KR20220036789A - HOME NETWORK SYSTEM USING IoT CARE SENSOR - Google Patents

Abstract

According to one embodiment, provided is a home network system using an IoT care sensor which comprises: IoT apparatuses connected to a home network made of a wired/wireless network; a wall pad capable of communicating with the IoT apparatuses through the home network; and an IoT care sensor capable of detecting a wireless signal of a wireless device connected to the home network and determining whether the detected wireless device is a fake device.

Description

Home network system using IoT care sensor {HOME NETWORK SYSTEM USING IoT CARE SENSOR}

The present invention relates to a home network system using an IoT care sensor.

In general, a home network refers to a technology that enables remote control by connecting all electrical and electronic products in a home as one system. Meanwhile, as IoT technology develops, at least some of the electric and electronic products included in the home network are connected to each other through a wireless network, and remote control is possible wirelessly. Furthermore, it is possible to control electrical and electronic products included in the home network even outside the home network. However, as the outside can control the electrical and electronic products included in the home network, there is a risk that an unauthorized person may be controlled with respect to the electrical and electronic products included in the home network. If the door lock is connected to the home network, it may be exposed to the risk of serious crime.

A home network system using an IoT care sensor according to an embodiment of the present invention is disclosed.

A home network system using an IoT care sensor according to an embodiment of the present invention is disclosed.

According to an embodiment, IoT devices connected to a home network composed of a wired/wireless network; a wall pad capable of communicating with the IoT devices through the home network; and an IoT care sensor capable of detecting a wireless signal of a wireless device connected to the home network and determining whether the detected wireless device is a fake device; this is provided

According to one or more embodiments, it is possible to securely provide a home network service from a fake device.

1 is a diagram for explaining a home network system using an IoT care sensor according to an embodiment of the present invention.
2 is a view for explaining a wireless care method according to an embodiment of the present invention.
3 is a diagram for explaining a method of estimating a type of a wireless device according to an embodiment of the present invention.

The above objects, other objects, features and advantages of the present invention will be easily understood through the following preferred embodiments in conjunction with the accompanying drawings. However, the present invention is not limited to the embodiments described herein and may be embodied in other forms. The embodiments described below are exemplary embodiments provided to sufficiently convey the spirit of the present invention to those skilled in the art.

Definition of Terms

As used herein, the term 'software' refers to a technology that moves hardware in a computer, and the term 'hardware' refers to a tangible device or device (CPU, memory, input device, output device, peripheral device, etc.) constituting the computer. And, the term 'step' means a series of processing or operations connected in time series to achieve a predetermined goal, the term 'program' means a set of instructions that are combined to be processed by a computer, and the term 'recording medium' means a program It means a computer-readable recording medium on which a program used for installing, executing, or distributing is recorded.

In this specification, when terms such as first, second, etc. are used to describe components, these components should not be limited by these terms. These terms are only used to distinguish one component from another. Embodiments described and illustrated herein also include complementary embodiments thereof.

In this specification, the singular also includes the plural unless specifically stated otherwise in the phrase. As used herein, the terms 'comprise' and/or 'comprising' do not exclude the presence or addition of one or more other components.

In the present specification, the term 'management' is used to include 'reception', 'transmission', 'storage', 'modification', and 'deletion' of data.

In the present specification, the term 'wired/wireless network' refers to a communication network connected by wire ('wired network'), wirelessly connected communication network ('wireless network'), or a communication network composed of a combination of a wired network and a wireless network.

In this specification, 'component A and/or component B' means 'component A', 'component B' or 'component A and component B'.

In the present specification, a 'wireless terminal', a 'device', a 'system', or an 'apparatus' consists of a computer.

As used herein, 'computer' includes a computer processor and storage device, operating system, firmware, application program, communication unit, and other resources, where the operating system (OS: OPERATING SYSTEM) is other hardware, firmware, or application program (eg For example, a management program) can be operatively linked. The communication unit means a module composed of software and hardware for transmitting and receiving data with the outside. In addition, the computer processor and the storage device, operating system, application program, firmware, communication unit, peripheral devices, and other resources (including hardware resources and software resources) are operatively connected to each other. On the other hand, the description or drawings for the above-mentioned components are described or shown within the limit for the purpose of the description of the present invention.

As used herein, a reference to component 'A' transmitting information, details, and/or data to component 'B' means that component 'A' transmits directly to component 'B' or component 'A' is used in the meaning including transmission to component 'B' through at least one other component.

In the present specification, a 'fake device' refers to a device capable of reading or tampering with data of other wireless devices without permission or illegal.

1 is a diagram for explaining a home network system using the IoT care sensor 100 according to an embodiment of the present invention.

Referring to FIG. 1 , a home network system using the IoT care sensor 100 (hereinafter, referred to as a 'home network system'), and a home network system using the IoT care sensor 100 include a plurality of IoT devices (#1 , #2, #3), a wall pad, a switch, an IoT care sensor 100 , and a server 300 . Here, the plurality of IoT devices (#1, #2, #3), the wall pad, the switch, and the IoT care sensor 100 are a short-distance wired and/or wireless communication network (N) (hereinafter, 'wired/wireless network' or ' data can be transmitted/received by the 'home network'). Meanwhile, the wireless terminal #1 is also connected to the wired/wireless network N and may transmit/receive data to and from other devices connected to the wired/wireless network N.

In the present specification, components directly connected to the wired/wireless network N (eg, IoT devices #1, #2, #3, wall pad, switch, and IoT care sensor 100) are referred to as 'household devices'. will often be mentioned.

The server 300 may receive, store and manage (delete, add, correct) the operation results of the IoT devices #1, #2, #3, the wall pad, the switch, and the IoT care sensor 100 . .

The switch may support wired/wireless communication between the IoT devices #1, #2, and #3 and the wall pad. The switch functions to deliver the network traffic moving to the wired/wireless network (N) to the destination. Meanwhile, although not shown in FIG. 1 , a router (not shown) is included in the wired/wireless network N, and this router supports connection to an external network (eg, N1).

