• Title, Summary, Keyword: IoT Security

Search Result 529, Processing Time 0.083 seconds

An Analysis of Research Trends in IoT Security (IoT 보안에 대한 국내외 연구 동향 분석)

  • Yu, Woo Young
    • Convergence Security Journal
    • /
    • v.18 no.1
    • /
    • pp.61-67
    • /
    • 2018
  • IoT technology is currently being applied at various industrial sites and is developing as a core technology in the fourth industrial revolution. Along with IoT developments, awareness and importance of IoT security is increasing, and research on IoT security is underway to counter these threats. However, research trends in the context of IoT security awareness are insufficient. This paper is a research that analyzes the progress of R&D and IoT security in both domestic and international IoT and thus leads to improvements. The research covered the 229 papers and articles of domestic and foreign journals covering security fields as a main theme. Among them, detailed analyses of 96 papers related to IoT security were performed. Research has shown that many studies are being conducted on trends in IoT security, key management and privacy. A detailed study on the characteristics of services to apply IoT technologies and access control and authentication between IoT devices is needed, and a study that addressed the issues of privacy in IoT environments in Korea.

  • PDF

System Hardening and Security Monitoring for IoT Devices to Mitigate IoT Security Vulnerabilities and Threats

  • Choi, Seul-Ki;Yang, Chung-Huang;Kwak, Jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.2
    • /
    • pp.906-918
    • /
    • 2018
  • The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

Institutional Improvements for Security of IoT Devices (IoT 기기의 보안성 확보를 위한 제도적 개선방안)

  • Lee, Donghyeok;Park, Namje
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.3
    • /
    • pp.607-615
    • /
    • 2017
  • Recently, IoT products with various functions are being developed. Through the combination of objects and information technology, convenient services that have not been imagined before are emerging. For a secure IoT environment, product security must be considered. However, the existing IoT products have various problems such as security vulnerability. In order to secure the security of IoT products, technical countermeasures as well as policy responses are needed. However, the legislation related to current IoT products has a limit to guarantee safety in IoT environment. In this paper, we analyze the limitations of the current legal system of IoT, and suggests ways to improve it.

A Study on Priority of Certification Criteria for IoT Security Certification Service (IoT 보안인증서비스 인증기준 중요도 우선순위에 관한 연구)

  • Kang, Da-Yeon;Hwang, Jong-Ho
    • The Journal of the Korea Contents Association
    • /
    • v.19 no.7
    • /
    • pp.13-21
    • /
    • 2019
  • Because security of Internet of Things(IoT) products and others is poor, there are many hacking incidents To prevent security threats, it is important for companies to first make products with high security levels and choose products that are safe for users. In response, the Korea Internet & Security Agency is testing the security of IoT products and linked mobile apps to impose ratings. Security certification service is a service that tests IoT products and linked mobile apps to ensure certain levels of security and issues certificates when they meet the criteria. It can induce autonomous security enhancement of IoT products, contribute to strengthening security capabilities of IoT companies in Korea and vitalizing their overseas advancement, and have the expected effect of resolving public anxiety over IoT products. In this study, the criteria for IoT security certification are presented, but the importance priority is sought to be derived for assessment items that need to be strengthened. This will help to provide guidelines that can contribute to strengthening the security capabilities of domestic Internet companies and boosting their overseas advancement.

A Study on Security Requirments Analysis through Security Threat Modeling of Home IoT Appliance (Home IoT 가전의 보안위협모델링을 통한 보안요구사항 분석에 관한 연구)

  • Yun, Suk-Jin;Kim, Jungduk
    • The Journal of Society for e-Business Studies
    • /
    • v.24 no.2
    • /
    • pp.113-124
    • /
    • 2019
  • Today many companies are offering IoT-enabled products and place emphasis on security from the planning stage to protect their products and user information from external threats. The present security levels, however, remain low because the time and resources invested in developing security requirements for each device are far from enough to meet the needs of a wide range of IoT products. Nevertheless, vulnerabilities of IoT devices have been reported continuously, which calls for more detailed security requirements for home IoT devices. In this context, this research identified threats of home IoT systems by using Microsoft Threat Modeling Tool. It then suggested measures to enhance the security of home IoT devices by developing security assessment items through comparative analysis of the identified threats, domestic and global vulnerability assessment standards and related research. It also verified the effectiveness of the developed security requirements by testing them against the existing ones, and the results revealed the security requirements developed in this research proved to be more effective in identifying vulnerabilities.

