• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.344-345
• /
• 2022

ogy is being used in many fields, such as smart farms, smart oceans, smart homes, and smart energy. Various IoT terminals are used for these IoT services. Here, IoT devices are physically installed in various places. A malicious attacker can access the IoT service using an unauthorized IoT device, access unauthorized important information, and then modify it. In this study, to solve these problems, we propose an authentication system for IoT devices used in IoT services. The IoT device authentication system proposed in this study consists of an authentication module mounted on the IoT device and an authentication module of the IoT server. If the IoT device authentication system proposed in this study is used, only authorized IoT devices can access the service and access of unauthorized IoT devices can be denied. Since this study proposes only the basic IoT device authentication mechanism, additional research on additional IoT device authentication functions according to the security strength is required.IoT technol

• KNOM Review
• /
• v.23 no.1
• /
• pp.51-62
• /
• 2020

Open IoT platform that shares communication infrastructure and provides cloud resources can flexibly reduce development period and cost of smart service. In this paper, as an open IoT platform, we propose a virtual IoT system based on edge computing that implements a virtual IoT device for a physical IoT device and allows service developers to interact with the virtual device. A management server in the edge cloud, near the IoT physical device, manages the creation, movement, and removal of virtual IoT devices corresponding to the physical IoT devices. This paper define the operations of the management server, the physical IoT device, and the virtual IoT device, which are major components of the virtual IoT system, and design the communication protocol required to perform the operations. Finally, through simulations, this paper evaluate the performance of the edge computing based virtual IoT system by confirming that each component performs the defined states and operations as designed.

• Convergence Security Journal
• /
• v.18 no.1
• /
• pp.61-67
• /
• 2018

IoT technology is currently being applied at various industrial sites and is developing as a core technology in the fourth industrial revolution. Along with IoT developments, awareness and importance of IoT security is increasing, and research on IoT security is underway to counter these threats. However, research trends in the context of IoT security awareness are insufficient. This paper is a research that analyzes the progress of R&D and IoT security in both domestic and international IoT and thus leads to improvements. The research covered the 229 papers and articles of domestic and foreign journals covering security fields as a main theme. Among them, detailed analyses of 96 papers related to IoT security were performed. Research has shown that many studies are being conducted on trends in IoT security, key management and privacy. A detailed study on the characteristics of services to apply IoT technologies and access control and authentication between IoT devices is needed, and a study that addressed the issues of privacy in IoT environments in Korea.

• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.195-209
• /
• 2016

IoT (Internet of Things) is a collective term referring to application services that provide information through sensors/devices connected to the internet. The real world application of IoT is expanding fast along with growing number of sensors/devices. However, since IoT application relies on vertical combination of sensors/devices networks, information sharing within IoT services remains unresolved challenge. Consequently, IoT sensors/devices demand high construction and maintenance costs, rendering the creation of new IoT services potentially expensive. One solution is to launch an IoT open market for information sharing similar to that of App Store for smart-phones. Doing so will efficiently allow novel IoT services to emerge across various industries, because developers can purchase licenses to access IoT resources directly via an open market. Sharing IoT resource information through an open market will create an echo-system conducive for easy utilization of resources and communication between IoT service providers, resource owners, and developers. This paper proposes the new business model of IoT open market for information sharing, and the requirements for ensuring security and standardization of open markets.

• Information and Communications Magazine
• /
• v.34 no.2
• /
• pp.27-33
• /
• 2017

