 attempting to access for the first time through the public key based method.

In addition, the first virtual device 11 and the second virtual device 21 perform authentication and security key block generation in the above-described step S50 through handshaking.

The first virtualization device 11 and the second virtualization device 21 encrypt the generated security key block with each PSK and transmit them to the first and second object devices 10 and 20 respectively ).

Next, each of the first and second object devices 10 and 20 establishes an end-to-end security session using the received security key block as a subject of encryption / decryption.

Specifically, since the security key block according to the present embodiment includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification, the first object device 10 may include an encryption algorithm and a security key for encryption And transmits the integrity value to the second object apparatus 20 by using the integrity algorithm and the security key for integrity verification, and transmits the integrity value to the second object apparatus 20 (S70) A security session is established between the device 10 and the second object apparatus 20. [

FIG. 6 and FIG. 7 are flowcharts illustrating an implementation process of a secure communication method between one lightweight device and one server in the Internet environment of objects according to the present embodiment.

That is, as described above, the secure communication method in the object Internet environment according to the present embodiment is not applied only to the communication between the light-weighting devices, and thus can be applied to the case where the light-weighting device communicates with the server.

6 shows a case where the first object device 10 corresponding to the LLN area lightening device requests opening of a secure session to a server in the Internet area, and FIG. 7 shows a case where a server in the Internet area is connected to the lightening device in the LLN area And a request to open the security session with the corresponding first object-oriented apparatus 10 is shown.

Referring to FIG. 6 in which the first object-facing apparatus 10 requests the server to open a security session, the first object apparatus 10 transmits a security session to the first virtualization apparatus 11 (S110).

Particularly, in the present embodiment, the first virtual machine 11 is constructed in the cloud and the encrypted communication between the first object machine 10 and the first virtual machine 11 is performed in the network registration of the first object device 10 The first object device 10 encrypts data including the above-mentioned request in the first PSK and transmits the encrypted data to the first virtual device 11. [

The first virtualization device 11 decrypts the encrypted data of the first object device 10 using the first PSK shared with the first object device 10 and requests the server to open a secure session (S120) .

When the server approves such a request, the first virtualization device 11 and the server establish a security session.

Specifically, the first virtual machine 11 and the server perform mutual authentication and security key block generation (S130). In particular, the first virtual machine 11 and the server generate authentication and secure key block Can be performed.

Then, the first virtual machine 11 encrypts the generated security key block with the first PSK and transmits it to the first object device 10 (S140).

Next, the first object device 10 and the server use the corresponding security key block to establish an end-to-end security session as a subject of encryption / decryption, respectively.

Specifically, since the security key block according to the present embodiment includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification, the first object device 10 may include an encryption algorithm and a security key for encryption And the integrity value is generated using the integrity algorithm and the security key for integrity verification and transmitted to the server (S70), thereby establishing a security session between the first object device 10 and the server .

In the above description, a configuration that operates without limitation of resources in the Internet domain has been described as a server. However, the present invention is not limited thereto, and thus any object that operates without limitation of resources in the Internet domain such as a web client may be included.

Referring to FIG. 7 in which the server requests the establishment of a secure session with the first object device 10, the server transmits a security session to the first object device 10 as a target of the secure communication with the first virtual device 11 (S210).

The first virtual machine 11 then notifies the first object device 10 that the security session establishment request has been received (S220).

Particularly, in the network registration of the first object-oriented apparatus 10, the first virtualization apparatus 11 is constructed in the cloud, and the first PSK 10 for the encrypted communication between the first object apparatus 10 and the first virtualization apparatus 11 The first object device 10 encrypts the data including the above-mentioned guidance in the first PSK and transmits the encrypted data to the first object device 10.

In this case, when the first virtual machine 11 is requested to open a security session from the server, the first virtual machine 11 can transmit a preset response to the server using the virtual proxy function when the first object device 10 is in a sleep state .

On the other hand, when a security session is opened from the first object apparatus 10 in a wake state (S230), the server and the first virtualization apparatus 11 establish a security session.

Specifically, the server and the first virtualization device 11 perform authentication and security key block generation with respect to each other (S240). In particular, the server and the first virtualization device 11 generate an authentication and secure key block Can be performed.

