KR20170076905A - Apparatus and method for managing secret key in IoT environment - Google Patents

Apparatus and method for managing secret key in IoT environment Download PDF

Info

Publication number
KR20170076905A
KR20170076905A KR1020150186443A KR20150186443A KR20170076905A KR 20170076905 A KR20170076905 A KR 20170076905A KR 1020150186443 A KR1020150186443 A KR 1020150186443A KR 20150186443 A KR20150186443 A KR 20150186443A KR 20170076905 A KR20170076905 A KR 20170076905A
Authority
KR
South Korea
Prior art keywords
secret key
iot device
receiving
message
generated secret
Prior art date
Application number
KR1020150186443A
Other languages
Korean (ko)
Other versions
KR101757563B1 (en
Inventor
박세현
강병관
최명인
장성만
이택림
이상훈
Original Assignee
중앙대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 중앙대학교 산학협력단 filed Critical 중앙대학교 산학협력단
Priority to KR1020150186443A priority Critical patent/KR101757563B1/en
Publication of KR20170076905A publication Critical patent/KR20170076905A/en
Application granted granted Critical
Publication of KR101757563B1 publication Critical patent/KR101757563B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

A secret key management method and apparatus in an Internet environment for objects are disclosed. The secret key management method includes the steps of acquiring information on the number of authorized objects, generating a secret key corresponding to the number of receiving IoT (Internet of Things) devices to which a message is to be sent, And transmitting the generated secret key to the receiving IoT device when the number of access authorized objects is equal to or less than the number of access authorized objects, and deleting the generated secret key if the number of generated secret keys is not equal to the number of responses from the receiving IoT device .

Description

[0001] The present invention relates to a method and apparatus for managing secret keys in an Internet environment,

BACKGROUND OF THE INVENTION 1. Field of the Invention [0002] The present invention relates to encryption of a message transmitted in an object internet environment, and more particularly, to a method and apparatus for managing a secret key in an object internet environment.

Existing message encryption is typically a symmetric key / asymmetric key encryption technique, and the key to this technology is the generation and sharing of keys. Generally, a technique such as One Time Password (OTP) is used for key generation, and a key is generated based on software or a battery-based hardware device such as a real time clock (RTC) is used. OTPs used in mobile terminals are granted one license per individual and may be vulnerable to external factors such as operating system and software code flaws, although they are convenient to use. In addition, the RTC-based hardware OTP module basically uses a battery, which has a limited life span and has physical security weaknesses such as theft and loss.

On the other hand, the Internet of Things (IoT) environment means an environment where all objects can be connected to the Internet and freely transmit and receive information. Active research and development on the Internet has led to the launch of new services and products. As a result, various sensitive data including personal information and environmental information are transmitted and received via heterogeneous networks between the object and the Internet. Although security functions are provided in the Link Layer and Application Layer according to network characteristics, it is necessary to encrypt the transmitted and received messages themselves in order to securely protect sensitive information.

Therefore, although the software and hardware - based encryption methods have their advantages and disadvantages, the encryption method suitable for the Internet environment is more efficient and efficient in the newly changing object internet environment.

The present invention provides a secret key management method and apparatus in an object-oriented Internet environment for generating and distributing a limited and volatile secret key for encrypting a message transmitted and received in an object internet environment.

According to an aspect of the present invention, a secret key management method performed by a secret key management apparatus in a matter-of-art Internet environment configured by a heterogeneous network is disclosed.

A secret key management method according to an embodiment of the present invention includes acquiring information on the number of authorized objects to connect, generating secret keys as many as the number of receiving IoT (Internet of Things) , Transmitting the generated secret key to the receiving IoT device when the number of generated secret keys is equal to or less than the number of authorized access objects, and transmitting the generated secret key to the receiving IoT device And deleting the generated secret key if it is not.

If the number of responses from the receiving IoT device is equal to the number of generated secret keys, encrypting the message using the generated secret key and transmitting the encrypted message to the receiving IoT device.

And deleting the generated secret key if the number of responses from the receiving IoT device that received the message is not equal to the number of generated secret keys.

The secret key management apparatus is a transmission IoT device for transmitting a gateway or a message in the object Internet environment.

According to another aspect of the present invention, an apparatus for managing secret keys in an object internet environment configured by heterogeneous networks is disclosed.

A secret key management apparatus according to an exemplary embodiment of the present invention includes a communication unit for transmitting and receiving data to and from other devices through the heterogeneous network, a memory for storing a command, and a processor for executing the command, Acquiring the number of objects, generating secret keys as many as the number of receiving IoT (Internet of Things) devices to which a message is to be sent, Transmitting the generated secret key to the receiving IoT device, and deleting the generated secret key if the number of responses from the always-receiving IoT device is not equal to the number of generated secret keys The secret key management method.

