[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3745/JIPS.03.0178

Analysis of Security Vulnerabilities for IoT Devices

Kim, Hee-Hyun (Dept. of Business Administration, Sangmyung University)
Yoo, Jinho (Dept. of Business Administration, Sangmyung University)

Publication Information

Journal of Information Processing Systems / v.18, no.4, 2022 , pp. 489-499 More about this Journal

Abstract

Recently, the number of Internet of Things (IoT) devices has been increasing exponentially. These IoT devices are directly connected to the internet to exchange information. IoT devices are becoming smaller and lighter. However, security measures are not taken in a timely manner compared to the security vulnerabilities of IoT devices. This is often the case when the security patches cannot be applied to the device because the security patches are not adequately applied or there is no patch function. Thus, security vulnerabilities continue to exist, and security incidents continue to increase. In this study, we classified and analyzed the most common security vulnerabilities for IoT devices and identify the essential vulnerabilities of IoT devices that should be considered for security when producing IoT devices. This paper will contribute to reducing the occurrence of security vulnerabilities in companies that produce IoT devices. Additionally, companies can identify vulnerabilities that frequently occur in IoT devices and take preemptive measures.

Keywords

CVE Vulnerability; CVSS; IoT Device; Security Vulnerabilities;

Citations & Related Records

Times Cited By KSCI : 7 (Citation Analysis)

Reference
Cited By KSCI

1	International Telecommunication Union, "Recommendation Y.2060: Overview of the Internet of Thinngs," 2012 [Online]. Available: https://www.itu.int/rec/T-REC-Y.2060-201206-I.
2	H. D. Kim, S. W. Yoon, and Y. P. Lee, "Security for IoT services," Information and Communications Magazine, vol. 30, no. 8, pp. 53-59, 2013.
3	F. Paul, "6 IoT Prospects for 2019 from a Market Perspective," 2019 [Online]. Available: https://www.itworld.co.kr/news/114234.
4	G. J. Blinowski and P. Piotrowski, "CVE based classification of vulnerable IoT systems," in Theory and Applications of Dependable Computer Systems. Cham, Switzerland: Springer, 2020, pp. 82-93.
5	Y. S. Jeong and J. H. Park, "IoT and smart city technology: challenges, opportunities, and solutions," Journal of Information Processing Systems, vol. 15, no. 2, pp. 233-238, 2019. DOI
6	J. C. S. Sicato, S. K. Singh, S. Rathore, and J. H. Park, "A comprehensive analyses of intrusion detection system for IoT environment," Journal of Information Processing Systems, vol. 16, no. 4, pp. 975-990, 2020. DOI
7	P. Hong, S. Lee, M. Park, and S. Kim, "Threat-based security analysis for the domestic smart home appliance," KIPS Transactions on Computer and Communication Systems, vol. 6, no. 3, pp. 143-158, 2017. DOI
8	M. Lee and J. Park, "Analysis and study on invasion threat and security measures for smart home services in IoT environment," The Journal of the Institute of Internet, Broadcasting and Communication, vol. 16, no. 5, pp. 27-32, 2016. DOI
9	Y. Jung and J. Cha, "IoT device security check standards," Information and Communications Magazine, vol. 34, no. 2, pp. 27-33, 2017.
10	T. Wang, M. Z. A. Bhuiyan, G. Wang, L. Qi, J. Wu, and H. Hayajneh, "Preserving balance between privacy and data integrity in edge-assisted Internet of Things," IEEE Internet of Things Journal, vol. 7, no. 4, pp. 2679-2689, 2019. DOI
11	What is CVE [Online]. Available: https://www.cvedetails.com/cve-help.php.
12	S. Meng, Z. Gao, Q. Li, H. Wang, H. N. Dai, and L. Qi, "Security-driven hybrid collaborative recommendation method for cloud-based IoT services," Computers & Security, vol. 97, article no. 101950, 2020. https://doi.org/10.1016/j.cose.2020.101950 DOI
13	Mirai Botnet [Online]. Available: http://wiki.hash.kr/index.php.
14	2018 OWASP IoT Top 10 [Online]. Available: https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf.
15	CVSS: vulnerability metrics [Online]. Available: https://nvd.nist.gov/vuln-metrics/cvss.
16	S. S. Yang, J. S. Shim, and S. C. Park, "Analysis of countermeasures and network security vulnerability for IoT smart home," in Proceedings of the Korea Information Processing Society Conference, Seoul, Korea, 2016, pp. 324-325.
17	International Telecommunication Union, ITU Internet Reports 2005: The Internet of Things. Geneva, Switzerland: International Telecommunication Union, 2005.
18	CIO Korea, "IDC Korea, domestic IoT platform forecast to grow at a AAGR of 16.1% until 2023," 2020 [Online]. AvailableL https://www.ciokorea.com/news/148680.
19	J. S. Park and J. H. Park, "Future trends of IoT, 5G mobile networks, and AI: challenges, opportunities, and solutions," Journal of Information Processing Systems, vol. 16, no. 4, pp. 743-749, 2020. DOI
20	N. Y. Kim, S. Rathore, J. H. Ryu, J. H. Park, and J. H. Park, "A survey on cyber physical system security for IoT: issues, challenges, threats, solutions," Journal of Information Processing Systems, vol. 14, no. 6, pp. 1361-1384, 2018. DOI
21	S. Hong and H. J. Sin, "Analysis of the vulnerability of the IoT by the scenario," Journal of the Korea Convergence Society, vol. 8, no. 9, pp. 1-7, 2017. DOI
22	L. Qi, C. Hu, X. Zhang, M. R. Khosravi, S. Sharma, S. Pang, T. Wang, "Privacy-aware data fusion and prediction with spatial-temporal context for smart city industrial environment," IEEE Transactions on Industrial Informatics, vol. 17, no. 6, pp. 4159-4167, 2020.
23	CVE Details [Online]. Available: https://www.cvedetails.com.
24	Vulnerabilities by type [Online]. Available: https://www.cvedetails.com/vulnerabilities-by-types.php.
25	Current CVSS score distribution for all vulnerabilities [Online]. Available: https://www.cvedetails.com/cvssscore-distribution.php.