• Journal of the Korea Convergence Society
• /
• v.8 no.10
• /
• pp.61-66
• /
• 2017

Recently, IoT technology is rapidly developing with the keyword "Anytime, Anywhere, Convenient". In addition, security problems in IoT systems are exploding and the damage is increasing as well. In this paper, we propose a method to develop IoT system safely by using internationally recognized CC evaluation in ICT by identifying the standardization and security technology development status defining IoT system security requirements. For this purpose, IoT system and service security aspects are analyzed. Based on this, it is possible to design the security functional requirements and to demonstrate the rationale of the security objective through the correspondence relation, and it is possible to design the protection profile for the IoT system. This is a sufficient basis for the development methodology to be presented in this paper because it is used as a means of referring to the set of security requirements of administrators, developers, and users.

• Journal of the Korea Convergence Society
• /
• v.8 no.11
• /
• pp.63-69
• /
• 2017

The middleware in the IoT system is software that acts as a messenger to connect and exchange data between humans and objects, objects and objects. IoT middleware exists in various forms in all areas, including hardware, protocol, and communication of different kinds, which are different in form and purpose. However, IoT middleware exists in various forms across different areas, including hardware, protocol, and communication of different types and purposes. Therefore, even if the system is designed differently for each role, it is necessary to strengthen the security in common. In this paper, we analyze the structure of IoT middleware using Service Oriented Architecture(SOA) approach and design system security requirements based on it. It was defined: Target Of Evaluation(TOE) existing system development method and the object is evaluated by Common Criteria(CC) for verification based otherwise. The proposed middleware system will be correlated with the security problem definition and the security purpose, which will be the basis for implementing the security enhanced IoT system.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.164-177
• /
• 2018

As the market for IoT devices grows, it is expected that the scale of malware attack will be considerable. Accordingly, the improvement of related legislation has been actively promoted, the recently strengthened Information and Communication Network Act was enforced. Because IoT related accidents can lead to not only financial damages but also human accidents, IoT device Security has been attracted a great deal of attention. In this paper, IoT devices provide essential security functions through legal and technical perspectives, and analyze related technologies. This can be used to a reference for the Start-up developer and IoT device designer.

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.3
• /
• pp.121-134
• /
• 2017

With rapid increasing the development and use of IoT Devices, requirements for safe IoT devices and services such as reliability, security are also increasing. In Security engineering, SDLC (Secure Development Life Cycle) is applied to make the trustworthy system. Secure Development Life Cycle has 4 big steps, Security requirements, Design, Implementation and Operation and each step has own goals and activities. Deriving security requirements, the first step of SDLC, must be accurate and objective because it affect the rest of the SDLC. For accurate and objective security requirements, Threat modeling is used. And the results of the threat modeling can satisfy the completeness of scope of analysis and the traceability of threats. In many countries, academic and IT company, a lot of researches about drawing security requirements systematically are being done. But in domestic, awareness and researches about deriving security requirements systematically are lacking. So in this paper, I described about method and process to drawing security requirements systematically by using threat modeling including DFD, STRIDE, Attack Library and Attack Tree. And also security requirements are described via Common Criteria for delivering objective meaning and broad use of them.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.7
• /
• pp.183-194
• /
• 2018

With the rapid development of IoT(Internet of Things) technology, various convenient services such as smart home and smart city have been realized. However, IoT devices in unmanned environments are exposed to various security threats including eavesdropping and data forgery, information leakage due to unauthorized access. To build a secure IoT environment, it is necessary to use proper cryptographic technologies to IoT devices. But, it is impossible to apply the technologies applied in the existing IT environment, due to the limited resources of the IoT devices. In this paper, we survey the classification of IoT devices according to the performance and analyze the security requirements for IoT devices. Also we survey and analyze the use of cryptographic technologies in the current status of IoT open standard platform such as AllJoyn, oneM2M, IoTivity. Based on the research of cryptographic usage, we examine whether each platform satisfies security requirements. Each IoT open platform provides cryptographic technology for supporting security services such as confidentiality, integrity, authentication an authorization. However, resource constrained IoT devices such as blood pressure monitoring sensors are difficult to apply existing cryptographic techniques. Thus, it is necessary to study cryptographic technologies for power-limited and resource constrained IoT devices in unattended environments.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.491-494
• /
• 2017

