• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.65 no.1
• /
• pp.128-134
• /
• 2016

IoT devices including smart devices are connected with internet, thus they have security threats everytime. Particularly, IoT devices are composed of low performance MCU and small-capacity memory because they are miniaturized, so they are likely to be exposed to various security threats like DoS attacks. In addition, in case of IoT devices installed for a remote place, it's not easy for users to control continuously them and to install immediately security patch for them. For most of IoT devices connected directly with internet under user's intention, devices exposed to outside by setting IoT gateway, and devices exposed to outside by the DMZ function or Port Forwarding function of router, specific protocol for IoT services was used and the devices show a response when services about related protocol are required from outside. From internet search engine for IoT devices, IP addresses are inspected on the basis of protocol mainly used for IoT devices and then IP addresses showing a response are maintained as database, so that users can utilize related information. Specially, IoT devices using HTTP and HTTPS protocol, which are used at usual web server, are easily searched at usual search engines like Google as well as search engine for the sole IoT devices. Ill-intentioned attackers get the IP addresses of vulnerable devices from search engine and try to attack the devices. The purpose of this study is to find the problems arisen when HTTP, HTTPS, CoAP, SOAP, and RestFUL protocols used for IoT devices are detected by search engine and are maintained as database, and to seek the solution for the problems. In particular, when the user ID and password of IoT devices set by manufacturing factory are still same or the already known vulnerabilities of IoT devices are not patched, the dangerousness of the IoT devices and its related solution were found in this study.

• Journal of Information Processing Systems
• /
• v.18 no.4
• /
• pp.489-499
• /
• 2022

Recently, the number of Internet of Things (IoT) devices has been increasing exponentially. These IoT devices are directly connected to the internet to exchange information. IoT devices are becoming smaller and lighter. However, security measures are not taken in a timely manner compared to the security vulnerabilities of IoT devices. This is often the case when the security patches cannot be applied to the device because the security patches are not adequately applied or there is no patch function. Thus, security vulnerabilities continue to exist, and security incidents continue to increase. In this study, we classified and analyzed the most common security vulnerabilities for IoT devices and identify the essential vulnerabilities of IoT devices that should be considered for security when producing IoT devices. This paper will contribute to reducing the occurrence of security vulnerabilities in companies that produce IoT devices. Additionally, companies can identify vulnerabilities that frequently occur in IoT devices and take preemptive measures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.906-918
• /
• 2018

The advent of the Internet of Things (IoT) technology, which brings many benefits to our lives, has resulted in numerous IoT devices in many parts of our living environment. However, to adapt to the rapid changes in the IoT market, numerous IoT devices were widely deployed without implementing security by design at the time of development. As a result, malicious attackers have targeted IoT devices, and IoT devices lacking security features have been compromised by attackers, resulting in many security incidents. In particular, an attacker can take control of an IoT device, such as Mirai Botnet, that has insufficient security features. The IoT device can be used to paralyze numerous websites by performing a DDoS attack against a DNS service provider. Therefore, this study proposes a scheme to minimize security vulnerabilities and threats in IoT devices to improve the security of the IoT service environment.

• Smart Media Journal
• /
• v.11 no.2
• /
• pp.63-69
• /
• 2022

As the use of various IoT devices increases, the importance of IoT platforms is also rising. Recently, artificial intelligence technology is being combined with IoT devices, and research applying a neuromorphic architecture to IoT devices with low power is also increasing. In this paper, an application scenario is proposed based on NA-IDE (Neuromorphic Architecture-based autonomous IoT application integrated development environment) with IoT devices and FPGA devices in a GUI format. The proposed scenario connects a camera module to an IoT device, collects MNIST dataset images online, recognizes the collected images through a neuromorphic board, and displays the recognition results through a device module connected to other IoT devices. If the neuromorphic architecture is applied to many IoT devices and used for various application services, the autonomous IoT application integrated development environment based on the neuromorphic architecture is expected to emerge as a core technology leading the 4th industrial revolution.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.459-469
• /
• 2023

The number of IoT devices is explosively increasing due to the development of embedded equipment and computer networks. As a result, cyber threats to IoT are increasing, and currently, malicious codes are being distributed and infected to IoT devices and exploited for DDoS. Currently, IoT devices that are the target of such an attack have various installation environments and have limited resources. In addition, IoT devices have a characteristic that once set up, the owner does not care about management. Because of this, IoT devices are becoming a blind spot for management that is easily infected with malicious codes. Because of these difficulties, the threat of malicious codes always exists in IoT devices, and when they are infected, responses are not properly made. In this paper, we will design an malware detection system for IoT in consideration of the characteristics of the IoT environment and present detection rules suitable for use in the system. Using this system, it will be possible to construct an IoT malware detection system inexpensively and efficiently without changing the structure of IoT devices that are already installed and exposed to cyber threats.

