KR20160134895A - Security communication apparatus of internet of things environment and method thereof - Google Patents
Security communication apparatus of internet of things environment and method thereof Download PDFInfo
- Publication number
- KR20160134895A KR20160134895A KR1020150066491A KR20150066491A KR20160134895A KR 20160134895 A KR20160134895 A KR 20160134895A KR 1020150066491 A KR1020150066491 A KR 1020150066491A KR 20150066491 A KR20150066491 A KR 20150066491A KR 20160134895 A KR20160134895 A KR 20160134895A
- Authority
- KR
- South Korea
- Prior art keywords
- encryption
- object device
- security
- key
- key block
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a communication device, and more particularly, to a secure communication device and a method thereof in an object internet environment.
As daily-life objects around us connect to the Internet, our lives have changed dramatically. The Internet of Things (IoT) is a paradigm that connects all other devices, including smart devices, to the Internet.
Since most of the devices are embedded in existing objects in case of providing the Internet service of objects by connecting the newly appearing peripheral objects to the Internet, the CPU, memory, Computing resources such as batteries are limited.
In particular, resources such as batteries include maintenance issues, so reducing energy consumption is considered a key factor in reducing the cost of things Internet services and providing a stable service.
In this situation, devices with limited resources are supplied with power depending on the battery, so that the wireless communication network technology (representative: IEEE 802.15.4 (Zigbee)) and the Internet are interlinked so that data can be transmitted with a minimum energy .
Considering the characteristics of a communication environment in which an LLN (Low Power and Lossy Network) environment based on the IEEE 802.15.4 standard is interworked with the Internet through a 6-LowWPAN (Low-Power Wireless Personal Area Network) gateway, It is necessary to design a system considering the situation of LLN environment where resource limitation is more necessary than the Internet which has almost no internet.
Standard protocols such as IPsec, Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) standardized by the IETF are used to provide end-to-end cryptographic transmission of communication subjects in the Internet environment. Especially, among these security protocols, TLS and DTLS are attracting attention for establishing a crypto session between programs running in an end-to-end device of the Internet environment.
The details of the TLS protocol are described in "RFC 5746", and the details of the DTLS protocol are described in "RFC 6347".
In this case, when the TLS or DTLS protocol is applied to the Internet environment of objects, the protocol used in the Internet environment is reused, and thus compatibility can be enhanced. However, since TLS and DTLS protocols are not limited to computing resources and are used in Internet environments with high network performance, objects with limited computing resources such as CPU, memory, and battery. When implementing TLS or DTLS in the Internet environment, There are restrictions.
First, since there is no previously shared security key when the connection between the communication subjects is first, each subject must mutually authenticate with the public key based method and share the security key. The public key based method is compared with the symmetric key based method Since a lot of calculations are required, it is difficult to carry out the CPU and the RAM in a limited lightweight device.
TLS and DTLS determine which algorithm to use when transmitting data through a handshake protocol. Since TLS and DTLS need to implement all known security algorithms, it is necessary to implement various security algorithms in a lightweight device But there is a limitation in the implementation of both.
In order to transmit a large message during data flight in a wireless communication environment adopting the IEEE802.15.4 standard, fragmentation must be performed to 20-30 frames having a maximum transmission frame size of 127 bytes, If a frame is lost, the flight must start again from the beginning, thus degrading network performance.
For this reason, the time required to complete the flight of the handshake in the LLN environment is relatively longer than the time that is performed in the existing Internet system environment, and the data retransmission consumes the battery quickly, thereby deteriorating the quality of the object internet environment.
SUMMARY OF THE INVENTION The present invention has been made in order to solve the above problems, and it is an object of the present invention to provide a lightening device for TLS or DTLS, It is aimed to improve the performance of the Internet environment of objects by performing the virtualization through the built virtual machine.
It is another object of the present invention to enable secure communication between terminal ends of a communication object even if all the modules required for TLS or DTLS protocols are not mounted on a lightening device with limited resources.
