KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

System Hardening and Security Monitoring for IoT Devices to Mitigate IoT Security Vulnerabilities and Threats

  • Choi, Seul-Ki (ISAA Lab., Department of Computer Engineering, Ajou University) ;
  • Yang, Chung-Huang (National Kaohsiung Normal University) ;
  • Kwak, Jin (Department of Cyber Security, Ajou University)
  • Received : 2017.09.30
  • Accepted : 2018.01.22
  • Published : 2018.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

Keywords

References

  1. Somia Sahraoui and Azeddine Bilami, "Asymmetric End-to-End Security for Human-to-Thing Communications in the Internet of Things," in Proc. of IoT'16 Proceedings of the 6th International Conference on the Internet of Things, pp.131-139, November 07-09, 2016.
  2. Meesun Kim, Hyun Ahn and Kwanghoon Pio Kim, "Process-Aware Internet of Things: A Conceptual Extension of the Internet of Things Framework and Architecture," KSII Transactions on Internet and Information Systems, vol. 10, no. 8, August 31, 2016.
  3. Vu-Anh-Quang Nguyen, "Study on realtime control system in IoT based smart factory: Interference awareness, architectural elements, and its application," in Proc. of Information Science and Technology (ICIST), 2017 Seventh International Conference on, April 16-19, 2017.
  4. H. Arasteh, V. Hosseinnezhad, V. Loia, A. Tommasetti, O. Troisi, M. Shafie-khah and P. Siano, "Iot-based Smart Cities: a Survey," in Proc. of Environment and Electrical Engineering (EEEIC), 2016 IEEE 16th International Conference on, June 7-10, 2016.
  5. Jorge Alfonso, Nuria Sanchez, Jose Manuel Menendez and Emilio Cacheiro, "Cooperative ITS communications architecture: the FOTsis project approach and beyond," IET Intelligent Transport System, vol. 9, issue. 6, pp.591-598, August 06, 2015. https://doi.org/10.1049/iet-its.2014.0205
  6. Elisa Bertino, Nayeem Islam, "Botnets and Internet of Things Security," Computer, vol. 50, issue. 2, pp. 76-79, 2017. https://doi.org/10.1109/MC.2017.62
  7. James A. Jerkins, "Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code," in Proc. of Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual, January 09-11, 2017.
  8. OWASP, "IoT Vulnerabilities Project,"
  9. Ryan Williams, Emma McMahon, Sagar Samtani, Mark Patton and Hsinchun Chen, "Identifying Vulnerabilities of Consumer Internet of Things (IoT) Devices: A Scalable Approach," in Proc. of Intelligence and Security Informatics (ISI), 2017 IEEE International Conference on, July 2017
  10. Korea Internet & Security Agency, "SW New Vulnerability Reporting Award Status and Key Vulnerabilities," March 27, 2017.
  11. National Institute of Standard and Technology, "Guide to General Server Security," Special Publication, 800-123, July 25, 2008.
  12. Information Security Office, "Red Hat Enterprice Linux 7 Hardening Checklist," The University of Texas at Austin,
  13. Korea Internet & Security Agency, "Guide to Using Cryptography Authentication Technology in Internet (IoT) Environment," April, 2016.
  14. OWASP, "IoT Logging Events,"
  15. Thuy T.T. Nguyen and Grenville Armitage, "A survey of techniques for Internet traffic classification using machine learning," IEEE Communications Surveys and Tutorials, vol. 10, issue 4, pp. 56-76, November, 2008. https://doi.org/10.1109/SURV.2008.080406

Cited by

  1. Current research on Internet of Things (IoT) security: A survey vol.148, pp.None, 2018, https://doi.org/10.1016/j.comnet.2018.11.025
  2. Interpretive Structural Modeling in the Adoption of IoT Services vol.13, pp.3, 2019, https://doi.org/10.3837/tiis.2019.03.004
  3. STRIDE and HARM Based Cloud Network Vulnerability Detection Scheme vol.29, pp.3, 2018, https://doi.org/10.13089/jkiisc.2019.29.3.599
  4. Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning vol.7, pp.None, 2018, https://doi.org/10.7717/peerj-cs.350