• Journal of KIISE:Software and Applications
• /
• v.41 no.8
• /
• pp.545-556
• /
• 2014

Internet of Things (IoT), one of the emerging research areas, is the computing paradigm where various things connect to the network and cooperate with their neighbors to reach common goals. Computing with IoT devices opens up a new array of opportunities for providing value-added smart services and applications to end users. That is, IoT devices play an important role of providing useful services to the users. However, the states of IoT devices are dynamically changed at runtime, which come from their mobility, network connectivity, and a battery drain problem. This dynamism results in difficulties in managing these IoT devices. In this paper, we propose a framework to manage those IoT devices with dynamism. Hence, we first derive issues from IoT devices' dynamism. And, we define a set of requirements to manage the IoT devices and present a framework to manage the device dynamism. The framework is equipped by a device discovery method, a device status monitoring method, a device selection and connection method, and a device replacement method. Finally, we verify the feasibility and effectiveness of the framework through experiments.

• Journal of Internet of Things and Convergence
• /
• v.7 no.1
• /
• pp.1-7
• /
• 2021

The IoT market continues to expand and grow, but the security threat to IoT devices is also increasing. However, it is difficult to apply the security technology applied to the existing system to IoT devices that have a problem of resource limitation. Therefore, in this paper, we present a service that can improve the security of IoT devices by presenting authentication and lightweight cryptographic algorithms that can reduce the overhead of applying security features, taking into account the nature of resource limitations of IoT devices. We want to apply these service to home network IoT equipment to provide security. The authentication and lightweight cryptographic algorithm application protocols presented in this paper have secured the safety of the service through the use of LEA encryption algorithms and secret key generation by users, IoT devices and server in the IoT environment. Although there is no difference in speed from randomly generating secret keys in experiments, we verify that the problem of resource limitation of IoT devices can be solved by additionally not applying logic for secret key sharing to IoT devices.

• Journal of the Korea Convergence Society
• /
• v.8 no.7
• /
• pp.15-21
• /
• 2017

Recently, users' interest in IoT related products is increasing as the 4th industrial revolution has become social. The types and functions of sensors used in IoT devices are becoming increasingly diverse, and mutual authentication technology of IoT devices is required. In this paper, we propose an efficient double signature authentication scheme using Pascal's triangle theory so that different types of IoT devices can operate smoothly with each other. The proposed scheme divides the authentication path between IoT devices into two (main path and auxiliary path) to guarantee authentication and integrity of the IoT device. In addition, the proposed scheme is suitable for IoT devices that require a small capacity because they generate keys so that additional encryption algorithms are unnecessary when authenticating IoT devices. As a result of the performance evaluation, the delay time of the IoT device is improved by 6.9% and the overhead is 11.1% lower than that of the existing technique. The throughput of IoT devices was improved by an average of 12.5% over the existing techniques.

• Journal of Information Technology Services
• /
• v.15 no.3
• /
• pp.195-209
• /
• 2016

IoT (Internet of Things) is a collective term referring to application services that provide information through sensors/devices connected to the internet. The real world application of IoT is expanding fast along with growing number of sensors/devices. However, since IoT application relies on vertical combination of sensors/devices networks, information sharing within IoT services remains unresolved challenge. Consequently, IoT sensors/devices demand high construction and maintenance costs, rendering the creation of new IoT services potentially expensive. One solution is to launch an IoT open market for information sharing similar to that of App Store for smart-phones. Doing so will efficiently allow novel IoT services to emerge across various industries, because developers can purchase licenses to access IoT resources directly via an open market. Sharing IoT resource information through an open market will create an echo-system conducive for easy utilization of resources and communication between IoT service providers, resource owners, and developers. This paper proposes the new business model of IoT open market for information sharing, and the requirements for ensuring security and standardization of open markets.

• Journal of Internet of Things and Convergence
• /
• v.7 no.3
• /
• pp.1-8
• /
• 2021

With the rapid increase in the use of IoT and mobile devices, cyber criminals targeting IoT devices are also on the rise. Among IoT devices, when using a wireless access point (AP), problems such as packets being exposed to the outside due to their own security vulnerabilities or easily infected with malicious codes such as bots, causing DDoS attack traffic, are being discovered. Therefore, in this study, in order to actively respond to cyber attacks targeting IoT devices that are rapidly increasing in recent years, we proposed a method to collect traces of intrusion incidents artifacts from IoT devices, and to improve the validity of intrusion analysis data. Specifically, we presented a method to acquire and analyze digital forensics artifacts in the compromised system after identifying the causes of vulnerabilities by reproducing the behavior of the sample IoT malware. Accordingly, it is expected that it will be possible to establish a system that can efficiently detect intrusion incidents on targeting large-scale IoT devices.