SlideShare a Scribd company logo

[Kcc poster] 정준영

Junyoung Jung
Junyoung Jung

This document presents a security control center designed for an IoT device security platform. It motivates the need for such a system given the lack of security in many IoT devices and the absence of control systems. It reviews related works in general security control systems and issues with applying them to IoT. The proposed system monitors elements of the SecurePi security platform like the trusted platform module, firmware integrity and updates, file system integrity and encryption. The implementation includes an SCC server to collect data and an SCC client for monitoring. Future work involves expanding the system to secure Arduino devices.

Engineering
1 of 12
Download to read offline
- 1 - Mobile & Embedded System Lab. Dept. of Computer Engineering Kyung Hee Univ. Design and Implementation of Security Control Center based on IoT Device Security Platform Presented by Junyoung Jung
- 2 - Kyung Hee University Mobile Embedded System Lab. Motivation  Recent Trends  Accelerated the launch of a variety of IoT products & services  Increased interest in IoT device security issues  Problems  Manufactured without considering security level  Absence of a security control system ▶ Difficult to respond to security attacks Need for a Security Control System (Collecting and Analyzing the information about security attacks.)
- 3 - Kyung Hee University Mobile Embedded System Lab. Related works  General Security Control System  Monitoring and management  Rapid response handling ▶ Real-time monitoring ▶ Fault handling  Problems of general Security Control System  Connect to the Internet on PC and mobile ▶ The number of protected objects is limited.  IoT devices connect various sensors and things ▶ The number of protected is not clearly defined. General Security Control System Not suitable for IoT service
- 4 - Kyung Hee University Mobile Embedded System Lab. Related works  SecurePi: Secure Raspberry Pi (Using TPM*)  Linux based high-end secure COTS IoT device platform ① Secure Key Storage & Management ② Secure Boot ③ Secure Firmware Update ④ Remote Attestation ⑤ Secure Communication ⑥ Mandatory Access Control ⑦ Filesystem Integrity ⑧ Filesystem Encryption *TPM : Trusted Platform Module
- 5 - Kyung Hee University Mobile Embedded System Lab. Contribution  Suggested in the paper  SecurePi is a platform to satisfy the measures against IoT device security issues.  However, if Secure Pi’s TPM does not work, another security issue may arise. Propose SCC(Security Control Center), a system that can control SecurePi
- 6 - Kyung Hee University Mobile Embedded System Lab. Contribution  Improvements through the paper  Enables monitoring of secure element tech. of Secure Pi ▶ Does the TPM run normal? ▶ Is encryption key data securely maintained/managed? ▶ Is the integrity of the F/W guaranteed? ▶ Is the F/W update safe? ▶ Is the integrity of the files in the filesystem guaranteed? ▶ Is the confidentiality of files in the filesystem guaranteed? ▶ Is a device login attempt detected? ▶ Is a device allow/deny packet detected?
- 7 - Kyung Hee University Mobile Embedded System Lab. Proposed System  Functional requirements (for performing Security Controls) ① Ensure availability of sensitive data ▶ Storing and managing the encryption key data in TPM ▶ Secure Key Storage & Management Monitoring ② Ensure F/W integrity (Secure Boot) ▶ Firmware replacement attacks prevention ▶ Secure Boot Monitoring ③ Ensure secure F/W update ▶ The previous versions of firmware install prevention ▶ Secure Firmware Update Monitoring ④ Ensure F/W integrity (Remote Attestation) ▶ Firmware replacement attacks prevention through other device ▶ Remote Attestation Monitoring
- 8 - Kyung Hee University Mobile Embedded System Lab. Proposed System  Functional requirements (for performing Security Controls) ⑤ Ensure the integrity of files in the filesystem ▶ Using IMA/EVM to provide integrity of files in filesystem ▶ Filesystem Integrity Monitoring ⑥ Ensure the confidentiality of files in the filesystem ▶ Using eCryptFS to provide confidentiality of files in the filesystem ▶ Filesystem Encryption Monitorng ⑦ Detect the device login attempt ▶ Checking the login log(/var/log/auth.log) periodically ▶ Login Monitoring ⑧ Detect the device allow/deny packet ▶ Checking the iptables log periodically ▶ Packet Monitoring
- 9 - Kyung Hee University Mobile Embedded System Lab. Implementation  SCC system
- 10 - Kyung Hee University Mobile Embedded System Lab. Implementation  SCC-Server
- 11 - Kyung Hee University Mobile Embedded System Lab. Implementation  SCC-Client  Main page  http://163.180.142.73:3000  Host PC: Ubuntu 16.04 LTS
- 12 - Kyung Hee University Mobile Embedded System Lab. Conclusion  Conclusion  Need security platform for considering device level  Need security control system for monitoring the security platform  Future works  SArduino: Secure Arduino (Using SE) ▶ RTOS/FIRMWARE based low-end secure COTS IoT device platform

