Journal of Security Engineering (보안공학연구논문지)

Innovation in Secure and Intelligent Engineering Systems (보안공학연구지원센터)
권호 표지
DOI QR코드

DOI QR Code

Remarks on Smart Watch Security Vulnerability and Solution

스마트 워치 보안 취약점 및 해결 기법에 대한 고찰

  • 이융희 (경일대학교 사이버보안학과) ;
  • 김현성 (경일대학교 사이버보안학과)
  • Received : 2015.04.13
  • Accepted : 2015.06.04
  • Published : 2015.06.30
⟨ Previous Next ⟩

Abstract

The purpose of this paper is to provide remarks on the current technical status, security vulnerabilities, and security solutions on smart watch. First of all, we will review the current technical status on smart watch focused on the operating system and functionalities from various companies including Apple, Samsung, Sony, and so on. Especially, this paper will provide the previous research work analyses on security vulnerabilities by following the classification and security solutions on them. Finally, we will provide the future research directions on smart watch security.

본 논문에서는 스마트 워치에 대한 기술적 현황과 보안 취약점 및 해결책에 대한 연구 현황을 고찰한다. 먼저 애플, 삼성, 소니 등의 다양한 회사에서 제작된 스마트 워치의 기술적 현황을 운영체제와 기능 관점에서 분석한다. 특히, 이들 시스템의 보안 취약점을 다양한 관점에서 분석하고, 각 취약점에 대한 보안 해결책들에 대한 기존 연구의 현황을 살펴본다. 마지막으로 우리는 향후 스마트 워치 보안에 관한 연구 방향을 제시한다.

