Journal of the Korea Convergence Society (한국융합학회논문지)

Korea Convergence Society (한국융합학회)
권호 표지
DOI QR코드

DOI QR Code

Design Plan of Secure IoT System based Common Criteria

CC 기반의 안전한 IoT 시스템 설계 방안

  • Kim, Ju-Hun (Management & Planning Division, TTA) ;
  • Jung, Hyun-Mi (Dept. of Supercomputer System Development, KISTI) ;
  • Cho, Han-Jin (Dept. of Energy IT Engineering, Far East University)
  • Received : 2017.08.18
  • Accepted : 2017.10.20
  • Published : 2017.10.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, IoT technology is rapidly developing with the keyword "Anytime, Anywhere, Convenient". In addition, security problems in IoT systems are exploding and the damage is increasing as well. In this paper, we propose a method to develop IoT system safely by using internationally recognized CC evaluation in ICT by identifying the standardization and security technology development status defining IoT system security requirements. For this purpose, IoT system and service security aspects are analyzed. Based on this, it is possible to design the security functional requirements and to demonstrate the rationale of the security objective through the correspondence relation, and it is possible to design the protection profile for the IoT system. This is a sufficient basis for the development methodology to be presented in this paper because it is used as a means of referring to the set of security requirements of administrators, developers, and users.

최근 IoT기술은 '언제, 어디서나, 편리하게' 라는 키워드와 함께 급속도로 발전하고 있다. 이와 더불어 IoT 시스템에 대한 보안이슈가 폭발적으로 증가하고 있으며 그에 대한 피해도 커지는 상황이다. 이에 본 논문에서는 IoT 시스템 보안 요구사항을 정의하는 표준화와 보안기술개발 현황을 파악하고 ICT에서 국제적으로 통용되는 CC평가를 이용하여 안전하게 IoT 시스템을 개발하는 방안을 제시한다. 이를 위하여 우선 IoT 시스템과 서비스 측면의 보안목적을 분석 하였다. 향후 이를 토대로 보안기능요구사항을 설계하고 대응관계 통하여 보안목적의 이론적 근거가 증명할 수 있으며 IoT 시스템에 대한 보호프로파일설계가 가능하다. 이는 관리자, 개발자, 사용자 측면의 보안요구집합을 참조할 수단으로 사용되므로 본 논문에서 제시하고자하는 개발 방법론에 대한 충분한 근거가 된다.

Keywords

References

  1. Computerworld, "Siemens: Stuxnet worm hit industrial systems", September 16, 2010.
  2. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model; Version 3.1, Revision 1, CCMB-2006-09-001,
  3. Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components; Version 3.1, Revision 2, CCMB-2007-09-002,
  4. Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components; Version 3.1, Revision 2, CCMB-2007-09-003,
  5. J. H. Kim, A Middleware Development Method for Internet of Things(IoT) Security, Master thesis of Far East University, 2017.
  6. Ashton, Kevin. "That 'Internet of Things' Thing."RFiD Journal, 22, pp 97-114, 2009.
  7. https://ko.wikipedia.org/wiki/전재
  8. Lee, Geo-Spatial Information System, Kumiseokwan Press, 2016.
  9. L. Atzori, A. lera, G. Moraito, "The Internet of Things: A survey", Computer Networks, vol 54, no. 15, pp. 2787-2805, Oct. 2010. https://doi.org/10.1016/j.comnet.2010.05.010
  10. KIET, Hyper Connected Society IoT Activation Plan 2014.
  11. http://cafe.naver.com/rapid7/2041
  12. http://www.lgcns.com/LGCNS.GHP.Main/Solution/IoTPlat form_En.
  13. NIPA, IoT Case Study- Architecture, 2016.
  14. http://blog.naver.com/human1500/220785377334.
  15. Mellado, Daniel, Eduardo Fernandez-Medina, and Mario Piattini. "A common criteria based security requirements engineering process for the development of secure information systems." Computer standards & interfaces 29.2 (2007): 244-253. https://doi.org/10.1016/j.csi.2006.04.002
  16. Atzori, Luigi, Antonio Iera, and Giacomo Morabito. "Siot: Giving a social structure to the internet of things." IEEE communications letters 15.11 (2011): 1193-1195. https://doi.org/10.1109/LCOMM.2011.090911.111340
  17. Babar, Sachin, et al. "Proposed security model and threat taxonomy for the Internet of Things (IoT)." Recent Trends in Network Security and Applications (2010): 420-429.