• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4512-4526
• /
• 2018

The Internet of Things (IoT) has become an emerging industry that is broadly used in many fields from industrial and agricultural manufacturing to home automation and hospitality industry. Because of the sheer number of connected devices transmitting valuable data, the IoT infrastructures have become a main target for cyber-criminals. One of the key challenges in protecting IoT devices is the lack of security measures by design. Although there are many hardware and software based security solutions (firewalls, honeypots, IPDS, anti-virus etc.) for information systems, most of these solutions cannot be applied to IoT devices because of the fact that IoT devices have limited computing resources (CPU, RAM,). In this paper, we propose a honeypot system called HoneyThing for modem/router devices (i.e. a kind of IoT device). HoneyThing emulates TR-069 protocol which is prevalent protocol used to remotely manage customer-premises equipment (CPE) devices, e.g. modems, routers. Honeything also serves an embedded web server simulating a few actual, critical vulnerabilities associated with the implementation of TR-069 protocol. To show effectiveness of the HoneyThing in capturing real world attacks, we have deployed it in the Internet. The obtained results are highly promising and facilitate to reveal network attacks targeting to CPE devices.

• Journal of the Korea Convergence Society
• /
• v.8 no.9
• /
• pp.1-7
• /
• 2017

As the network environment develops and speeds up, a lot of smart devices is developed, and a high-speed smart society can be realized while allowing people to interact with objects. As the number of things Internet has surged, a wide range of new security risks and problems have emerged for devices, platforms and operating systems, communications, and connected systems. Due to the physical characteristics of IoT devices, they are smaller in size than conventional systems, and operate with low power, low cost, and relatively low specifications. Therefore, it is difficult to apply the existing security solution used in the existing system. In addition, IoT devices are connected to the network at all times, it is important to ensure that personal privacy exposure, such as eavesdropping, data tampering, privacy breach, information leakage, unauthorized access, Significant security issues can arise, including confidentiality and threats to facilities. In this paper, we investigate cases of security threats and cases of network of IoT, analyze vulnerabilities, and suggest ways to minimize property damage by Internet of things.

• Journal of Information Processing Systems
• /
• v.14 no.6
• /
• pp.1361-1384
• /
• 2018

Recently, Cyber Physical System (CPS) is one of the core technologies for realizing Internet of Things (IoT). The CPS is a new paradigm that seeks to converge the physical and cyber worlds in which we live. However, the CPS suffers from certain CPS issues that could directly threaten our lives, while the CPS environment, including its various layers, is related to on-the-spot threats, making it necessary to study CPS security. Therefore, a survey-based in-depth understanding of the vulnerabilities, threats, and attacks is required of CPS security and privacy for IoT. In this paper, we analyze security issues, threats, and solutions for IoT-CPS, and evaluate the existing researches. The CPS raises a number challenges through current security markets and security issues. The study also addresses the CPS vulnerabilities and attacks and derives challenges. Finally, we recommend solutions for each system of CPS security threats, and discuss ways of resolving potential future issues.

• Journal of the Korea Convergence Society
• /
• v.12 no.5
• /
• pp.9-16
• /
• 2021

Due to the prolonged infectious disease of COVID-19 worldwide, there are various security threats due to network attacks on Internet of Things devices that are vulnerable to telecommuting. Initially, users of Internet of Things devices were exploited for vulnerabilities in Remote Desktop Protocol, spear phishing and APT attacks. Since then, the technology of network attacks has gradually evolved, exploiting the simple service discovery protocol of Internet of Things devices, and DRDoS attacks have continued to increase. Existing SSDPs are accessible to unauthorized devices on the network, resulting in problems with information disclosure and amplification attacks on SSDP servers. To compensate for the problem with the authentication procedure of existing SSDPs, we propose a hash-based SSDP that encrypts server-specific information with hash and adds authentication fields to both Notify and M-Search message packets to determine whether an authorized IoT device is present.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.66 no.12
• /
• pp.1879-1888
• /
• 2017

