Device-based Secure Data Management Scheme in a Smart Home

Transcription

1 Int'l Conf. Security and Management SAM' Device-based Secure Data Management Scheme in a Smart Home Ho-Seok Ryu 1, and Jin Kwak 2 1 ISAA Lab., Department of Computer Engineering, Ajou University, Suwon, Korea 2 Department of Information and Computer Engineering, Ajou University, Suwon, Korea Abstract - Due to the developments in IT, smart home services using network-based smart devices are becoming more diverse. A smart home provides users with numerous services, regardless of time and place, through interactions among users, objects, and services. However, there are security concerns such as data leakage, data forgery, and unidentified access. In case of smart home data is exposure at threats, smart home exist very danger into characteristic of smart home. This paper will examine smart home communication and analyze the security problems and security requirements. Based on this information, we will propose a device-based secure data management scheme for a smart home. Keywords: Smart home, Smart devices, Data management, Mobile. 1. Introduction The use of smart devices is increasing as information communication technology continues to develop. There is an increase in the types of available smart devices, smart home devises, and smart health devices. Accordingly, the ubiquitous society has become a part of our lives and is still developing. A smart home is an intelligent environment where users and home appliances send/receive information and data in real-time. The smart home can be divided into home platform technology, wired or wireless network technology, smart device technology, and green home technology. Users can control devices in the home in real time through wired or wireless network technology[1]. Through smart home communication, users can access the smart home s meter reading system, boiler control, lighting control, appliance control, and various services in external[2,3]. However, smart home communication is not immune to security threats because it is equipped with network functionality. Security threats such as data forgery, illegal access, and privacy invasion are a real possibility if the smart home is accessed by a malignant device. In addition, new security threats are arising with technology convergence. In addition, smart home exist second danger into characteristic of smart home. In this paper, we propose a data management scheme that is secure and efficient for a smart home environment, overall reducing security concerns. This scheme can upload and download data to authenticated devices. We will analyze smart home security and propose a device-based, secure, data management scheme suitable for a smart home environment. This paper is organized as follows. Section 2 describes a smart home. Section 3 analyzes the security requirements of a smart home communication network, and the security issues such a network faces. Section 4 proposes a devicebased, secure, data management scheme suitable for a smart home. Section 5 presents a security analysis of our proposed scheme, and Section 6 concludes our findings. 2. The smart home With the development in information communication technology, mounted wireless devices have become an integral part of many appliances and electronic devices, creating a class of devices called smart devices.. With the appearance of these smart devices, came the concept of the "smart home. Technology and services for smart homes are developing rapidly and are diverse. A smart home makes tasks in the user life more convenient and easy to perform. In addition, smart devices are becoming increasingly automated. The communication system of a smart home is composed of a wired or wireless network connected to smart home devices. It provides various services allowing the user to supervise the smart home, regardless of the time and the location of the user. Therefore, a smart home is the collection of a set of automated, smart devices, connected and communicating on a common network[4]. Smart home technology can be divided into home platform technology, wired or wireless network technology, smart device technology, and green home technology. Because home platform technology links home technology to external networks, it includes home-server, gateway, and home middle ware technology. Green home technology provides comfortable and economic life, including green management technology, green home-network technology, and smart grid interlock technology. In addition, smart device technology can be described as making use of existing appliances and sensors. The most important technology among smart home technology is the networking technology[5]. The networking technology of a smart home provides the connection between smart devices. Among various networking technologies, wireless network technology is drawing more attention as it continues to evolve at a rapid

2 232 Int'l Conf. Security and Management SAM'15 pace and requires relatively low power. Some examples of such technologies are Wi-Fi, WPAN, 3G/4G/LTE, Bluetooth, Microwave, and Ethernet. Smart home devices provide remote control services by connecting the existing home appliances to a CPU and a wired, or wireless, network technology. Users can then be provided with smart home services by using a mobile device away from home. 3. Analysis of security problems and security requirements In this section, we will analyze the problems that arise from data management in a smart home environment. Based on these issues, we will analyze the security requirements for such an environment[6]. 3.1 Analysis of Security Problems Data leakage A user can download sharing so they can access their smart home externally through a wireless network. This makes it possible for an attacker to gain access to the home through an unauthenticated smart device. If the attacker leaks important information gained through access to the home, this is a breach of privacy and can lead to issues regarding confidentiality Data falsification A smart home transfers data to a user through a wireless network. Accordingly, an attacker can gain access to the home through the network, and falsify data before it reaches the user. In addition, the attacker can intercept user commands to the smart home and can control the smart home system instead. Therefore, the integrity of important data stored in the smart home cannot be ensured Unauthorized access When transmitted data is received via a wireless network in a smart home environment, an attacker is able to insert malignant code into smart devices, giving the attacker access to the home through an unauthenticated device. Smart devices that contain malignant code become zombies and can be used to send malignant mail and execute distributed denial of service (DDOS) attacks. In addition, cameras can be installed or activated in smart devices through malignant code, invading the smart home owner s privacy. These types of cyberattack are mounting continually, and pose serious security threats to users of smart homes. 3.2 Analysis of Security Requirements Data confidentiality Smart home data contains sensitive information such as private information, control messages, and confidential data, which is controlled through the network. Through unauthorized access, an attacker can obtain this information, leak private information and sensitive messages, and remotely control smart devices. To prevent these sorts of attacks, the device through which the user accesses the smart home should be authenticated and malicious the attacker hasn t to access to smart home Data integrity The data of smart devices can be falsified via malicious devices that gained access through the wireless network. Thus, transferred data and messages should not be prone to falsification from illegal smart devices in a smart home environment. Fig. 1. Proposed scheme

