IMPLEMENTASI CHALLENGE RESPONSE AUTHENTICATION MECHANISM (CRAM) UNTUK KEAMANAN TRANSAKSI PERANGKAT IoT
-
Hendro FJ Lami(1)
Undana
-
Hendro F J Lami(2)
Universitas Nusa Cendana
-
Stephanie I Pella(3)
Universitas Nusa Cendana
(*) Corresponding Author
Abstract
This research aims to secure data transaction in Internet of Things (IoT)devices using the challenge-response authentication mechanism (CRAM). The research choose uses ESP 8266 and ESP 32 to develop the system for their ability to run micropython programming language. Using a random challenge to grant authentication protects the system from replay attack from intruders. In each authentication process, the client receives a 10 digit random number to be encrypted using a shared key and sent back to the server. The server then checks if the client posses the correct key by decrypting the encrypted challenge using the same shared key. Access is granted if the decryption result is equal to the original challenge.
Downloads
References
V. D. Soni, “Security issues in using iot enabled devices and their Impact,” Int. Eng. J. Res. Dev., vol. 4, no. 2, p. 7, 2019.
K. Tabassum, A. Ibrahim, and S. A. El Rahman, “Security issues and challenges in IoT,” in 2019 International Conference on Computer and Information Sciences (ICCIS), 2019, pp. 1–5.
T. R. P. Foundation, “Buy a Raspberry Pi Pico,” Raspberry Pi. https://www.raspberrypi.org/products/raspberry-pi-pico/ (accessed Feb. 21, 2021).
“raspi pico pdf - Penelusuran Google.” https://www.google.com/search?q=raspi+pico+pdf&rlz=1C1PRFC_enID911ID911&oq=ras-pi+pico+pdf&aqs=chrome..69i57j0i19i22i30l6j69i61.8533j0j7&sourceid=chrome&ie=UTF-8 (accessed Feb. 21, 2021).
“MEGA+WiFi R3 ATmega2560+ESP8266, flash 32MB, USB-TTL CH340G, Micro-USB.” https://robotdyn.com/mega-wifi-r3-atmega2560-esp8266-flash-32mb-usb-ttl-ch340g-micro-usb.html (accessed Feb. 21, 2021).
M. Babiuch, P. Foltýnek, and P. Smutný, “Using the ESP32 microcontroller for data processing,” in 2019 20th International Carpathian Control Conference (ICCC), 2019, pp. 1–6.
H. F. Lami, K. R. Rantelobo, J. F. Mandala, and A. S. Sampeallo, “INTEGRASI PROTOKOL MQTT DAN HTTP UNTUK OTOMASI BERBASIS IOT PADA PERTANIAN LAHAN KERING,” J. Media Elektro, pp. 53–59, 2020.
“Software.” https://www.arduino.cc/en/software (ac-cessed Feb. 21, 2021).
C. Bell, MicroPython for the Internet of Things. Springer, 2017.
“MicroPython - Python for microcontrollers.” http://micropython.org/ (accessed Feb. 21, 2021).
J. Li, K. Fawaz, and Y. Kim, “Velody: Nonlinear vibration challenge-response for resilient user authentication,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 1201–1213.
A. Vyas and S. Pal, “Preventing security and privacy attacks in WBANs,” in Handbook of computer networks and cyber security, Springer, 2020, pp. 201–225.
A. Ometov, V. Petrov, S. Bezzateev, S. Andreev, Y. Koucheryavy, and M. Gerla, “Challenges of multi-factor authentication for securing advanced IoT applications,” IEEE Netw., vol. 33, no. 2, pp. 82–88, 2019.
C. R. Aldawira, H. W. Putra, N. Hanafiah, S. Surjarwo, and A. Wibisurya, “Door security system for home monitoring based on ESp32,” Procedia Comput. Sci., vol. 157, pp. 673–682, 2019.
L. O. Aghenta and T. Iqbal, “Design and implementation of a low-cost, open source IoT-based SCADA system using ESP32 with OLED, ThingsBoard and MQTT protocol,” AIMS Electron. Electr. Eng., vol. 4, no. 1, pp. 57–86, 2019.
M. Suárez-Albela, P. Fraga-Lamas, L. Castedo, and T. M. Fernández-Caramés, “Clock frequency impact on the performance of high-security cryptographic cipher suites for energy-efficient resource-constrained IoT devices,” Sensors, vol. 19, no. 1, p. 15, 2019.
P. Kushwaha, H. Sonkar, F. Altaf, and S. Maity, “A Brief Survey of Challenge–Response Authentication Mechanisms,” in ICT Analysis and Applications, Springer, 2021, pp. 573–581.
“MicroPython - Python for microcontrollers.” http://micropython.org/ (accessed Feb. 24, 2021).
This work is licensed under CC BY-SA 4.0
