• Information and Communications Magazine
• /
• v.34 no.2
• /
• pp.27-33
• /
• 2017

최근 IoT 기술이 홈케어, 헬스케어, 자동차, 교통, 농업, 제조업 등 다양한 분야에 적용되면서 신성장 동력의 핵심으로 IoT 서비스를 제공하거나 IoT 환경을 자체적으로 구축하여 산업현장에 도입하려는 기업이나 기관이 증가하고 있다. 그러나 IoT 환경은 인터넷을 통해 현실세계와 IoT 디바이스가 직접 연결되는 특성으로 인해서 IoT 보안의 중요성이 더욱 강조되고 있으며 IoT를 이용한 보안 사고 사례 및 취약점이 지속적으로 발표되면서 IoT 보안 위험 또한 계속 증가되고 있다. 이렇게 IoT 환경에는 많은 취약점과 보안 위협이 존재하기에 IoT 제품의 최초 설계/개발 단계부터 배포/설치/구성 단계, 운영/관리/폐기 단계까지 IoT 제품 및 서비스의 각 단계별로 보안 요구사항과 가이드라인을 적용하여 보안을 내재화하고 IoT 제품 및 서비스를 도입하는 사용자 입장에서 IoT 보안에 대해서 관심을 가지고 스스로 확인 할 수 있도록 보안 점검 기준이 필요하다. 본고에서는 IoT 디바이스의 특성과 보안 요구사항에 따른 보안 원칙 및 보안 가이드를 살펴보고 IoT 기술을 산업현장에 적용하고자 하는 기관/기업에 적용 가능한 IoT 디바이스의 보안 점검 기준을 제시한다.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.61-67
• /
• 2018

IoT technology is currently being applied at various industrial sites and is developing as a core technology in the fourth industrial revolution. Along with IoT developments, awareness and importance of IoT security is increasing, and research on IoT security is underway to counter these threats. However, research trends in the context of IoT security awareness are insufficient. This paper is a research that analyzes the progress of R&D and IoT security in both domestic and international IoT and thus leads to improvements. The research covered the 229 papers and articles of domestic and foreign journals covering security fields as a main theme. Among them, detailed analyses of 96 papers related to IoT security were performed. Research has shown that many studies are being conducted on trends in IoT security, key management and privacy. A detailed study on the characteristics of services to apply IoT technologies and access control and authentication between IoT devices is needed, and a study that addressed the issues of privacy in IoT environments in Korea.

• The Journal of the Korea Contents Association
• /
• v.19 no.7
• /
• pp.13-21
• /
• 2019

Because security of Internet of Things(IoT) products and others is poor, there are many hacking incidents To prevent security threats, it is important for companies to first make products with high security levels and choose products that are safe for users. In response, the Korea Internet & Security Agency is testing the security of IoT products and linked mobile apps to impose ratings. Security certification service is a service that tests IoT products and linked mobile apps to ensure certain levels of security and issues certificates when they meet the criteria. It can induce autonomous security enhancement of IoT products, contribute to strengthening security capabilities of IoT companies in Korea and vitalizing their overseas advancement, and have the expected effect of resolving public anxiety over IoT products. In this study, the criteria for IoT security certification are presented, but the importance priority is sought to be derived for assessment items that need to be strengthened. This will help to provide guidelines that can contribute to strengthening the security capabilities of domestic Internet companies and boosting their overseas advancement.

• Journal of the Korea Convergence Society
• /
• v.8 no.10
• /
• pp.61-66
• /
• 2017

Recently, IoT technology is rapidly developing with the keyword "Anytime, Anywhere, Convenient". In addition, security problems in IoT systems are exploding and the damage is increasing as well. In this paper, we propose a method to develop IoT system safely by using internationally recognized CC evaluation in ICT by identifying the standardization and security technology development status defining IoT system security requirements. For this purpose, IoT system and service security aspects are analyzed. Based on this, it is possible to design the security functional requirements and to demonstrate the rationale of the security objective through the correspondence relation, and it is possible to design the protection profile for the IoT system. This is a sufficient basis for the development methodology to be presented in this paper because it is used as a means of referring to the set of security requirements of administrators, developers, and users.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.9-17
• /
• 2021

