• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2018.05a
• /
• pp.507-509
• /
• 2018

Recently, the research for IoT technologies has been established actively, however the structure of centralized network has been pointed out as the vulnerable points. To solve these problems such as system load and security vulnerability, the research to introduce block chain technology is needed. In this paper, we propose the network domain for convergence of block chain and IoT platform, and describe the advantages from the convergence and various and applicable fields.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.111-112
• /
• 2023

IoT 산업의 규모가 커짐에 따라서 IoT 디바이스 간의 통신 프로토콜에 대한 위협도 증가하고 있으며, 이에 따라 IoT 프로토콜에 대한 보안의 중요성이 대두되고 있다. 하지만 IoT 프로토콜 중 비교적 최근에 등장한 프로토콜인 CoAP 프로토콜에 대한 연구는 아직 충분하지 않으며, CoAP에 대한 기존의 연구는 커버리지를 고려하지 않은 퍼저를 사용하였다. 따라서 이번 연구에서는 커버리지를 고려한 CoAP대상 퍼저를 개발하고 CoAP의 잠재적인 취약성을 점검한다. CoAP의 c 구현체인 libcoap 라이브러리를 대상으로 퍼징한 결과, 총 2개의 힙 버퍼 오버 플로우 취약점을 발견하였다.

• Journal of Digital Convergence
• /
• v.16 no.9
• /
• pp.179-185
• /
• 2018

Technology of Internet of Things (IoT) which is receiving the spotlight recently as a new growth engine of Information Communications Technology (ICT) industry in the $4^{th}$ Industrial Revolution needs trustworthiness beyond simple technology of security. IoT devices should consider trustworthiness from planning and design of IoTs so that everyone who develop, evaluate and use the device can measure and trust its security. Increased number of IoTs and long lifetime result in the increased securituy vulnerability due to the difficulty of software patch and update. In this paper, we investigated security and scalability issues of current IoT devices through research of the technical, political and industrial trend of IoT. In order to overcome the limitations, we propose an automatic verification of software integrity utilizing and a political solution to apply cyber killchain based security mechanism using hash which is an element technology of blockchain to solve these problems.

• Journal of Institute of Control, Robotics and Systems
• /
• v.22 no.9
• /
• pp.766-772
• /
• 2016

Recent advances in networking and computers, especially internet of things (IoT) technologies, have improved the quality of home life and industrial sites. However, the security vulnerability of IoT technologies causes life-threatening issues and information leakage concerns. Studies regarding security algorithms are being conducted. In this paper, we proposed SEED algorithms based on one time passwords (OTPs). The specified server sent time data to the client every 10 seconds. The client changed the security key using time data and generated a ciphertext by combining the changed security key and the matrix. We applied the SEED algorithms with enhanced security to Linux-based embedded boards and android smart phones, then conducted a door lock control experiment (door lock & unlock). In this process, the power consumed for decryption was measured. The power consumption of the OTP-based algorithm was measured as 0.405-0.465W. The OTP-based algorithm didn't show any difference from the existing SEED algorithms, but showed a better performance than the existing algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1371-1378
• /
• 2018

Bluetooth is the key technology in the wireless connection of many Internet of Things (IoT) devices, especially focused on smartphones today. In addition, Bluetooth communication between the IoT device and the user is mainly performed via Bluetooth Low Energy (BLE), but as the Bluetooth technology gradually develops, the security vulnerability of the existing BLE is more prominent. Research on Bluetooth accessibility has been conducted steadily so far, but there is lack of research for data protection in Bluetooth communication. Therefore, in this paper, when sending and receiving data in BLE communication between IoT and users, we propose effective methods for communicating with each other through the Format Preserving Encryption Algorithm (FEA), not the plain text, and measures performance of FEA which is optimized in Arduino and PC.