Then, the first virtual machine 11 encrypts the generated security key block with the first PSK and transmits the encrypted first key block to the first object device 10 (S250).

Next, the server and the first object device 10 establish an end-to-end security session as a subject of encryption / decryption using the received security key block.

Specifically, since the security key block according to the present embodiment includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification, the server encrypts data using an encryption algorithm and a security key for encryption The first object device 10 transmits the integrity value to the first object device 10 and the integrity value is generated using the integrity algorithm and the security key for integrity verification to transmit the integrity value to the first object device 10 in step S260, A security session is established.

According to the present embodiment, in a process of opening a security session for a lightening device of the object Internet environment, an operation requiring relatively more resources, such as handshaking, is performed through a virtualization device previously constructed corresponding to the lightening device, The performance of the Internet environment can be improved.

Further, according to the present embodiment, it is possible to securely perform secure communication between end points of communication without installing all of the TLS or DTLS protocols in a light-weighting device with limited resources.

In addition, according to the present embodiment, since the weight saving device does not need to transmit many messages of the handshaking required for establishing secure communication, the power required for data transmission is reduced, so that the light- There is an effect.

It will be understood by those skilled in the art that the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof.

It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.

10: First object apparatus 10a: Application module
10b: an encryption / decryption module 11: a first virtualization device
11a: Application module 11b: Handshake module
11c: Encryption start module 11d: Alarm module
11e: Virtual encryption / decryption module 11f: Object device management module
20: second object apparatus 21: second virtualization apparatus
30: Router

Claims (19)

Object devices included in the Internet of Things (IoT) environment; And
And a virtual machine constructed by virtualizing the object device and forming a security session with the object device through a PSK (Pre Shared Key)
The virtualization device authenticates the other object to be communicated on behalf of the handshaking, and includes a security key block including an encryption key for encrypting transmission / reception data between the object device and the other object device The handshake module comprising:
Wherein the object device comprises an encryption / decryption module for transmitting / receiving data to / from the counterpart device using the security key block. The method according to claim 1,
The virtualization device senses connection to the object device via the assigned static IP and tracks the current IP of the object device to pair the static IP and the current IP to manage the connection to the object device And a management module for managing the security of the object. The virtualization apparatus according to claim 1,
Further comprising a change cipher spec module for transmitting an encryption initiation command using the encryption key to the encryption decryption module, wherein the encryption decryption module, when receiving the encryption initiation command, And encrypting the encrypted data. The apparatus of claim 1, wherein the virtualization device
An alert module for outputting an error message when an error occurs in data transmission / reception through the secure session with the object device; And
And a virtual encryption / decryption module (Record Layer) for encrypting or decrypting the security key block according to an authentication result of the third party device. The method according to claim 1,
Wherein the virtualization device encrypts the security key block with the PSK. The method according to claim 1,
The handshake module includes a first hello message for confirming whether or not communication of the third party device is possible, a first authentication message including a response to the first hello message, a certificate of the third party device or a public key, A second authentication message including a certificate of the public key, a second authentication message including a certificate of the public key, or a key information encrypted with the public key, and an encrypting start message indicating that the encryption is to be performed using the negotiated security method. . The method according to claim 6,
Wherein the handshake module further comprises a second hello message including a verification request message for the first hello message and verification data for the first hello message to perform handshaking, Communication device. The method according to claim 1,
Wherein the handshake module performs the authentication and security key block generation in a public key based manner and the encryption and decryption module transmits and receives data in a symmetric key based manner using the security key block. Secure communication device. The method according to claim 1,
Wherein the virtualization device further comprises a object device management module that shares the PSK with the object device when the object device is registered in the network. The method according to claim 1,
Wherein the secure key block includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, or a security key for integrity verification. 11. The method of claim 10,
Wherein the object device transmits the data encrypted using the encryption algorithm and the encryption key for encryption to the other object device or transmits the integrity value generated using the integrity algorithm and the integrity key for verification to the other object device To the secure communication device in the Internet environment. The virtualization device constructed by virtualizing object devices included in the Internet of Things (IoT) environment performs authentication for other objects to be communicated by performing handshaking;
Generating a security key block including an encryption key for encrypting transmission / reception data between the object device and the other object device after the authentication is completed; And
Transmitting and receiving data encrypted by the object device using the secret key block to the other object device
A method for secure communication in an Internet environment. 13. The method of claim 12,
Further comprising encrypting the security key block with a PSK (Pre Shared Key) and transmitting the encrypted secret key block to the object device after the step of generating the security key block. 13. The method of claim 12,
Further comprising the step of transmitting an encryption initiation command using the encryption key after the step of generating the security key block, wherein when the encryption initiation command is received, the transmission / reception data is encrypted using the security key block A method of secure communication in an Internet environment. 13. The method of claim 12, wherein performing the authentication comprises:
A first authentication message including a first hello message for confirming whether communication of the third party device is possible, a response to the first hello message, and a certificate or public key of the third party device; And
Transmitting and receiving an encryption initiation message informing that the second authentication message including the certificate of the object device or the key information encrypted with the public key is encrypted with the negotiated security method
The method comprising the steps of: 16. The method of claim 15, wherein performing the authentication comprises:
Further comprising transmitting and receiving a second hello message including a verification request message for the first hello message and verification data for the first hello message. 13. The method of claim 12,
Wherein the step of performing the authentication and the step of generating the secure key block are performed in a public key based manner, and the transmitting and receiving step is performed in a symmetric key based manner. 13. The method of claim 12,
Further comprising the step of constructing the virtualization device to share a PSK with the object device at the time of network registration of the object device before performing the authentication. 13. The method of claim 12,
The transmitting and receiving step includes transmitting data encrypted using an encryption algorithm included in the security key block and a security key for encryption to the counterpart device; or
And transmitting the encrypted data using the integrity algorithm included in the secure key block and the security key for integrity verification to the counterpart device.
KR1020150066491A 2015-05-13 2015-05-13 Security communication apparatus of internet of things environment and method thereof KR101688118B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150066491A KR101688118B1 (en) 2015-05-13 2015-05-13 Security communication apparatus of internet of things environment and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150066491A KR101688118B1 (en) 2015-05-13 2015-05-13 Security communication apparatus of internet of things environment and method thereof