In addition, the wired/wireless network N may additionally include an IP sharer (not shown). If the devices included in the wired/wireless network (N) each have a public IP, an IP sharer (not shown) is not needed, but if at least one device among the devices included in the wired/wireless network (N) uses a private IP may include an IP router (not shown) in the wired/wireless network (N).

The IoT devices #1, #2, and #3 refer to devices connected by the Internet of Things. For example, it may be a refrigerator, an air conditioner, a heating system, a TV, a CCTV camera, etc. in the house, and the present invention is not limited only to these devices.

The IoT devices #1, #2, and #3 may be connected to the switch through a wired network and/or a wireless network. The IoT devices #1, #2, and #3 may be connected to the wall pad through the switch, and may also be connected to the server 300 . The user can input control commands (on/off of devices, operation environment setting) for the IoT devices (#1, #2, #3) through the wall pad, and the control commands input through the wall pad are the IoT devices It is transmitted to the corresponding IoT device among the ones (#1, #2, #3). The IoT device that has received the control command may perform an operation according to the control command and transmit the operation execution result to the wall pad and the server 300 .

Control commands are, for example, the degree of ventilation and cooling temperature for air conditioners, refrigeration and freezing temperature settings for refrigerators, on-off and heating temperatures for heating systems, on-off and channel or volume settings for TVs, and CCTV settings. It can be on and off.

The user can also input status check commands (commands requesting operation status) for the IoT devices (#1, #2, #3) through the wall pad, and the status check commands input through the wall pad are It is transmitted to a corresponding IoT device among the IoT devices #1, #2, and #3. The IoT device that has received the confirmation status command performs an operation according to the confirmation status command.

The IoT devices #1, #2, and #3 may be connected to the wireless terminal #1 through a wired network and/or a wireless network. The IoT devices #1, #2, and #3 may be connected to the wireless terminal #1 through a switch. The user can input control commands (on/off of devices, operation environment setting) for the IoT devices #1, #2, and #3 through the wireless terminal #1, and the wireless terminal #1 Control commands input as , are transmitted to a corresponding IoT device among the IoT devices #1, #2, and #3. The IoT device that has received the control command may perform an operation according to the control command and transmit the operation performance result to the wireless terminal #1 and the server 300 .

The user may also input a status check command (a command for requesting an operation status) for the IoT devices #1, #2, #3 through the wireless terminal #1, and to the wireless terminal #1 The input status check commands are transmitted to a corresponding IoT device among the IoT devices #1, #2, and #3. The IoT device that has received the confirmation status command performs an operation according to the confirmation status command.

The wireless terminal #1 is a terminal capable of wireless communication, and is, for example, a laptop, a smartphone, a PDA, an iPad (a product name sold by Apple), or a Galaxy Tab (a product name sold by Samsung Electronics). ) may be the same device.

The IoT devices #1, #2, and #3 may transmit data indicating their operating states to the server 300 periodically or upon request.

The IoT devices #1, #2, and #3 may also receive a control command or a status check command from the server 300 , perform a corresponding operation, and transmit the operation result to the server 300 .

The wireless terminal #2 is connected to the wide area network N1 and can communicate with the in-house devices through the server 300 or directly the wired/wireless network N.

For example, the wireless terminal #2 may issue a control command or a status check command to the IoT devices #1, #2, and #3 through the server 300 , and the operation result is also displayed in the server 300 . ) can be provided through As another example, the wireless terminal #2 is directly connected to the wired/wireless network N to give a control command or a status check command to the IoT devices #1, #2, and #3, and the operation result is also It can be provided by the device.

The IoT care sensor 100 may detect a wireless signal of the wireless device and determine whether the detected wireless device is a fake device. A wireless device to be detected by the IoT care sensor 100 is any and all wired/wireless devices connected to the wired/wireless network N. For example, IoT devices (#1, #2, #3), wallpads, switches, and wireless terminals (#1) with legal authority, and devices without authority (eg, ' Devices indicated by 15 ′) are wireless devices to be detected by the IoT care sensor 100 .

The IoT care sensor 100 also performs a type estimation operation for estimating the type of the wireless device, and an operation for determining whether the wireless device is a fake device by attacking the wireless device with a weakness according to the type of the wireless device can do.

The type estimation operation is an operation of estimating the type of the wireless device according to the results of the port scanning operation and the protocol scanning operation, the port scanning operation is an operation of finding an open port of the wireless device, and the protocol scanning operation is a result of the port scanning operation This is the operation to find the protocol used in the open port found by .

The protocol scanning operation includes the operation of checking the type of the open port, the operation of creating a protocol confirmation packet according to the type of the open port and transmitting it to a wireless device having an open port, and It is an operation to check whether a response to the protocol confirmation packet is received.

Here, the response includes at least one of banner information and service information of a wireless device having an open port, and the banner information or service information includes information indicating the type of the wireless device.

The type estimation operation includes a first estimating operation of estimating the type of service from the protocol found as a result of performing the protocol scanning operation, a second estimating operation of estimating the type of service from information indicating the type of the wireless device, and the first estimation When the operation of comparing the service type estimated by the operation and the service type estimated by the second estimation operation is different from each other, the open port is determined from information indicating the type of the wireless device. An operation of estimating the type of a wireless device with

The IoT care sensor 100 may be installed within a predetermined distance (eg, 1 km) from the home network system 200 using the IoT care sensor 100 . Here, the predetermined distance is a distance capable of short-range wireless communication with the home network system 200 using the IoT care sensor 100 . Preferably, the IoT care sensor 100 may be located in the home and directly connected to the home network.

The IoT care sensor 100 may detect a wireless signal of the wireless device and determine whether the detected wireless device is a fake device.

Specifically, the IoT care sensor 100 performs a type estimation operation for estimating the type of the wireless device, and an operation for determining whether the wireless device is a fake device by attacking the wireless device with a vulnerability according to the type of the wireless device. .

Here, the type estimation operation is an operation of estimating the type of the wireless device according to the results of the port scanning operation and the protocol scanning operation.

The port scanning operation is an operation of finding an open port of a wireless device, and the protocol scanning operation is an operation of finding a protocol used in an open port found as a result of the port scanning operation.

