DOI QR코드

DOI QR Code

해시를 활용한 사이버킬체인 기반의 사물인터넷 보안 정책

Cyber KillChain Based Security Policy Utilizing Hash for Internet of Things

  • 정소원 (성신여자대학교 융합보안학과) ;
  • 최유림 (성신여자대학교 융합보안학과) ;
  • 이일구 (성신여자대학교 융합보안공학과)
  • Jeong, So-Won (Department of Convergence Security, Sungshin University) ;
  • Choi, Yu-Rim (Department of Convergence Security, Sungshin University) ;
  • Lee, Il-Gu (Department of Convergence Security Engineering, Sungshin University)
  • 투고 : 2018.07.20
  • 심사 : 2018.09.20
  • 발행 : 2018.09.28

초록

4차 산업 혁명의 정보통신기술 산업 분야의 새로운 성장 동력으로 주목받는 사물인터넷 기술은 단순한 보안 기술을 넘어 신뢰성이 필요하다. 이러한 신뢰성은 IoT 제품의 기획 및 설계 단계부터 고려되어 제품을 개발하고 평가하며 사용하는 모두가 보안성을 측정하고 신뢰할 수 있는 시스템이 구축되어야 한다. 사용되는 IoT 기기 수의 급격한 증가와 사용 생명주기의 증가는 소프트웨어 패치와 업데이트 및 관리의 어려움으로 인한 보안 취약성 증가로 이어진다. 본 논문에서는 IoT 산업 분야의 기술적 정책적 동향을 분석하고 이를 통해 IoT 기기의 보안성과 확장성의 한계점을 분석한다. 이러한 한계점을 보완하기 위해 블록체인의 요소 기술인 해시를 활용해 소프트웨어의 무결성을 자동 검증하는 방법을 제안한다. 해시를 활용한 소프트웨어 무결성 자동 검증 방법으로 사물인터넷의 보안성과 확장성을 강화하고, 제안하는 보안 기술 적용을 위한 정책적 솔루션을 제시한다.

Technology of Internet of Things (IoT) which is receiving the spotlight recently as a new growth engine of Information Communications Technology (ICT) industry in the $4^{th}$ Industrial Revolution needs trustworthiness beyond simple technology of security. IoT devices should consider trustworthiness from planning and design of IoTs so that everyone who develop, evaluate and use the device can measure and trust its security. Increased number of IoTs and long lifetime result in the increased securituy vulnerability due to the difficulty of software patch and update. In this paper, we investigated security and scalability issues of current IoT devices through research of the technical, political and industrial trend of IoT. In order to overcome the limitations, we propose an automatic verification of software integrity utilizing and a political solution to apply cyber killchain based security mechanism using hash which is an element technology of blockchain to solve these problems.

키워드

참고문헌

  1. O. Bello & S. Zeadally. (2016). Intelligent device-to-device communication in the internet of things. IEEE Systems Journal, 10(30), 1172-1182. https://doi.org/10.1109/JSYST.2014.2298837
  2. S. H. Lee & D. W. Lee. (2016). Actual Cases for Smart Fusion Industry based on Internet of Thing. Journal of the Korea Convergence Society, 7(2), 1-6. https://doi.org/10.15207/JKCS.2016.7.2.001
  3. S. H. Lee, D. H. Shim & D. W. Kee. (2016). Actual Cases of Internet of Thing on Smart City Industry. Journal of Convergence for Information Technology, 6(4), 65-70. https://doi.org/10.22156/CS4SMB.2016.6.4.065
  4. CISCO, Internet of Things, https://www.cisco.com/c/dam/en/us/products/collateral/e/internet-of-things/at-a-glance-c45-731471.pdf (last access: 2018.07.10.).
  5. J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang & W. Zhao. (2017). A survey on internet of things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal, 4(5), 1125-1142. https://doi.org/10.1109/JIOT.2017.2683200
  6. Y. Yang, L. Wu, G. Yin, L. Ki & H. Zhao. (2017). A survey on security and provacy issues in internet-of-things. IEEE Internet of Things Journal, 4(5), 1250-1258. https://doi.org/10.1109/JIOT.2017.2694844
  7. S. Hong & H. J. Sin. (2017). Analysis of the Vulnerability of the IoT by the Scenario. Journal of the Korea Convergence Society, 8(9), 1-7. https://doi.org/10.15207/JKCS.2017.8.9.001
  8. H. J. Mun, G. H. Choi & Y. C. Hwang. (2016). Countermeasure to Underlying Security Threats in IoT communication. Journal of Convergence for Information Technology, 6(2), 37-44. https://doi.org/10.5121/ijitcs.2016.6104
  9. C. Kolias, G. Kambourakis, A. Stavrou & J. Voas. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80-84. https://doi.org/10.1109/MC.2017.201
  10. J. Gubbi, R. Buyya, S. Marusic & M. Palaniswami. (2013). Internet of Things (IoT): A vision, architecture elements, and future directions. Future generation computer systems, 29(7), 1645-1660. https://doi.org/10.1016/j.future.2013.01.010
  11. Symantec. (2018). Internet Security Threat Report, Vol.23.
  12. NIST. (2016). Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, NIST Special Publication 800-160 Volume 1.
  13. ENISA. (2015). Privacy and Data Protection by Design.
  14. NISC. (2016). General Framework for Secure IoT Systems.
  15. KISA. (2016). IoT common security guide for security internalization of ICT convergence products and services, IoT Security Alliance of KISA.
  16. I. C. Lin & T. C. Liao. (2017). A Survey of Blockchain Security Issues and Challenges, International Journal of Network Security, 19(5), 653-659
  17. T. Yadav & A. M. Rao. (2015). Technical Aspects of Cyber Kill Chain. International Symosium on Security in Computing and Communication, 438-452.
  18. Lockheed Martin Cyber KillChain, url: https://www.lockheedmartin.com/en-us/capabilities/cybr/cyber-kill-chain.html (last access: 2018.07.10.).
  19. CC v3.1 Release 5. Common Criteria for Information Technology Security Evaluation (CC). url: https://www.commoncriteriaportal.org/cc/ (last access: 2018.07.10.).