• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.537-547
• /
• 2023

As Internet of Things (IoT) technology evolves, IoT devices are being utilized in a variety of fields. However, it has become a new surface of cyber attacks and is affecting industries that did not previously consider cyber breaches. After a intrusion occurs, post-processing and damage spread prevention are important, but it is difficult to respond due to the lackof standards and guidelines. Therefore, in order to respond to such incidents, this paper establishes an incident data collection procedure and presents the data that can be collected to improve the intrusion data acquisition method for general IoT devices. In addition, we proved the efficiency and feasibility of the data collection procedure through experiments.

• International journal of advanced smart convergence
• /
• v.12 no.1
• /
• pp.64-69
• /
• 2023

We devise a collaboration construction method based on the SPRT (Sequential Probability Ratio Test) for malware detection in IoT. In our method, high-end IoT nodes having capable of detecting malware and generating malware signatures harness the SPRT to give a reward of malware signatures to low-end IoT nodes providing useful data for malware detection in IoT. We evaluate our proposed method through simulation. Our simulation results indicate that the number of malware signatures provided for collaboration is varied in accordance with the threshold for fraction of useful data.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.3
• /
• pp.1-7
• /
• 2018

The IoT environment provides an infinite variety of services using many different devices and networks. The development of the IoT environment is directly proportional to the level of security that can be provided. In some ways, lightweight cryptography is suitable for IoT environments, because it provides security, higher throughput, low power consumption and compactness. However, it has the limitation that it must form a new cryptosystem and be used within a limited resource range. Therefore, it is not the best solution for the IoT environment that requires diversification. Therefore, in order to overcome these disadvantages, this paper proposes a method suitable for the IoT environment, while using the existing block cipher algorithm, viz. the lightweight cipher algorithm, and keeping the existing system (viz. the sensing part and the server) almost unchanged. The proposed BCL architecture can perform encryption for various sensor devices in existing wire/wireless USNs (using) lightweight encryption. The proposed BCL architecture includes a pre/post-processing part in the existing block cipher algorithm, which allows various scattered devices to operate in a daisy chain network environment. This characteristic is optimal for the information security of distributed sensor systems and does not affect the neighboring network environment, even if hacking and cracking occur. Therefore, the BCL architecture proposed in the IoT environment can provide an optimal solution for the diversified IoT environment, because the existing block cryptographic algorithm, viz. the lightweight cryptographic algorithm, can be used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1243-1257
• /
• 2019

With the emergence of the IoT environment, various smart devices provide consumers with the convenience and various services. However, as security threats such as invasion of privacy have been reported, the importance of security issues in the IoT environment has emerged, and in particular, the security problem of key management has been discussed, and the PUF has been discussed as a countermeasure. In relation to the key management problem, a protocol using MIPUF has been proposed for the security problem of the group key management system. The system can be applied to lightweight IoT environments and the safety of the PUF ensures the safety of the entire system. However, in some processes, it shows vulnerabilities in terms of safety and efficiency of operation. This paper improves the existing protocol by adding authentication for members, ensuring data independence, reducing unnecessary operations, and increasing the efficiency of database searches. Safety analysis is performed for a specific attack and efficiency analysis results are presented by comparing the computational quantities. Through this, this paper shows that the reliability of data can be improved and our proposed method is lighter than existing protocol.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.2
• /
• pp.676-682
• /
• 2018

As the IoT world including WSNs develops, the number of sensor systems that sense information according to the environment based on the principle of IoT is increasing. In order to perform security for each sensor system in such a complicated environment, the security modules must be varied. These problems make hardware/software implementation difficult when considering the system efficiency and hacking/cracking. Therefore, to solve this problem, this paper proposes a pseudorandom number generator (FLT: Pseudo-random Number Generator with Fixed Length Tap unrelated to the variable sensing nodes) with a fixed-length tap that generates a pseudorandom number with a constant period, irrespective of the number of sensing nodes, and has the purpose of detecting anomalies. The proposed FLT-LFSR architecture allows the security level and overall data formatting to be kept constant for hardware/software implementations in an IoT environment. Therefore, the proposed FLT-LFSR architecture emphasizes the scalability of the network, regardless of the ease of implementation of the sensor system and the number of sensing nodes.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1371-1378
• /
• 2018

Bluetooth is the key technology in the wireless connection of many Internet of Things (IoT) devices, especially focused on smartphones today. In addition, Bluetooth communication between the IoT device and the user is mainly performed via Bluetooth Low Energy (BLE), but as the Bluetooth technology gradually develops, the security vulnerability of the existing BLE is more prominent. Research on Bluetooth accessibility has been conducted steadily so far, but there is lack of research for data protection in Bluetooth communication. Therefore, in this paper, when sending and receiving data in BLE communication between IoT and users, we propose effective methods for communicating with each other through the Format Preserving Encryption Algorithm (FEA), not the plain text, and measures performance of FEA which is optimized in Arduino and PC.

• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.195-209
• /
• 2016

IoT (Internet of Things) is a collective term referring to application services that provide information through sensors/devices connected to the internet. The real world application of IoT is expanding fast along with growing number of sensors/devices. However, since IoT application relies on vertical combination of sensors/devices networks, information sharing within IoT services remains unresolved challenge. Consequently, IoT sensors/devices demand high construction and maintenance costs, rendering the creation of new IoT services potentially expensive. One solution is to launch an IoT open market for information sharing similar to that of App Store for smart-phones. Doing so will efficiently allow novel IoT services to emerge across various industries, because developers can purchase licenses to access IoT resources directly via an open market. Sharing IoT resource information through an open market will create an echo-system conducive for easy utilization of resources and communication between IoT service providers, resource owners, and developers. This paper proposes the new business model of IoT open market for information sharing, and the requirements for ensuring security and standardization of open markets.

• Annual Conference of KIPS
• /
• 2020.11a
• /
• pp.862-865
• /
• 2020

최근 5G, 인공지능(AI) 등과 함께 사물인터넷 (IoT) 기술이 주목받고 있으며, 보안 위협 또한 증가하고 있다. IoT 기기에 대한 다양한 공격 기법들이 존재하는 만큼 IoT 보안에 관한 연구 또한 활발하게 진행되고 있다. 본 논문에서는 IoT 환경에서의 보안 위협에 대응하기 위한 딥러닝 기반의 탐지기법들의 최신 연구 동향과 앞으로의 방향을 살펴본다.

• International Journal of Computer Science & Network Security
• /
• v.22 no.3
• /
• pp.163-172
• /
• 2022

The interconnection of an enormous number of devices into the Internet at a massive scale is a consequence of the Internet of Things (IoT). As a result, tasks offloading from these IoT devices to remote cloud data centers become expensive and inefficient as their number and amount of its emitted data increase exponentially. It is also a challenge to optimize IoT device energy consumption while meeting its application time deadline and data delivery constraints. Consequently, Fog Computing was proposed to support efficient IoT tasks processing as it has a feature of lower service delay, being adjacent to IoT nodes. However, cloud task offloading is still performed frequently as Fog computing has less resources compared to remote cloud. Thus, optimized schemes are required to correctly characterize and distribute IoT devices tasks offloading in a hybrid IoT, Fog, and cloud paradigm. In this paper, we present a detailed survey and classification of of recently published research articles that address the energy efficiency of task offloading schemes in IoT-Fog-Cloud paradigm. Moreover, we also developed a taxonomy for the classification of these schemes and provided a comparative study of different schemes: by identifying achieved advantage and disadvantage of each scheme, as well its related drawbacks and limitations. Moreover, we also state open research issues in the development of energy efficient, scalable, optimized task offloading schemes for Fog computing.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.1
• /
• pp.35-41
• /
• 2016

Internet of Things (IoT) services are widely used in appliances of daily life and industries. IoT services also provide various conveniences to users and are expected to affect value added of all industries and national competitiveness. However, a variety of security threats are increased in IoT environments and lowers reliability of IoT devices and services that make some obstacles for commercialization. The attacks arising in IoT environments are making industrial and normal life accidents unlike existing information leak and monetary damages, and can expand damage scale of leakage of personal information and privacy more than existing them. To solve these problems, we design a session key based access control scheme for secure communications in IoT environments. The proposed scheme reinforces message security by generating session key between device and access control network system. We analyzed the stability of the proposed access scheme in terms of data forgery and corruption, unauthorized access, information disclosure, privacy violations, and denial of service attacks. And we also evaluated the proposed scheme in terms of permission settings, privacy indemnity, data confidentiality and integrity, authentication, and access control.