• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• Journal of Information Processing Systems
• /
• v.18 no.4
• /
• pp.489-499
• /
• 2022

Recently, the number of Internet of Things (IoT) devices has been increasing exponentially. These IoT devices are directly connected to the internet to exchange information. IoT devices are becoming smaller and lighter. However, security measures are not taken in a timely manner compared to the security vulnerabilities of IoT devices. This is often the case when the security patches cannot be applied to the device because the security patches are not adequately applied or there is no patch function. Thus, security vulnerabilities continue to exist, and security incidents continue to increase. In this study, we classified and analyzed the most common security vulnerabilities for IoT devices and identify the essential vulnerabilities of IoT devices that should be considered for security when producing IoT devices. This paper will contribute to reducing the occurrence of security vulnerabilities in companies that produce IoT devices. Additionally, companies can identify vulnerabilities that frequently occur in IoT devices and take preemptive measures.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.49-58
• /
• 2018

As the demand for Internet of Things(IoT) increases, the need for the security of IoT devices is increasing steadily. It is difficult to apply the conventional security theory to IoT devices because IoT devices are subject to be constrained by some factors such as hardware, processor, and energy. Nowadays we have several security guidelines and related documents on IoT device. Most of them, however, do not consider the characteristics of specific IoT devices. Since they describes the security issues comprehensively, it is not easy to explain the specific security level reflecting each characteristics of IoT devices. In addition, most existing guidelines and related documents are described in view of developers and service proposers, and thus ordinary users are not able to assess whether a specific IoT device can protect their information securely or not. We propose an security evaluation model, based on the existing guidelines and related documents, for more specific IoT devices and prove that this approach is more convenient to ordinary users by creating checklists for the smart watch.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.97-102
• /
• 2023

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.343-345
• /
• 2017

With the development of IoT technology, terminals connected with IoT are being used. However, security incidents are occurring as IoT is applied to society as a whole. IoT security incidents can be linked to personal risk and social disruption. In this study, we extract the evidence of security breach in IoT device. Analyze IoT security breach environment and extract Hashing function to secure original integrity and integrity. Then, the Forensic evidence is extracted from the IoT security device to verify the integrity of the original and Forensic reports should be written and studied to be used as legal evidence.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.9-17
• /
• 2021

Numerous IoT devices are connected to a wireless network environment to collect and transmit data without time and space limitations, but many security vulnerabilities are exposed in these process. But IoT security is not easy to create feasible security standards and device authentication due to differences in the approach or implementation of devices and networks. However, it is clear that the improvement and application of the standard framework for enhancing the security level of the device is the starting point to help the most successful security effect. In this study, we investigate the confidentiality, integrity, availability, and access control implementation plans for IoT devices (which are the basic goals of information security), and standardized security evaluation criteria for IoT devices, and study ways to improve them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.343-351
• /
• 2017

With ICT technology develops, IoT environment is attracting attention. However, IoT devices have various CPU performance as much as various purpose of use. Some IoT devices use the cpu that doesn't support public key cryptogrphy or crypto acceleration. In this paper, we study Blockchain-based IoT Device Authentication Scheme that provides authentication, integirity and non-repudation through analysis of Lamport Hash-chain, Lamport Signature, Blockchain and existing Authentication protocols. The proposed scheme requires only simple hash operation in IoT devices and it can operate in low performance IoT device, thus ensuring secure authentication in IoT environment.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.51-59
• /
• 2019

In this paper, we propose a device identification system for network visibility that can maintain the secure internal network environment in the IoT era. Recently, the area of enterprise network is getting huge and more complicated. Not only desktops and smartphones but also business pads, barcode scanners, APs, Video Surveillance, digital doors, security devices, and lots of Internet of Things (IoT) devices are rapidly pouring into the business network, and there are highly risk of security threats. Therefore, in this paper, we propose the device identification system that includes the process and module-specific functions to identify the exploding device in the IoT era. The proposed system provides in-depth visibility of the devices and their own vulnerabilities to the IT manager in company. These information help to mitigate the risk of the potential cyber security threats in the internal network and offer the unified security management against the business risks.

• International Journal of Computer Science & Network Security
• /
• v.22 no.8
• /
• pp.328-342
• /
• 2022

The Internet of Things (IoT) is a technology that offers lucrative services in various industries to facilitate human communities. Important information on people and their surroundings has been gathered to ensure the availability of these services. This data is vulnerable to cybersecurity since it is sent over the internet and kept in third-party databases. Implementation of data encryption is an integral approach for IoT device designers to protect IoT data. For a variety of reasons, IoT device designers have been unable to discover appropriate encryption to use. The static support provided by research and concerned organizations to assist designers in picking appropriate encryption costs a significant amount of time and effort. IoTES is a web app that uses machine language to address a lack of support from researchers and organizations, as ML has been shown to improve data-driven human decision-making. IoTES still has some weaknesses, which are highlighted in this research. To improve the support, these shortcomings must be addressed. This study proposes the "IoTES with Security" model by adding support for the security level provided by the encryption algorithm to the traditional IoTES model. We evaluated our technique for encryption algorithms with available security levels and compared the accuracy of our model with traditional IoTES. Our model improves IoTES by helping users make security-oriented decisions while choosing the appropriate algorithm for their IoT data.

• The Journal of the Korea Contents Association
• /
• v.18 no.4
• /
• pp.164-177
• /
• 2018

As the market for IoT devices grows, it is expected that the scale of malware attack will be considerable. Accordingly, the improvement of related legislation has been actively promoted, the recently strengthened Information and Communication Network Act was enforced. Because IoT related accidents can lead to not only financial damages but also human accidents, IoT device Security has been attracted a great deal of attention. In this paper, IoT devices provide essential security functions through legal and technical perspectives, and analyze related technologies. This can be used to a reference for the Start-up developer and IoT device designer.