Recommended

Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
Cyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarCyber Security: Trends and Globar War
Cyber Security: Trends and Globar War
Nasir Bhutta
 
edu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptxedu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptx
ANJUMOHANANU
 
Edu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfEdu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
webhostingguy
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System
Deris Stiawan
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
ANJUMOHANANU
 
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
xDEFENSE: An Extended DEFENSE for mitigating Next Generation IntrusionsxDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
Vivek Venugopalan
 

Recommended

Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
Cyber Security: Trends and Globar War
Cyber Security: Trends and Globar WarCyber Security: Trends and Globar War
Cyber Security: Trends and Globar War
Nasir Bhutta
 
edu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptxedu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptx
ANJUMOHANANU
 
Edu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfEdu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applications
webhostingguy
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System
Deris Stiawan
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
ANJUMOHANANU
 
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
xDEFENSE: An Extended DEFENSE for mitigating Next Generation IntrusionsxDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
xDEFENSE: An Extended DEFENSE for mitigating Next Generation Intrusions
Vivek Venugopalan
 
WE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security ControlsWE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security Controls
Society of Women Engineers
 
Network security
Network securityNetwork security
Network security
Simranpreet Singh
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Eric Vanderburg
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
Emanuela Boroș
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Firewall
FirewallFirewall
Firewall
Hùssâîn Mîrzã
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
Ikhtiar Khan Sohan
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
Vikram Khanna
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measures
hazirma
 
ME Information Security
ME Information SecurityME Information Security
ME Information Security
Mohamed Monsef
 
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
amiable_indian
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
Vikram Khanna
 
Firewalls
FirewallsFirewalls
Firewalls
Jyoti Akhter
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
Vskills
 
E firewalls
E firewallsE firewalls
E firewalls
Abhiroop Ghatak
 
Network security
Network security Network security
Network security
Vikas Jagtap
 
Ccna 1 8
Ccna 1 8Ccna 1 8
Ccna 1 8
Vahdet Shehu
 
Securing network devices
Securing network devicesSecuring network devices
Securing network devices
beko-badr
 
Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...
usman butt
 
SCC (Security Control Center)
SCC (Security Control Center)SCC (Security Control Center)
SCC (Security Control Center)
Junyoung Jung
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 

More Related Content

What's hot

3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measures
hazirma
 
ME Information Security
ME Information SecurityME Information Security
ME Information Security
Mohamed Monsef
 
Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...
usman butt
 

What's hot (20)

WE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security ControlsWE16 - Defense in Depth: Top 10 Critical Security Controls
WE16 - Defense in Depth: Top 10 Critical Security Controls
 
Network security
Network securityNetwork security
Network security
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and Challenge
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
3.2.2 security measures
3.2.2 security measures3.2.2 security measures
3.2.2 security measures
 
ME Information Security
ME Information SecurityME Information Security
ME Information Security
 
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
Lessons Learned from Teaching Intrusion Detection and Intrusion Prevention wi...
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network Security Certification
Network Security CertificationNetwork Security Certification
Network Security Certification
 
E firewalls
E firewallsE firewalls
E firewalls
 
Network security
Network security Network security
Network security
 
Ccna 1 8
Ccna 1 8Ccna 1 8
Ccna 1 8
 
Securing network devices
Securing network devicesSecuring network devices
Securing network devices
 
Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...
 

Similar to [Kcc poster] 정준영

Check point nerc cip compliance
Check point nerc cip complianceCheck point nerc cip compliance
Check point nerc cip compliance
Ivan Carmona
 
online investigation
online investigationonline investigation
online investigation
fortune777
 
IoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentationIoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentation
AuliaArifWardana
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
Mustafa Jarrar
 

Similar to [Kcc poster] 정준영 (20)

SCC (Security Control Center)
SCC (Security Control Center)SCC (Security Control Center)
SCC (Security Control Center)
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Check point nerc cip compliance
Check point nerc cip complianceCheck point nerc cip compliance
Check point nerc cip compliance
 
online investigation
online investigationonline investigation
online investigation
 
CSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptxCSE_Instructor_Materials_Chapter7.pptx
CSE_Instructor_Materials_Chapter7.pptx
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
IoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentationIoT-Device-Security-DRAFT-slide-presentation
IoT-Device-Security-DRAFT-slide-presentation
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
 
Security
SecuritySecurity
Security
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
Chapter 9 Client and application Security
Chapter 9 Client and application SecurityChapter 9 Client and application Security
Chapter 9 Client and application Security
 