Publications (2)

Publication Number Publication Date
KR20160134895A true KR20160134895A (en) 2016-11-24
KR101688118B1 KR101688118B1 (en) 2016-12-22

Family

ID=57705515

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150066491A KR101688118B1 (en) 2015-05-13 2015-05-13 Security communication apparatus of internet of things environment and method thereof

Country Status (1)

Country Link
KR (1) KR101688118B1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20180062714A (en) * 2016-12-01 2018-06-11 단국대학교 산학협력단 BLE Communication based Scanning Device and Method for Enhancing Security of IoT Devices
KR20190021022A (en) * 2017-08-22 2019-03-05 덕성여자대학교 산학협력단 Method for setting secure key between lightweight devices in internet of things using different secure strength and different out-of-band channel
KR20190030317A (en) * 2017-09-14 2019-03-22 숭실대학교산학협력단 IoT Security System Based on the BlockChain and Security Method thereof
KR20190084171A (en) * 2017-12-22 2019-07-16 단국대학교 산학협력단 Dtls based end-to-end security method for internet of things device
KR20200142243A (en) * 2019-06-12 2020-12-22 아주대학교산학협력단 Communication terminal, communication system, and managing method for secure data of the same
KR102236761B1 (en) 2020-12-22 2021-04-06 주식회사 유니온플레이스 Internet of things device, and system and method of managing internet of things devices
WO2021177504A1 (en) * 2020-03-06 2021-09-10 주식회사그린존시큐리티 Device for securing data transmission of iot device, and method therefor
KR102348449B1 (en) * 2020-07-08 2022-01-10 한국전력공사 Internet of things device and operating method thereof

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101994146B1 (en) 2017-09-08 2019-06-28 충남대학교산학협력단 Key Management Method for IoT Data Security in Cloud Computing