According to an aspect of the present invention, there is provided a secure communication device in an Internet environment, including: an object device included in an Internet of Things (IOT) environment; And a virtual machine constructed by virtualizing the object device and forming a security session with the object device through a PSK (Pre Shared Key), wherein the virtual device performs handshaking, And a handshake module for generating a secret key block including an encryption key for encrypting transmission / reception data between the object device and the other object device, the object device comprising: And an encryption / decryption module for transmitting / receiving data to / from the counterpart device by using a security key block.
In the present invention, the virtualization device detects the connection to the object device through the assigned static IP address, tracks the current IP of the object device, and manages connection to the object device by pairing the static IP and the current IP And an object management module for managing the object.
The virtualization apparatus may further include a change cipher spec module for transmitting an encryption initiation command using the encryption key to the encryption / decryption module, and when the encryption / decryption module receives the encryption initiation command, And the transmission / reception data is encrypted using a security key block.
In the present invention, the virtualization device includes an alert module for outputting an error message when an error occurs in data transmission / reception through the secure session with the object device; And a virtual encryption / decryption module (Record Layer) for performing encryption / decryption of the security key block and an authentication result of the third party device.
In the present invention, the virtualization device encrypts the security key block with the PSK.
In the present invention, the handshake module may include a first hello message for confirming communication availability of the third party device, a first authentication message including a response to the first hello message, a certificate of the third party device or a public key, A second authentication message including the certificate of the object apparatus or the key information encrypted with the public key, and an encryption start message informing that the public key is encrypted according to the negotiated security method.
In the present invention, the handshake module may further include a second hello message including a verification request message for the first hello message and verification data for the first hello message to perform handshaking.
In the present invention, the handshake module performs the authentication and security key block generation in a public key based manner, and the encryption / decryption module transmits / receives data in a symmetric key based manner using the security key block.
The virtualization apparatus may further include an object management module that shares the PSK with the object device when the object device is network-registered.
In the present invention, the security key block may include at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification.
In the present invention, the object device transmits the data encrypted using the encryption algorithm and the encryption key for encryption to the other object, or transmits the integrity value generated using the integrity algorithm and the security key for integrity verification to the object device And transmits it to the other device.
According to an aspect of the present invention, there is provided a secure communication method in an Internet environment of objects, which comprises: a virtualization device constructed by virtualizing an object device included in an Internet of Things (IOT) environment; a handshaking Performing authentication for a third party device to be a communication target; Generating a security key block including an encryption key for encrypting transmission / reception data between the object device and the other object device after the authentication is completed; And transmitting and receiving data encrypted by the object device using the secret key block to and from the other object device.
The method may further include encrypting the security key block with a PSK (Pre Shared Key) and transmitting the encryption key block to the object device after the step of generating the security key block.
The method may further include transmitting an encryption initiation command using the encryption key after the step of generating the security key block, and when the encryption initiation command is received, encrypting the transmission / reception data using the security key block .
In the present invention, the step of performing the authentication may include: a first hello message for confirming whether or not the communication of the other object device is possible; a response message for the response to the first hello message, 1 authentication message; And transmitting and receiving a second authentication message including the certificate of the object apparatus or the key information encrypted with the public key, and an encryption initiation message informing that the public key is encrypted according to the negotiated security method.
The step of performing authentication in the present invention may further include transmitting and receiving a second hello message including a verification request message for the first hello message and verification data for the first hello message, .
In the present invention, the step of performing the authentication and the step of generating the secure key block are performed in a public key based manner, and the transmitting and receiving step is performed in a symmetric key based manner.
The present invention is characterized by further comprising the step of constructing the virtualization device to share the PSK with the object device at the time of network registration of the object device before performing the authentication.
The transmitting and receiving may include transmitting data encrypted using an encryption algorithm included in the security key block and a security key for encryption to the counterpart device; Or transmitting the data encrypted using the integrity algorithm and the security key for integrity verification included in the security key block to the counterpart device.
According to the present invention, in a process of establishing a security session for a lightening device of the object Internet environment, operations requiring relatively more resources, such as handshaking, are performed through a virtualization device that is built in advance in response to the lightening device, The performance of the environment can be improved.
