Journal of Information Technology Services (한국IT서비스학회지)

Korea Society of IT Services (한국IT서비스학회)
권호 표지
DOI QR코드

DOI QR Code

Risk Analysis for Protecting Personal Information in IoT Environments

사물인터넷(IoT) 환경에서의 개인정보 위험 분석 프레임워크

  • 이애리 (연세대학교 바른ICT연구소) ;
  • 김범수 (연세대학교 정보대학원, 바른ICT연구소) ;
  • 장재영 (한국인터넷진흥원, 연세대학교 정보대학원)
  • Received : 2016.04.28
  • Accepted : 2016.09.21
  • Published : 2016.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose "a risk analysis framework of protecting personal information in IoT environments" consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.

Keywords

References

  1. Arthur, D.L., "Wanted : Smart Market-Makers for the Internet of Things", Prism, Vol.2, 2011.
  2. Caragliu, A., C. DelBo, and P. Nijkamp, "Smart Cities in Europe", Journal of Urban Technology, Vol.18, No.2, 2011, 65-82. https://doi.org/10.1080/10630732.2011.601117
  3. Choi, H.S. and Y.H. Cho, "Security Vulnerability of Internet of Things and Its Solution", Journal of the Korea Society of Digital Industry and Information Management, Vol. 11, No.1, 2015, 69-78. (최희식, 조양현, "사물인터넷 보안 문제제기와 대안", 디지털산업정보학회논문지, 제11권, 제1호, 2015, 69-78.) https://doi.org/10.17662/ksdim.2015.11.1.069
  4. Choi, K.J., "A Study for Developmental Change of Personal Information Protection Law System in the Age of Big Data and Internet of Things (IoT)", Chung_Ang Law Review, Vol.17, No.4, 2015, 7-50. (최경진, "빅데이터.사물인터넷 시대 개인정보보호법제의 발전적 전환을 위한 연구", 중앙법학, 제17권, 제4호, 2015, 7-50.)
  5. CIOKorea, "0.15 Billion Connected Cars in 2020", CIOKorea, 2014.
  6. EU, "Opinion 8/2014 on the on Recent Developments on the Internet of Things", EU Article 29 Data Protection Working Party, 2014.
  7. Gartner, "Market Trends : TSPs Must Invest in the Rapidly Evolving IoT Ecosystems Now", Gartner, 2013.
  8. Gartner, "6.4 Billion Connected Things Will Be in Use in 2016, Up 30 Percent From 2015", Gartner Symposium/ITxpo 2015, Barcelona, Spain, 2015.
  9. Glen, W., "OnStar Plugs Hacker Attacks", Autonet. 2015.
  10. Infosec, "Risk Analysis Methodology and Security Consulting Trends", Infosec, 2008. (인포섹(주), "위험분석 기법과 보안컨설팅 동향", 인포섹, 2008.)
  11. ISACA, "Risk IT Framework for Management of IT Related Business Risks", ISACA, 2009a.
  12. ISACA, "The Risk IT Framework", ISACA, 2009b.
  13. ISO/IEC, "Information Technology-Security Techniques-Information Security risk Management", ISO/IEC FIDIS 27005:2008, 2011.
  14. Jeon, C.M., "Evolving Direction of the Connected Car Service", KT Economic and Management Research Center, DIGIECO ISSUE & TREND, 2013. (전춘미, "커넥티드 카 서비스의 진화방향", KT경제경영연구소, DIGIECO ISSUE and TREND, 2013.)
  15. Joo, D.Y. and J.G. Kim, "IoT's Activation Plan for Creative Convergence in Hyper-Connected Society", KIET(Korea Institute for Industrial Economics & Trade), ISSUE Paper, Vol.342, 2014. (주대영, 김종기, "초연결시대 사물인터넷 (IoT)의 창조적 융합활성화 방안", 산업연구원, ISSUE Paper, 제342권, 2014.)
  16. Kane, S., "Pay-As-You-Drive Car Insurance : Big Savings, No Privacy?", The Car Connection, 2011.
  17. Kang, N.H., "IoT Convergence Service Security Requirement", The Journal of The Korean Institute of Communication Sciences(Information and Communications Magazine), Vol.32, No.12, 2015, 45-50. (강남희, "사물인터넷 융합 서비스 보안 요구사항", 한국통신학회지(정보와 통신), 제32권, 제12호, 2015, 45-50.)
