KR20170080958A - System for maintaining and enhancing security of Internet of Things(IoT) network - Google Patents
System for maintaining and enhancing security of Internet of Things(IoT) network Download PDFInfo
- Publication number
- KR20170080958A KR20170080958A KR1020150191029A KR20150191029A KR20170080958A KR 20170080958 A KR20170080958 A KR 20170080958A KR 1020150191029 A KR1020150191029 A KR 1020150191029A KR 20150191029 A KR20150191029 A KR 20150191029A KR 20170080958 A KR20170080958 A KR 20170080958A
- Authority
- KR
- South Korea
- Prior art keywords
- iot
- internet
- gateway
- information
- attacker
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
According to an embodiment of the present invention,
(IoT) device collecting information for screening an attacker or a vulnerable gateway; And selecting a gateway vulnerable to an attack based on the collected selection information, the method comprising the steps of: (a) collecting the information; (IoT) device among all the Internet (IoT) devices connected to the gateway in the local network to which the attacker belongs, or any Internet Internet (IoT) device connected to the gateway vulnerable to attacks (IoT) device is executed by the at least one Internet (IoT) device.
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system, a method, and a recording medium on which a program is recorded for securing and enhancing the security of an Internet (IoT) network.
Computers that use the network manage the translation table between the IP address and the MAC address, called the Addressing Protocol (ARP) table.
On the other hand, an ARP spoofing attack in which attackers attack the ARP table as if they are gateways is often performed, and countermeasures against such ARP spoofing attacks are disclosed (see, for example, 2011-0060271).
However, there is no effective countermeasure against the ARP spoofing attack in the Internet (IoT) network composed of a mobile environment in which operations such as roaming are performed.
In addition, there are inherent limitations on the Internet (IoT) devices, because their available resources are so small that the capacity of the programs required for security should not be large.
According to an embodiment of the present invention, there is provided a system, method, and system for maintaining and enhancing security of an Internet (IoT) network capable of effectively monitoring the security of an IoT network while using a small amount of memory, And a recording medium on which the program is recorded.
According to one embodiment of the present invention
On computer
(IoT) device collecting information (hereinafter referred to as 'selection information') for selecting an attacker or a gateway vulnerable to an attack; And
Selecting a gateway that is vulnerable to an attack or an attacker based on the collected selection information, the method comprising the steps of:
The information collecting step may be performed by at least one Internet (IoT) device among all the Internet (IoT) devices connected to the gateway in the local network to which the attacker belongs, (IoT) device, wherein at least one Internet (IoT) device among the Internet (IoT) devices is executed.
According to another embodiment of the present invention
A system for securing and enforcing a Secure Internet (IoT) network comprising a gateway and a plurality of Internet (IoT) devices
Wherein at least one of the plurality of Internet < RTI ID = 0.0 > (IoT) < / RTI &
Collecting information (hereinafter, referred to as 'selection information') for selecting an attacker or a gateway vulnerable to attack,
Performs an operation of selecting an attacker or a gateway vulnerable to attack based on the collected selection information,
Wherein the collecting of information is performed by at least one Internet (IoT) device among all the Internet (IoT) devices connecting to the gateway in the local network to which the attacker belongs, A system is provided for maintaining and enhancing security of an Internet (IoT) network, characterized in that the Internet (IoT) device is an operation performed by at least one Internet (IoT) device.
According to one or more embodiments of the present invention, the security of the Internet of Things (IoT) can be maintained by using the device itself constituting the Internet (IoT) and by the firmware information about the gateway alone. It is possible to effectively monitor the security of the IoT network while using less and consuming less power.
In addition, according to one or more embodiments of the present invention, ARP spoofing can be effectively prevented by correctly distinguishing between roaming in the Internet (IoT) network to which the mobile device belongs and the case of ARP spoofing.
FIG. 1 is a diagram for explaining a system for maintaining and enhancing security of an Internet (IoT) network according to an embodiment of the present invention.
2 is a diagram illustrating a method for securing and enforcing a Secure Internet (IoT) network including a gateway and a plurality of Internet (IoT) devices according to an embodiment of the present invention.