Numerous IoT devices are connected to a wireless network environment to collect and transmit data without time and space limitations, but many security vulnerabilities are exposed in these process. But IoT security is not easy to create feasible security standards and device authentication due to differences in the approach or implementation of devices and networks. However, it is clear that the improvement and application of the standard framework for enhancing the security level of the device is the starting point to help the most successful security effect. In this study, we investigate the confidentiality, integrity, availability, and access control implementation plans for IoT devices (which are the basic goals of information security), and standardized security evaluation criteria for IoT devices, and study ways to improve them.

• The Journal of Society for e-Business Studies
• /
• v.24 no.2
• /
• pp.113-124
• /
• 2019

Today many companies are offering IoT-enabled products and place emphasis on security from the planning stage to protect their products and user information from external threats. The present security levels, however, remain low because the time and resources invested in developing security requirements for each device are far from enough to meet the needs of a wide range of IoT products. Nevertheless, vulnerabilities of IoT devices have been reported continuously, which calls for more detailed security requirements for home IoT devices. In this context, this research identified threats of home IoT systems by using Microsoft Threat Modeling Tool. It then suggested measures to enhance the security of home IoT devices by developing security assessment items through comparative analysis of the identified threats, domestic and global vulnerability assessment standards and related research. It also verified the effectiveness of the developed security requirements by testing them against the existing ones, and the results revealed the security requirements developed in this research proved to be more effective in identifying vulnerabilities.

• Journal of Convergence for Information Technology
• /
• v.8 no.6
• /
• pp.149-157
• /
• 2018

In this paper, we propose an attack detection technology using SDN Controller to study security threats in IoT environment. The research methodology has been developed by applying IoT security threat management technology to the IoT layer and analyzing the research trend of applied security technology. The study results show that the effectiveness of the detection method using the sampling method is studied by adding OpenFlow based SDN Controller to the network switch equipment of the existing IoT network. This method can detect the monitoring and attack of the whole network by interworking with IDS and IPS without affecting the performance of existing IoT devices. By applying such improved security threat countermeasure technology, we expect to be able to relieve anxiety of IoT security threat and increase service reliability.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.164-177
• /
• 2018

As the market for IoT devices grows, it is expected that the scale of malware attack will be considerable. Accordingly, the improvement of related legislation has been actively promoted, the recently strengthened Information and Communication Network Act was enforced. Because IoT related accidents can lead to not only financial damages but also human accidents, IoT device Security has been attracted a great deal of attention. In this paper, IoT devices provide essential security functions through legal and technical perspectives, and analyze related technologies. This can be used to a reference for the Start-up developer and IoT device designer.

• Convergence Security Journal
• /
• v.17 no.2
• /
• pp.33-39
• /
• 2017

In the age of full scale IoT, concept of "security convergence" has been popularized widely. However, it is not clear whether current "security convergence" concept reflects IoT characteristics and traits. In this thesis, a new concept, complementing "security convergence" concept researches up to date, has been suggested considering IoT characteristics. Required governance methodology and key technical factors are suggested for re-establishment of "security convergence" concept and for enterprise security strategy development.

• Information and Communications Magazine
• /
• v.33 no.12
• /
• pp.28-34
• /
• 2016

최근 IoT 시장이 크게 확대되고 있으며, 이에 따라 IoT 보안의 중요성에 대한 인식도 커지고 있다. 그러나 아직까지 IoT 보안에 대한 정책적 대응은 진행중에 있다. IoT 환경은 실생활과 밀접하게 관련되어 있는 바, 보안 사고가 발생하면 큰 피해가 예상되므로 시급한 보안 대책 수립이 필요한 상황이다. 본 고에서는 IoT 제품의 보안성 관리를 위한 고려사항 및 관리방안을 살펴본다.