The secret key management method and apparatus in the Internet environment of objects according to the present invention can improve the reliability of message delivery in the object internet environment by generating and distributing a limited and volatile secret key.

In addition, since the present invention does not use a battery-based RTC module or a key generation module, cost and physical security can be enhanced.

In addition, the present invention can guarantee high security when used in conjunction with security technologies of Link Layer and Application Layer.

Also, since random keys are generated in the object Internet device itself to be transmitted without using the random number generation algorithm or the key generation library promised in advance between the nodes, the present invention can enhance the internal security because the encryption key prediction is difficult have.

BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a diagram illustrating an Internet environment of objects configured with heterogeneous networks.
FIG. 2 is a flowchart illustrating a secret key management method according to an embodiment of the present invention; FIG.
3 is a flow diagram illustrating a secret key generation and distribution method in accordance with an embodiment of the present invention.
4 is a diagram schematically illustrating a configuration of a secret key management apparatus in an object Internet environment according to an embodiment of the present invention.

As used herein, the singular forms "a", "an" and "the" include plural referents unless the context clearly dictates otherwise. In this specification, the terms "comprising ", or" comprising "and the like should not be construed as necessarily including the various elements or steps described in the specification, Or may be further comprised of additional components or steps. Also, the terms "part," " module, "and the like described in the specification mean units for processing at least one function or operation, which may be implemented in hardware or software or a combination of hardware and software .

Hereinafter, various embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram illustrating an Internet environment of objects configured with heterogeneous networks.

1, the object Internet may be configured using a wireless network such as a ZigBee network, a Bluetooth network, a wired network, a WiFi, or the like, There is a gateway for communication between networks.

The ZigBee network and the Bluetooth network have PAN ID (Personal Area Network Identification) information, and the wired and wireless network has IP address information in the same local network. That is, each communication terminal can know the number of objects internally allowed to access. The secret key management method in the object Internet environment according to the embodiment of the present invention can generate and distribute a limited and volatile secret key using the information on the number of objects permitted to be connected. This will be described below with reference to FIG. 2 and FIG.

2 is a flowchart illustrating a secret key management method according to an embodiment of the present invention. The subject performing the secret key management method of FIG. 2 may be a gateway or an object to which a message is to be transmitted. Hereinafter, a subject performing the secret key management method is referred to as a secret key management device .

In step S210, the secret-key management device obtains information on the number of permitted objects (N permission ). For example, the secret key management apparatus broadcasts an object information request message through a network and receives a response message including object information from each object (i.e., IoT devices) connected to the network, (N permission ) information.

In step S220, the secret key management device generates secret keys as many as the number of the receiving IoT devices.

In step S230, the secret-key management device determines whether the number of generated secret keys (N scretkey ) is equal to or less than the number of permitted objects (N permission ).

That is, the secret key management apparatus according to the embodiment of the present invention generates a limited secret key only as many as the number of the receiving IoT devices to transmit a message, and has a constraint that N scretkey ≤ N permission .

If the constraint that N scretkey < N permission is not satisfied, step S210 is entered.

In step S240, when the number of generated secret keys (N scretkey ) is equal to or less than the number of permitted objects (N permission ), the secret key management device transmits a secret key generated in the receiving IoT device to receive the message. At this time, the secret key management apparatus encrypts the secret key using a common key shared by all the objects, and transmits the encrypted secret key to the receiving IoT device.

In step S250, the secret key management device determines whether the number of responses (N ack ) from the receiving IoT device that received the secret key is equal to the number of generated secret keys (N scretkey ).

In step S260, if the number of responses (N ack ) from the receiving IoT device is not equal to the number of generated secret keys (N scretkey ), the secret key management device deletes the generated secret key, and enters S210 do.

That is, if the secret key management apparatus according to the embodiment of the present invention does not satisfy the condition of N ack = N scretkey , the generated secret key may have volatility by deleting the generated secret key.

In step S270, if the number of responses (N ack ) from the receiving IoT device is equal to the number of generated secret keys (N scretkey ), the secret key management device transmits a message to be transmitted to the receiving IoT device. At this time, the secret key management apparatus can encrypt (encrypt) a message to be transmitted using a common key and a secret key.

In step S280, the secret key management device determines whether the number of responses (N ack ) from the receiving IoT device that received the message is equal to the number of generated secret keys (N scretkey ). If the number of responses (N ack ) from the receiving IoT device is not equal to the number of generated secret keys (N scretkey ), step S260 is entered. (N ack ) from the receiving IoT device and the number of generated secret keys (N scretkey ) are the same.

