• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.847-857
• /
• 2020

As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.

• Journal of Internet Computing and Services
• /
• v.14 no.5
• /
• pp.119-128
• /
• 2013

As ICT technology becomes advanced, the importance of future internet is emphasized and in part of that, M2M (Machine-to Machine communications) is magnified in terms of importance and usage in public and private sector. M2M is emerging as a next generation strategic industry but there is no existing analyzed data or market classification, so it disrupts establishing policies on the M2M industry. As the technology is progressing, the evolution from M2M to IoT (Internet of Things) has started and many countries actively try to find technological trend through market analysis in order to develop new growth engine. Therefore, in order to strengthen competitiveness, we should secure differentiated capabilities in industry and service. This article examines Korea's domestic market and international market trends in IoT and analyses the economic impact of the IoT industry using quantitative methodology and evaluates relations between the IoT industry and other relevant industries. As a result, the effect of IoT industry on production inducement is KRW474.6 billion; the effect on value-added inducement is KRW314.7 billion; and it is measured that 3,628 jobs will be created by the IoT industry.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.5
• /
• pp.1484-1502
• /
• 2023

The medical sector actively changes and implements innovative features in response to technical development and revolutions. Many of the most crucial elements in IoT-connected health services are safeguarding critical patient records from prospective attackers. As a result, BlockChain (BC) is gaining traction in the business sector owing to its large implementations. As a result, BC can efficiently handle everyday life activities as a distributed and decentralized technology. Compared to other industries, the medical sector is one of the most prominent areas where the BC network might be valuable. It generates a wide range of possibilities and probabilities in existing medical institutions. So, throughout this study, we address BC technology's widespread application and influence in modern medical systems, focusing on the critical requirements for such systems, such as trustworthiness, security, and safety. Furthermore, we built the shared ledger for blockchain-based healthcare providers for patient information, contractual between several other parties. The study's findings demonstrate the usefulness of BC technology in IoHT for keeping patient health data. The BDSA-IoHT eliminates 2.01 seconds of service delay and 1.9 seconds of processing time, enhancing efficiency by nearly 30%.

• Journal of Internet of Things and Convergence
• /
• v.6 no.4
• /
• pp.81-87
• /
• 2020

This paper creates a standard node for acquiring sensor data from various industrial sensors (IoT/non-IoT) for the establishment of Smart Factory Digital Twin, and provides inter-compatible data by linking zones by group/process to secure data stability and to ensure the digital twin (Digital Twin) of Smart Factory. The process of the Zone Master platform contains interface specifications to define sensor objects and how sensor interactions between independent systems are performed and carries out individual policies for unique data exchange rules. The interface for execution control of the Zone Master Platform processor provides system management, declaration management for public-subscribe, object management for registering and communicating status information of sensor objects, ownership management for property ownership sharing, time management for data synchronization, and data distribution management for Route information on data exchange.

• Journal of the Korean Association of Geographic Information Studies
• /
• v.26 no.4
• /
• pp.67-79
• /
• 2023

Service environments through laptops, smart devices, and various IoT devices are developing very rapidly. Recent security measures in these Internet environments mainly consist of network application level solutions such as firewall(Intrusion Prevention Systems) and IDS (intrusion detection system). In addition, various security data have recently been used on-site, and issues regarding the management and destruction of such security data have been raised. Products such as DRM(Digital Rights Management) and DLP(Data Loss Prevention) are being used to manage these security data. However despite these security measures, data security measures taken out to be used in the field are operated to the extent that the data is encrypted, delivered, and stored in many environments, and measures for encryption key management or data destruction are insufficient. Based on these issues we aim to propose a SecureOS Module, an OS-based security module. With this module users can manage and operate security data through a consistent interface, addressing the problems mentioned above.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.439-448
• /
• 2015

