• Journal of the Korea Society of Computer and Information
• /
• v.25 no.6
• /
• pp.65-72
• /
• 2020

Today, the Internet of Things is used in many places, including homes, industrial sites, and hospitals, to give us convenience. Many services generate new value through real-time data collection, storage and analysis as devices are connected to the network. Many of these fields are creating services and applications that utilize sensors and communication functions within IoT devices. However, since everything can be hacked, it causes a huge privacy threat to users who provide data. For example, a variety of sensitive information, such as personal information, lifestyle patters and the existence of diseases, will be leaked if data generated by smarwatches are abused. Development of IoT must be accompanied by the development of security. Recently, Differential Privacy(DP) was adopted to privacy-preserving data processing. So we propose the method that can aggregate health data safely on smartwatch platform, based on DP.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.3
• /
• pp.371-377
• /
• 2020

Currently used iris cameras are expensive and have many limitations in their use. Existing iris cameras are inconvenient in interworking with newly developed software, and light reflections generated during iris photography are inadequate for medical use. Therefore, it is impossible to utilize the existing camera to take an image by yourself. In this paper, the iris camera is newly constructed so that the iris can be photographed by ourselves and the area of interest can be seen well. Anyone can easily wear glasses-type iris cameras to acquire images using IoT devices, and the acquired images are linked to the iris analysis program and used to read genetic weak parts. The proposed iris camera module automatically provides light reflection, shake, and accurate focus when capturing images, increasing the accuracy of image analysis to 91.49%. In addition, we have proved through experiments that one image processing time is fast as 0.007ms due to accurate image input.

• Convergence Security Journal
• /
• v.22 no.1
• /
• pp.81-92
• /
• 2022

The rapidly growing IoT market is expanding not only in general households but also in smart homes and smart cities. Among the major protocols used in IoT, ZigBee accounts for more than 90% of the smart home's door lock market and is mainly used in miniaturized sensor devices, so the safety of the protocol is very important. However, the device using Zig Bee is not satisfied with the omnidirectional safety because it uses a fixed key during the authentication process that connects to the network, and it has not been resolved in the recently developed ZigBee 3.0. This paper proposes a design method that provides omnidirectional safety to the ZigBee authentication protocol and can be quickly applied to existing protocols. The proposed improved ZigBee authentication protocol analyzed and applied the recently developed OWE protocol to apply ECDH, which has low computational volume and provides omnidirectional safety in IoT. Based on this, it provides the safety of the ZigBee authentication protocol, and it is expected that it will be able to provide user convenience as it does not require a separate certificate or password input.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.17 no.8
• /
• pp.311-317
• /
• 2016

Many services have been developed that are based on smart devices, and security between devices is emphasized. A beacon on the current IoT(Internet of Things) services has been utilized in the commercial field and is being applied to the services of the home IoT. On the other hand, the beacon is weak to security using Bluetooth-based services. Therefore, it is important to strengthen the security of the beacon. This paper proposes a dual security technique that can enhance the security of beacon-based services. The dual security architecture and security process is proposed based on beacon and authentication service. In addition, mobile application was developed and validated based on the beacon for proving the suitability of the proposed technique. The experimental method for verification are the authentication failure case, such as 1st authentication fail, and authentication success case, such as 1st authentication success and 2nd authentication success. The components of the verification experiments consists of two beacons (matched with Beacon ID, mismatched with Beacon ID), one mobile device and authentication application. This was tested to verify the compatibility of the dual security architecture and 1st/2nd authentication process.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.1
• /
• pp.107-113
• /
• 2019

Along with the development of IOT, the number of people using IOT devices has enormously increased and the IOT era has come. Especially, people using the IP cameras among Internet devices have been drastically increasing. It is because the IP cameras are well networked and comparatively cheap compared with CCTVs, and they can also be monitored and controlled in real time through PCs and smart phones for the purposes of general theft prevention and shop surveillance. However, due to the user's serious lack of security awareness and the fact that anyone can easily hack only with simple hacking tools and hacking sites information, security crimes that exploit those have been increasing as well. Therefore, this paper describes how easily the IP cameras can be hacked in the era of IOT, what kind of security incidents occurred, and also suggests possible government measures and new technical solutions to those problems.