The protocol scanning operation includes an operation of confirming the type of an open port, an operation of creating a protocol confirmation packet according to the type of an open port and transmitting the packet to a wireless device having an open port, and the wireless device It is an operation to check whether a response to the protocol confirmation packet is received from the Here, the response includes at least one of banner information and service information of a wireless device having an open port, and the banner information or service information includes information indicating the type of the wireless device.

The type estimation operation includes a first estimating operation for estimating the type of service from the protocol found as a result of performing the protocol scanning operation, a second estimating operation for estimating the type of service from information indicating the type of the wireless device, and the first estimating operation A wireless device having an open port from information indicating a wireless device type when the operation of comparing the type of service estimated by , and the type of service estimated by the second estimation operation is different from the result of the comparison An operation of estimating the type of

In FIG. 1 , wireless devices 15 : 15a , 15b , 15c , and 15d are additionally illustrated for the purpose of explanation of the present system.

The IoT care sensor 100 detects a dangerous device (hereinafter, 'fake device') capable of hacking communication with the home network system 200 using the IoT care sensor 100 described with reference to FIG. 1 , and communicates can block Hereinafter, the operation of the IoT care sensor 100 will be described in more detail.

The IoT care sensor 100 may monitor communication of the wireless device 15 and may also perform short-range wireless communication.

For example, the wireless device 15 may communicate according to a short-range wireless communication technology standard such as Bluetooth or Wi-Fi.

The wireless device 15 may be a non-authorized device in the system 200 or a legitimate device that is authorized. The IoT care sensor 100 may select an unauthorized device ('fake device') from the wireless device 15 .

The wireless device 15 may be a device such as a smart phone or a laptop capable of wireless communication, but is not limited thereto.

The IoT care sensor 100 may perform a type estimation operation and a fake device selection and blocking operation.

As will be described later, the IoT care sensor 100 may detect wireless signals output by the wireless device 15 . Here, the wireless signal may be, for example, a signal output for Bluetooth communication or a signal output for Wi-Fi communication. The IoT care sensor 100 may select one or more devices as a target device from among the detected devices according to a predetermined criterion. Here, the predetermined criterion may be signal strength.

As will be described later, a diagnostic module (not shown) included in the IoT care sensor 100 may, for example, estimate the type of the target device 15 and determine whether the target device 15 is a fake device. can do.

In this embodiment, the number of wireless devices 15 is shown as four each, but this number is exemplary and may be less or more. Hereinafter, assuming that the wireless device 15 is a target device, a type estimation operation, a fake device selection operation, and a blocking operation will be sequentially described.

The type estimation operation is an operation for estimating the type of the target device 15 .

In this embodiment, the diagnosis module may perform a port scanning operation, a protocol scanning operation, and a type estimation operation.

The port scanning operation is to find an open port of the target device 15 . That is, the port scanning operation is an operation of checking which ports are open for each of the target device 15a, the target device 15b, the target device 15c, and the target device 15d.

The port scanning operation may be performed, for example, by techniques called full scanning (FULL SCNNING) or stealth scanning (STEALTH SCANNING). Pool scanning is a technique to check open ports by establishing a perfect TCP session. Stealth scanning is a type of half scan technology, and when a packet for port confirmation is sent, and a response to the packet for port confirmation comes, the port that responded is open, and if there is no response, the port is closed. judge to be Stealth scanning may be, for example, FIN, NULL, or XMASH.

A port is a logical unit that identifies a network service or a specific process, and a protocol using a port is, for example, a transport layer protocol. Examples of transport layer protocols may be Transmission Control Protocol (TCP) and User Datagram Protocol (UDT). Ports are identified by a number, and these numbers are called port numbers. For example, a port number is used with an IP address.

Port numbers can be classified into three types, for example.

If the port number belongs to 0 ~ 1023, it is a well-known port, if the port number belongs to 1024 ~ 49151, it is a registered port, and if the port number is 49152 ~ 65535 If it belongs to , it is a dynamic port. On the other hand, for representative examples of well-known ports, No. 20: FTP (data), No. 21: FTP (control), No. 22: SSH, No. 23: Telnet, No. 53: DNS, No. 80: World Wide Web HTTP, 119: NNTP, 443: TLS/SSL HTTP. Those skilled in the art to which the present invention pertains (hereinafter, referred to as 'a person skilled in the art') will readily recognize that these port numbers and port types are exemplary.

For the purpose of the description of the present invention, the open port of the target device 15a is port 80, the off port of the target device 15b is port 23, and the open port of the target device 15c is port 5555, and , it is assumed that the open port of the target device 15d is port 5559.

The port scanning operation is an operation of finding an open port of the target device 15 . For example, through the port scanning operation of the diagnostic module, the open port of the target device 15a is port 80, the off port of the target device 15b is port 23, and the open port of the target device 15c is It finds out that it is port 5555, and the open port of the target device 15d is port number 5559.

A protocol scanning operation is an operation to know the type of protocol used in an open port. Here, the open port is found by the port scanning operation. For example, the diagnostic module finds out what protocol is used in port 80, which is an open port of the target device 15a.

In addition, the diagnostic module determines the protocol used in port 23 of the target device 15b, the protocol used in port 5555 of the target device 15c, and the protocol used in port 5559 of the target device 15d. Find each cognition.

The protocol scanning operation performed by the diagnostic module is an operation to check the type of open port, an operation to write a packet to be sent to the open port according to the type of open port (hereinafter, 'protocol confirmation packet'), and a packet for protocol confirmation transmitting to the wireless device having the open port, and checking whether a response is received from the wireless device that has transmitted the protocol confirmation packet.

The packet for protocol confirmation may be, for example, a script.

The operation of confirming the type of the open port is an operation of confirming the type of the open port found by the port scanning operation. For example, the operation of determining the type of the open port is an operation of determining whether the open port corresponds to one of a well-known port, a registered port, or a dynamic port. am. In order to perform the operation of confirming the open port type, data (eg, <Table 1>) in which the port type is classified according to the port number (hereinafter, 'port type data') must be prepared in advance. This 'port type data' may be stored and managed by the IoT care sensor 100 .

