Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of Security Vulnerabilities for IoT Devices

  • Kim, Hee-Hyun (Dept. of Business Administration, Sangmyung University) ;
  • Yoo, Jinho (Dept. of Business Administration, Sangmyung University)
  • Received : 2022.02.24
  • Accepted : 2022.04.06
  • Published : 2022.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the number of Internet of Things (IoT) devices has been increasing exponentially. These IoT devices are directly connected to the internet to exchange information. IoT devices are becoming smaller and lighter. However, security measures are not taken in a timely manner compared to the security vulnerabilities of IoT devices. This is often the case when the security patches cannot be applied to the device because the security patches are not adequately applied or there is no patch function. Thus, security vulnerabilities continue to exist, and security incidents continue to increase. In this study, we classified and analyzed the most common security vulnerabilities for IoT devices and identify the essential vulnerabilities of IoT devices that should be considered for security when producing IoT devices. This paper will contribute to reducing the occurrence of security vulnerabilities in companies that produce IoT devices. Additionally, companies can identify vulnerabilities that frequently occur in IoT devices and take preemptive measures.

Keywords

Acknowledgement

This research was funded by a 2020 research grant from Sangmyung University.

References

  1. International Telecommunication Union, ITU Internet Reports 2005: The Internet of Things. Geneva, Switzerland: International Telecommunication Union, 2005.
  2. International Telecommunication Union, "Recommendation Y.2060: Overview of the Internet of Thinngs," 2012 [Online]. Available: https://www.itu.int/rec/T-REC-Y.2060-201206-I.
  3. CIO Korea, "IDC Korea, domestic IoT platform forecast to grow at a AAGR of 16.1% until 2023," 2020 [Online]. AvailableL https://www.ciokorea.com/news/148680.
  4. H. D. Kim, S. W. Yoon, and Y. P. Lee, "Security for IoT services," Information and Communications Magazine, vol. 30, no. 8, pp. 53-59, 2013.
  5. F. Paul, "6 IoT Prospects for 2019 from a Market Perspective," 2019 [Online]. Available: https://www.itworld.co.kr/news/114234.
  6. J. S. Park and J. H. Park, "Future trends of IoT, 5G mobile networks, and AI: challenges, opportunities, and solutions," Journal of Information Processing Systems, vol. 16, no. 4, pp. 743-749, 2020. https://doi.org/10.3745/JIPS.03.0146
  7. G. J. Blinowski and P. Piotrowski, "CVE based classification of vulnerable IoT systems," in Theory and Applications of Dependable Computer Systems. Cham, Switzerland: Springer, 2020, pp. 82-93.
  8. Y. S. Jeong and J. H. Park, "IoT and smart city technology: challenges, opportunities, and solutions," Journal of Information Processing Systems, vol. 15, no. 2, pp. 233-238, 2019. https://doi.org/10.3745/JIPS.04.0113
  9. N. Y. Kim, S. Rathore, J. H. Ryu, J. H. Park, and J. H. Park, "A survey on cyber physical system security for IoT: issues, challenges, threats, solutions," Journal of Information Processing Systems, vol. 14, no. 6, pp. 1361-1384, 2018. https://doi.org/10.3745/JIPS.03.0105
  10. J. C. S. Sicato, S. K. Singh, S. Rathore, and J. H. Park, "A comprehensive analyses of intrusion detection system for IoT environment," Journal of Information Processing Systems, vol. 16, no. 4, pp. 975-990, 2020. https://doi.org/10.3745/JIPS.03.0144
  11. P. Hong, S. Lee, M. Park, and S. Kim, "Threat-based security analysis for the domestic smart home appliance," KIPS Transactions on Computer and Communication Systems, vol. 6, no. 3, pp. 143-158, 2017. https://doi.org/10.3745/KTCCS.2017.6.3.143
  12. S. S. Yang, J. S. Shim, and S. C. Park, "Analysis of countermeasures and network security vulnerability for IoT smart home," in Proceedings of the Korea Information Processing Society Conference, Seoul, Korea, 2016, pp. 324-325.
  13. M. Lee and J. Park, "Analysis and study on invasion threat and security measures for smart home services in IoT environment," The Journal of the Institute of Internet, Broadcasting and Communication, vol. 16, no. 5, pp. 27-32, 2016. https://doi.org/10.7236/JIIBC.2016.16.5.27
  14. Y. Jung and J. Cha, "IoT device security check standards," Information and Communications Magazine, vol. 34, no. 2, pp. 27-33, 2017.
  15. S. Hong and H. J. Sin, "Analysis of the vulnerability of the IoT by the scenario," Journal of the Korea Convergence Society, vol. 8, no. 9, pp. 1-7, 2017. https://doi.org/10.15207/JKCS.2017.8.9.001
  16. T. Wang, M. Z. A. Bhuiyan, G. Wang, L. Qi, J. Wu, and H. Hayajneh, "Preserving balance between privacy and data integrity in edge-assisted Internet of Things," IEEE Internet of Things Journal, vol. 7, no. 4, pp. 2679-2689, 2019. https://doi.org/10.1109/jiot.2019.2951687
  17. S. Meng, Z. Gao, Q. Li, H. Wang, H. N. Dai, and L. Qi, "Security-driven hybrid collaborative recommendation method for cloud-based IoT services," Computers & Security, vol. 97, article no. 101950, 2020. https://doi.org/10.1016/j.cose.2020.101950
  18. L. Qi, C. Hu, X. Zhang, M. R. Khosravi, S. Sharma, S. Pang, T. Wang, "Privacy-aware data fusion and prediction with spatial-temporal context for smart city industrial environment," IEEE Transactions on Industrial Informatics, vol. 17, no. 6, pp. 4159-4167, 2020.
  19. Mirai Botnet [Online]. Available: http://wiki.hash.kr/index.php.
  20. 2018 OWASP IoT Top 10 [Online]. Available: https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf.
  21. CVE Details [Online]. Available: https://www.cvedetails.com.
  22. What is CVE [Online]. Available: https://www.cvedetails.com/cve-help.php.
  23. Vulnerabilities by type [Online]. Available: https://www.cvedetails.com/vulnerabilities-by-types.php.
  24. Current CVSS score distribution for all vulnerabilities [Online]. Available: https://www.cvedetails.com/cvssscore-distribution.php.
  25. CVSS: vulnerability metrics [Online]. Available: https://nvd.nist.gov/vuln-metrics/cvss.