• Journal of Convergence for Information Technology
• /
• v.10 no.7
• /
• pp.20-32
• /
• 2020

This study is to develop and provide a personal information protection framework that enables IoT service providers to safely and systematically operate personal information of IoT service subjects in the overall process of providing IoT devices and services. To this end, a framework for personal information framework was derived through literature survey, and FGI with experts, it was divided into three stages, each of three stages: IoT service provision process and IoT personal information processing process. The study conducted an e-mail survey of related experts using AHP techniques to determine the importance of the components of the selected personal information protection framework. As a result, in the IoT service provision process, the IoT product and service design and development stage (0.5413) is the most important, and in the IoT personal information processing process, personal information protection in the collection and retention of personal information (0.5098) is the most important. Therefore, based on this research, as the IoT service is spreading, it is expected that a safe personal information protection framework will be realized by preventing security threats and personal information infringement accidents.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.57-62
• /
• 2022

The recent past has seen a tremendous amount of advancement in the field of Internet of Things (IoT), allowing the influx of a variety of devices into the market. IoT devices are present in almost every aspect of our daily lives. While this increase in usage has many advantages, it also comes with many problems, including and not limited to, the problem of security. There is a need for better measures to be put in place to ensure that the users' data is protected. In particular, fitness trackers used by a vast number of people, transmit important data regarding the health and location of the user. This data is transmitted from the fitness device to the phone and from the phone onto a cloud server. The transmission from device to phone is done over Bluetooth and the latest version of Bluetooth Light Energy (BLE) is fairly advanced in terms of security, it is susceptible to attacks such as Man-in-the-Middle attack and Denial of Service attack. Additionally, the data must be stored in an encrypted form on the cloud server; however, this proves to be a problem when the data must be decrypted to use for running computations. In order to ensure protection of data, measures such as end-to-end encryption may be used. Homomorphic encryption is a class of encryption schemes that allow computations on encrypted data. This paper explores the application of homomorphic encryption for fitness trackers.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.26 no.4
• /
• pp.67-79
• /
• 2023

Service environments through laptops, smart devices, and various IoT devices are developing very rapidly. Recent security measures in these Internet environments mainly consist of network application level solutions such as firewall(Intrusion Prevention Systems) and IDS (intrusion detection system). In addition, various security data have recently been used on-site, and issues regarding the management and destruction of such security data have been raised. Products such as DRM(Digital Rights Management) and DLP(Data Loss Prevention) are being used to manage these security data. However despite these security measures, data security measures taken out to be used in the field are operated to the extent that the data is encrypted, delivered, and stored in many environments, and measures for encryption key management or data destruction are insufficient. Based on these issues we aim to propose a SecureOS Module, an OS-based security module. With this module users can manage and operate security data through a consistent interface, addressing the problems mentioned above.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4545-4566
• /
• 2021

The evolution of IoT technology is having a significant impact on people's lives. Almost all areas of people's lives are benefiting from increased productivity and simplification made possible by this trending technology. On the downside, however, the application of IoT technology is posing some security challenges, among them, unauthorized access to IoT devices. This paper presents an Attribute-based Access Control Fog architecture that aims to achieve effective distribution, increase availability and decrease latency. In the proposed architecture, the main functional points of the Attribute-based Access Control are distributed to provide policy decision and policy information mechanisms in fog nodes, locating these functions near end nodes. To evaluate the proposed architecture, an access control engine based on the Attribute-based Access Control was built using the Balana library and simulated using EdgeCloudSim to compare it to the traditional cloud-based architecture. The experiments show that the fog-based architecture provides robust results in terms of reducing latency in making access decisions.

• Journal of Advanced Navigation Technology
• /
• v.19 no.4
• /
• pp.330-337
• /
• 2015

A service in the environments of internet of things (IoT) exist various types with automation facilities and sensors. There can configure so many communication protocols to networking facilities and sensors. To provide efficient various kind of service, a middleware platform, is based on the internet protocol network, is needed a unified access with devices, controlling and monitoring huge kind of facilities and sensors, to provide a efficient IoT service and application configurations. In this paper, we propose a middleware that an application and service interact with automation facilities and monitor sensors. The proposed middleware is designed with adapter pattern that one of the software engineering design pattern. The adapter pattern is to ensure communication with each sensor and to make sure of service scalability. Finally, the proposed component middleware shows that variety sensors can be easily configure the service in the IoT environment.