That is, the secret key management apparatus according to the embodiment of the present invention determines whether to delete the generated secret key by checking the condition of N ack = N scretkey every time a message is transmitted or a response is received from the receiving IoT device.

3 is a flowchart illustrating a secret key generation and distribution method according to an embodiment of the present invention. That is, FIG. 3 shows a secret key generation and distribution method for transmitting and receiving messages between IoT devices in a heterogeneous network in the Internet environment of FIG. For example, the transmitting IoT device 10 is an IoT device belonging to a ZigBee network that transmits a message, the first receiving IoT device 30 is an IoT device belonging to a Bluetooth network receiving a message, and the second receiving IoT device 40 may be an IoT device belonging to the Wi-Fi network receiving the message.

In step S311, the transmission IoT device 10 requests information on the number of objects permitted to be connected to the gateway 20.

In step S312, the gateway 20 requests object information to the first receiving IoT device 30 and the second receiving IoT device 40, which are access permitted objects, upon request of the connection permitted number of objects information.

In step S313, the first receiving IoT device 30 and the second receiving IoT device 40 transmit their object information to the gateway 20 according to the object information request.

In step S314, the gateway 20 receives the object information from the first receiving IoT device 30 and the second receiving IoT device 40, and generates information on the number of permitted objects to be transmitted to the transmitting IoT device 10 do.

In step S315, the transmitting IoT device 10 requests the gateway 20 to generate the secret key. For example, the sending IoT device 10 may ask the gateway 20 to generate a secret key for as many as the number of receiving IoT devices to which to send the message.

In step S316, the gateway 20 generates a secret key corresponding to the number of the received IoT devices in response to the secret key generation request.

In step S317, the gateway 20 transmits a response to the secret key generation to the transmitting IoT device 10. For example, the response may include the generated secret key.

In step S318, the gateway 20 transmits the generated secret key to the first receiving IoT device 30 and the second receiving IoT device 40. [ At this time, the secret key can be encrypted with the common key.

In step S319, the first receiving IoT device 30 and the second receiving IoT device 40 transmit a response to the gateway 20 in response to receiving the secret key. At this time, the gateway 20 can determine whether to delete the generated secret key by checking the condition of N ack = N scretkey .

In step S320, the gateway 20 transmits a response to the transmitting IoT device 10 upon receiving a response from the first receiving IoT device 30 and the second receiving IoT device 40. [

In step S321, the transmission IoT device 10 encrypts and transmits the message to the gateway 20 by using the common key shared with the secret key generated according to completion of generation and distribution of the secret key.

In step S322, the gateway 20 transmits the message received from the transmitting IoT device 10 to the first receiving IoT device 30 and the second receiving IoT device 40. [ At this time, the first receiving IoT device 30 and the second receiving IoT device 40 can decode the received message using the secret key and the common key, respectively.

In step S323, the first receiving IoT device 30 and the second receiving IoT device 40 transmit a response to the message reception to the gateway 20. At this time, the gateway 20 can determine whether to delete the generated secret key by checking the condition of N ack = N scretkey .

In step S324, the gateway 20 transmits a response to the transmission IoT device 10 on receipt of a response from the first reception IoT device 30 and the second reception IoT device 40. [

FIG. 4 is a diagram schematically illustrating a configuration of a secret key management apparatus in an object Internet environment according to an embodiment of the present invention.

4, a secret key management apparatus according to an embodiment of the present invention includes a processor 410, a memory 420, a communication unit 430, and an interface unit 440.

The processor 410 may be a CPU or a semiconductor device that executes processing instructions stored in the memory 420. [

The memory 420 may include various types of volatile or non-volatile storage media. For example, the memory 420 may include ROM, RAM, and the like.

For example, the memory 420 may store instructions for performing a secret key management method according to an embodiment of the present invention.

The communication unit 430 is a means for transmitting and receiving data to and from other devices through a communication network.

The interface unit 440 may include a network interface and a user interface for connecting to the network.

On the other hand, the components of the above-described embodiment can be easily grasped from a process viewpoint. That is, each component can be identified as a respective process. Further, the process of the above-described embodiment can be easily grasped from the viewpoint of the components of the apparatus.

In addition, the above-described technical features may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

It will be apparent to those skilled in the art that various modifications, additions and substitutions are possible, without departing from the spirit and scope of the invention as defined by the appended claims. Should be regarded as belonging to the following claims.