3 is a diagram for explaining a program for executing a method for securing and enhancing security of an Internet (IoT) network according to an embodiment of the present invention.
4 is a diagram for explaining an ARP spoofing prevention system for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
FIG. 5 is a diagram for explaining an operation of selecting and blocking an attacker according to an embodiment of the present invention.
6 is a diagram for explaining roaming operation according to an embodiment of the present invention.
7 is a diagram for explaining an ARP spoofing prevention method for IoT security in the Internet of Things (IoT) network.
BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features, and advantages of the present invention will become more readily apparent from the following description of preferred embodiments with reference to the accompanying drawings. However, the present invention is not limited to the embodiments described herein but may be embodied in other forms. Rather, the embodiments disclosed herein are provided so that the disclosure can be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Also, terms used herein are for the purpose of illustrating embodiments and are not intended to limit the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. The terms "comprises" and / or "comprising" used in the specification do not exclude the presence or addition of one or more other elements.
Hereinafter, the present invention will be described in detail with reference to the drawings. In describing the specific embodiments below, various specific details have been set forth in order to explain the invention in greater detail and to assist in understanding it. However, it will be appreciated by those skilled in the art that the present invention may be understood by those skilled in the art without departing from such specific details. In some instances, it should be noted that portions of the invention that are not commonly known in the description of the invention and are not significantly related to the invention do not describe confusing reasons for explaining the present invention.
1 is a diagram illustrating a system for securing and enforcing a Secure Internet (IoT) network including a gateway and a plurality of Internet (IoT) devices according to an embodiment of the present invention.
Referring to FIG. 1, a system for securing and enforcing a Secure Internet (IoT) network including a gateway and a plurality of Internet (IoT) devices includes a plurality of local networks LN1 and LN2 and a security server 100 ).
Each of the plurality of local networks (LN1, LN2) includes a gateway and a plurality of Internet (IoT) devices. That is, the local network LN1 includes a
The
The
At least one of the object Internet devices belonging to the plurality of local networks (LN1, LN2) performs the operation according to the present invention.
Hereinafter, the configuration, operation, and effect of the Internet (IoT)
The object Internet (IoT)
In this embodiment, the collecting operation of the sorting information has been described as being performed by the object Internet (IoT)
Here, the selection information includes information on the firmware of the
For example, the information about the firmware may be the type and version information for the firmware.
The Internet (IoT)
In addition, the object Internet (IoT)
In addition, the object Internet (IoT)
According to one embodiment of the present invention, the selection information further includes an ARP table (including information on a MAC address) owned by the Internet (IoT)
The selection information according to an embodiment of the present invention may be collected when it is collected from time to time, when the gateway is changed, when the ARP table is changed, or when a MAC address for the attacker is acquired.
Upon receiving the selection information from the Internet (IoT)
For example, when the selection information includes firmware information for the
In addition, when the MAC address of the Internet (IoT) devices is included in the selection information, the
When the attacker's MAC address is included in the selection information, for example, the
Although the Internet (IoT)
2 is a diagram illustrating a method for securing and enforcing a Secure Internet (IoT) network including a gateway and a plurality of Internet (IoT) devices according to an embodiment of the present invention.
Referring to FIG. 2, a method for securing and enforcing a secure Internet (IoT) network including a gateway and a plurality of Internet (IoT) devices according to an embodiment of the present invention, Can be implemented in the same system.
Hereinafter, it will be assumed that a method for securing and enforcing security of an Internet (IoT) network including a gateway according to an embodiment of the present invention and a plurality of Internet (IoT) devices is implemented in a system as shown in FIG. 1 , A method for securing and enforcing a secure Internet (IoT) network including a gateway and a plurality of Internet (IoT) devices according to an embodiment of the present invention will be described.
2, a method for securing and enforcing a Secure Internet (IoT) network including a gateway and a plurality of Secure Internet (IoT) devices, according to an embodiment of the present invention, A step S103 of collecting the collected selection information to the security server 100 (S103), a step S103 of collecting the selection information (for example, information for selecting the gateway vulnerable to an attacker or an attacker) (S105). If the
Also, a method for securing and enhancing security of an Internet (IoT) network including a gateway and a plurality of Internet (IoT) devices according to an embodiment of the present invention includes: Further comprising the step of informing the user that the Internet (IoT) device is an attacker or a vulnerable gateway.
