Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Design for Security Functional Requirements of IoT Middleware System

IoT(Internet of Things) 시스템 미들웨어 보안기능요구사항 설계

  • Jung, Hyun Mi (Dept. of Supercomputer System Development, KISTI) ;
  • Jeong, Kimoon (Dept. of Supercomputer System Development, KISTI) ;
  • Cho, Han Jin (Dept. of Energy IT Engineering, Far East University)
  • Received : 2017.09.16
  • Accepted : 2017.11.20
  • Published : 2017.11.28
Download PDF
⟨ Previous Next ⟩

Abstract

The middleware in the IoT system is software that acts as a messenger to connect and exchange data between humans and objects, objects and objects. IoT middleware exists in various forms in all areas, including hardware, protocol, and communication of different kinds, which are different in form and purpose. However, IoT middleware exists in various forms across different areas, including hardware, protocol, and communication of different types and purposes. Therefore, even if the system is designed differently for each role, it is necessary to strengthen the security in common. In this paper, we analyze the structure of IoT middleware using Service Oriented Architecture(SOA) approach and design system security requirements based on it. It was defined: Target Of Evaluation(TOE) existing system development method and the object is evaluated by Common Criteria(CC) for verification based otherwise. The proposed middleware system will be correlated with the security problem definition and the security purpose, which will be the basis for implementing the security enhanced IoT system.

IoT 시스템에서의 미들웨어는 인간과 사물, 사물과 사물 사이를 연결하여 데이터를 주고받을 수 있도록 중간 매개체 역할을 하는 소프트웨어이다. IoT 미들웨어는 그 형태와 목적이 서로 상이한 이기종간의 하드웨어, 프로토콜 및 통신 등을 전 영역에 걸쳐서 다양한 형태로 존재한다. 그러므로 시스템 각각의 역할별 종류를 달리 설계하더라도 공통적으로 보안을 강화할 수 있는 방안이 필요하다. 본 논문에서는 SOA(Service Oriented Architecture) 접근방법을 이용한 IoT 미들웨어 구조를 분석하고 이를 바탕으로 시스템 보안요구사항을 설계하였다. 기존 시스템 개발방법과는 달리 검증을 위하여 공통평가기준(Common Criteria) 기반으로 평가대상물(TOE: Target Of Evaluation)을 정의하였다. 향후 제시된 미들웨어 시스템은 보안문제정의 및 보안목적과 상관관계를 나타냄으로서 보안이 강화된 IoT 시스템 구현 근거가 될 것이다.

Keywords

References

  1. Architecture of IoT, http://www.lgcns.com/LGCNS.GHP.Main/Solution/IoTPlatform_En.
  2. J. H. Kim, A Middleware Development Method for Internet of Things(IoT) Security, Master thesis of Far East University, 2017.
  3. K.B. Kim and H.J. Cho,."A Study on the Regulation Improvement Measures for Activation of Internet of Things and Big Data Convergence,"Journal of the Korea Convergence Society, Vol. 8, No. 5, pp.29-3, 2017. https://doi.org/10.15207/JKCS.2017.8.5.029
  4. J. H. Kim, J. Y. Go, K. H. Lee, "A Scheme of Social Engineering Attacks and Counter measures Using Big Data based Conversion Voice Phishing", Journal of the Korea Convergence Society, Vol. 6, No. 1, pp.85-91, 2015. https://doi.org/10.15207/JKCS.2015.6.1.085
  5. S. K. Park, "Proposal of a mobility management scheme for sensor nodes in IoT(Internet of Things)", Journal of Convergence Society for SMB, Vol. 6, No. 4, pp. 59-64, Dec. 2017
  6. Middleware, https://ko.wikipedia.org/wiki/middleware
  7. Steven Cherry with Ralph Langner, "How Stuxnet is Rewriting the Cyberterrorism Playbook",IEEE Spectrum, October 2010, .
  8. L. Atzori, A. lera, G. Moraito, "The Internet of Things: A survey", Computer Networks, vol 54, no. 15, pp. 2787-2805, Oct. 2010. https://doi.org/10.1016/j.comnet.2010.05.010
  9. J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions", Future Generation Computer Systems, vol. 29, no. 7, pp. 1645-1660, Sept. 2013. https://doi.org/10.1016/j.future.2013.01.010
  10. A. Whitmore, A. Agarwal, "The Internet of Things -A survey of topics and trends", Information Systems Frontiers, vol. 17, no. 2, pp. 261-274, Apr. 2015. https://doi.org/10.1007/s10796-014-9489-2
  11. Mario Weber and Marija Boban,"Security Challenges within IoT Systems,"Information and Communication Technology, Electronics and Microelectronics (MIPRO) 2016, pp. 638-643, 2016
  12. Edge_device, https://en.wikipedia.org/wiki/Edge_device
  13. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model; Version 3.1, Revision 1, CCMB-2006-09-001.
  14. Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components; Version 3.1, Revision 2, CCMB-2007-09-002.
  15. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components; Version 3.1, Revision 2, CCMB-2007-09-003.