410: Processor
420: memory
430:
440:

Claims (5)

A secret key management method performed by a private key management device in a object Internet environment configured by a heterogeneous network,
Obtaining information on the number of authorized objects to connect;
Generating secret keys as many as the number of receiving IoT (Internet of Things) devices to which a message is to be transmitted;
Transmitting the generated secret key to the receiving IoT device when the number of the generated secret keys is equal to or less than the number of allowed access objects; And
And deleting the generated secret key if the number of responses from the receiving IoT device is not equal to the number of generated secret keys.
The method according to claim 1,
If the number of responses from the receiving IoT device is equal to the number of generated secret keys, encrypting the message using the generated secret key and transmitting the encrypted message to the receiving IoT device.
3. The method of claim 2,
And deleting the generated secret key if the number of responses from the receiving IoT device that received the message is not equal to the number of generated secret keys.
The method according to claim 1,
Wherein the secret key management device is a transmission IoT device for transmitting a gateway or a message in the object Internet environment.
1. A private key management apparatus in an object internet environment configured by a heterogeneous network,
A communication unit for transmitting and receiving data to and from other devices through the heterogeneous network;
A memory for storing instructions; And
And a processor for executing the instruction,
Wherein the command comprises:
Obtaining information on the number of authorized objects to connect;
Generating secret keys as many as the number of receiving IoT (Internet of Things) devices to which a message is to be transmitted;
Transmitting the generated secret key to the receiving IoT device when the number of the generated secret keys is equal to or less than the number of allowed access objects; And
And deleting the generated secret key if the number of responses from the always-receiving IoT device is not equal to the number of generated secret keys.


KR1020150186443A 2015-12-24 2015-12-24 Apparatus and method for managing secret key in IoT environment KR101757563B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150186443A KR101757563B1 (en) 2015-12-24 2015-12-24 Apparatus and method for managing secret key in IoT environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150186443A KR101757563B1 (en) 2015-12-24 2015-12-24 Apparatus and method for managing secret key in IoT environment

Publications (2)

Publication Number Publication Date
KR20170076905A true KR20170076905A (en) 2017-07-05
KR101757563B1 KR101757563B1 (en) 2017-07-13

Family

ID=59352372

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150186443A KR101757563B1 (en) 2015-12-24 2015-12-24 Apparatus and method for managing secret key in IoT environment

Country Status (1)

Country Link
KR (1) KR101757563B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190019441A (en) * 2017-08-17 2019-02-27 덕성여자대학교 산학협력단 Method for setting secure key between devices using different out-of-band channel in internet of things environment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100628566B1 (en) * 2005-04-25 2006-09-26 삼성전자주식회사 Method for security information configuration wlan
KR101525885B1 (en) * 2014-12-16 2015-06-03 주식회사 비즈니스서비스그룹 License management method and system using broadcast method for restricting software license

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190019441A (en) * 2017-08-17 2019-02-27 덕성여자대학교 산학협력단 Method for setting secure key between devices using different out-of-band channel in internet of things environment

Also Published As

Publication number Publication date
KR101757563B1 (en) 2017-07-13

Similar Documents

Publication Publication Date Title
US10194320B1 (en) Method and apparatus for assignment of subscription electronic SIM credentials via local service brokers
KR102460096B1 (en) Method and apparatus for managing encryption keys for cloud service
CN107689869B (en) User password management method and server
US10484177B2 (en) Method and apparatus for generation of a time-based one-time password for session encryption of sensor data gathered in low-performance and IOT environments
US8938074B2 (en) Systems and methods for secure communication using a communication encryption bios based upon a message specific identifier
US9503433B2 (en) Method and apparatus for cloud-assisted cryptography
US9602506B2 (en) Method and apparatus for supporting login through user terminal
CN106953729B (en) Satellite communication encryption system and method based on quantum key
CN112019647A (en) Method and device for obtaining equipment identifier
US20170373850A1 (en) Data encryption method, decryption method, apparatus, and system
US10887085B2 (en) System and method for controlling usage of cryptographic keys
RU2018145757A (en) MULTILEVEL MESSAGE ENCRYPTION
KR20180119201A (en) Electronic device for authentication system
CN114239046A (en) Data sharing method
CN111355684A (en) Internet of things data transmission method, device and system, electronic equipment and medium
KR101718775B1 (en) Communication security processing method, and apparatus
CN107872315B (en) Data processing method and intelligent terminal
KR101757563B1 (en) Apparatus and method for managing secret key in IoT environment
CN116226940B (en) PCIE-based data security processing method and data security processing system
KR102474855B1 (en) Method, system and non-transitory computer-readable recording medium for providing messenger service
US9928370B2 (en) Communication device, communication method, computer program product, and communication system
US9135449B2 (en) Apparatus and method for managing USIM data using mobile trusted module
KR101812311B1 (en) User terminal and data sharing method of user terminal based on attributed re-encryption
CN114465825A (en) Online monitoring system, method and device for power transmission line and master station
KR20170100403A (en) Apparatus for authentication using self-certifying identifier on internet of things and method using the same

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant