• Journal of Information Processing Systems
• /
• v.18 no.4
• /
• pp.489-499
• /
• 2022

Recently, the number of Internet of Things (IoT) devices has been increasing exponentially. These IoT devices are directly connected to the internet to exchange information. IoT devices are becoming smaller and lighter. However, security measures are not taken in a timely manner compared to the security vulnerabilities of IoT devices. This is often the case when the security patches cannot be applied to the device because the security patches are not adequately applied or there is no patch function. Thus, security vulnerabilities continue to exist, and security incidents continue to increase. In this study, we classified and analyzed the most common security vulnerabilities for IoT devices and identify the essential vulnerabilities of IoT devices that should be considered for security when producing IoT devices. This paper will contribute to reducing the occurrence of security vulnerabilities in companies that produce IoT devices. Additionally, companies can identify vulnerabilities that frequently occur in IoT devices and take preemptive measures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.607-615
• /
• 2017

Recently, IoT products with various functions are being developed. Through the combination of objects and information technology, convenient services that have not been imagined before are emerging. For a secure IoT environment, product security must be considered. However, the existing IoT products have various problems such as security vulnerability. In order to secure the security of IoT products, technical countermeasures as well as policy responses are needed. However, the legislation related to current IoT products has a limit to guarantee safety in IoT environment. In this paper, we analyze the limitations of the current legal system of IoT, and suggests ways to improve it.

• International Journal of Computer Science & Network Security
• /
• v.23 no.8
• /
• pp.168-176
• /
• 2023

The use of sensors and actuators as a form of controlling cyber-physical systems in resource networks has been integrated and referred to as the Internet of Things (IoT). However, the connectivity of many stand-alone IoT systems through the Internet introduces numerous security challenges as sensitive information is prone to be exposed to malicious users. In this paper, IoT based-security issues ontology is proposed to collect, examine, analyze, prepare, acquire and preserve evidence of IoT security issues challenges. Ontology development has consists three main steps, 1) domain, purpose and scope setting, 2) important terms acquisition, classes and class hierarchy conceptualization and 3) instances creation. Ontology congruent to this paper is method that will help to better understanding and defining terms of IoT based-security issue ontology. Our proposed IoT based-security issue ontology resulting from the protégé has a total of 44 classes and 43 subclasses.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2018.05a
• /
• pp.584-587
• /
• 2018

사물인터넷(Internet of Things; IoT)이 차세대 성장동력으로 부상하면서 선진국을 비롯한 많은 단체들이 IoT 육성을 위한 전략을 세우고 있다. 특히 플랫폼(platform)은 IoT의 중요요소기술로 여겨지면서 IoT 플랫폼 보안에 대한 관심은 나날이 높아지고 있다. 현재 국내 IoT 플랫폼('ARTIK', 'Thingplug', 'IoTMakers')들은 oneM2M과 같은 국제표준기술을 기반으로 플랫폼의 다양한 기능을 제공해줌으로서 사용자가 IoT 생태계(ecosystem)에 보다 쉽게 접근할 수 있도록 독려하고 있다. 이렇듯 IoT 플랫폼 기술이 빠른 속도로 성장하고 있는 반면, 국내 IoT 플랫폼들의 보안에 대한 분석이나 연구사례가 거의 없다. 따라서 본 논문에서는 현재 상용화하고 있는 국내 IoT 플랫폼들을 대상으로 보안분석을 수행하고 보안이슈와 보완방안을 시사한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.10-14
• /
• 2019

The number of security incidents is increasing as the Internet of Things(IoT) is distributed widely. The security incidents of IoT can cause financial damages. Moreover, It can become direct threats to humans. In order to prevent these problems, the security installation for IoT devices is important. This paper describes the definition of IoT devices, security incident case, architecture, and the security threats that can occur when a device is connected to network without security installation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.4
• /
• pp.617-635
• /
• 2021

Internet of Things (IoT) devices connected to the network without appropriate security solutions have become a serious security threat to ICT infrastructure. Moreover, due to the nature of IoT devices, it is difficult to apply currently existing security solutions. As a result, IoT devices have easily become targets for cyber attackers, and malware attacks on IoT devices are actually increasing every year. Even though several security solutions are being developed to protect IoT infrastructure, there is a great risk to apply unverified security solutions to real-world environments. Therefore, verification tools to verify the functionality and performance of the developed security solutions are also needed. Furthermore, just as security threats vary, there are several security solution s that defend against them, requiring suitable verification tools based on the characteristics of each security solution. In this paper, we propose an high-speed malware propagation tool that spreads malware at high speed in the IoT infrastructure. Also, we can verify the functionality of the security solution that detect and quickly block attacks spreading in IoT infrastructure by using the high-speed malware propagation tool.

• International journal of advanced smart convergence
• /
• v.5 no.3
• /
• pp.27-31
• /
• 2016

High-tech industries in a state well enough to troubleshoot hacking information introduction a big barrier to delay the growth of the market related to IoT(Internet of Things) as is likely to be on the rise. This early on, security issues introduced in the solution, a comprehensive solution, including the institutional laws/precautions needed. Recent examples of frequent security threats while IoT is the biggest issue of introducing state-of-the-art industry information due to the vulnerable security hacking. This high-tech industries in order to bridge the information responsible for the target attribute, target range, and the protection of security and how to protect the subject, IoT environment (domestic industrial environment) considering the approach is needed. IoTs with health care and a wide variety of services, such as wearable devices emerge. This ensures that RFID/USN-based P2P/P2M/M2M connection is the implementation of the community. In this study, the issue on the high-tech industrial information and the vulnerable security issues of IoT are described.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.411-421
• /
• 2015

These days, a conversion of the fast-advancing ICT (Information and Communications Technologies) and the IoT (Internet of Things) has been in progress. However, these conversion Technology could lead to many of the security threat existing in the ICT environment. The security threats of car in the IoT environment could cause the property damage and casualty. There are the inadequate preparations for the car security and the difficulty of detection for the security threats by itself. In this paper, we proposed the decision-making framework for the anomaly detection and found out what are the threats of car in the IoT environment. The discrimination of the factor, path and type of threats from the attack against the car should take priority over the self-inspection and the swift handling of the attack on control system.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.103-114
• /
• 2022

The Internet of Things (IoT) is one of the fastest technologies that are used in various applications and fields. The concept of IoT will not only be limited to the fields of scientific and technical life but will also gradually spread to become an essential part of our daily life and routine. Before, IoT was a complex term unknown to many, but soon it will become something common. IoT is a natural and indispensable routine in which smart devices and sensors are connected wirelessly or wired over the Internet to exchange and process data. With all the benefits and advantages offered by the IoT, it does not face many security and privacy challenges because the current traditional security protocols are not suitable for IoT technologies. In this paper, we presented a comprehensive survey of the latest studies from 2018 to 2021 related to the security of the IoT and the use of machine learning (ML) and deep learning and their applications in addressing security and privacy in the IoT. A description was initially presented, followed by a comprehensive overview of the IoT and its applications and the basic important safety requirements of confidentiality, integrity, and availability and its application in the IoT. Then we reviewed the attacks and challenges facing the IoT. We also focused on ML and its applications in addressing the security problem on the IoT.