DOI QR코드

DOI QR Code

Cyber KillChain Based Security Policy Utilizing Hash for Internet of Things

해시를 활용한 사이버킬체인 기반의 사물인터넷 보안 정책

  • Received : 2018.07.20
  • Accepted : 2018.09.20
  • Published : 2018.09.28

Abstract

Technology of Internet of Things (IoT) which is receiving the spotlight recently as a new growth engine of Information Communications Technology (ICT) industry in the $4^{th}$ Industrial Revolution needs trustworthiness beyond simple technology of security. IoT devices should consider trustworthiness from planning and design of IoTs so that everyone who develop, evaluate and use the device can measure and trust its security. Increased number of IoTs and long lifetime result in the increased securituy vulnerability due to the difficulty of software patch and update. In this paper, we investigated security and scalability issues of current IoT devices through research of the technical, political and industrial trend of IoT. In order to overcome the limitations, we propose an automatic verification of software integrity utilizing and a political solution to apply cyber killchain based security mechanism using hash which is an element technology of blockchain to solve these problems.

Keywords

Internet of Things;Cyber KillChain;Blockchain;Integrity;Software

References

  1. O. Bello & S. Zeadally. (2016). Intelligent device-to-device communication in the internet of things. IEEE Systems Journal, 10(30), 1172-1182. https://doi.org/10.1109/JSYST.2014.2298837
  2. S. H. Lee & D. W. Lee. (2016). Actual Cases for Smart Fusion Industry based on Internet of Thing. Journal of the Korea Convergence Society, 7(2), 1-6. https://doi.org/10.15207/JKCS.2016.7.2.001
  3. S. H. Lee, D. H. Shim & D. W. Kee. (2016). Actual Cases of Internet of Thing on Smart City Industry. Journal of Convergence for Information Technology, 6(4), 65-70. https://doi.org/10.22156/CS4SMB.2016.6.4.065
  4. CISCO, Internet of Things, https://www.cisco.com/c/dam/en/us/products/collateral/e/internet-of-things/at-a-glance-c45-731471.pdf (last access: 2018.07.10.).
  5. J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang & W. Zhao. (2017). A survey on internet of things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal, 4(5), 1125-1142. https://doi.org/10.1109/JIOT.2017.2683200
  6. Y. Yang, L. Wu, G. Yin, L. Ki & H. Zhao. (2017). A survey on security and provacy issues in internet-of-things. IEEE Internet of Things Journal, 4(5), 1250-1258. https://doi.org/10.1109/JIOT.2017.2694844
  7. S. Hong & H. J. Sin. (2017). Analysis of the Vulnerability of the IoT by the Scenario. Journal of the Korea Convergence Society, 8(9), 1-7. https://doi.org/10.15207/JKCS.2017.8.9.001
  8. H. J. Mun, G. H. Choi & Y. C. Hwang. (2016). Countermeasure to Underlying Security Threats in IoT communication. Journal of Convergence for Information Technology, 6(2), 37-44. https://doi.org/10.5121/ijitcs.2016.6104
  9. C. Kolias, G. Kambourakis, A. Stavrou & J. Voas. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80-84. https://doi.org/10.1109/MC.2017.201
  10. J. Gubbi, R. Buyya, S. Marusic & M. Palaniswami. (2013). Internet of Things (IoT): A vision, architecture elements, and future directions. Future generation computer systems, 29(7), 1645-1660. https://doi.org/10.1016/j.future.2013.01.010
  11. Symantec. (2018). Internet Security Threat Report, Vol.23.
  12. NIST. (2016). Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, NIST Special Publication 800-160 Volume 1.
  13. ENISA. (2015). Privacy and Data Protection by Design.
  14. NISC. (2016). General Framework for Secure IoT Systems.
  15. KISA. (2016). IoT common security guide for security internalization of ICT convergence products and services, IoT Security Alliance of KISA.
  16. I. C. Lin & T. C. Liao. (2017). A Survey of Blockchain Security Issues and Challenges, International Journal of Network Security, 19(5), 653-659
  17. T. Yadav & A. M. Rao. (2015). Technical Aspects of Cyber Kill Chain. International Symosium on Security in Computing and Communication, 438-452.
  18. Lockheed Martin Cyber KillChain, url: https://www.lockheedmartin.com/en-us/capabilities/cybr/cyber-kill-chain.html (last access: 2018.07.10.).
  19. CC v3.1 Release 5. Common Criteria for Information Technology Security Evaluation (CC). url: https://www.commoncriteriaportal.org/cc/ (last access: 2018.07.10.).

Acknowledgement

Supported by : 성신여자대학교