Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis of the Vulnerability of the IoT by the Scenario

시나리오 분석을 통한 사물인터넷(IoT)의 취약성 분석

  • 홍성혁 (백석대학교 정보통신학부) ;
  • 신현준 (목원대학교 융합컴퓨터미디어학부 컴퓨터공학과)
  • Received : 2017.07.11
  • Accepted : 2017.09.20
  • Published : 2017.09.28
Download PDF
⟨ Previous Next ⟩

Abstract

As the network environment develops and speeds up, a lot of smart devices is developed, and a high-speed smart society can be realized while allowing people to interact with objects. As the number of things Internet has surged, a wide range of new security risks and problems have emerged for devices, platforms and operating systems, communications, and connected systems. Due to the physical characteristics of IoT devices, they are smaller in size than conventional systems, and operate with low power, low cost, and relatively low specifications. Therefore, it is difficult to apply the existing security solution used in the existing system. In addition, IoT devices are connected to the network at all times, it is important to ensure that personal privacy exposure, such as eavesdropping, data tampering, privacy breach, information leakage, unauthorized access, Significant security issues can arise, including confidentiality and threats to facilities. In this paper, we investigate cases of security threats and cases of network of IoT, analyze vulnerabilities, and suggest ways to minimize property damage by Internet of things.

네트워크 환경의 개발과 고속화가 되면서 수많은 스마트 기기가 개발되고, 사람과 사물의 상호작용을 가능하게 하면서 고속화된 스마트사회를 구현할 수 있다. 사물인터넷의 수가 급증함에 따라 장치, 플랫폼 및 운영 체제, 통신 및 연결된 시스템에 대한 광범위한 새로운 보안 위험 및 문제점들이 부각되고 있다. 사물인터넷(Internet of Things)장비 들이 갖는 물리적인 특성상 기존 일반 시스템에 비해 크기가 작고 저전력, 저비용, 상대적으로 낮은 스펙으로 운용 제작되기 때문에 연산 및 처리 능력이 떨어져 기존 시스템에서 사용하던 보안 솔루션 적용에 한계가 있다. 또한 IoT(Internet of Things)기기들이 네트워크에 항상 연결되어 있는 특성에 따라 도청 및 데이터의 위 변조, 프라이버시 침해, 정보 유출, 비 인가된 접근, 루팅 및 업데이트 취약성 등 개인의 사생활 노출이나 국가의 중요 기밀과 시설에 대한 위협까지 중대한 보안상 문제들이 나타날 수 있다. 따라서 본 논문에서는 사물인터넷(IoT)의 네트워크의 보안위협사례와 피해사례를 조사하고, 취약성을 시나리오를 통해 분석하여 사물인터넷에 의한 재산피해 최소화하기 위한 방안을 제시하였으며, 시나리오를 이용하는 방법으로 취약점을 분석하였다.

Keywords

References

  1. J. H. Kim, J. Y. Go, K. H. Lee, "A Scheme of Social Engineering Attacks and Countermeasures Using Big Data based Conversion Voice Phishing", Korea Convergence Society, Vol. 6, No. 1, pp. 85-92, 2015.
  2. B. Lee, W. S. Han. S. J. Kim, "Device Personalization Methods for Enhancing Packet Delay in Small-cells based Internet of Things," Dec 2016.
  3. M. J. Lee, "A Game Design for IoT environment", Journal of the Korea Convergence Society, Vol. 6, No. 4, 133-138, August 2015 https://doi.org/10.15207/JKCS.2015.6.4.133
  4. M. K. Sik, H. W. Park, "Global Trends discussion on privacy in the IoT environment, Institute for Information & communications Technology Promotion," pp. 12-23, June 2015.
  5. Y. S. Jeong, K. H. Han, S. H. Lee, "Access Control Protocol for Privacy Guarantee of Patient in Emergency Environment", The Journal of Digital Convergence, Vol. 12, No. 7, pp. 279-284, 2014. https://doi.org/10.14400/JDC.2014.12.7.279
  6. W. S. Bae, "Mutual authentication and Formal Verification in M2M Environment", The Journal of Digital Convergence, Vol. 12, No. 09, pp. 219-224, 2014.
  7. P. D. Drobintsev, V. P. Kotlyarov, I. G. Chernorutsky, L. P. Kotlyarova and O. V. Aleksandrova, "Approach to adaptive control of technological manufacturing processes of IoT metalworking workshop," 2017 XX IEEE International Conference on Soft Computing and Measurements (SCM), Saint Petersburg, Russia, pp. 174-176, 2017.
  8. C. J. Chae, H. J. Cho, "Smart Fusion Agriculture based on Internet of Thing", Journal of the Korea Convergence Society, Vol. 7. No. 6, pp. 49-54, 2016. https://doi.org/10.15207/JKCS.2016.7.6.049
  9. Ciokorea, "Revenge.Theft.Peep...Smart Home Network is the New 'World of Hacking'," http://www.ciokorea.com/news/24723, 2015. 04.
  10. J. Pacheco, S. Satam, S. Hariri, C. Grijalva and H. Berkenbrock, "IoT Security Development Framework for building trustworthy Smart car services," 2016 IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ, pp. 237-242. 2016.
  11. Ministry of Science, ICT and Future Planning, "Internet of Things-Information Protection Roadmap," 2014.
  12. K. B. Kim, H. J. Cho, "Regulation Improvement Measures for Activation of Internet of Things and Big Data Convergence", Journal of the Korea Convergence Society, Vol. 8, No. 5, pp. 29-35, May 2017. https://doi.org/10.15207/JKCS.2017.8.5.029
  13. B. C. Kim, "A Internet of Things(IoT) based exploration robot design for remote control and monitoring", Journal of digital Convergence, Vol. 13, No. 1, pp. 185-190, 2015. https://doi.org/10.14400/JDC.2015.13.1.185
  14. J. Pacheco, S. Satam, S. Hariri, C. Grijalva and H. Berkenbrock, "IoT Security Development Framework for building trustworthy Smart car services," 2016 IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ, pp. 237-242, 2016.
  15. B. Javed, M. W. Iqbal and H. Abbas, "Internet of things (IoT) design considerations for developers and manufacturers," 2017 IEEE International Conference on Communications Workshops (ICC Workshops), Paris, France, pp. 834-839, 2017.
  16. J. Rivera, "Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020" retried from http://www.gartner.com/newsroom/id/2636073, July, 2017.