Endpoint Security for Mobile Devices
Endpoint Security for Mobile DevicesEndpoint Security for Mobile Devices
Endpoint Security for Mobile Devices
 
IoT-Device-Security.pptx
IoT-Device-Security.pptxIoT-Device-Security.pptx
IoT-Device-Security.pptx
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
 
Power point presentation on cyber security
Power point presentation on cyber securityPower point presentation on cyber security
Power point presentation on cyber security
 
3rd Party Outsourcing Information Security Assessment Questionnaire
3rd Party Outsourcing Information Security Assessment Questionnaire3rd Party Outsourcing Information Security Assessment Questionnaire
3rd Party Outsourcing Information Security Assessment Questionnaire
 

More from Junyoung Jung

전자석을 이용한 타자 연습기
전자석을 이용한 타자 연습기전자석을 이용한 타자 연습기
전자석을 이용한 타자 연습기
Junyoung Jung
 

More from Junyoung Jung (20)

[KCC oral] 정준영
[KCC oral] 정준영[KCC oral] 정준영
[KCC oral] 정준영
 
전자석을 이용한 타자 연습기
전자석을 이용한 타자 연습기전자석을 이용한 타자 연습기
전자석을 이용한 타자 연습기
 
[2018 평창올림픽 기념 SW 공모전] Nolza 보고서
[2018 평창올림픽 기념 SW 공모전] Nolza 보고서[2018 평창올림픽 기념 SW 공모전] Nolza 보고서
[2018 평창올림픽 기념 SW 공모전] Nolza 보고서
 
[2018 평창올림픽 기념 SW 공모전] Nolza - Activity curation service
[2018 평창올림픽 기념 SW 공모전] Nolza - Activity curation service[2018 평창올림픽 기념 SW 공모전] Nolza - Activity curation service
[2018 평창올림픽 기념 SW 공모전] Nolza - Activity curation service
 
Google File System
Google File SystemGoogle File System
Google File System
 
sauber92's Potfolio (ver.2012~2017)
sauber92's Potfolio (ver.2012~2017)sauber92's Potfolio (ver.2012~2017)
sauber92's Potfolio (ver.2012~2017)
 
Electron을 사용해서 Arduino 제어하기
Electron을 사용해서 Arduino 제어하기Electron을 사용해서 Arduino 제어하기
Electron을 사용해서 Arduino 제어하기
 
[UNITHON 5TH] KOK - 프로귀찮러를 위한 지출관리 서비스
[UNITHON 5TH] KOK - 프로귀찮러를 위한 지출관리 서비스[UNITHON 5TH] KOK - 프로귀찮러를 위한 지출관리 서비스
[UNITHON 5TH] KOK - 프로귀찮러를 위한 지출관리 서비스
 
[우아주, Etc] 정준영 - 페이시스템
[우아주, Etc] 정준영 - 페이시스템[우아주, Etc] 정준영 - 페이시스템
[우아주, Etc] 정준영 - 페이시스템
 
[우아주, 7월] 정준영
[우아주, 7월] 정준영[우아주, 7월] 정준영
[우아주, 7월] 정준영
 
[team608] 전자석을 이용한 타자연습기
[team608] 전자석을 이용한 타자연습기[team608] 전자석을 이용한 타자연습기
[team608] 전자석을 이용한 타자연습기
 
[Graduation Project] 전자석을 이용한 타자 연습기
[Graduation Project] 전자석을 이용한 타자 연습기[Graduation Project] 전자석을 이용한 타자 연습기
[Graduation Project] 전자석을 이용한 타자 연습기
 
[KCC poster]정준영
[KCC poster]정준영[KCC poster]정준영
[KCC poster]정준영
 
16 학술제 마무리 자료
16 학술제 마무리 자료16 학술제 마무리 자료
16 학술제 마무리 자료
 
[Maybee] inSpot
[Maybee] inSpot[Maybee] inSpot
[Maybee] inSpot
 
[대학생 연합 해커톤 UNITHON 3RD] Mingginyu_ppt
[대학생 연합 해커톤 UNITHON 3RD] Mingginyu_ppt[대학생 연합 해커톤 UNITHON 3RD] Mingginyu_ppt
[대학생 연합 해커톤 UNITHON 3RD] Mingginyu_ppt
 
[2016 K-global 스마트디바이스톤] inSpot
[2016 K-global 스마트디바이스톤] inSpot[2016 K-global 스마트디바이스톤] inSpot
[2016 K-global 스마트디바이스톤] inSpot
 