3 Int'l Conf. Security and Management SAM' Device authentication Many smart devices can be accessed by devices without regard for security, allowing unauthenticated smart devices to be accessed through the smart home s wireless network. Disposable and cloned smart home devices can access the smart home, allowing malignant code to be inserted into the smart device. This compromises the smart home communication and creates zombie smart devices. Also, a smart home system can become dangerous if the attacker can disguise the attack as though it is from a smart device within the home. Thus, the authentication of smart devices is essential to the smart home environment. 4. Proposed scheme In this section, a server safely stores and manages the data of the smart home. We proposed a data management scheme, in which this secure smart home server manages the data of all smart devices registered in the home. The server stores data that is divided by importance into public data and confidential data. This allows for secure and convenient data management. Confidential data can only be accessed through use of a password. Additionally, a security check tool scans the integrity of the data before it is saved to the server. Also, data be saved and download through an authenticated device, enhancing the safety and reliability of the data. However, even if the authentication device it that have not access authority can t download data. The proposed scheme is composed of three phases: the registration phase in which some rules need to be met by a smart device in order to register with the server; the data storage phase, in which a smart device saves data to the server; and the download phase, in which a user s smart device downloads data from the server. 4.1 Notations Table 1 shows the notations used to explain the process of the proposed scheme. Notation DeviceInfo DeviceInfo N TABLE I. NOTATIONS Description Smart home device s information Smart home device s information authentication requested Public key of a smart device Public key of a smart server Random number Time stamp from smart home server Time stamp from a smart home device Valid time interval for transmission delay Value access to confidential data Value access to public data 4.2 Registration Phase In the registration phase, new smart devices are registered to the smart home server and are divided into separate groups in order to separate public data and confidential data. The procedure is as follows. Fig. 2. Registration phase 1) A smart device requests to communicate with the smart home server. 2) The smart home server encrypts its time stamp and a random number into public key for the smart device in order to prevent reply attacks, and transfers this key to the device. 3) The smart device encrypts its information, its time stamp, and random number into the public key for the smart home server, and transfers this key to the server. 4) The smart home server validates the time interval for the transmission delay by comparing the differential between the time stamp of the smart home server and the time stamp of the smart device. 5) A user logs into the smart home server using their ID and password, and inputs the serial number and information of the device. 6) The smart home server authenticates that the smart device information received and user-input, smart device information are the same. 7) The authenticated smart device is classified into a device group and is granted access to the data, where it creates a value access to the data. This value consists of two things: a value access to public data, and a value access to confidential data. The smart home server creates values appropriate to the smart devices. 8) The smart home server encrypts the value access into the public key of the smart device and transfers it to the smart device. 9) The smart device saves the value access to the data, and communicates with the server that it is ready to exit.

4 234 Int'l Conf. Security and Management SAM' Data Storage Phase This section describes the procedure for data generating or data acquired smart device connecting to the smart home server, verification data. In addition, we will discuss the rules used to store the data security level. When storing confidential data, the smart home server stores the hash of the value access to confidential data and the data itself. 6) The data is stored in the database, disconnects from the server. 4.4 Data Download Phase This section describes the download procedure using a user s smart device to request necessary data. The user connects to the smart home server through a smart device and can download data if they have appropriate authorization. Fig. 3. Data storage phase 1) The smart device requests a connection to the smart home server in order to generate/acquire synchronized data. 2) The smart home server authenticates the device by comparing the smart device information registered during the registration phase to the information of the requesting smart device. If this smart device is not an authenticated device, the server will cancel communication with the unauthorized device and communication will be released. 3) Authenticated smart devices can access the smart home server. Smart device are sorted into either common devices, which are used together, or personal devices, which are personally used. 4) Data safety is verified by a security check tool in the assorted smart device. If a virus is found, the data storage is cancelled and communication is released. 5) Data verified by the security check tool as fit for storage, is divided into either public data or confidential data for secure and convenient data management. When storing public data, the smart home server stores the hash of the value access to public data and the data itself. Fig. 4. Data download phase 1) The smart device requests to connect to the smart home server in order to download the necessary data. 2) The smart home server authenticates the device by comparing the smart device information registered during the registration phase to the information of the requesting smart device. If this smart device is not an authenticated device, the server will cancel communication with the unauthorized device, and communication will be released. 3) Authenticated smart devices can access the smart home server. The user is now able to request to download the necessary data through the smart device. 4) The smart home server confirms that the requesting smart device has download permission. If the device does not have permission, then the server rejects the data download and returns to step 3).