Risk of Attack through an Open Wireless Network of IoT Devices (IoT 장치의 개방형 무선 네트워크를 통한 공격 위험)

  • Lee, Geonwoo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.10-14
    • /
    • 2019
  • The number of security incidents is increasing as the Internet of Things(IoT) is distributed widely. The security incidents of IoT can cause financial damages. Moreover, It can become direct threats to humans. In order to prevent these problems, the security installation for IoT devices is important. This paper describes the definition of IoT devices, security incident case, architecture, and the security threats that can occur when a device is connected to network without security installation.

  • PDF

A Study on the Enterprise security convergence strategy in the IoT(the Internet of Things) Era (IoT시대의 기업 융합보안 전략에 대한 연구)

  • Noh, Jong-ho;Lee, Jong-hyeong;Kwon, Hun-yeong
    • Convergence Security Journal
    • /
    • v.17 no.2
    • /
    • pp.33-39
    • /
    • 2017
  • In the age of full scale IoT, concept of "security convergence" has been popularized widely. However, it is not clear whether current "security convergence" concept reflects IoT characteristics and traits. In this thesis, a new concept, complementing "security convergence" concept researches up to date, has been suggested considering IoT characteristics. Required governance methodology and key technical factors are suggested for re-establishment of "security convergence" concept and for enterprise security strategy development.

Proposal of Technology and Policy Post-Security Management Framework for Secure IoT Environment (안전한 IoT 환경을 위한 기술 및 정책적 사후 보안관리 프레임워크)

  • Lee, Donghyeok;Park, Namje
    • 한국정보기술학회논문지
    • /
    • v.15 no.4
    • /
    • pp.127-138
    • /
    • 2017
  • In recent years, the IoT environment has come to a reality. The IoT environment provides a lot of convenience, but security threats are also increasing. In order to secure the IoT environment, careful consideration of information security is needed. Security measures in the design and development stages of IoT products are being studied extensively. However, it is also very important to establish policies for post management after the release of IoT products. In this paper, we propose a technology and policy post-security management framework to provide secure IoT environment. The proposed framework performs specific countermeasures for each entity when a security flaw occurs after the release of IoT product. In particular, it has the benefits of taking actions such as software updates and recalls based on security flaws.

A Study on the Improvement of Security Threat Analysis and Response Technology by IoT Layer (IoT 계층별 보안위협 분석 및 대응기술 개선 방안 연구)

  • Won, Jong-Hyuk;Hong, Jung-Wan;You, Yen-Yoo
    • Journal of Convergence for Information Technology
    • /
    • v.8 no.6
    • /
    • pp.149-157
    • /
    • 2018
  • In this paper, we propose an attack detection technology using SDN Controller to study security threats in IoT environment. The research methodology has been developed by applying IoT security threat management technology to the IoT layer and analyzing the research trend of applied security technology. The study results show that the effectiveness of the detection method using the sampling method is studied by adding OpenFlow based SDN Controller to the network switch equipment of the existing IoT network. This method can detect the monitoring and attack of the whole network by interworking with IDS and IPS without affecting the performance of existing IoT devices. By applying such improved security threat countermeasure technology, we expect to be able to relieve anxiety of IoT security threat and increase service reliability.

Design Plan of Secure IoT System based Common Criteria (CC 기반의 안전한 IoT 시스템 설계 방안)

  • Kim, Ju-Hun;Jung, Hyun-Mi;Cho, Han-Jin
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.10
    • /
    • pp.61-66
    • /
    • 2017
  • Recently, IoT technology is rapidly developing with the keyword "Anytime, Anywhere, Convenient". In addition, security problems in IoT systems are exploding and the damage is increasing as well. In this paper, we propose a method to develop IoT system safely by using internationally recognized CC evaluation in ICT by identifying the standardization and security technology development status defining IoT system security requirements. For this purpose, IoT system and service security aspects are analyzed. Based on this, it is possible to design the security functional requirements and to demonstrate the rationale of the security objective through the correspondence relation, and it is possible to design the protection profile for the IoT system. This is a sufficient basis for the development methodology to be presented in this paper because it is used as a means of referring to the set of security requirements of administrators, developers, and users.