In step S107, when the
FIG. 3 is a diagram for explaining a program for executing a method for securing and enhancing security of an Internet (IoT) network according to an embodiment of the present invention.
3, an Internet Internet (IoT)
The
A
A
Although the foregoing has been described by way of example with respect to the Internet (IoT)
Hereinafter, with reference to FIG. 4 to FIG. 7, embodiments for obtaining information (MAC address) about an attacker by taking the object Internet (IoT)
4 is a diagram for explaining an ARP spoofing prevention system for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
Referring to FIG. 4, an ARP spoofing prevention system (hereinafter referred to as 'ARP spoofing prevention system') for IoT security in an Internet Internet (IoT) network according to an embodiment of the present invention includes a gateway (GW) (IoT)
The gateway (GW) 10 and the plurality of Internet (IoT)
The gateway (GW) 10 and the plurality of Internet (IoT)
Hereinafter, for the purpose of explanation of the present invention, a configuration, operation, and effect of an Object Internet (IoT)
The Internet of Things (IoT)
The predetermined event may be, for example, when it is desired to transmit important data. Whether or not it is important data is predetermined by the user in advance. For example, data sent to a specific destination can be defined as important data. Data sent to the bank as specific destination data to be transmitted can all be defined as important data. In this case, each time the object Internet (IoT)
The Internet (IoT)
The address determination protocol (ARP) table includes the MAC address and the IP address of each of the Internet 10 (IoT)
The Internet (IoT)
The Internet (IoT)
The normal object Internet (IoT)
The object Internet (IoT)
In detail, the Internet (IoT)
In this embodiment, the action for the device detected as the attacker is possible according to the known techniques, and alternatively, the action according to the embodiment of the present invention is also possible.
The action according to one embodiment of the present invention for the device detected as an attacker is that when there is an Internet Internet Protocol (IoT) device processed as an attacker, the Internet, which is not an attacker connected to the
Although the above description has been described by taking the object Internet (IoT)
Hereinafter, an ARP spoofing prevention program for IoT security in an Internet (IoT) network according to an embodiment of the present invention will be described.
The ARP spoofing prevention program may be provided in the Internet (IoT)
The ARP spoofing prevention program for IoT security in the Internet (IoT) network according to an embodiment of the present invention is combined with the
The ARP spoofing prevention program for IoT security according to an embodiment of the present invention is a program for preventing an ARP spoofing prevention program for IoT security from occurring when a predefined event is detected in the Internet (IoT)
The ARP spoofing prevention program for IoT security according to an embodiment of the present invention may be applied to other object Internet (IoT)
The ARP spoofing prevention program for IoT security according to an embodiment of the present invention is a program for preventing an ARP spoofing for an
The ARP spoofing prevention program for IoT security according to an embodiment of the present invention is also applicable to all of the Internet (IoT) devices 10 (10) belonging to the local network when the
An ARP spoofing prevention program for IoT security according to an embodiment of the present invention is a program for preventing an ARP spoofing prevention program from being transmitted to a destination Internet (IoT)
The ARP spoofing prevention program for IoT security according to an embodiment of the present invention selects an Internet Internet (IoT) device having a duplicated MAC address as a result of scanning an IP address and a MAC address, and performs an operation for an attacker.
In detail, the ARP spoofing prevention program for IoT security according to an embodiment of the present invention is configured to prevent duplication of the address determination protocol (ARP) table in the updated address determination protocol (ARP) table when the address determination protocol (IoT) device having a MAC address. In the updated address determination protocol (ARP) table, if there is an Internet Internet Protocol (IoT) device having a duplicated MAC address, the device is regarded as an attacker, and an operation to perform subsequent processing is performed.
Although the foregoing has been described by way of example to the Internet (IoT)
FIG. 5 is a diagram for explaining an operation of selecting and blocking an attacker according to an embodiment of the present invention.
