Shortcut Menu
Main Menu Shortcut
Content Shortcut

Useful Resource

Research Report

Posts about Global Activity
Title A Study on Security Enhancement for
Date 2015-09-01 Hit 4115
Attachments 150901_A Study on Security Enhancement for.hwp

SUMMARY

 

 

1. Title

 

A study on security enhancement for IoT device and service

 

2. Purpose of the study

 

Internet of Things (IoT) technologies allow everyday objects including small devices in sensor networks to be capable of connecting to the Internet and it activates smart services such as smart heath care system and industry control system

 

Recent human lifestyles are innovatively and continuously changing with the growing number of smart devices of IoT

 

Security and privacy are the most important factors to successfully provide smart service, therefore IoT services must provide users with not only general security services such as data confidentiality, integrity, availability, data access control, and authentication, but also IoT specific security threats such as fragmentation attack, jamming attack, side channel attack and others

No international leading group for providing IoT security currently, despite of security and privacy protection scheme is necessary for activating Internet of Things and creating new services and markets

 

In providing security and privacy protection, absence of detailed consideration of IoT environment characteristics leads to several limitations in case of directly appling various security methods designed for existing Internet system

 

Therefore, fundamental and common security requirements for IoT Device and Service are highly required for activating IoT-based converged services

 

In particular, the common security requirements should contain security considerations overall life-cycle of IoT device and service such as ‘design-development’ phase and ‘deployment- install’ phase and ‘configuration-management-operation-disposal’ phase

 

image_01                

                      

3. Research contents and scope

 

o Analysis of Internet of Things technologies trends

Technical trends of Internet of Things device and service

Technology, market and policy trends of Internet of Things

Analysis of current technologies of international standard organizations (e.g. oneM2M, ITU-T, IEEE, 3GPP, ETSI, IETF etc.)

 

o Security issues and considerations in Internet of Things

Considerable security threats in Internet of Things environments

Case studies of security attacks against Internet of Things

 

o Development of common security principles and evaluation lists for IoT device and services based on analysis of Internet of Things properties

Specifying overall life-cycle consisting of several phases for IoT devices (especially, for lightweight things)

Development of security requirements for each phase from initial design to operation

 

4. Results of the study

 

o Survey on technical trends of Internet of Things device and service

Market trends analysis of several IoT services such as Smart home, smart car, IoT wearable device

Analysis of IoT standards based platform and service platform in market

Analysis of international and domestic policy and market trends for activating IoT

 

o Analysis of standard technologies for support Internet of Things

Analysis of technologies of oneM2M standard organization which is a consortium consisting of seven major local standard organizations (e.g., TTA, ETSI, etc.)

Trends analysis of standard alliances of major Internet of Things companies (e.g., OIC, Allsean, etc.)

Detailed technology analysis of IETF standard group specifying various IP based protocols (because thing to thing communication uses Internet based protocol of IETF)

 

o Analysis of security issues and considerations in IoT

Presenting several cases of security attacks against Internet of Things device and service

Analysis of various security threats considering properties of Internet of Things environment (considering on security of overall life-cycle from design to disposal of IoT device)

 

o Propose a common security principle for developing IoT devices and lunching IoT services

Security requirements for IoT device in design/development phase

(1) IoT device and service design with considering on enhancement of information security and privacy protection

· Based on the principle of “Security by Design” and “Privacy by Design”

(2) Applying and verifying secure software and hardware development technologies

· Usage verification of secure coding, secure software, and application security and utilizing secure hardware device

Security requirements for IoT device in deployment/ install(re-install)/configuration(re-configuration) phase

(3) Support of methods for secure bootstrapping

· Based on the principle of “Security by Default”

(4) Utilizing secure protocol and secure parameter

· Using securely certified protocols in communication and platform (encryption/authentication/authorization technology)

Security requirements for IoT device in operation/management/ disposal phase

(5) Security vulnerability patches and updates for IoT device and service

· Continuous monitoring and performing updates for security vulnerabilities in S/W and H/W

(6) Information protection and privacy management framework for secure operation and management

· Providing information protection and privacy management mechanisms for overall cycle of user information acquisition -usage-disposal

(7) Providing means to support IoT incident response system and responsibility to trace of attacks

· Providing intrusion detection against security incidents and providing means to analysis and obtain responsibility for tracing attacks

 

5. Suggestions for usage

 

o Used as a security guideline for demand companies to derive, verify and refer the security requirements of applied IoT devices in developing brand new services using various Internet of Things device

 

o Used as a basic reference for small business company in developing IoT devices in the absence of its own security experts

o Used as a basic policy for enhancing security in smart integration services using IoT technologies such as building automation, smart city, and smart grid

 

 

6. expected effect

 

o Supporting foundation for the establishment of secure development of IoT devices and service

Usable for evaluating security threats and vulnerabilities in overall life-cycle from design to disposal of IoT devices in Internet of Things consisting of heterogeneous devices and wired·wireless network technologies and intelligent platform

Like the usability for IoT devices described above, usable for IoT service in evaluating security requirements of all of the phases from design to operation

PREVIEW Research on Reinforcement of IoT Service Responsib
NEXT A Study on the Development of the Next Generation