Further, according to the present invention, there is an effect that secure communication can be securely performed between end points of communication without installing all TLS or DTLS protocols in a lightweight device having limited resources.
In addition, according to the present invention, there is no need for the weight saving device to transmit many messages of handshaking required for establishment of secure communication, so that the power required for data transmission is reduced, and the light- It is effective.
1 is a view schematically showing the configuration of a secure communication apparatus in an object Internet environment according to the present embodiment.
2 is a diagram schematically illustrating a configuration of a virtualization apparatus according to an embodiment of the present invention for communication based on TLS or DTLS protocol.
FIG. 3 is a diagram schematically illustrating a configuration of a device for communicating based on a TLS or DTLS protocol according to an embodiment of the present invention; FIG.
FIG. 4 is a flowchart illustrating a handshaking process between two virtual machines in an object Internet environment according to the present embodiment.
5 is a flowchart illustrating an implementation procedure of a security session opening method between two lightweighting devices in an Internet environment of objects according to the present embodiment.
FIG. 6 and FIG. 7 are flowcharts illustrating an implementation procedure of a security session establishment method between one lightweight device and one server in the Internet environment of objects according to the present embodiment.
It should be noted that, in the specification of the present invention, the same reference numerals as in the drawings denote the same elements, but they are numbered as much as possible even if they are shown in different drawings.
Meanwhile, the meaning of the terms described in the present specification should be understood as follows.
The word " first, "" second," and the like, used to distinguish one element from another, are to be understood to include plural representations unless the context clearly dictates otherwise. The scope of the right should not be limited by these terms.
It should be understood that the terms "comprises" or "having" does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
It should be understood that the term "at least one" includes all possible combinations from one or more related items. For example, the meaning of "at least one of the first item, the second item and the third item" means not only the first item, the second item, or the third item, but also the first item, the second item, Means a combination of all items that can be presented from two or more of them.
First, before explaining embodiments of the present invention in detail, an object Internet environment to which the present invention is applied will be briefly described.
Internet of Thing (IoT) means that each object capable of wireless communication is connected and intelligent communication is performed. The Internet is characterized by heterogeneous interconnection networks such as various sensors and mobile devices. Because of this feature, various private standards are created and implemented for each object device by manufacturer, making it difficult to interoperate smoothly between different kinds of devices. Therefore, in order to implement the true object Internet concept, a unified standard platform that is independent of the characteristics of the manufacturer or object device is needed.
To solve these problems, the concept of Web of Things (WoT), which integrates all objects into the Web, has been proposed. In the IETF Constrained Restful Environment (CoRE) working group, we are standardizing a lightweight web protocol called Constrained Application Protocol (CoAP) as a way of standardizing message transmission in the WoT environment. CoAP is a protocol for providing web services in a constrained environment such as sensor, and it is based on Representational State Transfer (REST) format like HTTP.
In addition, in the transmission technology for lightweight Internet devices, IETF standardizes CoAP and OASIS MQTT. CoAP uses UDP and MQTT uses TCP as a socket protocol. Therefore, DTLS, a cryptographic session protocol for UDP and TLS, a cryptographic session protocol for TCP, are considered in the Internet environment of objects.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.
FIG. 1 is a diagram schematically illustrating a configuration of a secure communication apparatus in an object Internet environment according to an embodiment of the present invention. FIG. 2 is a diagram illustrating a configuration of a virtualization apparatus according to an embodiment of the present invention for communication based on TLS or DTLS protocol FIG. 3 is a diagram schematically showing a configuration of a device for communicating based on a TLS or DTLS protocol according to an embodiment of the present invention. Referring to FIG.
As shown in FIG. 1, the network of the object Internet environment is largely divided into an LLN (Low-Power and Lossy Network) area and an Internet (Internet) area, and the secure communication device in the object- A
The first and
The object Internet environment according to the present embodiment may include one or more object devices and one or more virtual devices corresponding to the object devices. Hereinafter, a communication situation between two lightweight objects will be described. Particularly, since the first and second
Referring to FIG. 2, the
That is, in order to perform secure communication using the TLS or DTLS protocol, it is necessary to perform a process of generating an authentication and a security key block for a communication partner through handshaking. Since this operation requires a lot of resources, The
3, the
As described above, in the present embodiment, since the handshaking is performed through the first
FIG. 4 is a flowchart illustrating a handshaking process between two virtual machines in an object Internet environment according to the present embodiment.