According to an embodiment, the diagnosis module may know the type of the open port by referring to 'port type data'. For example, in the diagnosis module, port 80 of the target device 15a and port 23 of the target device 15b are well-known ports, and port 5555 of the target device 15c and the target device It can be seen that port 5559 of (15d) is a dynamic port.

The diagnostic module performs an operation of creating a protocol confirmation packet suitable for the type of open port.

For example, since port 80 of the target device 15a is a well-known port that uses the World Wide Web HTTP protocol, a packet for protocol confirmation is created using the Web HTTP protocol and the target device ( 15a). When there is a response from the target device 15a to the protocol confirmation packet written using the web HTTP protocol, the diagnostic module determines that port 80 of the target device 15a uses the web HTTP protocol.

Meanwhile, if there is no response from the target device 15a to the packet for checking the protocol written using the web HTTP protocol, the diagnostic module determines that port 80 of the target device 15a does not use the web HTTP protocol. In this case, the diagnostic module uses a protocol other than the World Wide Web HTTP protocol to create a protocol confirmation packet and then transmits it to the target device 15a.

If there is a response from the target device 15a to the protocol confirmation packet written in a protocol other than the web HTTP protocol, the diagnostic module determines that port 80 of the target device 15a uses the other protocol. If there is no response from the target device 15a to the protocol confirmation packet written in the protocol other than the web HTTP protocol, the diagnostic module determines that port 80 of the target device 15a does not use the other protocol. . Thereafter, the target device 15a creates and transmits a protocol confirmation packet using another protocol until a response is received from the target device 15a. The diagnostic module finds out the type of protocol actually used in each open port of the target device 15 by the above-described method.

The diagnosis module performs a type estimation operation of estimating each type of the target device 15 by using at least one result of a result of performing the port scanning operation and a result of performing the protocol scanning operation. (Type Assumption) is performed.

According to an embodiment, the type estimation operation performed by the diagnostic module includes an operation of estimating a service type from a protocol type found as a result of performing a protocol scan operation, and an operation of estimating a service type from the estimated service type. estimating a type of wireless device.

The operation of estimating the type of service from the type of protocol is based on the experience that a protocol mainly used for each service is generally determined. For example, the RTSP, RTP, or RTCP protocol mainly supports streaming services. That is, when data defining services mainly supported for each protocol (hereinafter, 'protocol-service mapping data' is prepared, the diagnostic module uses 'protocol-service mapping data' to determine the type of service from the protocol type) The 'protocol-service mapping data' may be stored and managed by the IoT care sensor 100 .

The operation of estimating the type of the target device 15 from the type of service is also based on the experience that a service mainly used for each type of wireless device is generally determined. For example, the RTSP, RTP, or RTCP protocol mainly supports streaming services, which are provided by wireless devices such as, for example, IP TVs. That is, when data defining the types of wireless devices mainly provided for each service (hereinafter, 'service-type mapping data' is prepared, the diagnostic module uses the 'service-type mapping data' to A device type may be estimated, and 'service-type mapping data' may be stored and managed by the IoT care sensor 100 .

Meanwhile, the response to the protocol confirmation packet may include at least one of banner information and service information of the target device 15 .

Banner information included in the response to the protocol confirmation packet typically includes data indicating the type of the operating system used in the target device 15 . The diagnosis module may know the type of service or estimate the type of the target device 15 if the type of the operating system is known.

Examples of the operating system used in the target device 15 include Tizen, Brillo, Fuchsia, or LiteOS. Here, Tizen is an open-source mobile operating system that supports portable devices such as mobile phones and wireless devices such as TVs and refrigerators, and Brillo is an Android-based embedded operating system announced by Google, and Puke Fuchsia is an operating system being developed by Google to support embedded systems, PCs, smartphones, and wireless devices, and LiteOS is an operating system developed by Huawei for wireless devices, such as smart homes, wearable devices, or It is an operating system for supporting various wireless devices such as smart cars.

Service information included in the response to the protocol confirmation packet typically includes data indicating the type of the target device. For example, the service information may include data such as 'My iPhone', and this data is information directly indicating the type of the target device. According to an embodiment, the type estimation operation performed by the diagnosis module includes at least one of banner information and service information of a target device, and a result of the above-described port scanning operation. and at least one result of performing a protocol scanning operation is used.

For example, the type estimation operation performed by the diagnosis module includes a first estimation operation, a second estimation operation, a comparison operation, and a type determination operation.

The first estimating operation is an operation of estimating the service type from the protocol type obtained by the protocol scanning operation. For an exemplary description of the first estimating operation, refer to a description referring to the RTSP, RTP, or RTCP protocol.

The second estimating operation is an operation of estimating the type of service by using at least one of banner information and service information of the target device 15 . Exemplary descriptions of the second estimated motion include the description part referring to Tizen, Brillo, Fuchsia, or LiteOS and the description referring to My iPhone. Please refer to the section

The comparison operation is an operation of comparing the type of service estimated by the first estimating operation with the type of service estimated by the second estimating operation.

In the type determining operation, when the type of service estimated by the first estimating operation and the type of service estimated by the second estimating operation are different from each other, the target device 15 from the type of service estimated by the second estimating operation determines the type of , and when the type of service estimated by the first estimating operation and the service type estimated by the second estimating operation are the same, the type of service estimated by the first estimating operation or the second estimating operation This is an operation of estimating the types of target devices 15 from .

On the other hand, when there is no banner information and service information of the target device 15 or there is no data for estimating the type of service in such banner information and service information, the type estimation operation (Type Assumption) is , including a first estimating operation and a type determining operation. That is, the type estimation operation may be performed only with the first estimating operation and the type determining operation without performing the second estimating operation and the comparing operation.

The fake device selection operation is an operation of selecting a fake device from among the target devices 15 .

In this embodiment, the diagnostic module determines whether each of the target devices 15 is a fake device. For example, the diagnostic module determines whether the target device 15a among the target devices 15 is a fake device, determines whether the target device 15b is a fake device, and sends the target device 15c to the target device 15c. It is possible to determine whether the device is a fake device with respect to the target device 15d and whether it is a fake device for the target device 15d. Here, the order is exemplary, and a person in the technical field to which the present invention pertains (hereinafter, 'person skilled in the art') will be able to determine the order according to the situation when implementing the present invention.