4 and 5, the operation of selecting and blocking an attacker according to an exemplary embodiment of the present invention will now be described. In the normal Internet (IoT)
In this situation, it is assumed that the
In the updated address determination protocol (ARP) table, there is a case where the MAC addresses are different from each other. This is because the
The following table shows the cases where the IP addresses are different and the MAC addresses are the same.
.
.
.
.
Referring to Table 1, there is a case where the IP address is different but the MAC address is different. If the gateway is IP: 00: 00: 01, the MAC address is 102.166. In the device with the 0.1, IP: If case 00:00:07, changed to a device with the MAC address of 102.166.0.1, to later gateway Changed IP : 00:00:07, Device with MAC address 102.166.0.1 It can be treated as an attacker.
6 is a diagram for explaining roaming operation according to an embodiment of the present invention.
Referring to Figures 4 and 6, a normal Internet (IoT)
In this situation, the
Since the IoT device 1 (20) roams to another local network, it renews its own address determination protocol (ARP) table. Then, check whether there is a device whose MAC address is duplicated in the updated address determination protocol (ARP) table.
In the network situation shown in Fig. 6 (i.e., no attacker exists and the IoT device 1 (20) roams), there is no device whose MAC address is duplicated.
Thereafter, the IoT device 1 (20) performs the operation described with reference to FIG.
That is, the Internet of Things (IoT)
7 is a diagram for explaining an ARP spoofing prevention method for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
Referring to FIG. 7, an ARP spoofing prevention method for IoT security in the Internet of Things (IoT) network may be implemented as an ARP spoofing prevention system for IoT security in the Internet of Things (IoT) network described with reference to FIG. . ≪ / RTI >
Assuming that the ARP spoofing prevention method for IoT security in the Internet (IoT) network according to the embodiment of the present invention is implemented in the system as shown in FIG. 4, The ARP anti-spoofing method for IoT security includes monitoring whether a predefined event occurs in the Internet of Things (IoT) device, or whether the MAC address of the gateway to which the Internet (IoT) device is connected is changed (S101 (IoT) device, or when the MAC address of the gateway to which the Internet (IoT) device is connected is changed (S103), all the objects Internet (IoT) Scanning and updating the IP address and the MAC address of the devices (S105); (IoT) device having a duplicated MAC address in the scanned result (S107), and selecting (S109) an object Internet (IoT) device having an overlapping MAC address as an attacker .
The method also includes providing at least one of the Internet (IoT) devices (non-attacking Internet (IoT) devices) that are not attackers connected to the gateway, IoT) device may inform the user that there is an Internet (IoT) device processed as an attacker.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, And variations are possible.
The scope of the present invention should not be limited to the above-described embodiments, but should be determined by the scope of the appended claims and equivalents thereof.
10, 60: Gateway
20, 30, 40, 50, 70, 80: Object Internet Device
21: Processor
23: Memory
25: LAN card
100: Security server
Claims (9)
(IoT) device collecting information (hereinafter referred to as 'selection information') for selecting an attacker or a gateway vulnerable to an attack; And
Selecting a gateway that is vulnerable to an attack or an attacker based on the collected selection information, the method comprising the steps of:
Wherein the collecting of the information is performed by at least one Internet (IoT) device among all the Internet (IoT) devices connected to the gateway in the local network to which the attacker belongs, Lt; RTI ID = 0.0 > (IoT) < / RTI > device.
The selection information
And information on firmware of a gateway to which the Internet (IoT) device for collecting the selection information is connected.
Wherein the information on the firmware is a type and version information for the firmware.
The selection information
Further comprising an ARP table (including information on a MAC address) possessed by the Internet (IoT) device for collecting the selection information
The selection information
And a MAC address for Internet (IoT) devices connected to a gateway to which the Internet (IoT) device collecting the selection information is connected.
Wherein at least one of the plurality of Internet < RTI ID = 0.0 > (IoT) < / RTI &
Collecting information (hereinafter, referred to as 'selection information') for selecting an attacker or a gateway vulnerable to attack,
Performs an operation of selecting an attacker or a gateway vulnerable to attack based on the collected selection information,
The information collecting operation may be performed by at least one Internet (IoT) device among all the Internet (IoT) devices connecting to the gateway in the local network to which the attacker belongs, Wherein the at least one Internet (IoT) device is an operation performed by at least one Internet (IoT) device of the Internet (IoT) device.