Referring to FIG. 4, when the
That is, the first
Specifically, assuming that the
Then, the
Then, the
Then, the
Next, the
(ChangeCipherSpec, Finished) (S5-4, S5-5), and the second
In the case where the
In addition, the
The
In addition, in the present embodiment, the
As described above, in the present embodiment, since the first
To this end, in the present embodiment, when the
That is, when the user wishes to use the
Specifically, in the present embodiment, a virtualization device can be constructed through various known or otherwise unknown methods, and this is not a core part of the present embodiment, so a detailed description of the implementation process will be omitted.
In this embodiment, each time a
In other words, it is possible to form a separate session for communication with each of the
Therefore, the virtual encryption /
As described above, in the present embodiment, since the PSK is set when the
On the other hand, since the
That is, since the public key based method requires more computation than the symmetric key based method, it is difficult to perform the operations in the
Specifically, the first
At this time, since the
The first and
At this time, since the first and
The
The object
Specifically, the
In the equation (1), Hash is an algorithm for receiving inputs of various sizes and mapping them to fixed size data, RN is a random number, ∥ is a bit concatenation operator, TS is time and spatial information, HMAC (f / W, PSK) Means integrity verification value keyed hash of firmware (f / W) using PSK.
In the present embodiment, the integrity value of each of the
In addition, the above-described object
In particular, the
Specifically, in the present embodiment, the URL is mapped to a static IP allocated to the first
The object
That is, when the first
For example, when the
In addition, in the present embodiment, when the
In addition, when the
In this embodiment, the security key block generated through the handshaking between the first
The
Particularly, in this embodiment, the first and
Objects Because the Internet environment includes various heterogeneous devices, the range of services that can be provided depending on the resource constraints of each device and the security factors to be considered may vary. Therefore, in the Light-Weight Implementation Guidance (LWIG) working group of the IETF standardization organization, devices constituting the Internet environment of objects are classified into Class 0 to Class 2 according to the limited degree of resources.
In particular, Class 0 is the most resource-constrained device and it is difficult to install encryption algorithm. Class 1 is a device that can be equipped with lightweight cryptographic algorithm. It is a device that has memory less than 10KiB and maximum loadable code size is 100KiB or less. .
That is, in this embodiment, the virtualization device is constructed in the cloud so as to correspond to each object device in the object Internet environment including the object device included in the Class 0 or Class 1 resource constrained.
As described above, in the object Internet environment according to the present embodiment, when a lightweight device such as the
Since the first and
In the above description, a secure session is established between the
That is, not only a case where both the first and
Specifically, if the first object-oriented
5 is a flowchart illustrating an implementation procedure of a security session opening method between two lightweighting devices in an Internet environment of objects according to the present embodiment.
As shown in FIG. 5, the
Particularly, in the present embodiment, the first
The
At this time, the
Therefore, the fixed IP of the
Then, the
Likewise, when the second
Then, when the security session is opened from the second-party object apparatus 20 (S40), the
Specifically, the first
In other words, the
In addition, the first
The
Next, each of the first and
Specifically, since the security key block according to the present embodiment includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification, the
FIG. 6 and FIG. 7 are flowcharts illustrating an implementation process of a secure communication method between one lightweight device and one server in the Internet environment of objects according to the present embodiment.
That is, as described above, the secure communication method in the object Internet environment according to the present embodiment is not applied only to the communication between the light-weighting devices, and thus can be applied to the case where the light-weighting device communicates with the server.
