• Title/Summary/Keyword: IoT devices

Search Result 1,172, Processing Time 0.026 seconds

A Study on the Security Threats of IoT Devices Exposed in Search Engine (검색엔진에 노출된 IoT 장치의 보안 위협에 대한 연구)

  • Han, Kyong-Ho;Lee, Seong-Ho
    • The Transactions of The Korean Institute of Electrical Engineers
    • /
    • v.65 no.1
    • /
    • pp.128-134
    • /
    • 2016
  • IoT devices including smart devices are connected with internet, thus they have security threats everytime. Particularly, IoT devices are composed of low performance MCU and small-capacity memory because they are miniaturized, so they are likely to be exposed to various security threats like DoS attacks. In addition, in case of IoT devices installed for a remote place, it's not easy for users to control continuously them and to install immediately security patch for them. For most of IoT devices connected directly with internet under user's intention, devices exposed to outside by setting IoT gateway, and devices exposed to outside by the DMZ function or Port Forwarding function of router, specific protocol for IoT services was used and the devices show a response when services about related protocol are required from outside. From internet search engine for IoT devices, IP addresses are inspected on the basis of protocol mainly used for IoT devices and then IP addresses showing a response are maintained as database, so that users can utilize related information. Specially, IoT devices using HTTP and HTTPS protocol, which are used at usual web server, are easily searched at usual search engines like Google as well as search engine for the sole IoT devices. Ill-intentioned attackers get the IP addresses of vulnerable devices from search engine and try to attack the devices. The purpose of this study is to find the problems arisen when HTTP, HTTPS, CoAP, SOAP, and RestFUL protocols used for IoT devices are detected by search engine and are maintained as database, and to seek the solution for the problems. In particular, when the user ID and password of IoT devices set by manufacturing factory are still same or the already known vulnerabilities of IoT devices are not patched, the dangerousness of the IoT devices and its related solution were found in this study.

IoT-based Application of Information Security Triad

  • Mana Saleh Al Reshan
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.9
    • /
    • pp.85-92
    • /
    • 2024
  • Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices..Make sure that the abstract is written as one paragraph.

Analysis of Security Vulnerabilities for IoT Devices

  • Kim, Hee-Hyun;Yoo, Jinho
    • Journal of Information Processing Systems
    • /
    • v.18 no.4
    • /
    • pp.489-499
    • /
    • 2022
  • Recently, the number of Internet of Things (IoT) devices has been increasing exponentially. These IoT devices are directly connected to the internet to exchange information. IoT devices are becoming smaller and lighter. However, security measures are not taken in a timely manner compared to the security vulnerabilities of IoT devices. This is often the case when the security patches cannot be applied to the device because the security patches are not adequately applied or there is no patch function. Thus, security vulnerabilities continue to exist, and security incidents continue to increase. In this study, we classified and analyzed the most common security vulnerabilities for IoT devices and identify the essential vulnerabilities of IoT devices that should be considered for security when producing IoT devices. This paper will contribute to reducing the occurrence of security vulnerabilities in companies that produce IoT devices. Additionally, companies can identify vulnerabilities that frequently occur in IoT devices and take preemptive measures.

System Hardening and Security Monitoring for IoT Devices to Mitigate IoT Security Vulnerabilities and Threats

  • Choi, Seul-Ki;Yang, Chung-Huang;Kwak, Jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.2
    • /
    • pp.906-918
    • /
    • 2018
  • The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

Application Scenario of Integrated Development Environment for Autonomous IoT Applications based on Neuromorphic Architecture (뉴로모픽 아키텍처 기반 자율형 IoT 응용 통합개발환경 응용 시나리오)

  • Park, Jisu;Kim, Seoyeon;Kim, Hoinam;Jeong, Jaehyeok;Kim, Kyeongsoo;Jung, Jinman;Yun, Young-Sun
    • Smart Media Journal
    • /
    • v.11 no.2
    • /
    • pp.63-69
    • /
    • 2022
  • As the use of various IoT devices increases, the importance of IoT platforms is also rising. Recently, artificial intelligence technology is being combined with IoT devices, and research applying a neuromorphic architecture to IoT devices with low power is also increasing. In this paper, an application scenario is proposed based on NA-IDE (Neuromorphic Architecture-based autonomous IoT application integrated development environment) with IoT devices and FPGA devices in a GUI format. The proposed scenario connects a camera module to an IoT device, collects MNIST dataset images online, recognizes the collected images through a neuromorphic board, and displays the recognition results through a device module connected to other IoT devices. If the neuromorphic architecture is applied to many IoT devices and used for various application services, the autonomous IoT application integrated development environment based on the neuromorphic architecture is expected to emerge as a core technology leading the 4th industrial revolution.

Design Method of Things Malware Detection System(TMDS) (소규모 네트워크의 IoT 보안을 위한 저비용 악성코드 탐지 시스템 설계 방안 연구)

  • Sangyoon Shin;Dahee Lee;Sangjin Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.3
    • /
    • pp.459-469
    • /
    • 2023
  • The number of IoT devices is explosively increasing due to the development of embedded equipment and computer networks. As a result, cyber threats to IoT are increasing, and currently, malicious codes are being distributed and infected to IoT devices and exploited for DDoS. Currently, IoT devices that are the target of such an attack have various installation environments and have limited resources. In addition, IoT devices have a characteristic that once set up, the owner does not care about management. Because of this, IoT devices are becoming a blind spot for management that is easily infected with malicious codes. Because of these difficulties, the threat of malicious codes always exists in IoT devices, and when they are infected, responses are not properly made. In this paper, we will design an malware detection system for IoT in consideration of the characteristics of the IoT environment and present detection rules suitable for use in the system. Using this system, it will be possible to construct an IoT malware detection system inexpensively and efficiently without changing the structure of IoT devices that are already installed and exposed to cyber threats.