The diagnostic module attacks a vulnerability according to the type of target device that is a target for determining whether or not it is a fake device, and the diagnostic module determines whether the target device is a fake device according to whether the attack on the target device is successful or not. judge

Typically, the vulnerability of a wireless device refers to a weakness that an attacker uses to lower the information assurance of the device. In Wikipedia (https://en.wikipedia.org/wiki/Vulnerability), the vulnerability is defined as “Vulnerability　refers to the inability (of a system or a unit) to withstand the effects of a hostile environment”. In the specification, it will be used as defined in such Wikipedia.

For example, when the target device 15a is a 'target device', the diagnostic module determines whether the target device 15a is a fake device according to whether the attack on the vulnerability of the target device 15a succeeds. can That is, the diagnostic module determines that the target device 15a is not a fake device if the attack on the vulnerability of the target device 15a succeeds, and if the attack on the vulnerability of the target device 15a does not succeed, the target device It is determined that (15a) is a fake device.

The diagnostic module selects a vulnerability according to each type of the target device 15 , attacks each of the target devices 15 using the selected vulnerability, and based on the result of the attack, a fake device among the target devices 15 . can be selected.

The diagnostic module according to another embodiment of the present invention estimates each type of the target device 15, attacks a vulnerability corresponding to each estimated type, and selects the target device 15 based on the attack result. A fake device may be determined.

In the above-described embodiments, the diagnosis module may generate a vulnerability attack message according to the type of the target device 15 by referring to data corresponding to the vulnerability by type ('vulnerability data by type'). The vulnerability data for each type may be stored and managed by a storage device (to be described later) provided in the IoT care sensor 100 . Alternatively, vulnerability data for each type may be stored and managed in an external storage device (not shown) that is communicatively connected so that the IoT care sensor 100 is accessible.

In the above-described embodiments, the operation of selecting a vulnerability according to the type of the target device 15 may be an operation of finding a vulnerability corresponding to the type of the target device by referring to the vulnerability data for each type.

In the above-described embodiments, the diagnosis module may generate a vulnerability attack message according to the type of the target device 15 by referring to data corresponding to the vulnerability by type ('vulnerability data by type'). The vulnerability data for each type may be stored and managed by a storage device (to be described later) provided in the IoT care sensor 100 . Alternatively, vulnerability data for each type may be stored and managed in an external storage device (not shown) that is communicatively connected so that the IoT care sensor 100 is accessible.

In the above-described embodiments, the operation of selecting a vulnerability according to the type of the target device 15 may be an operation of finding a vulnerability corresponding to the type of the target device by referring to the vulnerability data for each type.

In the above-described embodiments, the operation of attacking the vulnerability of the target device 15 may be, for example, the operation of the diagnostic module transmitting a message for attacking the vulnerability to the target device.

In the above-described embodiments, the diagnosis module determines that the target device is not a fake device when the target device responds to the vulnerability attack, and determines that the target device is not a fake device when the target device does not respond to the vulnerability attack. It can be considered as a device.

Hereinafter, vulnerabilities of wireless devices and messages for attacking vulnerabilities will be described by way of example.

For example, the target device may be a router having the following types of vulnerabilities.

. Vulnerability: An unauthorized attacker could access the URL "/category_view.php" with the HTTP GET method

. Vulnerability attack message: GET/category_view.php

As another example, the target device may be a router having the following types of vulnerabilities.

ㆍVulnerability: An unauthorized attacker could access the URL "/mydlink/get_TriggeredEventHistory.asp" with HTTP GET method

. Exploit message: GET/mydlink/get_TriggeredEventHistory.asp

As another example, the target device may be a router having the following types of vulnerabilities.

. Vulnerability: An unauthorized attacker may access the URL "/router_info.xml?section=wps" with the HTTP GET method to obtain information such as the PIN and MAC address of the target device.

. Vulnerability attack message: GET/router_info.xml?section=wps

As another example, the target device may be a router having the following types of vulnerabilities.

. Vulnerability: When an unauthorized attacker accesses the "/wpsacts.php" URL with the HTTP POST method, it may be possible to insert script statements into the data.

. Vulnerability attack message: GET//wpsacts.php

As another example, the target device may be a DVR having the following types of vulnerabilities.

. Vulnerability: A vulnerability where a backdoor exists for the default / tluafed account.

. Vulnerability attack message: POST/Login. htm

As another example, the target device may be a DVR having the following types of vulnerabilities.

. Vulnerability: When an unauthorized user accesses the URL "/device.rsp?opt=user&cmd=list" using the HTTP GET method, the administrator account is exposed in plain text.

ㆍ Message for vulnerability attack: GET/device.rsp?opt=user&cmd=list

According to embodiments of the present invention, even if the target device has the same type of function, if the vulnerability is different, the target device is treated as a different type. For example, the aforementioned routers have different vulnerabilities, and thus are distinguished into different types of target devices. In addition, when the above-described digital video recorders (DVRs) also have different vulnerabilities, they are classified as different types of target devices. For another example, if the target device has the same manufacturer and the same type of device has different firmware, it is treated as a different type.

According to an embodiment of the present invention, the 'vulnerability data for each type' may be data corresponding to vulnerabilities for each type of target device. When the vulnerability data for each type is stored and managed, the diagnostic module attacks the vulnerability of the target device by referring to the vulnerability data for each type.

Alternatively, the 'vulnerability data by type' may be data corresponding to a 'vulnerability attack message' for each type of target device.

According to another embodiment of the present invention, vulnerability data for each type may not be prepared in advance. In this embodiment, the diagnosis module may directly generate a message for a vulnerability attack corresponding to the type of the target device (eg, when the vulnerability attack unit is configured to directly generate a message for a vulnerability attack for each type).

The blocking operation is an operation of blocking communication of the fake device.

The blocking operation is an operation of blocking communication of the fake device by performing a DDoS attack on the fake device.

For example, the diagnostic module transmits a large number of messages to the fake device, and the fake device that has received the large number of messages is unable to communicate with other devices in response to the message. As such, the diagnostic module may block communication of a target device having a vulnerability.