6 shows a case where the
Referring to FIG. 6 in which the first object-facing
Particularly, in the present embodiment, the first
The
When the server approves such a request, the
Specifically, the first
Then, the first
Next, the
Specifically, since the security key block according to the present embodiment includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification, the
In the above description, a configuration that operates without limitation of resources in the Internet domain has been described as a server. However, the present invention is not limited thereto, and thus any object that operates without limitation of resources in the Internet domain such as a web client may be included.
Referring to FIG. 7 in which the server requests the establishment of a secure session with the
The first
Particularly, in the network registration of the first object-oriented
In this case, when the first
On the other hand, when a security session is opened from the
Specifically, the server and the
Then, the first
Next, the server and the
Specifically, since the security key block according to the present embodiment includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, and a security key for integrity verification, the server encrypts data using an encryption algorithm and a security key for encryption The
According to the present embodiment, in a process of opening a security session for a lightening device of the object Internet environment, an operation requiring relatively more resources, such as handshaking, is performed through a virtualization device previously constructed corresponding to the lightening device, The performance of the Internet environment can be improved.
Further, according to the present embodiment, it is possible to securely perform secure communication between end points of communication without installing all of the TLS or DTLS protocols in a light-weighting device with limited resources.
In addition, according to the present embodiment, since the weight saving device does not need to transmit many messages of the handshaking required for establishing secure communication, the power required for data transmission is reduced, so that the light- There is an effect.
It will be understood by those skilled in the art that the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.
10:
10b: an encryption / decryption module 11: a first virtualization device
11a:
11c:
11e: Virtual encryption /
20: second object apparatus 21: second virtualization apparatus
30: Router
Claims (19)
And a virtual machine constructed by virtualizing the object device and forming a security session with the object device through a PSK (Pre Shared Key)
The virtualization device authenticates the other object to be communicated on behalf of the handshaking, and includes a security key block including an encryption key for encrypting transmission / reception data between the object device and the other object device The handshake module comprising:
Wherein the object device comprises an encryption / decryption module for transmitting / receiving data to / from the counterpart device using the security key block.
The virtualization device senses connection to the object device via the assigned static IP and tracks the current IP of the object device to pair the static IP and the current IP to manage the connection to the object device And a management module for managing the security of the object.
Further comprising a change cipher spec module for transmitting an encryption initiation command using the encryption key to the encryption decryption module, wherein the encryption decryption module, when receiving the encryption initiation command, And encrypting the encrypted data.
An alert module for outputting an error message when an error occurs in data transmission / reception through the secure session with the object device; And
And a virtual encryption / decryption module (Record Layer) for encrypting or decrypting the security key block according to an authentication result of the third party device.
Wherein the virtualization device encrypts the security key block with the PSK.
The handshake module includes a first hello message for confirming whether or not communication of the third party device is possible, a first authentication message including a response to the first hello message, a certificate of the third party device or a public key, A second authentication message including a certificate of the public key, a second authentication message including a certificate of the public key, or a key information encrypted with the public key, and an encrypting start message indicating that the encryption is to be performed using the negotiated security method. .
Wherein the handshake module further comprises a second hello message including a verification request message for the first hello message and verification data for the first hello message to perform handshaking, Communication device.
Wherein the handshake module performs the authentication and security key block generation in a public key based manner and the encryption and decryption module transmits and receives data in a symmetric key based manner using the security key block. Secure communication device.
Wherein the virtualization device further comprises a object device management module that shares the PSK with the object device when the object device is registered in the network.
Wherein the secure key block includes at least one of an encryption algorithm, an integrity algorithm, a security key for encryption, or a security key for integrity verification.
Wherein the object device transmits the data encrypted using the encryption algorithm and the encryption key for encryption to the other object device or transmits the integrity value generated using the integrity algorithm and the integrity key for verification to the other object device To the secure communication device in the Internet environment.
Generating a security key block including an encryption key for encrypting transmission / reception data between the object device and the other object device after the authentication is completed; And
Transmitting and receiving data encrypted by the object device using the secret key block to the other object device
A method for secure communication in an Internet environment.
Further comprising encrypting the security key block with a PSK (Pre Shared Key) and transmitting the encrypted secret key block to the object device after the step of generating the security key block.
