WoT (Web of Things) was proposed to realize intelligent thing to thing communications using WEB standard technology. It is difficult to adapt security protocols suited for existing Internet communications into WoT directly because WoT includes LLN(Low-power, Lossy Network) and resource constrained sensor devices. Recently, IETF standard group propose to use DTLS protocol for supporting security services in WoT environments. However, DTLS protocol is not an efficient solution for supporting end to end security in WoT since it introduces complex handshaking procedures and high communication overheads. We, therefore, divide WoT environment into two areas- one is DTLS enabled area and the other is an area using lightweight security scheme in order to improve them. Then we propose a mutual authentication scheme and a session key distribution scheme for the second area. The proposed system utilizes a smart device as a mobile gateway and WoT proxy. In the proposed authentication scheme, we modify the ISO 9798 standard to reduce both communication overhead and computing time of cryptographic primitives. In addition, our scheme is able to defend against replay attacks, spoofing attacks, select plaintext/ciphertext attacks, and DoS attacks, etc.
[1]
Jin-Hee Han,et al.
Security considerations for secure and trustworthy smart home system in the IoT environment
,
2015,
2015 International Conference on Information and Communication Technology Convergence (ICTC).
[2]
Carsten Bormann,et al.
The Constrained Application Protocol (CoAP)
,
2014,
RFC.
[3]
D. Guinard.
A Web of Things Application Architecture Integrating the Real-World into the Web
,
2011
.
[4]
Namhi Kang,et al.
Design and Implementation of Java Crypto Provider for Android Platform
,
2012
.
[5]
Fan Yang,et al.
An improved approach to security and privacy of RFID application system
,
2005,
Proceedings. 2005 International Conference on Wireless Communications, Networking and Mobile Computing, 2005..