• International Journal of Computer Science & Network Security
• /
• v.24 no.6
• /
• pp.67-76
• /
• 2024

The Internet of Things (IoT) has revolutionized communication and device operation, but it has also brought significant security challenges. IoT networks are structured into four levels: devices, networks, applications, and services, each with specific security considerations. Personal Area Networks (PANs), Local Area Networks (LANs), and Wide Area Networks (WANs) are the three types of IoT networks, each with unique security requirements. Communication protocols such as Wi-Fi and Bluetooth, commonly used in IoT networks, are susceptible to vulnerabilities and require additional security measures. Apart from physical security, authentication, encryption, software vulnerabilities, DoS attacks, data privacy, and supply chain security pose significant challenges. Ensuring the security of IoT devices and the data they exchange is crucial. This paper utilizes the Random Forest Algorithm from machine learning to detect anomalous data in IoT devices. The dataset consists of environmental data (temperature and humidity) collected from IoT sensors in Oman. The Random Forest Algorithm is implemented and trained using Python, and the accuracy and results of the model are discussed, demonstrating the effectiveness of Random Forest for detecting IoT device data anomalies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.281-288
• /
• 2024

The sixth generation(6G) wireless communication technology is advancing toward ultra-high speed, ultra-high bandwidth, and hyper-connectivity. With the development of communication technologies, the formation of a hyper-connected society is rapidly accelerating, expanding from the IoT(Internet of Things) to the IoE(Internet of Everything). However, at the same time, security threats targeting IoT devices have become widespread, and there are concerns about security incidents such as unauthorized access and information leakage. As a result, the need for security-enhancing solutions is increasing. In this paper, we implement an autoencoder-based anomaly detection model utilizing real-time collected network traffics in respond to IoT security threats. Considering the difficulty of capturing IoT device traffic data for each attack in real IoT environments, we use an unsupervised learning-based autoencoder and implement 6 different autoencoder models based on the use of noise in the training data and the dimensions of the latent space. By comparing the model performance through experiments, we provide a performance evaluation of the anomaly detection model for detecting abnormal network traffic.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.955-963
• /
• 2022

The Internet of Things (IoT), combined with various technologies, is rapidly becoming an integral part of our daily life. While it is rapidly taking root in society, security considerations are relatively insufficient, making it a major target for cyber attacks. Since all devices in the IoT environment are connected to the Internet and are closely used in daily life, the damage caused by cyber attacks is also serious. Therefore, encryption communication using a network security protocol must be considered for a service in a more secure IoT environment. A representative network security protocol includes TLS (Transport Layer Protocol) defined by the IETF. This paper analyzes the performance measurement results for TLS version 1.2 and version 1.3 in an IoT device open platform environment to predict the load of TLS, a representative network security protocol, in IoT devices with limited resource characteristics. In addition, by analyzing the performance of each major cryptographic algorithm in version 1.3, we intend to present a standard for setting appropriate network security protocol properties according to IoT device specifications.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.344-345
• /
• 2022

ogy is being used in many fields, such as smart farms, smart oceans, smart homes, and smart energy. Various IoT terminals are used for these IoT services. Here, IoT devices are physically installed in various places. A malicious attacker can access the IoT service using an unauthorized IoT device, access unauthorized important information, and then modify it. In this study, to solve these problems, we propose an authentication system for IoT devices used in IoT services. The IoT device authentication system proposed in this study consists of an authentication module mounted on the IoT device and an authentication module of the IoT server. If the IoT device authentication system proposed in this study is used, only authorized IoT devices can access the service and access of unauthorized IoT devices can be denied. Since this study proposes only the basic IoT device authentication mechanism, additional research on additional IoT device authentication functions according to the security strength is required.IoT technol

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.10-14
• /
• 2019

The number of security incidents is increasing as the Internet of Things(IoT) is distributed widely. The security incidents of IoT can cause financial damages. Moreover, It can become direct threats to humans. In order to prevent these problems, the security installation for IoT devices is important. This paper describes the definition of IoT devices, security incident case, architecture, and the security threats that can occur when a device is connected to network without security installation.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.349-350
• /
• 2022

As research on IT convergence continues, the scope of IoT (Internet of Things) services continues to expand. The IoT service uses a device suitable for the purpose. These IoT devices require an authentication function. In addition, in IoT services that handle important information such as personal information, security of transmission data is required. In this study, we implement a crypto key-based IoT network security system that can authenticate devices for IoT services and securely transmit data between devices. Through this study, IoT service can authenticate the device itself and maintain the confidentiality of transmitted data. However, since it is an IoT service, additional research on the application efficiency of the encryption algorithm is required.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.14 no.1
• /
• pp.98-103
• /
• 2021

In this study, we propose a group communication technique that guarantees security and expandability by configuring a network consisting of IoT terminals equipped with security functions. As the number of devices participating in the network increases, network resources are proportionally reduced, and adding a security function to the IoT device increases the delay time due to encryption in the IoT device. If the error rate that occurs in the network increases, network resources are quickly consumed due to retransmission. Therefore, IoT terminals are grouped to ensure scalability while supporting security, reducing the consumption of network resources even when the number of participating nodes increases, thus ensuring scalability. For the future implementation, the encryption method used in IoT terminals considered the standard of IEEE802.5.4, and the standardization trend was investigated and classified. The proposed method applies IoT devices that provide security functions of the IEEE802.5.4 standard to the group communication base to ensure reliability and scalability. In the performance evaluation, the effectiveness of the proposed method was confirmed by comparing the delay times when grouping IoT devices with security functions through simulation.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.4
• /
• pp.671-678
• /
• 2017

Recent advances in Internet of Things (IoT) encourage us to use IoT devices in daily living areas. However, as IoT devices are being ubiquitously used, concerns onsecurity and privacy of IoT devices are getting grown. Key management is an important and fundamental task to provide security services. For better security, we should restrict reusing a same key in sequential authentication sessions, but it is difficult to manually update and memorize keys. In this paper, we propose a hardware security module(HSM) for automated key management in IoT devices. Our HSM is attached to an IoT device and communicates with the device. It provides an automated, secure key update process without any user intervention. The secure keys provided by our HSM can be used in the user and device authentications for any internet services.

• Journal of the Korea Convergence Society
• /
• v.9 no.4
• /
• pp.57-63
• /
• 2018

IoT devices are used in many areas to perform various roles and functions in a cloud environment. However, a method of access control that can stably control the IoT device has not been proposed yet. In this paper, we propose a hierarchical multi-level property access control scheme that can perform stable access of IoT devices used in a cluster environment. In order to facilitate the access of the IoT device, the proposed method not only provides the ID key (security token) unique to the IoT device by providing the IoT Hub, but also allows the IoT Hub to authenticate the X.509 certificate and the private key, So that the private key of the IoT device can not be seen outside the IoT device. As a result of the performance evaluation, the proposed method improved the authentication accuracy by 10.5% on average and the processing time by 14.3%. The overhead of IoT Hub according to the number of IoT attributes was 9.1% lower than the conventional method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.585-588
• /
• 2016

Due to the nature IoT Device (or Sensor) of the IoT System it may be susceptible (or attached) to our daily lives, so easy to direct physical access to IoT Device, which caused physical security is very weak. In this study, we implemented "Zero-Day Attack" on the ARMv7 Thumb Architecture as a direct target local system.