5 Int'l Conf. Security and Management SAM' ) If the smart device has download permission, then user authentication is required through a request for the user to enter their password. Hashed data will be downloaded by decrypting the value access to the data. If the user authentication fails, the data download is rejected and returns to step 3). 6) If the user authentication succeeds, then the smart home server has permission to download the data. The data is downloaded by accessing the device record in the database, and then disconnects from the server. 5. Security analysis of the proposed scheme In this section, we analyze the security of our proposed device-based, secure, data management scheme in smart home environment. 5.1 Confidentiality A smart device must ensure confidentiality because it has important data such as private information, control messages, and sense information. This paper s proposed scheme is to authentication smart device before allowing access to the smart home server. Unauthenticated smart devices are not allowed to store and download data because they do not have access to the smart home server. Even if a user loses a device, or device information is leaked, an attacker cannot access the data on the smart home server because they must have password. In addition, if the smart device was authenticated, the user cannot access the data on the smart home server if they do not know password because the data is divided into encrypted public data and encrypted confidential data. 5.2 Integrity Data is prone to risks such as data and message falsification by the access of malicious smart devices through the wireless network in a smart home communication environment. This paper proposes a scheme in which data is stored in a hash with a value access when the data is stored to the smart home server. When smart devices download the data, value access that has authority with data will be encrypt. Therefore, this proposed scheme prevents data falsification. 5.3 Device Authentication Smart devices can insert malignant code through unauthenticated device access. In this situation, the smart device will become a zombie device. It is able to send malignant mail and execute distributed denial of service (DDOS) attack. Our proposed scheme prevents the change of smart device information because the smart home server saves the information of each smart device during the initial registration phase, saving hash values of this information. By using the hash values for communication, the information of the smart devices cannot be changed. In addition, because the smart home server supervises all of the smart devices of the home, access of unauthorized devices can be prevented and authentication of smart devices can be provided. 6. Conclusions Smart home technology continues to develop and provides various services through open network communication among smart devices. However, there are still security concerns such as data forgery, unidentified access, and invasion of privacy, and new security threats continue to arise. In order to address this, we need a safe data-management method to prevent these security threats. In this paper, we analyzed the security concerns and security requirements and suggested a safe data management method based on the devices in the smart home environment. This suggested method can block unauthorized access through device verification. Research regarding smart homes is currently booming, both nationally and worldwide. Safe data management is very important because the smart home contains sensitive data. Finally, we expect that the suggestions made in this paper will be helpful to future studies and developments regarding a safe smart home environment. 7. Acknowledgment This work was supported by the ICT R&D program of MSIP/IITP, Republic of Korea. [ , Development of Mobile S/W Security Testing Tools for Detecting New Vulnerabilities of Android] 8. References [1] Gao Chong, Ling Zhihao, Yuan Yifeng, The research and implement of smart home system based on Internet of Things, pp , Sept [2] Hwa-jeong Suh, Dong-gun Lee, Jong-seok Choe, Ho-won Kim, IoT security technology trends The Korea Institute of Electromagnetic Engineering and Science, Vol. 24, No. 4, pp , July [3] Tae-woong Lee, Cheol-su Son, Won-jung Kim, The Implement of Intelligent Home Network System on Smart Phone, The Korea Institute of Electronic Communication Sciences, Vol. 6, No. 4, pp , Aug [4] Ji-Yean Son, Ji-Hyun Lee, Jeu-Young Kim, Jun-Hee Park, Young-Hee Lee, RAFD: Resource-aware fault diagnosis system for home environment with smart devices, Consumer Electronics, IEEE Transactions on, Vol. 58, No. 4, pp , Jan [5] Seong-gu Sim, Ho-jin Park, Jun-hee Park, Smart home standardization construction and strategy, The Korea Institute of Information Scientists & Engineers, Vol. 30, No. 8, pp , Aug [6] A. Wright, Cyber security for the power grid: cyber security issues & Securing control systems, ACMCCS, Nov. 2009