Shortcut Menu
Main Menu Shortcut
Content Shortcut

Useful Resource

Research Report

Posts about Global Activity
Title A Study on Security Information Sharing Among the IoT Service·Product Provider
Date 2015-11-12 Hit 3613
Attachments 151112_A Study on Security Information Sharing Among the IoT Service·Product Provider..hwp

SUMMARY

 

 

 

 

1. Title

 

A study on Security Information Sharing Among the IoT Service·Product Provider.

 

2. Purpose of the study

 

The reason Existing hazard in cyberspace has spread to the real world is that IoT can be worked all sorts of things. IoT also progress into our lives and become available on the infrastructure such as energy facilities.

Furthermore, IoT security threat not only bring a service/product malfunction but cause hazard of national security.

Therefore, it is necessary to find a solution and try to prevent and minimize security accident by building a cooperative system among the IoT service/product provider.

 

3. Contents and scope

 

(1) The research & analysis of IoT device/product/service

 

We started a research about IoT devices, products, and services currently in use or ongoing development for deduction from IoT ISSS( Information Security Sharing System). We also analyzed 1,629 IoT utility model and patent, and then classified the players that compose the IoT into chip vendor, module/device, platform, solution, and network/service. Another category is provider, and the other one is industry.

(2) The report of IoT information security trends, security threat and requirements.

 

The reason IoT build a basis from connection with IT is that existing cyber space is not free from active attacks. It is necessary to analyze IoT information security trends, security threat and requirements because some products and services related IoT can be a target of active attacks.

(3) The case analysis of ISSS at home and abroad

 

To set up suitable ISSS for IoT environment, research about standard ISSS at home and abroad will be needed us. There is also a report about present condition in currently use.

(4) The security information list required sharing among the IoT Service/Product provider

 

Based on (1)-(3) analysis, there will be suggestion of IoT reference model and function requirements in ISSS. In order to apply practically IoT environment, choose a reference model considering connection with players and set up the information management process for IoT players/industry information gathering and sharing.

 

 

 

 

4. Results of the study

 

(1) The research & analysis of IoT device/product/service

In order to build IoT ISSS, there is a prelimiary research about IoT devices, products, and services currently in use or ongoing development.

We analyzed 1,629 IoT utility model and patent, and figured out the number of players. There are 4 hip vendor and 556 module/device, 665 platform/solution, 404 network/service.

In case of provider classification, There is a huge effects on all players because most of big company and mobile network operator research and development their device center, platform, and solution.

As a result of this, it is chance to recognize the necessity of enhanced security for existing electronic device and computer system, not the IoT growing industries such as smart home, smart medical, etc.

 

(2) The security vulnerability of IoT product/service

 

After research about security threat for each value chain, It takes time to figure out how to occur some attacks to chip vendor through security vulnerability of micro controller chip and circuit level.

In the area of module/device, It is possible that a attack on device which has ability to access network and save, process, and judge data can cause of information leakage and device malfunction.

In case of platform/solution and network/service, it is necessary to build a complex security management, especially something specialized IoT in management server and base station.

It is possible to figure out industry security threat and common security requirements from analysis of smart home, smart medical, and smart car that related to project ‘사물인터넷 정보보호로드맵 3개년 시행계획’ of the MSIP. To handle all kinds of security incidents, ISSS that directly applicable to field in IoT environment can be solution.

(3) The case analysis of ISSS at home and abroad

 

Nowdays looking into the present condition and major features of ISSS at home and abroad is important. There are a lot of works for prevention and management all kinds of security incidents. Both domestic and foreign countries run a Real-time alerts and system analysis, they also do security control, initial response, and joint response with related organization When the security incidents occur.

We checked ISSS of info-communication, finance, local government, and energy area in south korea. We also examined ISSS managed by PDD-63 of state government, water resources, finance, and communication area in america. It is necessary to establish a ready to use standard reflecting industry Expertise about definition of cyber threats and point of view to standardization, require it for information sharing through analyzing C-TAS and ISSS in America.

 

(4) Reference model of IoT ISSS

 

There is function requirements for managing and building Reference model of IoT ISSS, consist of security specialist, IoT security center, IoT industry, IoT players, and IoT security council. There is also information management process classified into information gathering, information verification and analysis, and information sharing level, with detailed contents. To keep shared information secure explaining period and kind of shared information in information gathering and sharing process. The information sharing grade is rated by redefinition of Traffic light protocol of US-CERT, the Standard of judgement for situation is determined.

 

 

5. Expected effects and applications

 

- It can be utilized as basic guideline for management IoT ISSS.

- It is a good reference for business plan related IoT security in public and private sector.

- It will help to make a connection between existing ISSS and IoT ISSS.

- It can be expected the reduction of security threats in national IoT infrastructure and taking security information diversity by sharing information of security threat through building an preemptive and immediate response system for all kinds of IoT threat.

- The early settlement of safe IoT infrastructure will lead us as a leader in IT industry.

PREVIEW The Study on Trend Analysis and Improvement Analys
NEXT The Research for Alternatives of the Resident Regi