For example, assuming that the wireless device 15a is a fake device, the diagnostic module blocks communication of the Bluetooth device by performing a DDoS attack on the fake device 15a. That is, since the diagnostic module transmits a large amount of messages to the fake device 15a, the fake device 15a that has received the large amount of messages cannot communicate with other Bluetooth devices in response to the message. As such, the diagnostic module may block communication only with the fake device 15a.

Hereinafter, an exemplary configuration of the IoT care sensor 100 according to an embodiment of the present invention will be described.

The IoT care sensor 100 of the present invention includes a port scanning unit, a protocol scanning unit, a type estimation unit, a determination unit, an operating system, a communication unit, a vulnerability attack unit, a computer processor, a peripheral device, a storage device, and a memory, and these The components are operatively connected to each other. Meanwhile, the port scanning unit, the protocol scanning unit, the type estimating unit, the determining unit, and the vulnerability attack unit will be collectively referred to as a diagnosis module, and the diagnosis module may be composed of a program executed under the control of the computer processor. Programs such as an operating system or a diagnostic module are loaded into a memory and executed under the control of a computer processor, and may be operatively connected to other programs or hardware.

The diagnosis module may perform the above-described type estimation operation, fake device selection operation, and blocking operation. Specifically, the port scanning unit may perform a port scanning operation, the protocol scanning unit may perform a protocol scanning operation, the type estimator may estimate a device type, and the determination unit may perform a fake device selection operation and a blocking operation. Please refer to the above-mentioned part for each of these operations.

The port scanning unit performs the above-described port scanning operation. The port scanning unit writes a port confirmation packet, transmits the port confirmation packet to the wireless device 15 through the communication unit, checks whether a response to the port confirmation packet is received, and checks the port opened in the wireless device 15 decide

The protocol scanning unit performs the protocol scanning operation described above. The protocol scanning unit prepares a protocol confirmation packet, transmits the protocol confirmation packet to the wireless device 15 through the communication unit, checks whether a response to the protocol confirmation packet is received, and the protocol actually used in the open port. to decide

The vulnerability attack unit transmits a vulnerability attack message to the target device through the communication unit, and the judgment unit checks whether there is a response to the vulnerability attack message, and if there is a response, the target device is not a fake device, and if there is no response, it is a fake device .

The operating system is software that not only manages hardware but also provides a hardware abstraction platform and common system services to execute application software, and the storage device and memory include a recording medium that provides a space for storing and executing programs, respectively. A computer processor is a central processing unit (CPU), and the central processing unit is a control unit of a computer that controls a computer system and executes a program operation, or a chip in which the function is embedded.

A memory and/or a storage device may provide a space for storing or executing a program, and may also store data necessary for the operation of the present invention, such as protocol-service mapping data or service-type mapping data.

The memory and/or storage device may also temporarily and/or permanently store various data. For example, the memory and/or the storage device may store messages for exploiting vulnerabilities.

The type estimator performs the above-described type estimation operation.

According to an embodiment, the type estimator includes at least one of banner information and service information of the wireless device 15, and an operation result of at least one of an operation result of the port scanning unit and an operation result of the protocol scanning unit. use

According to another embodiment, at least one result of the operation result of the port scanning unit and the operation result of the protocol scanning unit is used. Since detailed descriptions of these embodiments have been described above, they will be omitted.

According to an embodiment, a type estimation result of the type estimator is stored in the memory device and/or the memory. The type estimation result is data corresponding to a type for each wireless device 15 . Meanwhile, vulnerability data for each type may also be stored in the memory device and/or memory. Vulnerability data by type (data corresponding to vulnerabilities by type) is used to find the vulnerability of the target device type.

The vulnerability attack unit may refer to the vulnerability data for each type to find a vulnerability corresponding to the type of the target device and generate a message for attacking the vulnerability. Thereafter, the vulnerability attack message is transmitted to the target device through the communication unit. The determination unit determines whether there is a response to the vulnerability attack message, and if there is a response, it is determined that the target device is not a fake device, and if there is no response, it is determined that the target device is a fake device.

All or at least a part of the port scanning unit may be configured as a program. The part composed of the program is loaded into the memory and performs a port scanning operation under the control of the computer processor. Other components, for example, the protocol scanning unit and the type estimating unit may be configured in the same manner as the port scanning unit to perform their own operations. Meanwhile, since detailed descriptions of the port scanning operation, the protocol scanning operation, and the type estimation operation have been described above, they will be omitted herein.

2 is a view for explaining a wireless care method according to an embodiment of the present invention. The wireless care method according to an embodiment of the present invention is for discriminating a fake device from among target devices (also referred to as 'target devices') close to the home network system using the IoT care sensor 100 . For example, by using the IoT care sensor 100, components included in the home network system using the IoT care sensor 100, for example, a plurality of IoT devices #1, #2, #3, This is to determine whether an unauthorized wireless device accesses the wall pad, the switch, and/or the server 300 .

Referring to FIG. 2 , a wireless care method according to an embodiment of the present invention includes estimating a type of a target device ( S100 ); selecting a vulnerability according to the type of target device (S300); attacking the vulnerability selected in step S300 (S400); and determining whether the target device is a fake device according to whether the attack on the target device is successful ( S500 ).

The wireless care method according to an embodiment of the present invention may further include a step (S200) of storing and managing vulnerability data for each wireless device type that corresponds to a vulnerability for each wireless device type.

The above-described step of selecting the vulnerability ( S300 ) includes an operation of finding a vulnerability corresponding to the type of the target device by referring to the vulnerability data for each wireless device type.

The above-described step of attacking the target device (S400) may be a step of generating a vulnerability attack message for attacking the vulnerability selected in the step (S300) of selecting a vulnerability according to the type of the target device and transmitting the message to the target device.

In the step S500 of determining whether the above-described target device is a fake device, when the target device responds to the vulnerability attack message, it is determined that the target device is not a fake device, and the target device responds to the vulnerability attack message. If there is no response, it may be a step of determining that the target device is a fake device.

Hereinafter, it is assumed that the wireless care method according to an embodiment of the present invention is applied to the IoT care sensor 100 described with reference to FIG. 1 .