A Framework for Effectively Managing Dynamism of IoT Devices (IoT 디바이스의 동적 특성의 효과적 관리를 위한 프레임워크)

  • La, Hyun Jung;Park, Chun Woo;Kim, Soo Dong
    • Journal of KIISE:Software and Applications
    • /
    • v.41 no.8
    • /
    • pp.545-556
    • /
    • 2014
  • Internet of Things (IoT), one of the emerging research areas, is the computing paradigm where various things connect to the network and cooperate with their neighbors to reach common goals. Computing with IoT devices opens up a new array of opportunities for providing value-added smart services and applications to end users. That is, IoT devices play an important role of providing useful services to the users. However, the states of IoT devices are dynamically changed at runtime, which come from their mobility, network connectivity, and a battery drain problem. This dynamism results in difficulties in managing these IoT devices. In this paper, we propose a framework to manage those IoT devices with dynamism. Hence, we first derive issues from IoT devices' dynamism. And, we define a set of requirements to manage the IoT devices and present a framework to manage the device dynamism. The framework is equipped by a device discovery method, a device status monitoring method, a device selection and connection method, and a device replacement method. Finally, we verify the feasibility and effectiveness of the framework through experiments.

A IoT Security Service based on Authentication and Lightweight Cryptography Algorithm (인증 및 경량화 암호알고리즘 기반 IoT 보안 서비스)

  • Kim, Sun-Jib
    • Journal of Internet of Things and Convergence
    • /
    • v.7 no.1
    • /
    • pp.1-7
    • /
    • 2021
  • The IoT market continues to expand and grow, but the security threat to IoT devices is also increasing. However, it is difficult to apply the security technology applied to the existing system to IoT devices that have a problem of resource limitation. Therefore, in this paper, we present a service that can improve the security of IoT devices by presenting authentication and lightweight cryptographic algorithms that can reduce the overhead of applying security features, taking into account the nature of resource limitations of IoT devices. We want to apply these service to home network IoT equipment to provide security. The authentication and lightweight cryptographic algorithm application protocols presented in this paper have secured the safety of the service through the use of LEA encryption algorithms and secret key generation by users, IoT devices and server in the IoT environment. Although there is no difference in speed from randomly generating secret keys in experiments, we verify that the problem of resource limitation of IoT devices can be solved by additionally not applying logic for secret key sharing to IoT devices.

Efficient Authentication Establishment Scheme between IoT Device based on Pascal Triangle Theory (파스칼 삼각 이론 기반의 IoT 장치간 효율적인 인증 설립 기법)

  • Han, Kun-Hee;Jeong, Yoon-Su
    • Journal of the Korea Convergence Society
    • /
    • v.8 no.7
    • /
    • pp.15-21
    • /
    • 2017
  • Recently, users' interest in IoT related products is increasing as the 4th industrial revolution has become social. The types and functions of sensors used in IoT devices are becoming increasingly diverse, and mutual authentication technology of IoT devices is required. In this paper, we propose an efficient double signature authentication scheme using Pascal's triangle theory so that different types of IoT devices can operate smoothly with each other. The proposed scheme divides the authentication path between IoT devices into two (main path and auxiliary path) to guarantee authentication and integrity of the IoT device. In addition, the proposed scheme is suitable for IoT devices that require a small capacity because they generate keys so that additional encryption algorithms are unnecessary when authenticating IoT devices. As a result of the performance evaluation, the delay time of the IoT device is improved by 6.9% and the overhead is 11.1% lower than that of the existing technique. The throughput of IoT devices was improved by an average of 12.5% over the existing techniques.

The Business Model of IoT Information Sharing Open Market for Promoting IoT Service (IoT 서비스 활성화를 위한 IoT 정보공유 오픈 마켓 비즈니스 모델)

  • Kim, Woo Sung
    • Journal of Information Technology Services
    • /
    • v.15 no.3
    • /
    • pp.195-209
    • /
    • 2016
  • IoT (Internet of Things) is a collective term referring to application services that provide information through sensors/devices connected to the internet. The real world application of IoT is expanding fast along with growing number of sensors/devices. However, since IoT application relies on vertical combination of sensors/devices networks, information sharing within IoT services remains unresolved challenge. Consequently, IoT sensors/devices demand high construction and maintenance costs, rendering the creation of new IoT services potentially expensive. One solution is to launch an IoT open market for information sharing similar to that of App Store for smart-phones. Doing so will efficiently allow novel IoT services to emerge across various industries, because developers can purchase licenses to access IoT resources directly via an open market. Sharing IoT resource information through an open market will create an echo-system conducive for easy utilization of resources and communication between IoT service providers, resource owners, and developers. This paper proposes the new business model of IoT open market for information sharing, and the requirements for ensuring security and standardization of open markets.