Recently, IoT has been supported by ICT technology with a variety of ICT powers. In May 2014, Information and Communication Strategy Committee announced the 'Basic plan for Internet of Things'. Also on Febuary 24 this SAME year, KISA(Korea Internet&Security Agency) provides many projects related to IoT, such as announcement of 'K-Global Project' for start-up and venture support related to IoT and ICT companies. In contrast to the various services of Internet of Things, when a connection is made between object-to-object or person-to-object wired and wireless networks, security threats have occurred in the process of communication. We analyzed these kinds of security threats related to Internet of things, and gave a consideration for requirement.

• The Journal of the Convergence on Culture Technology
• /
• v.9 no.4
• /
• pp.639-647
• /
• 2023

A variety of communications are developed and advanced by integration of wireless and wire connections with heterogeneous system. Traditional technologies are mainly focus on information technology based on computer techniques in the field of industry, manufacture and automation fields. As new technologies are developed and enhanced with traditional techniques, a lot of new applications are emerged and merged with existing mechanism and skills. The representative applications are IoT(Internet of Things) services and applications. IoT is breakthrough technologies and one of the innovation industries which are called 4 generation industry revolution. Due to limited resources in IoT such as small memory, low power and computing power, IoT devices are vulnerable and disclosed with security problems. In this paper, we reviewed and analyzed security challenges, threats and requirements under IoT service.

• Journal of Digital Contents Society
• /
• v.17 no.6
• /
• pp.499-507
• /
• 2016

The era of IoT, which figures exchanging data from the internet between things is coming. Recently, former electric power energy policy paradigm, namely Supply side paradigm, is changing, because electric power energy consumption is rapidly increasing. As new paradigm for this limit, convergence of existing electric power grid and ICT(Information and Communication Technology) will accelerate intellectualization of electric power device, its operation system. This change brought opened electric power grid. Consequently, attacks to the national electric power grid are increasing. On this paper, we will analyze security threats of existing IoT, discuss security weakness on electric power industry IoT and suggest needed security requirements, security technology.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.05a
• /
• pp.204-207
• /
• 2019

DDoS(Distributed Denial of Service) 공격은 네트워크상에서 다수의 시스템 협업으로 하나의 표적 시스템을 공격하여 서비스의 가용성을 침해하는 공격이다. 이는 점차 지능적인 방법으로 진화하고 있으며 특히 IoT를 대상으로 한 DDoS 공격이 증가하고 있다. 이기종의 기기들이 연결된 IoT는 기존 IT디바이스와 비교하여 제한된 자원을 가지고 있어 IoT 네트워크 특성을 고려한 DDoS 보안 기법이 요구된다. 국제 인터넷 표준화 기구 IETF에서 IoT를 지원하기 위해 제정한 CoAP(Constrained Application Protocol)은 기존 IT 네트워크와 호환성을 가진 응용 계층 프로토콜이다. 본 논문은 CoAP의 DDoS 공격 취약점과 대응 방안을 정리하고 새로운 프로토콜을 추가할 시 고려해야 할 사항을 제시한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.10
• /
• pp.311-318
• /
• 2016

IoT(Internet of Things areas) rich information based on the user easy access to service creation must be one of the power system of specificity due following: The IoT spread obstacle to the act be, and 'Smart Grid information of this is not easy under power plants approach the Directive on the protection measures, particularly when stringent security policies IoT technologies applied to Advanced Metering Infrastructure sector has been desired. This is a situation that occurs is limited to the application and use of IoT technologies in the power system. Power Information Network is whilst closed network operating is has a smart grid infrastructure, smart grid in an open two-way communication for review and although information security vulnerabilities increased risk of accidents increases as according to comprehensive security policies and technologies are required and can. In this paper, the IoT platform architecture design of information systems as part of the power of research and development IoT-based energy information platform aims. And to establish a standard framework for a connection to one 'Sensor-Gateway-Network-platform sensors Service' to provide power based on the IoT services and solutions. Framework is divided into "sensor-gateway" platform to link information modeling and gateways that can accommodate the interlocking standards and handling protocols variety of sensors Based on this real-time data collection, analysis and delivery platform that performs the role of the relevant and to secure technology.