For the step of estimating the type of the target device ( S100 ), refer to the contents described with reference to FIG. 3 .

The storage and management of vulnerability data by type (S200) is a step in which the IoT care sensor 100 stores and manages the result of the step (S100) of estimating the type of the target device in a recording medium.

The step of selecting a vulnerability ( S300 ) is a step in which the IoT care sensor 100 selects a vulnerability according to the type of the target device. For example, the vulnerability attacker may select a vulnerability according to the type of the target device estimated by the type estimator. To this end, vulnerability data for each type is stored in the memory device, and the vulnerability attack unit may select a vulnerability corresponding to the type of the target device by referring to the vulnerability data for each type.

The step of attacking the target device ( S400 ) is a step in which the IoT care sensor 100 attacks the vulnerability of the target device. For example, the vulnerability attack unit sends a vulnerability attack message to the target device. The vulnerability attack message is generated based on the vulnerability data selected according to the type of the target device. The vulnerability attack unit can directly generate a message for exploiting the vulnerability.

In step S500 of determining whether the target device is a fake device, for example, the determination unit of the IoT care sensor 100 determines that the target device is not a fake device when the target device responds to the vulnerability attack message and if the target device does not respond to the vulnerability attack message, it may be determined that the target device is a fake device.

As described above, the method of determining whether the target device described with reference to FIG. 2 is a fake device may be implemented by, for example, a computer program.

For example, according to an embodiment of the present invention, the method comprising: attacking a vulnerability of a target device that is a target for determining whether it is a fake device; and determining whether the target device is a fake device according to whether the attack on the vulnerability of the target device succeeds. A readable recording medium is provided.

In another example, estimating the type of the target device (S100); selecting a vulnerability according to the type of a target device to be determined whether it is a fake device (S300); attacking the vulnerability selected in step S300 (S400); And according to whether the attack on the target device is successful, a program for executing a wireless care method comprising the step (S500) of determining whether the target device is a fake device to the IoT care sensor 100 to a computer A readable recording medium is provided.

3 is a diagram for explaining a method of estimating a type of a wireless device according to an embodiment of the present invention.

Referring to FIG. 3 , the method for estimating the type of a wireless device according to an embodiment of the present invention includes a port scanning step (S110) of finding an open port of a target device, a port scanning step ( Based on the results of the protocol scanning step (S120), the above-described scanning steps (S110, S120) to find the protocol used in the open port found as a result of the port scanning step (S110) Thus, it may include a Type Assumption step (S130) of estimating the type of the target device.

Hereinafter, it is assumed that the method for estimating the type of a wireless device according to an embodiment of the present invention is applied to the IoT care sensor 100 described with reference to FIG. 1 , and the type of the wireless device according to an embodiment of the present invention A method of estimating will be described.

The port scanning step S110 is to find an open port of the wireless device 15 . That is, the port scanning step S110 is a step of performing the port scanning operation described with reference to FIG. 2 .

Also in this embodiment, for the purpose of explanation of the present invention, the open port of the wireless device 15a is port 80, the off port of the wireless device 15b is port 23, and the open port of the wireless device 15c is is port 5555, and it is assumed that the open port of the wireless device 15d is port 5559

The port scanning step S110 is to find an open port of the wireless device 15 . For example, as a result of performing the port scanning step (S110), the open port of the wireless device 15a is port 80, the off port of the wireless device 15b is port 23, and the open port of the wireless device 15c is port 5555, and it is known that the open port of the wireless device 15d is port number 5559.

The protocol scanning step S120 is a step for knowing the type of protocol actually used in the open port. That is, the protocol scanning step S120 is a step of performing the protocol scanning operation described with reference to FIG. 2_Delete. On the other hand, the open port is obtained as a result of the port scanning step (S110).

For example, in the protocol scanning step S120 , an operation of finding out the type of protocol used in port 80, which is an open port of the wireless device 15a, is performed. In addition, in the protocol scanning step (S120), the protocol used in port 23 of the wireless device 15b, the protocol used in port 5555 of the wireless device 15c, and port 5559 of the wireless device 5d are used It performs the operation of finding out what protocol is used. As such, the protocol scanning step ( S120 ) is a step of finding out the types of protocols actually used for all open ports of the wireless device 15 .

The protocol scanning step (S120) includes the steps of checking the type of the open port, creating a packet for checking the protocol, transmitting the packet for checking the protocol to the target device having the open port, and transmitting the packet for checking the protocol and checking whether a response exists from a target device. On the other hand, the step of checking the type of the open port is a step of performing the above-described operation of checking the type of the open port, and the step of writing the packet for checking the protocol is performing the operation of creating the packet for checking the protocol and the step of checking whether a response is received from the target device is a step of performing an operation of checking whether a response is received from the above-described target device. Therefore, a more detailed description of these steps will be omitted.

In the step of checking the type of open port, it is checked whether the open port obtained by the port scanning operation corresponds to a well-known port, a registered port, or a dynamic port. perform the action

According to one embodiment, the step of checking the type of the open port. By referring to the port type data, an operation of finding out the type of the open port obtained by the port scanning operation is performed.

According to an embodiment, the step of creating the protocol confirmation packet includes creating the protocol confirmation packet according to the type of the open port.

For example, in the step of creating a packet for protocol confirmation, port 80 of the wireless device 15a is a well-known port using the World Wide Web HTTP protocol, so the Executes the operation of creating a packet for protocol confirmation.

In addition, in the step of creating the protocol confirmation packet, if there is no response to the protocol confirmation packet created using the web HTTP protocol from the wireless device 15a, port 80 of the IoT device 15a uses the web HTTP protocol It decides not to do so, and uses a protocol other than the World Wide Web HTTP protocol to create a packet for protocol confirmation.

That is, in the step of preparing the protocol confirmation packet, in order to find out the type of protocol actually used in the open ports of the wireless device 15, the protocol confirmation packet is created until a response is received as in the above-described operations. .

The step of transmitting the protocol confirmation packet to the wireless device is a step of transmitting the protocol confirmation packet to the target device. The step of transmitting the protocol confirmation packet to the target device includes transmitting the protocol confirmation packet until a response is received from the target device.