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003179592A (en) * 2001-12-12 2003-06-27 Sony Corp Network system, device and method for processing information, recording medium and program
JP2013077900A (en) * 2011-09-29 2013-04-25 Oki Electric Ind Co Ltd Security processing proxy system, communication device, proxy device, communication program and security processing proxy program
JP2014147039A (en) * 2013-01-30 2014-08-14 Oki Electric Ind Co Ltd Cryptocommunication device, proxy server, cryptocommunication system, cryptocommunication program and proxy server program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003179592A (en) * 2001-12-12 2003-06-27 Sony Corp Network system, device and method for processing information, recording medium and program
JP2013077900A (en) * 2011-09-29 2013-04-25 Oki Electric Ind Co Ltd Security processing proxy system, communication device, proxy device, communication program and security processing proxy program
JP2014147039A (en) * 2013-01-30 2014-08-14 Oki Electric Ind Co Ltd Cryptocommunication device, proxy server, cryptocommunication system, cryptocommunication program and proxy server program

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20180062714A (en) * 2016-12-01 2018-06-11 단국대학교 산학협력단 BLE Communication based Scanning Device and Method for Enhancing Security of IoT Devices
KR20190021022A (en) * 2017-08-22 2019-03-05 덕성여자대학교 산학협력단 Method for setting secure key between lightweight devices in internet of things using different secure strength and different out-of-band channel
KR20190030317A (en) * 2017-09-14 2019-03-22 숭실대학교산학협력단 IoT Security System Based on the BlockChain and Security Method thereof
KR20190084171A (en) * 2017-12-22 2019-07-16 단국대학교 산학협력단 Dtls based end-to-end security method for internet of things device
KR20200142243A (en) * 2019-06-12 2020-12-22 아주대학교산학협력단 Communication terminal, communication system, and managing method for secure data of the same
WO2021177504A1 (en) * 2020-03-06 2021-09-10 주식회사그린존시큐리티 Device for securing data transmission of iot device, and method therefor
KR102348449B1 (en) * 2020-07-08 2022-01-10 한국전력공사 Internet of things device and operating method thereof
KR102236761B1 (en) 2020-12-22 2021-04-06 주식회사 유니온플레이스 Internet of things device, and system and method of managing internet of things devices
US11880691B2 (en) 2020-12-22 2024-01-23 Unionplace Co., Ltd. Internet of things (IoT) device, IoT device management system, and method for managing IoT device

Also Published As

Publication number Publication date
KR101688118B1 (en) 2016-12-22

Similar Documents

Publication Publication Date Title
KR101688118B1 (en) Security communication apparatus of internet of things environment and method thereof
US10601594B2 (en) End-to-end service layer authentication
Keoh et al. Securing the internet of things: A standardization perspective
US10880294B2 (en) End-to-end authentication at the service layer using public keying mechanisms
Bonetto et al. Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples
Heer et al. Security Challenges in the IP-based Internet of Things
Hummen et al. Delegation-based authentication and authorization for the IP-based Internet of Things
KR102095893B1 (en) Service processing method and device
US10542570B2 (en) System and method for relaying data over a communication network
CN110191052B (en) Cross-protocol network transmission method and system
KR100948604B1 (en) Security method of mobile internet protocol based server
WO2023083170A1 (en) Key generation method and apparatus, terminal device, and server
JP5464232B2 (en) Secure communication system and communication apparatus
Sethi et al. Secure and low-power authentication for resource-constrained devices
Trabalza et al. INDIGO: Secure CoAP for Smartphones: Enabling E2E Secure Communication in the 6IoT
CN114245332A (en) DTLS connection establishment method and system of Internet of things equipment
CN115567195A (en) Secure communication method, client, server, terminal and network side equipment
Revathi Protocols for secure Internet of Things
Abdelmoneem et al. Mobility-enabled authentication scheme for IoT architecture
CN115801388B (en) Message transmission method, device and storage medium
US20230308868A1 (en) Method, devices and system for performing key management
KR101594897B1 (en) Secure Communication System and Method for Building a Secure Communication Session between Lightweight Things
GB2611284A (en) Managing Connectivity Between Devices
Jehangir et al. Securing inter-cluster communication in Personal Networks
SUTRADHAR DTLS BASED BIDIRECTIONAL SECURE GROUP COMMUNICATION IN IOT FRAMEWORK

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right