Further comprising the step of transmitting an encryption initiation command using the encryption key after the step of generating the security key block, wherein when the encryption initiation command is received, the transmission / reception data is encrypted using the security key block A method of secure communication in an Internet environment.
A first authentication message including a first hello message for confirming whether communication of the third party device is possible, a response to the first hello message, and a certificate or public key of the third party device; And
Transmitting and receiving an encryption initiation message informing that the second authentication message including the certificate of the object device or the key information encrypted with the public key is encrypted with the negotiated security method
The method comprising the steps of:
Further comprising transmitting and receiving a second hello message including a verification request message for the first hello message and verification data for the first hello message.
Wherein the step of performing the authentication and the step of generating the secure key block are performed in a public key based manner, and the transmitting and receiving step is performed in a symmetric key based manner.
Further comprising the step of constructing the virtualization device to share a PSK with the object device at the time of network registration of the object device before performing the authentication.
The transmitting and receiving step includes transmitting data encrypted using an encryption algorithm included in the security key block and a security key for encryption to the counterpart device; or
And transmitting the encrypted data using the integrity algorithm included in the secure key block and the security key for integrity verification to the counterpart device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150066491A KR101688118B1 (en) | 2015-05-13 | 2015-05-13 | Security communication apparatus of internet of things environment and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150066491A KR101688118B1 (en) | 2015-05-13 | 2015-05-13 | Security communication apparatus of internet of things environment and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160134895A true KR20160134895A (en) | 2016-11-24 |
KR101688118B1 KR101688118B1 (en) | 2016-12-22 |
Family
ID=57705515
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150066491A KR101688118B1 (en) | 2015-05-13 | 2015-05-13 | Security communication apparatus of internet of things environment and method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101688118B1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20180062714A (en) * | 2016-12-01 | 2018-06-11 | 단국대학교 산학협력단 | BLE Communication based Scanning Device and Method for Enhancing Security of IoT Devices |
KR20190021022A (en) * | 2017-08-22 | 2019-03-05 | 덕성여자대학교 산학협력단 | Method for setting secure key between lightweight devices in internet of things using different secure strength and different out-of-band channel |
KR20190030317A (en) * | 2017-09-14 | 2019-03-22 | 숭실대학교산학협력단 | IoT Security System Based on the BlockChain and Security Method thereof |
KR20190084171A (en) * | 2017-12-22 | 2019-07-16 | 단국대학교 산학협력단 | Dtls based end-to-end security method for internet of things device |
KR20200142243A (en) * | 2019-06-12 | 2020-12-22 | 아주대학교산학협력단 | Communication terminal, communication system, and managing method for secure data of the same |
KR102236761B1 (en) | 2020-12-22 | 2021-04-06 | 주식회사 유니온플레이스 | Internet of things device, and system and method of managing internet of things devices |
WO2021177504A1 (en) * | 2020-03-06 | 2021-09-10 | 주식회사그린존시큐리티 | Device for securing data transmission of iot device, and method therefor |
KR102348449B1 (en) * | 2020-07-08 | 2022-01-10 | 한국전력공사 | Internet of things device and operating method thereof |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101994146B1 (en) | 2017-09-08 | 2019-06-28 | 충남대학교산학협력단 | Key Management Method for IoT Data Security in Cloud Computing |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003179592A (en) * | 2001-12-12 | 2003-06-27 | Sony Corp | Network system, device and method for processing information, recording medium and program |
JP2013077900A (en) * | 2011-09-29 | 2013-04-25 | Oki Electric Ind Co Ltd | Security processing proxy system, communication device, proxy device, communication program and security processing proxy program |