  18. KATS(Korean Agency for Technology and Standards), "[KS X ISOIEC27005] Information technology-Security Techniques-Information Security Risk Management", KATS, 2014. (국가기술표준원, "[KS X ISOIEC27005] 정보기술-보안기술-정보보호 위험관리", KATS, 2014.)
  19. KB Reseach, "Development Trends and Future Changes in Connected Car", KB Knowledge Vitamin, Vol.15, 2016. (KB금융지주경영연구소, "Connected Car 개발 동향과 미래 변화", KB지식비타민, 제15권, 2016.)
  20. KCA(Korea Communication Agency), "Business Trends of Major Operators in Connected Car and Prior Task for Service Dissemination", KCA, 2013. (한국방송통신전파진흥원, "커넥티드 카의 주요 사업자 동향과 서비스 보급의 선결과제", KCA, 2013.)
  21. KISA(Korea Internet Security Agency), "2014 National Information Security White Paper", KISA, 2014. (한국인터넷진흥원, "2014 국가정보보호백서", KISA, 2014.)
  22. KISDI(Korea Information Society Development Institute), "Research on Development Direction of Smart Devices Manufacturing Industry", KISDI, 2013. (정보통신정책연구원, "스마트 디바이스 제조 산업의 발전방향 연구", KISDI, 2013.)
  23. Korea COP Forum, "Personal Information Protection Governance ABC", Korea COP Forum, 2008. (한국CPO포럼, "개인정보보호 거버넌스의 ABC", 한국COP포럼, 2008.)
  24. Krisher, T., Auto Industry Steps up Fight Against Hackers, The Associated Press, 2013.
  25. KSGI(Korea Smart Grid Institute) and KOTRA, "Research on Smart Grid Policy and Market in Major Countries", KSGI & KOTRA, 2010. (한국스마트그리드사업단, 대한무역투자진흥공사, "주요국 Smart Grid 정책/시장 조사", KSGI & KOTRA, 2010.)
  26. Lee, Y.H., "IoT Based Promising Market Prospect and Agenda to Realize the Creative Economy", NIA(National Information Society Agency), 2013. (이윤희, "창조경제 실현을 위한 사물인터넷 기반 유망시장 전망 및 과제", 한국정보화진흥원, 2013.)
  27. Lewis, T., "OnStar Doesn't Give Up Easily... Sometimes", Consumer Affairs, 2011.
  28. MSIP(Ministry of Science, ICT and Future Planning), "Statistics of IPTV Subscribers", ITSTAT, 2015. (미래창조과학부, IPTV 가입자 수 통계, ITSTAT, 2015.)
  29. MSIP(Ministry of Science, ICT and Future Planning), "Statistics of Smartphone Subscribers", ITSTAT, 2015. (미래창조과학부, "스마트폰 가입자 수 통계", ITSTAT, 2015.)
  30. Naughton, K. and O. Kharif, "Cars a Target for Identity Thieves as Shopping Comes to Dashboard", Bloomberg News, 2015.
  31. NIST(National Institute of Standards and Technology), "Risk Management Guide for Information Technology Systems", NIST, 2002.
  32. Park, N.J. and G.J. Ahn, "Privacy Protection in Smart Grid", Review oF Korea Institute of Information Security and Cryptology, Vol.20, No.3, 2010, 62-78. (박남제, 안길준, "스마트 그리드에서의 프라이버시 보호", 정보보호학회지, 제20권, 제3호, 2010, 62-78.)
  33. Shin, Y.J., "A Study on Policy Tasks of Personal Information Protection in IoT Era", In Proceeding Paper of Korea Association for Public Administration(KAPA) Annual International Conference, 2015, 692-710. (신영진, "IoT시대에서의 개인정보보호정책과제에 관한 연구", 한국행정학회 학술발표논문집, 2015, 692-710.)
  34. TTA(Telecommunication Technology Association), "Risk Analysis and Management Standards for Public Information Systems Security-Risk Analysis Methodology Model", TTAS.KO-12.0007, 2000. (한국정보통신기술협회, "공공정보시스템 보안을 위한 위험분석 표준-험분석 방법론 모델", TTAS.KO-12.0007, 2000.)
  35. TTA, "Risk Analysis Methodology for IT Services", TTA, 2008. (한국정보통신기술협회, "IT서비스 위험분석 방법", TTA, 2008.)
  36. TTA, "Standardization related to Smart Buildings", TTA, 2011. (한국정보통신기술협회, "스마트 빌딩 구축 관련 표준화", TTA, 2011.)