• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• Journal of Information Processing Systems
• /
• v.18 no.4
• /
• pp.489-499
• /
• 2022

Recently, the number of Internet of Things (IoT) devices has been increasing exponentially. These IoT devices are directly connected to the internet to exchange information. IoT devices are becoming smaller and lighter. However, security measures are not taken in a timely manner compared to the security vulnerabilities of IoT devices. This is often the case when the security patches cannot be applied to the device because the security patches are not adequately applied or there is no patch function. Thus, security vulnerabilities continue to exist, and security incidents continue to increase. In this study, we classified and analyzed the most common security vulnerabilities for IoT devices and identify the essential vulnerabilities of IoT devices that should be considered for security when producing IoT devices. This paper will contribute to reducing the occurrence of security vulnerabilities in companies that produce IoT devices. Additionally, companies can identify vulnerabilities that frequently occur in IoT devices and take preemptive measures.

• Convergence Security Journal
• /
• v.18 no.2
• /
• pp.49-58
• /
• 2018

As the demand for Internet of Things(IoT) increases, the need for the security of IoT devices is increasing steadily. It is difficult to apply the conventional security theory to IoT devices because IoT devices are subject to be constrained by some factors such as hardware, processor, and energy. Nowadays we have several security guidelines and related documents on IoT device. Most of them, however, do not consider the characteristics of specific IoT devices. Since they describes the security issues comprehensively, it is not easy to explain the specific security level reflecting each characteristics of IoT devices. In addition, most existing guidelines and related documents are described in view of developers and service proposers, and thus ordinary users are not able to assess whether a specific IoT device can protect their information securely or not. We propose an security evaluation model, based on the existing guidelines and related documents, for more specific IoT devices and prove that this approach is more convenient to ordinary users by creating checklists for the smart watch.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.27 no.1
• /
• pp.97-102
• /
• 2023

IoT is being used in a lot of industry domain such as smart home, smart ocean, smart energy, and smart farm, as well as legacy information services. For a server, an IoT device using the same protocol is a trusted object. Therefore, a malicious attacker can use an unauthorized IoT device to access IoT-based information services and access unauthorized important information, and then modify or extract it to the outside. In this study, to improve these problems, we propose an IoT device authentication system used in IoT-based information service. The IoT device authentication system proposed in this study applies identifier-based authentication such as MAC address. If the IoT device authentication function proposed in this study is used, only the authenticated IoT device can access the server. Since this study applies a method of terminating the session of an unauthorized IoT device, additional research on the access deny method, which is a more secure authentication method, is needed.

• International Journal of Computer Science & Network Security
• /
• v.24 no.8
• /
• pp.174-178
• /
• 2024

IoT is collection of different "things" which are associated with open web. As all the things are connected to the Internet, it offers convenience to end users for accessing the resources from "Any Where, Any Time" throughout the globe. At the same time, open nature of IoT provides a fertile ground to an intruder for launching different security related threats. If we can no apply proper security safeguards to the IoT System, then it will be not useful to society. Authentication, Encryption, Trust Management and Secure Routing are different domains to offer security in IoT system. Among them, Authentication is very much important security service as it validates device identity before granting access to system services/ resources. Existing IoT Authentication algorithms are fail to verify device identity in unambiguous way. They are vulnerable to different security threats such as Key Stolen threat, MITM threat and Location Spoofing threat. So, it is a demand of time to design an efficient and secure Multi-factor IoT algorithm which can offer better security and validate device identity in unambiguous way.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.343-345
• /
• 2017

With the development of IoT technology, terminals connected with IoT are being used. However, security incidents are occurring as IoT is applied to society as a whole. IoT security incidents can be linked to personal risk and social disruption. In this study, we extract the evidence of security breach in IoT device. Analyze IoT security breach environment and extract Hashing function to secure original integrity and integrity. Then, the Forensic evidence is extracted from the IoT security device to verify the integrity of the original and Forensic reports should be written and studied to be used as legal evidence.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.9-17
• /
• 2021

Numerous IoT devices are connected to a wireless network environment to collect and transmit data without time and space limitations, but many security vulnerabilities are exposed in these process. But IoT security is not easy to create feasible security standards and device authentication due to differences in the approach or implementation of devices and networks. However, it is clear that the improvement and application of the standard framework for enhancing the security level of the device is the starting point to help the most successful security effect. In this study, we investigate the confidentiality, integrity, availability, and access control implementation plans for IoT devices (which are the basic goals of information security), and standardized security evaluation criteria for IoT devices, and study ways to improve them.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.343-351
• /
• 2017

With ICT technology develops, IoT environment is attracting attention. However, IoT devices have various CPU performance as much as various purpose of use. Some IoT devices use the cpu that doesn't support public key cryptogrphy or crypto acceleration. In this paper, we study Blockchain-based IoT Device Authentication Scheme that provides authentication, integirity and non-repudation through analysis of Lamport Hash-chain, Lamport Signature, Blockchain and existing Authentication protocols. The proposed scheme requires only simple hash operation in IoT devices and it can operate in low performance IoT device, thus ensuring secure authentication in IoT environment.

• International Journal of Computer Science & Network Security
• /
• v.24 no.9
• /
• pp.85-92
• /
• 2024

Information Security is the foremost concern for IoT (Internet of things) devices and applications. Since the advent of IoT, its applications and devices have experienced an exponential increase in numerous applications which are utilized. Nowadays we people are becoming smart because we started using smart devices like a smartwatch, smart TV, smart home appliances. These devices are part of the IoT devices. The IoT device differs widely in capacity storage, size, computational power, and supply of energy. With the rapid increase of IoT devices in different IoT fields, information security, and privacy are not addressed well. Most IoT devices having constraints in computational and operational capabilities are a threat to security and privacy, also prone to cyber-attacks. This study presents a CIA triad-based information security implementation for the four-layer architecture of the IoT devices. An overview of layer-wise threats to the IoT devices and finally suggest CIA triad-based security techniques for securing the IoT devices..Make sure that the abstract is written as one paragraph.

• Convergence Security Journal
• /
• v.19 no.3
• /
• pp.51-59
• /
• 2019

In this paper, we propose a device identification system for network visibility that can maintain the secure internal network environment in the IoT era. Recently, the area of enterprise network is getting huge and more complicated. Not only desktops and smartphones but also business pads, barcode scanners, APs, Video Surveillance, digital doors, security devices, and lots of Internet of Things (IoT) devices are rapidly pouring into the business network, and there are highly risk of security threats. Therefore, in this paper, we propose the device identification system that includes the process and module-specific functions to identify the exploding device in the IoT era. The proposed system provides in-depth visibility of the devices and their own vulnerabilities to the IT manager in company. These information help to mitigate the risk of the potential cyber security threats in the internal network and offer the unified security management against the business risks.