The Internet of Things (IoT) environment has been gradually approaching reality, and although it provides great convenience, security threats are increasing accordingly. For the IoT environment to settle safely, careful consideration of information security is necessary. Although many security measures in the design and development stages of IoT products have been studied thus far, apart from them, the establishment of systems and countermeasures for post management after the launch of IoT products is also very important. In the present paper, a technical and policy post-security management framework is proposed to provide secure IoT environments. The proposed framework defines the concrete response procedures of individual entities such as users, manufacturers, and competent authorities in the case of the occurrence of security flaws after launching IoT products, and performs appropriate measures such as software updates and recalls based on an assessment of the risk of security flaws.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.564-565
• /
• 2019

The Internet of Things technology is regarded as the next major technology that will be the driving force behind the fourth industrial revolution. The characteristics of entities for Internet of Things application are changing more actively and actively, requiring a more detailed approach, but existing access control technologies are designed around users, requiring access control techniques that maintain efficiency and security with less system load to apply complex and variable content. Therefore, research on role-based access controls that are appropriate for Internet of Things entities is essential. In this study, the relevant research for the study of access control of the Internet of Things entities and the RBAC and AC methods that can define the properties of the various entities within the Internet of Things.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.3
• /
• pp.9-23
• /
• 2022

This study aims to examine research trends on the Internet of Things and smart city based on papers from the United States, Japan, and Korea. We collected 7113 papers related to the Internet of Things and smart city published from 2016 to 2021 in Elsevier's Scopus. Keyword frequency and centrality analysis were performed based on the abstracts of the collected papers. We found keywords with high frequency of appearance by calculating keyword frequency and identified central research keywords through the centrality analysis by country. As a result of the analysis, research on security, machine learning, and edge computing related to the Internet of Things and smart city were the most central and highly mediating research conducted in each country. As an implication, studies related to deep learning, cybersecurity, and edge computing in Korea have lower degree centrality and betweenness centrality compared to the United States and Japan. To solve the problem it is necessary to combine these studies with various fields. The future research direction is to analyze research trends on the Internet of Things and smart city in various regions such as Europe and China.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.4
• /
• pp.699-706
• /
• 2023

Recently, the 4 generation industry revolution is developed with advanced and combined with a variety of new technologies. Conventional healthcare system is applied with IoT application. It provides many advantages with mobility and swift data transfers to patient and doctor. In despite of these kinds of advantages, it occurred security issues between basic devices and protocols in their applications. Especially, internet of things have restricted and limited resources such as small memory capacity, low capability of computing power, etc. Therefore, we can not utilize conventional mechanism. In this paper, we analyzed attacks and vulnerability in terms of security issues. To analyze security structure, features, demands and requirements, we solve the methods to be reduced security issues.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.3
• /
• pp.1-6
• /
• 2015

The IoT(Internet of things) technology enable objects around user to be connected with each other for sharing information. To support security is the mandatory requirement in IoT because it is related to the disclosure of private information but also directly related to the human safety. However, it is difficult to apply traditional security mechanism into lightweight devices. This is owing to the fact that many IoT devices are generally resource constrained and powered by battery. PSK(Pre-Shared Key) based approach, which share secret key in advance between communication entities thereafter operate security functions, is suitable for light-weight device. That is because PSK is costly efficient than a session key establishment approach based on public key algorithm. However, how to safely set a PSK of the lightweight device in advance is a difficult issue because input/output interfaces such as keyboard or display are constrained in general lightweight devices. To solve the problem, we propose and develop a secure PSK configuration scheme for resource constrained devices in IoT.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.5
• /
• pp.437-445
• /
• 2018

Devices have a lot of small breakdowns rather than big breakdowns. But it often wastes time and increases cost of maintenance, such as calling a service technician for small breakdowns. So, if we use remote control and monitoring service using Internet of Things, we can minimize the time period and cost for the maintenance. However, security is important because remote control and monitoring services contain personal information which when leaked, may be dangerous. There are many types of Internet based monitoring devices that are in use, but it is difficult to expect a high level of security because there are many cases in which the performance is minimal. Therefore, in this paper, we classify remote control and monitoring services based on Internet of Things type and derive encryption requirement for four types. We also compared and analyzed the lightweight cryptographic algorithms that can be expected to use high performance even on the Internet of Things. And it is derived that LED is used as a equipment management type, DESLX as a environment management type, CLEFIA as a healthcare management type and LEA as a security management type are the optimal lightweight cryptographic algorithms for each type.