The step of checking whether a response exists from the target device that has transmitted the protocol confirmation packet includes monitoring whether a response to the protocol confirmation packet is received from the target device, and when a response is received, the protocol used for the response is transferred from the corresponding open port. Executes an operation that determines that the protocol is actually used.

The type estimation step ( S130 ) is a type of estimating each type of target devices by using at least one result of the performance result of the photo scanning step ( S110 ) and the protocol scanning step ( S120 ). This is a step for performing an estimation operation. That is, the type estimation step S130 is a step for performing the above-described type estimation operation.

According to an embodiment, the step of estimating the type ( S130 ) includes estimating the type of service from the type of protocol found as a result of performing the protocol scanning operation, and estimating the type of the target device from the type of service. do. Here, the step of estimating the type of service from the type of protocol is a step of estimating the type of the service from the type of the protocol described above, and the step of estimating the type of the target device from the type of the service is the above-mentioned service. This is a step of estimating the type of the target device from the type. Therefore, for a detailed description of these steps, please refer to the description of the embodiment of Fig. 1_Delete_Delete and Fig. 2_Delete_Delete.

As described above, the response to the protocol confirmation packet may include at least one of banner information and service information of the target device.

According to an embodiment, the Type Assumption step ( S130 ) includes at least one of banner information and service information of the IoT device, a result of performing the above-described photo scanning operation, and protocol scanning ( Protocol Scanning), at least one result of the operation results is used.

For example, in the type estimation operation S130 , a first estimation operation, a second estimation operation, a comparison operation, and a type determination operation may be performed. For detailed descriptions of the first estimating operation, the second estimating operation, the comparison operation, and the type determining operation, refer to the description of the embodiment described with reference to FIG. 2 .

As another example, the type estimation operation S130 may perform a port scanning operation, a protocol scanning operation, and a type estimation operation. For detailed descriptions of the first estimating operation, the second estimating operation, the comparison operation, and the type determining operation, refer to the description of the embodiment described with reference to FIG. 2 .

As described above, the method of estimating the type of the wireless device according to an embodiment of the present invention described with reference to FIG. 3 may be implemented by, for example, a computer program. That is, a computer-readable program for executing all or some steps of each step constituting the method for estimating the type of a wireless device according to an embodiment of the present invention described with reference to FIG. 3 , can be read by a computer. It may be stored in a recording medium. A program for causing the IoT care sensor 100 to execute all or some of the steps constituting the method according to an embodiment of the present invention stored in the recording medium as described above may be loaded into a memory and executed under the control of a computer processor.

For example, according to an embodiment of the present invention, a result of performing a port scanning step (S110) and a port scanning step (S110) to find an open port of a target device A type of estimating the type of the target device based on the results of the protocol scanning step (S120) and the above-described scanning steps (S110, S120) to find the protocol used in the open port found with A computer-readable recording medium is provided for causing the IoT care sensor 100 to execute a method of estimating the type of the wireless device including the Type Assumption step ( S130 ). For a description of each of these steps, please refer to the description above.

As described above, the method of estimating the type of the wireless device according to an embodiment of the present invention described with reference to FIG. 3 may be implemented by, for example, a computer program. That is, a computer-readable program for executing all or some of the steps constituting the method for estimating the type of a wireless device according to an embodiment of the present invention described with reference to FIG. 3 in the wireless device care apparatus. It may be stored in a recording medium. A program for causing the IoT care sensor 100 to execute all or some of the steps constituting the method according to an embodiment of the present invention stored in the recording medium in this way may be loaded into a memory and executed under the control of the computer processor.

For example, according to an embodiment of the present invention, a result of performing a port scanning step (S110) and a port scanning step (S110) to find an open port of a target device A type of estimating the type of the target device based on the results of the protocol scanning step (S120) and the above-described scanning steps (S110, S120) to find the protocol used in the open port found with A computer-readable recording medium is provided for causing the IoT care sensor 100 to execute a method of estimating the type of the wireless device including the Type Assumption step ( S130 ). For a description of each of these steps, please refer to the description above.

As such, a person skilled in the art to which the present invention pertains can make various modifications and variations from the description of the above-described specification. Therefore, the scope of the present invention should not be limited to the described embodiments and should be defined by the claims described below as well as the claims and equivalents.

15, 15a, 15b, 15c, 15d: wireless devices
100: IoT care sensor
300: server

Claims (6)

IoT devices connected to a home network consisting of a wired/wireless network;
a wall pad capable of communicating with the IoT devices through the home network; and
An IoT care sensor capable of detecting a wireless signal of a wireless device connected to the home network and determining whether the detected wireless device is a fake device; a home network system using an IoT care sensor, including a. According to claim 1,
The IoT care sensor is
A type estimation operation for estimating the type of the wireless device, and a home network system using an IoT care sensor to determine whether the wireless device is a fake device by attacking the wireless device with a weakness according to the type of the wireless device . 3. The method of claim 2,
The type estimation operation is an operation of estimating the type of the wireless device according to the results of the port scanning operation and the protocol scanning operation,
The port scanning operation is an operation to find an open port of the wireless device,
The protocol scanning operation is an operation to find a protocol used in an open port found as a result of the port scanning operation, a home network system using an IoT care sensor. 4. The method of claim 3,
The protocol scanning operation is
The operation of confirming the type of the open port, the operation of creating a protocol confirmation packet according to the type of the open port and transmitting the packet to the wireless device having the open port, and from the wireless device The operation of checking whether a response to the protocol confirmation packet is received, a home network system using an IoT care sensor. 5. The method of claim 4,
The response includes at least one of banner information and service information of the wireless device having the open port,
A home network system using an IoT care sensor, wherein the banner information or the service information includes information indicating a type of a wireless device. 6. The method of claim 5,
The type estimation operation is
A first estimating operation for estimating a service type from the protocol found as a result of performing a protocol scanning operation, a second estimating operation for estimating a service type from information indicating the type of the wireless device, and the first estimating operation The operation of comparing the type of service estimated by the second estimating operation and the type of service estimated by the second estimation operation, and when both of the comparison results are different, from the information indicating the type of the wireless device, the A home network system using an IoT care sensor that performs an operation of estimating a type.

Images