[2015전자과공모전] ppt
[2015전자과공모전] ppt[2015전자과공모전] ppt
[2015전자과공모전] ppt
 
[C++]6 function2
[C++]6 function2[C++]6 function2
[C++]6 function2
 
[C++]5 function
[C++]5 function[C++]5 function
[C++]5 function
 

Recently uploaded

Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 

Recently uploaded (20)

Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 

[Kcc poster] 정준영

  • 1. - 1 - Mobile & Embedded System Lab. Dept. of Computer Engineering Kyung Hee Univ. Design and Implementation of Security Control Center based on IoT Device Security Platform Presented by Junyoung Jung
  • 2. - 2 - Kyung Hee University Mobile Embedded System Lab. Motivation  Recent Trends  Accelerated the launch of a variety of IoT products & services  Increased interest in IoT device security issues  Problems  Manufactured without considering security level  Absence of a security control system ▶ Difficult to respond to security attacks Need for a Security Control System (Collecting and Analyzing the information about security attacks.)
  • 3. - 3 - Kyung Hee University Mobile Embedded System Lab. Related works  General Security Control System  Monitoring and management  Rapid response handling ▶ Real-time monitoring ▶ Fault handling  Problems of general Security Control System  Connect to the Internet on PC and mobile ▶ The number of protected objects is limited.  IoT devices connect various sensors and things ▶ The number of protected is not clearly defined. General Security Control System Not suitable for IoT service
  • 4. - 4 - Kyung Hee University Mobile Embedded System Lab. Related works  SecurePi: Secure Raspberry Pi (Using TPM*)  Linux based high-end secure COTS IoT device platform ① Secure Key Storage & Management ② Secure Boot ③ Secure Firmware Update ④ Remote Attestation ⑤ Secure Communication ⑥ Mandatory Access Control ⑦ Filesystem Integrity ⑧ Filesystem Encryption *TPM : Trusted Platform Module
  • 5. - 5 - Kyung Hee University Mobile Embedded System Lab. Contribution  Suggested in the paper  SecurePi is a platform to satisfy the measures against IoT device security issues.  However, if Secure Pi’s TPM does not work, another security issue may arise. Propose SCC(Security Control Center), a system that can control SecurePi
  • 6. - 6 - Kyung Hee University Mobile Embedded System Lab. Contribution  Improvements through the paper  Enables monitoring of secure element tech. of Secure Pi ▶ Does the TPM run normal? ▶ Is encryption key data securely maintained/managed? ▶ Is the integrity of the F/W guaranteed? ▶ Is the F/W update safe? ▶ Is the integrity of the files in the filesystem guaranteed? ▶ Is the confidentiality of files in the filesystem guaranteed? ▶ Is a device login attempt detected? ▶ Is a device allow/deny packet detected?
  • 7. - 7 - Kyung Hee University Mobile Embedded System Lab. Proposed System  Functional requirements (for performing Security Controls) ① Ensure availability of sensitive data ▶ Storing and managing the encryption key data in TPM ▶ Secure Key Storage & Management Monitoring ② Ensure F/W integrity (Secure Boot) ▶ Firmware replacement attacks prevention ▶ Secure Boot Monitoring ③ Ensure secure F/W update ▶ The previous versions of firmware install prevention ▶ Secure Firmware Update Monitoring ④ Ensure F/W integrity (Remote Attestation) ▶ Firmware replacement attacks prevention through other device ▶ Remote Attestation Monitoring
  • 8. - 8 - Kyung Hee University Mobile Embedded System Lab. Proposed System  Functional requirements (for performing Security Controls) ⑤ Ensure the integrity of files in the filesystem ▶ Using IMA/EVM to provide integrity of files in filesystem ▶ Filesystem Integrity Monitoring ⑥ Ensure the confidentiality of files in the filesystem ▶ Using eCryptFS to provide confidentiality of files in the filesystem ▶ Filesystem Encryption Monitorng ⑦ Detect the device login attempt ▶ Checking the login log(/var/log/auth.log) periodically ▶ Login Monitoring ⑧ Detect the device allow/deny packet ▶ Checking the iptables log periodically ▶ Packet Monitoring
  • 9. - 9 - Kyung Hee University Mobile Embedded System Lab. Implementation  SCC system
  • 10. - 10 - Kyung Hee University Mobile Embedded System Lab. Implementation  SCC-Server
  • 11. - 11 - Kyung Hee University Mobile Embedded System Lab. Implementation  SCC-Client  Main page  http://163.180.142.73:3000  Host PC: Ubuntu 16.04 LTS
  • 12. - 12 - Kyung Hee University Mobile Embedded System Lab. Conclusion  Conclusion  Need security platform for considering device level  Need security control system for monitoring the security platform  Future works  SArduino: Secure Arduino (Using SE) ▶ RTOS/FIRMWARE based low-end secure COTS IoT device platform