The Journal of Korean Institute of Information Technology (한국정보기술학회논문지)

Korean Institute of Information Technology (한국정보기술학회)
권호 표지
DOI QR코드

DOI QR Code

Proposal of Technology and Policy Post-Security Management Framework for Secure IoT Environment

안전한 IoT 환경을 위한 기술 및 정책적 사후 보안관리 프레임워크

  • 이동혁 (제주대학교 초등교육연구소, 제주대학교 컴퓨터교육전공) ;
  • 박남제 (제주대학교 초등컴퓨터교육전공)
  • Received : 2017.01.26
  • Accepted : 2017.03.12
  • Published : 2017.04.30
⟨ Previous Next ⟩

Abstract

In recent years, the IoT environment has come to a reality. The IoT environment provides a lot of convenience, but security threats are also increasing. In order to secure the IoT environment, careful consideration of information security is needed. Security measures in the design and development stages of IoT products are being studied extensively. However, it is also very important to establish policies for post management after the release of IoT products. In this paper, we propose a technology and policy post-security management framework to provide secure IoT environment. The proposed framework performs specific countermeasures for each entity when a security flaw occurs after the release of IoT product. In particular, it has the benefits of taking actions such as software updates and recalls based on security flaws.

최근 들어 IoT 환경이 점차 현실로 다가오고 있다. IoT 환경은 많은 편리성을 제공해 주지만, 이에 따른 보안 위협도 크게 증가하고 있는 추세이다. IoT 환경이 안전하게 정착하려면, 정보보안에 대한 면밀한 고려가 필요하다. 현재까지 IoT 제품의 설계 및 개발단계에서의 보안 대책은 많이 연구되어지고 있으나, 이와는 별개로 IoT 제품 출시 이후의 사후관리에 대한 체계나 대응방안에 대한 수립도 매우 중요하다. 본 논문에서는 안전한 IoT 환경 제공을 위하여 기술 및 정책적 사후 보안관리 프레임워크를 제안하였다. 제안한 프레임워크는 IoT 제품 출시 이후 보안 결함 발생 시 사용자, 제조사, 소관부처 등 각 주체의 구체적인 대응 절차를 정의하며, 보안 결함의 위해성 평가를 기준으로 소프트웨어 업데이트, 리콜 등 적합한 조치를 수행한다는 특징이 있다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. Sungmin Rue, "Survey on the Platform of IoT and Big Data", Korea Institute of Information Technology Magazine Vol. 13, No. 2, pp. 19-25, Dec. 2015. https://doi.org/10.14801/jkiit.2015.13.5.19
  2. Jun Jong Am, Kim Nae Soo, Park Jeong Kil, Park Tae Jun, and Kang Ho Yong, "IoT device products and technology trends", The Journal of The Korean Institute of Communication Sciences, Vol. 31, No. 4, pp. 44-52, Mar. 2014.
  3. Hyun Jung La, Chun Woo Park, and Soo Dong Kim, "A Framework for Effectively Managing Dynamism of IoT Devices", Journal of KISS : Software and Applications Vol. 41, No. 8, pp. 545-556, Aug. 2014.
  4. Kang Nam Hee, "Standard Technology Trends for Internet Security of Things", The Journal of The Korean Institute of Communication Sciences, Vol. 31, No. 9, pp. 40-45, Aug. 2014.
  5. Babar, Sachin, et al., "Proposed security model and threat taxonomy for the Internet of Things (IoT)", In International Conference on Network Security and Applications, pp. 420-429, Jul. 2010.
  6. Zhou, Liang and Han-Chieh Chao, "Multimedia traffic security architecture for the internet of things", IEEE Network 25.3, 2011.
  7. Kang Nam Hee, "Things Internet Convergence Services Security Requirements", The Journal of The Korean Institute of Communication Sciences, Vol. 32, No. 12, pp. 45-50, Nov. 2015.
  8. Kim Dong Hee, Yun Seok Woong, and Lee Yong Pil, "Security for IoT services", The Journal of The Korean Institute of Communication Sciences, Vol. 30, No. 8, pp. 53-59, Jul. 2013.
  9. Donghyeok Lee and Namje Park, "IoT product security certification and security maintenance plan", The Journal of The Korean Institute of Communication Sciences, Vol. 33, No. 12, pp. 28-34, Nov. 2016.
  10. Kim Seon-Tae, Lim Chae-Deok, Jung Hee-Bum, and Han Dong-Won, "Trend on Lightweight IoT Device Platforms", Korea Institute of Information Technology Magazine, Vol. 13, No. 2, pp. 1-8, Dec. 2015.
  11. Nam-Uk Lee, Seung-Su Yang, Jae-Sung Shim, and Seok-Cheon Park, "Comparative Analysis of Low Power and Lightweight Encryption Algorithm for IoT Security", Proceedings of Korean Society For Internet Information Conference, Vol. 17, No. 2, pp. 249-250, Nov. 2016.
  12. Donghyeok Lee and Namje Park, "Geocasting-based synchronization of Almanac on the maritime cloud for distributed smart surveillance", The Journal of Supercomputing, Vol. 73, No. 3, pp. 1103-1118, Feb. 2016.
  13. Donghyeok Lee and Namje Park, "A Study on Metering Data De-identification Method for Smart Grid Privacy Protection", Journal of the Korea Institute of Information Security & Cryptology, Vol. 26, No. 6, pp. 1593-1603, Dec. 2016. https://doi.org/10.13089/JKIISC.2016.26.6.1593

Cited by

  1. 사물인터넷 보안 기술 분석 vol.17, pp.4, 2017, https://doi.org/10.7236/jiibc.2017.17.4.43
  2. Intelligent Video Surveillance Incubating Security Mechanism in Open Cloud Environments vol.17, pp.5, 2017, https://doi.org/10.14801/jkiit.2019.17.5.105
  3. Block Chain Based CCTV Image Forgery · Modulation Verification Mechanism vol.17, pp.8, 2017, https://doi.org/10.14801/jkiit.2019.17.8.107
  4. 교육행정정보시스템 학교생활기록부 데이터의 안정성 확보를 위한 블록체인 설계 및 구현 vol.11, pp.3, 2017, https://doi.org/10.15207/jkcs.2020.11.3.027
  5. 리치픽처 기법을 적용한 지능형 CCTV 알고리즘 창의교육 프로그램 개발 및 효과 vol.11, pp.4, 2017, https://doi.org/10.15207/jkcs.2020.11.4.125
  6. 국가 사이버 역량평가 모델을 활용한 국내 사이버안보 정책 의제 도출 연구 vol.19, pp.8, 2017, https://doi.org/10.14400/jdc.2021.19.8.089