융합보안논문지 (Convergence Security Journal)

  • 제21권1호
  • /
  • Pages.9-17
  • /
  • 2021
  • /
  • 1598-7329(pISSN)
  • /
  • 2508-7460(eISSN)
한국융합보안학회 (Korea convergence Security Association)
권호 표지
DOI QR코드

DOI QR Code

IoT 디바이스 보안위협 및 대응방안 연구

A Study on IoT Devices Vulnerability and Security

  • 유승재 (중부대학교 정보보호학과)
  • 투고 : 2021.02.28
  • 심사 : 2021.03.31
  • 발행 : 2021.03.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

수많은 IoT기기들이 시공간의 제약이 없는 유무선 네트워크 환경으로 연결되어 데이터를 수집 및 전송하는데, 그로 인해 많은 보안상의 취약점이 노출되고 있다, 그러나 IoT 보안은 디바이스와 네트워크의 접근방식이나 구현방식의 차이로 인해 실현가능한 보안표준과 장치인증을 생성하는 것이 쉽지 않다. 디바이스의 보안레벨 강화를 위한 표준 프레임워크의 개선과 적용이 가장 성공적인 보안효과를 거들 수 있는 출발점이라는 것은 분명한 사실이다. 이 연구에서는, IoT 디바이스에 대해 정보보안의 기본 목표인 기밀성, 무결성, 가용성 그리고 접근통제를 확보할 수 있도록 하는 IoT디바이스에 대한 표준화된 보안성 평가기준을 조사하고, 그 개선방안을 연구하고자 한다.

Numerous IoT devices are connected to a wireless network environment to collect and transmit data without time and space limitations, but many security vulnerabilities are exposed in these process. But IoT security is not easy to create feasible security standards and device authentication due to differences in the approach or implementation of devices and networks. However, it is clear that the improvement and application of the standard framework for enhancing the security level of the device is the starting point to help the most successful security effect. In this study, we investigate the confidentiality, integrity, availability, and access control implementation plans for IoT devices (which are the basic goals of information security), and standardized security evaluation criteria for IoT devices, and study ways to improve them.

키워드

과제정보

This paper was supported by Joongbu University Research & Development Fund, in 2020

참고문헌

  1. Yu W-Y, 'An Analysis of Research Trends in IoT Security, Convergence Security Journal, Vol.18, No.1,pp.61~67, 2018.
  2. Han S-K, Kim M-J, A Design of Technology Element-based Evaluation Model and its Application on Checklist for the IoT Device Security Evaluation, Convergence Security Journal, Vol.18, No.1,pp.49~58, 2018.
  3. https://www.cctvnews.co.kr/news/articleView.html?idxno=201439.
  4. https://aws.amazon.com/ko/iot-device-management/
  5. https://aws.amazon.com/ko/iot-core/
  6. https://aws.amazon.com/ko/iot-device-defender/features/
  7. https://www.cisco.com/c/ko_kr/solutions/internet-of-things/
  8. http://www.ddaily.co.kr/m/m_article/?no=149257
  9. Technical Report:IoT Security Certification Scheme Part-3, Evaluation Methodology v1.2, EURSMART
  10. Internet of Things (IoT) security, Guide to testing and authentication standards, Dec. 2017, KISA
  11. https://www.ksecurity.or.kr/user/extra/kisis/356/iot/iotList/jsp/LayOutPage.do
  12. https://azure.microsoft.com/en-us/overview/iot/security/
  13. https://azure.microsoft.com/en-us/services/azure-defender-for-iot/
  14. https://www.norma.co.kr/iot
  15. https://www.pentasecurity.co.kr/download/#1590053129868-10d07cb4-1dc4
  16. https://www.pentasecurity.co.kr/iot-security/
  17. https://www.psacertified.org/certified-products/
  18. https://www.psacertified.org/blog/four-steps-to-device-security/
  19. https://www.psacertified.org/getting-certified/device-manufacturer/
  20. Internet Security Threat Report, Vol.24, Feb.2019, Symantec
  21. IoT Common Security Guide, IoT Security Alliance, KISA 2016