JP2014147039A (en) * | 2013-01-30 | 2014-08-14 | Oki Electric Ind Co Ltd | Cryptocommunication device, proxy server, cryptocommunication system, cryptocommunication program and proxy server program |
-
2015
- 2015-05-13 KR KR1020150066491A patent/KR101688118B1/en active IP Right Grant
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003179592A (en) * | 2001-12-12 | 2003-06-27 | Sony Corp | Network system, device and method for processing information, recording medium and program |
JP2013077900A (en) * | 2011-09-29 | 2013-04-25 | Oki Electric Ind Co Ltd | Security processing proxy system, communication device, proxy device, communication program and security processing proxy program |
JP2014147039A (en) * | 2013-01-30 | 2014-08-14 | Oki Electric Ind Co Ltd | Cryptocommunication device, proxy server, cryptocommunication system, cryptocommunication program and proxy server program |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20180062714A (en) * | 2016-12-01 | 2018-06-11 | 단국대학교 산학협력단 | BLE Communication based Scanning Device and Method for Enhancing Security of IoT Devices |
KR20190021022A (en) * | 2017-08-22 | 2019-03-05 | 덕성여자대학교 산학협력단 | Method for setting secure key between lightweight devices in internet of things using different secure strength and different out-of-band channel |
KR20190030317A (en) * | 2017-09-14 | 2019-03-22 | 숭실대학교산학협력단 | IoT Security System Based on the BlockChain and Security Method thereof |
KR20190084171A (en) * | 2017-12-22 | 2019-07-16 | 단국대학교 산학협력단 | Dtls based end-to-end security method for internet of things device |
KR20200142243A (en) * | 2019-06-12 | 2020-12-22 | 아주대학교산학협력단 | Communication terminal, communication system, and managing method for secure data of the same |
WO2021177504A1 (en) * | 2020-03-06 | 2021-09-10 | 주식회사그린존시큐리티 | Device for securing data transmission of iot device, and method therefor |
KR102348449B1 (en) * | 2020-07-08 | 2022-01-10 | 한국전력공사 | Internet of things device and operating method thereof |
KR102236761B1 (en) | 2020-12-22 | 2021-04-06 | 주식회사 유니온플레이스 | Internet of things device, and system and method of managing internet of things devices |
US11880691B2 (en) | 2020-12-22 | 2024-01-23 | Unionplace Co., Ltd. | Internet of things (IoT) device, IoT device management system, and method for managing IoT device |
Also Published As
Publication number | Publication date |
---|---|
KR101688118B1 (en) | 2016-12-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101688118B1 (en) | Security communication apparatus of internet of things environment and method thereof | |
US10601594B2 (en) | End-to-end service layer authentication | |
Keoh et al. | Securing the internet of things: A standardization perspective | |
US10880294B2 (en) | End-to-end authentication at the service layer using public keying mechanisms | |
Bonetto et al. | Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples | |
Heer et al. | Security Challenges in the IP-based Internet of Things | |
Hummen et al. | Delegation-based authentication and authorization for the IP-based Internet of Things | |
KR102095893B1 (en) | Service processing method and device | |
US10542570B2 (en) | System and method for relaying data over a communication network | |
CN110191052B (en) | Cross-protocol network transmission method and system | |
KR100948604B1 (en) | Security method of mobile internet protocol based server | |
WO2023083170A1 (en) | Key generation method and apparatus, terminal device, and server | |
JP5464232B2 (en) | Secure communication system and communication apparatus | |
Sethi et al. | Secure and low-power authentication for resource-constrained devices | |
Trabalza et al. | INDIGO: Secure CoAP for Smartphones: Enabling E2E Secure Communication in the 6IoT | |
CN114245332A (en) | DTLS connection establishment method and system of Internet of things equipment | |
CN115567195A (en) | Secure communication method, client, server, terminal and network side equipment | |
Revathi | Protocols for secure Internet of Things | |
Abdelmoneem et al. | Mobility-enabled authentication scheme for IoT architecture | |
CN115801388B (en) | Message transmission method, device and storage medium | |
US20230308868A1 (en) | Method, devices and system for performing key management | |
KR101594897B1 (en) | Secure Communication System and Method for Building a Secure Communication Session between Lightweight Things | |
GB2611284A (en) | Managing Connectivity Between Devices | |
Jehangir et al. | Securing inter-cluster communication in Personal Networks | |
SUTRADHAR | DTLS BASED BIDIRECTIONAL SECURE GROUP COMMUNICATION IN IOT FRAMEWORK |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right |