IoT (Internet of Things) propels current networked communities into a advanced hyper-connected society/world where uniquely identifiable embedded computing devices are associated with the existing internet infrastructure. Therefore, the IoT services go beyond mere M2M (Machine-to-Machine communications) and should be able to empower users with more flexible communication capabilities over protocols, domains, and applications. In addition, The access control in IoT need a differentiated methods from the traditional access control to increase a security and dependability. In this paper, we describe implementation and design of the capability token based system for secure access control in IoT environments. In the proposed system, Authorities are symbolized into concepts of the capability tokens, and the access control systems manage the tokens, creation, (re)delegation and revocation. The proposed system is expected to decrease the process time of access control by using capability tokens.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1211-1221
• /
• 2016

In IoT environment, making sure of trust of IoT devices is the most important one than others. The security threats of nowadays almost stay at exposure or tampering of information. However, if human life is strongly connected to the Internet by IoT devices, the security threats will probably target human directly. In case of devices, authentication is verified using the device-known private key. However, if attacker can modify the device physically, knowing the private key cannot be the evidence of trust any more. Thus, we need stronger verification method like code attestation. In this paper, we use software-based code attestation for efficiency. We also suggest secure code attestation method against copy of original code and implement it on embedded device and analyze its performance.

• Journal of Advanced Navigation Technology
• /
• v.25 no.5
• /
• pp.390-396
• /
• 2021

In this research, design and fabrication of marine repeater capable to extend communication coverage in monitoring system of fishing gear automatic identification, which is one of implementation method of the real-name electric fishing gear system declared by Ministry of Oceans and Fisheries in 2016, is reported. The proposed marine repeater is fabricated in a form of RF repeater with interference cancellation system (ICS), which can cancel the oscillation due to feedback signal between service antenna and link antenna. In design process, we secure the isolation of 30 dB between service antenna and link antenna. It is confirmed that when the level of feedback signal into repeater input be lower of 15 dB than repeater gain, error vector magnitude due to oscillation can be lower than the performance criterion of 6%, from the test verification. It is expected that the service coverage will be extended by applying the developed marine ICS RF repeater into marine IoT network including monitoring system of fishing gear automatic identification.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.7
• /
• pp.1986-2009
• /
• 2024

The integration of blockchain technology with the rapid growth of Internet of Things (IoT) devices has enabled secure and decentralised data exchange. However, security vulnerabilities and performance limitations remain significant challenges in IoT blockchain networks. This work proposes a novel approach that combines transaction representation and machine learning techniques to address these challenges. Various clustering techniques, including k-means, DBSCAN, Gaussian Mixture Models (GMM), and Hierarchical clustering, were employed to effectively group unlabelled transaction data based on their intrinsic characteristics. Anomaly transaction prediction models based on classifiers were then developed using the labelled data. Performance metrics such as accuracy, precision, recall, and F1-measure were used to identify the minority class representing specious transactions or security threats. The classifiers were also evaluated on their performance using balanced and unbalanced data. Compared to unbalanced data, balanced data resulted in an overall average improvement of approximately 15.85% in accuracy, 88.76% in precision, 60% in recall, and 74.36% in F1-score. This demonstrates the effectiveness of each classifier as a robust classifier with consistently better predictive performance across various evaluation metrics. Moreover, the k-means and GMM clustering techniques outperformed other techniques in identifying security threats, underscoring the importance of appropriate feature selection and clustering methods. The findings have practical implications for reinforcing security and efficiency in real-world IoT blockchain networks, paving the way for future investigations and advancements.

• Journal of the Korea Convergence Society
• /
• v.9 no.5
• /
• pp.27-32
• /
• 2018

IoT technology is developing with various application areas in $4^{th}$ Industrial revolution. There are many users using the application services. Sensing data from various environment need to be transferred to cloud computing storage and store in the cloud storage. However, physical distance from the end node to cloud computing storage is far away, and it is not efficient to transfer data from sensors and store the sensing data in the cloud storage whenever sensing data happen. Therefore, Fog computing is proposed to solve these problems which can process and store the sensing data. However, Fog computing is new emerging technology, there is no standard security model and requirements. This research proposes to security requirements and security model for Fog computing to establish a secure and efficient cloud computing environment.