• Convergence Security Journal
• /
• v.20 no.4
• /
• pp.169-176
• /
• 2020

Recently, the era in which various services using smart devices are used is sometimes referred to as the so-called "smart era". Among these, Smart Home Service' have not only brought about significant changes in the residential environment and culture, but are evolving very rapidly. and The 'Smart Home Service' provides more convenient services to users through communication between various electronic products in general homes, and has a bright future in the future. In particular,'Smart Home Service' provides various services combined based on IoT(Internet of Things) technology and wired/wireless communication in connection between various devices. However, such a "smart home service" inherits the security vulnerabilities of the underlying technologies such as the Internet of Things and wired and wireless communication technologies, and accidents that lead to the leakage of personal information and invasion of privacy continue to occur. So, it is necessary to prepare a countermeasure and prevention against the weak factors of the underlying technologies. Therefore, this paper is expected to be used as basic data for future application technology development and countermeasure technology by examining various security vulnerability factors of 'Smart Home Service'.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.183-186
• /
• 2024

IoT(Internet of Things) 기기가 다양한 산업 분야에 활용되면서, 보안과 유지 보수를 위한 관리의 중요성이 커지고 있다. 편리한 IoT 기기 관리를 위해 무선 네트워크를 통한 펌웨어 업데이트 기술인 FOTA(Firmware Over The Air)가 적용되어 있지만, 컴퓨팅 파워가 제한된 경량 IoT 기기 특성상 취약점 탐지를 수행하기 어렵다. 본 연구에서는 IoT 기기들이 퍼징 테스트 케이스를 분할하여 협력적으로 퍼징하고, 노드 간의 퍼징 결과가 다르면 재검증을 수행하는 협력적 퍼징 기법을 제안한다. 실험 결과에 따르면, 중복되는 테스트 케이스를 2 개나 3 개 퍼징하는 협력적 퍼징 기법은 종래 방식 대비 연산량을 최소 약 16%, 최대 약 48% 줄였다. 또한, 종래 퍼징 기법 대비 취약점 탐지 성공률(Success rate of vulnerability detection)을 최소 약 3 배, 최대 약 3.4 배 개선시켰다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.214-216
• /
• 2017

1999년 독일에서 처음으로 스마트키가 등장 했다. 기존 자동차 열쇠 키의 대체로 스마트키가 사용되고 있다. 2000년대부터 스마트키 보안 문제가 꾸준히 제기되어 왔지만, 아직까지도 특별한 대체 방법이 있지 않다. 제조부터 실제 제품까지 모든 과정에서 보안에 대한 고려가 필요하다. 따라서 본 논문에서는 보안 문제 중 가장 널리 알려진 주파수 증폭 공격에 대해 설명하고 아데아체(ADAC)의 실험 결과를 통해 심각성을 상기 시킨다. 또한 문제 해결과 동시에 향후 차량 IoT 인프라가 나아갈 방향을 위한 Lora망 도입을 제안한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.491-494
• /
• 2017

Recently, IoT has been supported by ICT technology with a variety of ICT powers. In May 2014, Information and Communication Strategy Committee announced the 'Basic plan for Internet of Things'. Also on Febuary 24 this SAME year, KISA(Korea Internet&Security Agency) provides many projects related to IoT, such as announcement of 'K-Global Project' for start-up and venture support related to IoT and ICT companies. In contrast to the various services of Internet of Things, when a connection is made between object-to-object or person-to-object wired and wireless networks, security threats have occurred in the process of communication. We analyzed these kinds of security threats related to Internet of things, and gave a consideration for requirement.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.11
• /
• pp.303-309
• /
• 2018

Internet of Things technology is an intelligent service that connects all objects to the Internet and interacts with them. It is a technology that can be used in various fields, such as device management, process management, monitoring of restricted areas for industrial systems, as well as for navigation in military theaters of operation. However, because all devices are connected to the Internet, various attacks using security vulnerabilities can cause a variety of damage, such as economic loss, personal information leaks, and risks to life from vulnerability attacks against medical services or for military purposes. Therefore, in this paper, a mutual authentication method and a key-generation and update system are applied by applying S/Key technology based on a hash chain in the communications process. A mutual authentication method is studied, which can cope with various security threats. The proposed protocol can be applied to inter-peer security communications, and we confirm it is robust against replay attacks and man-in-the-middle attacks, providing data integrity against well-known attacks in the IoT environment.