Keywords

References

  1. http://www.media.mit.edu/wearables/lizzy/timeline.html.
  2. M. J. Zieniewicz, D.C. Johnson, C. Wong and J. D. Flatt, The Evolution of Army Wearable Computers, IEEE Pervasive Computing. (2002), Vol. 1, No. 4, pp. 30-40. https://doi.org/10.1109/MPRV.2002.1158276
  3. http://rack.0.mshcdn.com/media/ZgkyMDE0LzA1LzEyLzc4L3RlY2g5LjYzMTI2LmpwZwpwCXRodW1iCTEyMDB4OTYwMD4/9d56ecba/d2a/tech9.jpg/.
  4. http://www.gizmag.com/w200-wearable-computer/11443/, April 10 (2009).
  5. T. H. Kim, M. K. Hwang and H. M. Jung, Current, Future, and Issue of Future Wearable Computing, IITA IT Trends. (2014), Vol. 1637, pp.16-18.
  6. http://ko.wikipedia.org/wiki/착용_컴퓨터, April 29 (2015).
  7. G. David, Google unveils 'Project Glass' virtual-reality glasses, CNN, 2012.
  8. http://www.anandtech.com/show/7785/samsung-announces-tizenbased-gear-2-gear-2-neo-smartwatches, February 23 (2014).
  9. http://www.apple.com/kr/watch/ (2015).
  10. http://ko.wikipedia.org/wiki/tizen January 15 (2015).
  11. http://www.kbench.com/?q=node/136900, July 29 (2014).
  12. http://www.android.com/wear/ (2015).
  13. http://techcrunch.com/2014/08/27/lg-g-watch-r/, August 27 (2014).
  14. http://www.sonymobile.com/global-en/products/smartwear/smartwatch-3-swr50/features/ (2014).
  15. http://www.zdnet.co.kr/news/news_view.asp?artice_id=20140410145656, April 10 (2014).
  16. J. Jang, S. Han, Y. Cho. U. J. Choe and J. Hong, Survey of Security Threats and Countermeasures on Android Environment, Journal of Security Engineering. (2014), Vol. 11, No. 1, pp. 1-12. https://doi.org/10.14257/jse.2014.02.01
  17. T. K. Chawla and A. Kajala, Transfiguring of and Android App Using Reverse Engineering, International Journal of Computer Science and Mobile Computing. (2014), Vol. 3, No. 4, pp. 1204-1208.
  18. E. Chin and D. Wagner, Bifocals: Analyzing WebView Vulnerabilities in Android Applications, Lecture Notes in Computer Science. (2013), Vol. 8267, pp. 138-159.
  19. W. Enck, D. Octeau, P. McDaniel and S. Chaudhuri, A Study of Android Application Security, Proc. of the 20th USENIX conference on Security, (2011) pp. 21-21, Aug. 8-12; San Francisco, USA.
  20. L. Davi, A. Dmitrienko, A. Sadeghi and M. Winandy, Privilege Escalation Attacks on Android, Proc. of the 13th International Conference on Information Security and Cryptology, (2010) pp. 346-360, Dec. 1-3; Seoul, Korea.
  21. A. P. Felt, S. Hanna and E. Chin, Permission Re-delegation: Attacks and Defenses, Proc. of the 20th USENIX Security Symposium, (2011) Aug. 8-12; San Francisco, USA.
  22. A. P. Felt, M. Finifter, E. Chin, S. Hanna and D. Wagner A survey of mobile malware in the wild, Proc. of the 1st ACM workshop on Security and Privacy in Smartphones and Mobile Devices, (2011) pp. 3-14, Oct. 17-21; Chicago, USA.
  23. T. Blasing, L. Batyuk, A. D. Schmidt and S. A. Camtepe, An Android Application Sandbox system for suspicious software detection, Proc. of 5th International Conference on Malicious and Unwanted Software, (2010) pp. 55-62, Oct. 19-20; Nancy, France.
  24. M. Nauman, S. Khan and X. Zhang, Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints, Proc. of the 5th ACM Symposium on Information, Computer and Communications Security, (2010) pp. 328-332, Apr. 13; Beijing, China.
  25. J. Jeon, K. K. Micinski, J. A. Vaughan, N. Reddy, Y. Zhu, J. S. Foster and T. Millstein, Dr. Android and Mr. Hide: Fine-grained Security Policies on Unmodified Android, UM Computer Science Department, (2011), pp. 1-14.
  26. D. Barrera, H. G. Kayacik, P. C. Oorschot and A. Somayaji, A Methodology for Empirical Analysis of Permission-Based Security Models and its Application to Android, Proc. of the 17th ACM Conference on Computer and Communications Security, (2010) pp. 73-84, Oct. 4-8; Chicago, USA.
  27. K. Jang, S. CHoi and H. Yeom, Smartphone DDoS Attacks, Information Security. (2011), Vol. 21, No. 5, pp. 65-70.
  28. J. Mu, A. Cui, and J. Rao, Android Mobile Security-Threats and Protection, Proc. of International Conference on Computer, Networks and Communication Engineering, (2013) pp. 683-685, May 23-24; Beijing, China.
  29. Y. J. Won, H. Kim and J. H. Huh, Hybrid Spam Filtering for Mobile Communication, Computers & Security. (2010), Vol. 29, No. 4, pp. 446-459. https://doi.org/10.1016/j.cose.2009.11.003
  30. G. Xiang, J. Hong, C. P. Rose and L. Cranor, Cantina+: A Feature-rich Machine Learning Framework for Detecting Phishing Web Sites, ACM Transactions on Information and System Security. (2011), Vol. 14, No. 2, article No. 21.
  31. C. Ye, W. Han and Y. Le, Anti-Phishing based on Automated Individual White-list, Proc. of the 4th ACM Workshop on Digital Identity Management, (2008) pp. 51-60, Nov. 8; Berlin, Germany.
  32. Jonathan Zdziarski, Hacking and Securing iOS Applications, O'Reilly Media, (2012).
  33. J. S. Oh, Study on the leakage of personal information through the iOS jailbreak, M. S. Thesis, Chungnam National University, (2012).
  34. http://techcrunch.com/2013/02/04/jailbreaking-is-back-new-evasi0n-software-works-on-most-ios-6-06-1-devices-including-iphone-5/ February 4 (2013)
  35. AhnLab, Imagination becomes reality, IoT, Security Issue & Issue, (2014).
  36. http://arstechnica.com/apple/2011/04/how-apple-tracks-your-location-without-your-consent-and-why-it-matters/, April 21 (2011).
  37. H. S. Park, Privacy issues and implications surrounding the wearable computer, KOITA, (2013).