최근 IoT 기술이 홈케어, 헬스케어, 자동차, 교통, 농업, 제조업 등 다양한 분야에 적용되면서 신성장 동력의 핵심으로 IoT 서비스를 제공하거나 IoT 환경을 자체적으로 구축하여 산업현장에 도입하려는 기업이나 기관이 증가하고 있다. 그러나 IoT 환경은 인터넷을 통해 현실세계와 IoT 디바이스가 직접 연결되는 특성으로 인해서 IoT 보안의 중요성이 더욱 강조되고 있으며 IoT를 이용한 보안 사고 사례 및 취약점이 지속적으로 발표되면서 IoT 보안 위험 또한 계속 증가되고 있다. 이렇게 IoT 환경에는 많은 취약점과 보안 위협이 존재하기에 IoT 제품의 최초 설계/개발 단계부터 배포/설치/구성 단계, 운영/관리/폐기 단계까지 IoT 제품 및 서비스의 각 단계별로 보안 요구사항과 가이드라인을 적용하여 보안을 내재화하고 IoT 제품 및 서비스를 도입하는 사용자 입장에서 IoT 보안에 대해서 관심을 가지고 스스로 확인 할 수 있도록 보안 점검 기준이 필요하다. 본고에서는 IoT 디바이스의 특성과 보안 요구사항에 따른 보안 원칙 및 보안 가이드를 살펴보고 IoT 기술을 산업현장에 적용하고자 하는 기관/기업에 적용 가능한 IoT 디바이스의 보안 점검 기준을 제시한다.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2016.01a
• /
• pp.85-86
• /
• 2016

본 논문에서는 IoT 환경에서 IoT 게이트웨이를 통해 제공되고 있는 서비스 탐색 프로토콜에 대한 문제점을 분석하고 이를 해결하기 위한 해결방법에 대한 방향을 제시한다. 현재 다양한 IoT 서비스 탐색 프로토콜이 제안되어 있으며 제안된 서비스 탐색 프로토콜은 IP 기반 프로토콜과 non-IP 기반 프로토콜로 구분된다. 최근 IoT 기반 홈 네트워크 서비스 제공을 위해 스마트 IoT 게이트웨이가 개발되었다. 제안된 IoT 게이트웨이는 이종 네트워크 인터페이스에 대한 프로토콜 컨버팅 기능은 제공하고 있으나 서비스 탐색에 대한 홍보기능을 제공하고 있지 않다. 따라서 상이한 인터페이스로 구성된 IoT 디바이스에 대한 서비스 탐색 기능을 제공하지 못한다. 본 논문에서는 이런 문제점을 정의하고 이를 해결하기 위한 IoT 게이트웨이 내부 기능을 정의하고 추가적으로 공통 IoT 서비스 탐색 프로토콜 개발에 대한 방향을 제시한다.

• Journal of the Korea Convergence Society
• /
• v.9 no.4
• /
• pp.57-63
• /
• 2018

IoT devices are used in many areas to perform various roles and functions in a cloud environment. However, a method of access control that can stably control the IoT device has not been proposed yet. In this paper, we propose a hierarchical multi-level property access control scheme that can perform stable access of IoT devices used in a cluster environment. In order to facilitate the access of the IoT device, the proposed method not only provides the ID key (security token) unique to the IoT device by providing the IoT Hub, but also allows the IoT Hub to authenticate the X.509 certificate and the private key, So that the private key of the IoT device can not be seen outside the IoT device. As a result of the performance evaluation, the proposed method improved the authentication accuracy by 10.5% on average and the processing time by 14.3%. The overhead of IoT Hub according to the number of IoT attributes was 9.1% lower than the conventional method.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.97-102
• /
• 2023

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.607-615
• /
• 2017

Recently, IoT products with various functions are being developed. Through the combination of objects and information technology, convenient services that have not been imagined before are emerging. For a secure IoT environment, product security must be considered. However, the existing IoT products have various problems such as security vulnerability. In order to secure the security of IoT products, technical countermeasures as well as policy responses are needed. However, the legislation related to current IoT products has a limit to guarantee safety in IoT environment. In this paper, we analyze the limitations of the current legal system of IoT, and suggests ways to improve it.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.349-350
• /
• 2022

As research on IT convergence continues, the scope of IoT (Internet of Things) services continues to expand. The IoT service uses a device suitable for the purpose. These IoT devices require an authentication function. In addition, in IoT services that handle important information such as personal information, security of transmission data is required. In this study, we implement a crypto key-based IoT network security system that can authenticate devices for IoT services and securely transmit data between devices. Through this study, IoT service can authenticate the device itself and maintain the confidentiality of transmitted data. However, since it is an IoT service, additional research on the application efficiency of the encryption algorithm is required.