The selection information
(IoT) device collecting the selection information includes information on the firmware of the gateway to which the Internet (IoT) device is connected.
Wherein the information about the firmware is a firmware type and a version information for the firmware.
The selection information may include,
(IoT) device which collects the selection information, and an object Internet (IoT) device connected to a gateway to which an object Internet (IoT) device for collecting the selection information is connected ≪ / RTI > IoT) devices. ≪ RTI ID = 0.0 > [0002] < / RTI >
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150191029A KR20170080958A (en) | 2015-12-31 | 2015-12-31 | System for maintaining and enhancing security of Internet of Things(IoT) network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150191029A KR20170080958A (en) | 2015-12-31 | 2015-12-31 | System for maintaining and enhancing security of Internet of Things(IoT) network |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170080958A true KR20170080958A (en) | 2017-07-11 |
Family
ID=59355024
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150191029A KR20170080958A (en) | 2015-12-31 | 2015-12-31 | System for maintaining and enhancing security of Internet of Things(IoT) network |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170080958A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019146956A1 (en) * | 2018-01-29 | 2019-08-01 | 주식회사 안랩 | Apparatus and method for acquiring information of device |
-
2015
- 2015-12-31 KR KR1020150191029A patent/KR20170080958A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019146956A1 (en) * | 2018-01-29 | 2019-08-01 | 주식회사 안랩 | Apparatus and method for acquiring information of device |
KR20190091636A (en) * | 2018-01-29 | 2019-08-07 | 주식회사 안랩 | Apparatus and method for obtaining information of device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11082436B1 (en) | System and method for offloading packet processing and static analysis operations | |
US20210029156A1 (en) | Security monitoring system for internet of things (iot) device environments | |
US7007302B1 (en) | Efficient management and blocking of malicious code and hacking attempts in a network environment | |
US10326777B2 (en) | Integrated data traffic monitoring system | |
EP3522475A1 (en) | Apparatus, method and device for encapsulating heterogeneous function equivalent bodies | |
US8056135B2 (en) | Systems and methods for updating content detection devices and systems | |
US10834596B2 (en) | Method for blocking connection in wireless intrusion prevention system and device therefor | |
JP5878501B2 (en) | Method and system for protecting a terminal in a dynamically configured network | |
CN111010409B (en) | Encryption attack network flow detection method | |
US20170041336A1 (en) | Signature rule processing method, server, and intrusion prevention system | |
CN112583841B (en) | Virtual machine safety protection method and system, electronic equipment and storage medium | |
US9686311B2 (en) | Interdicting undesired service | |
KR20170080958A (en) | System for maintaining and enhancing security of Internet of Things(IoT) network | |
KR101747144B1 (en) | Method and system for preventing rogue access point | |
KR101687811B1 (en) | Design of Agent Type's ARP Spoofing Detection Scheme which uses the ARP probe Packet and Implementation of the Security Solution | |
KR20170080957A (en) | ARP SPOOFING DEFENDING SYSTEM FOR IoT Security in IoT Network | |
US11997070B2 (en) | Technique for collecting information relating to a flow routed in a network | |
US7484094B1 (en) | Opening computer files quickly and safely over a network | |
CN116015876B (en) | Access control method, device, electronic equipment and storage medium | |
CN109314707A (en) | ARP on Internet of Things (IoT) network cheats anti-locking system | |
CN116132194B (en) | Method, system and device for detecting and defending unknown attack intrusion of embedded equipment | |
CN112003839B (en) | Equipment anti-identity recognition method and device, electronic device and storage medium | |
JP4710889B2 (en) | Attack packet countermeasure system, attack packet countermeasure method, attack packet countermeasure apparatus, and attack packet countermeasure program | |
CN113596022A (en) | Apparatus and method for identifying malicious sources within a network | |
GB2590467A (en) | Automatic change of password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |