Security Threats on National Defense ICT based on IoT

Similar documents
Security Threats Recognition and Countermeasures on Smart Battlefield Environment based on IoT

An Application of Data Leakage Prevention System based on Biometrics Signals Recognition Technology

Device-based Secure Data Management Scheme in a Smart Home

Roles and Responsibilities of Cyber Intelligence for Cyber Operations in Cyberspace

Studying Security Weaknesses of Android System

A Study on IP Exposure Notification System for IoT Devices Using IP Search Engine Shodan

A Study of Key management Protocol for Secure Communication in Personal Cloud Environment

A Survey on Security Threats and Security Technology Analysis for Secured Cloud Services

Right-Sizing M2M Security: The Best Security is Security Tailored to Your Application

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

The Internet of Things Risks and Challenges

Cyber Threats in Physical Security Understanding and Mitigating the Risk

A Practical Analysis of Smartphone Security*

Security Assessment through Google Tools -Focusing on the Korea University Website

A Digital Door Lock System for the Internet of Things with Improved Security and Usability

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

CYBERTRON NETWORK SOLUTIONS

How To Detect An Advanced Persistent Threat Through Big Data And Network Analysis

Overview of the Internet of things

A Research Using Private Cloud with IP Camera and Smartphone Video Retrieval

Now and Tomorrow. IEEE/AICCSA Conference November 2014 Malike Bouaoud Cyber Security Advisor

Detailed Description about course module wise:

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Problems of Security in Ad Hoc Sensor Network

Industrial Control Systems Vulnerabilities and Security Issues and Future Enhancements

Seminar: Security Metrics in Cloud Computing ( se)

COSC 472 Network Security

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Readiness Assessments: Vital to Secure Mobility

The Internet of Things

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/ Semester 2

Critical Controls for Cyber Security.

What is Really Needed to Secure the Internet of Things?

CEH Version8 Course Outline

> SOTAS The world class multimedia vehicle intercom system.

Firewall and UTM Solutions Guide

Bellevue University Cybersecurity Programs & Courses

Development of a Service Robot System for a Remote Child Monitoring Platform

Capabilities for Cybersecurity Resilience

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

Department of Defense DIRECTIVE

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Deploying Firewalls Throughout Your Organization

Where every interaction matters.

Chapter 15: Computer and Network Security

Security Issues with Integrated Smart Buildings

Modern Accounting Information System Security (AISS) Research Based on IT Technology

Smart Integrated Multiple Tracking System Development for IOT based Target-oriented Logistics Location and Resource Service

KCC announces 'Comprehensive Plans for Smart Mobile Security'

The Design and Implementation of the Integrated Model of the Advertisement and Remote Control System for an Elevator

Designing federated identity management architectures for addressing the recent attacks against online financial transactions.

Chapter 6: Fundamental Cloud Security

RMAR Technologies Pvt. Ltd.

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Chapter 1: Introduction

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Link Layer and Network Layer Security for Wireless Networks

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

FORBIDDEN - Ethical Hacking Workshop Duration

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Review of the Techniques for User Management System

Threat Events: Software Attacks (cont.)

Introduction to Computer Networking: Trends and Issues

EC-Council. Certified Ethical Hacker. Program Brochure

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma CpE /24/2016

Principles of Information Assurance Syllabus

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Networking: EC Council Network Security Administrator NSA

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Nokia Networks. security you can rely on

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

GOVERNMENT AND THE INTERNET OF THINGS (IOT) FINDINGS AND RECOMMENDATION OF ATARC S INTERNET OF THINGS INNOVATION LAB NOVEMBER, 2015

Wireless Network Security

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

CONECTIVIDAD EN LA ERA DEL IOT THE INTERNET OF THINGS

The Internet of Things: Opportunities & Challenges

ICTN Enterprise Database Security Issues and Solutions

Report on Cyber Security Alerts Processed by CERT-RO in 2014

Security for the Internet of Things (IoT) John Yeoh, IoT Working Group

A Systems Engineering Approach to Developing Cyber Security Professionals

The Development of an Intellectual Tracking App System based on IoT and RTLS

In the pursuit of becoming smart

Loophole+ with Ethical Hacking and Penetration Testing

Certified Ethical Hacker Exam Version Comparison. Version Comparison

The trend of the Cyber Security and the efforts of NEC. December 9 th, 2015 NEC Corporation

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Defending Against Data Beaches: Internal Controls for Cybersecurity

Transcription:

, pp.94-98 http://dx.doi.org/10.14257/astl.205.97.16 Security Threats on National Defense ICT based on IoT Jin-Seok Yang 1, Ho-Jae Lee 1, Min-Woo Park 1 and Jung-ho Eom 2 1 Department of Computer Engineering, School of Information and Communication Engineering, Sungkyunkwan University, Suwon-si, Republic of Korea jsyang@ensec.re.kr, hjlee72@gmail.com, mwpark@imtl.skku.ac.kr 2 Department of Military Studies, Daejeon University, 62 Daehakro, Dong-Gu, Daejeon-si, 300-716, Republic of Korea eomhun@gmail.com Abstract. In this paper, we drew new security threats on IoT (Internet of Thing) based modern battlefield (Network centric battlefield). DoD is focusing its attention on the development of unmanned combat systems to prepare for future war. The IoT technology provides networking service to connect each other unmanned combat system. IoT has the security vulnerabilities of each element of the technology itself because the technology integrates several components to configure a specific service. And new security vulnerabilities will be caused when they are interconnecting. In military information communication technology, we should concern in four perspectives; illegal remote control, information leakage, false information insert, and signal disturbance. Keywords: IoT, Security Threats, Illegal Remote Control, Information Leakage 1 Introduction Future battlefield will be the new battlefield form that combines the information & communication technology and national defense science technology. A representative battlefield is network-centric warfare (NCW). This constitutes an information grid that connects the elements of all combat soldiers, weapons, military equipment and so on by utilizing computers, sensors, wired/wireless network. And it is warfare concept that increases war power by intelligence superiority through information sharing and integration as connecting intelligence collection systems, command and control system, and strike system [1]. Each system is connected to network for faster information collection, analysis, and sharing in network-centric warfare. By doing so, it is to obtain intelligence superiority and improve the real-time resilience on the battlefield. The defense ministry has planned to apply IoT (Internet of Thing) to build this intelligent combat system. IoT is thing space network that form intelligent relationship such as sensing, networking, and information processing with mutual cooperation without human intervention on the distributed environment composed of 2 He is a correspondent-author of this paper. ISSN: 2287-1233 ASTL Copyright 2015 SERSC

human, thing, and service [2]. IoT has specific security vulnerabilities for each respective component because the physical and technology components are done seamless communication and information delivery from the end sensor to the user service. In addition, new security vulnerabilities that did not exist on components could be existed by connecting each component [3]. If IoT applies to national defense information and communications systems, the same security vulnerabilities will be happened. So, it is important to identify these security vulnerabilities and necessary to establish countermeasures accordingly. In this paper, we will describe IoT security threats in section 2 and security threats of national defense information and communication applied to IoT in section 3. We conclude in section 4. 2 IoT Security Threats The Internet of Things (IoT) refers to technology for connecting things embedded with electronics, software and sensors on the internet. It also means connectivity to enable to achieve service by exchanging data with connected devices. Each thing has a unique IP to distinguish itself through its embedded computing system, and they are able to interoperate within the existing internet infrastructure. IoT is composed of three main factors such as human, objects, and service. IoT technology is to connect machine to machine, machine to man, and man to man. To connect the factors, it is needed main component technologies such as sensing, communication and network, and service interface techniques. The sensing obtains information related to the objects and the environment using a various sensors. The communication and network refer to all wired and wireless networks that can be connected to the human, objects, and service. The service interface is responsible for interlocking IoT factors and the application service to perform a specific function [2,4,5]. In IoT techniques, it may cause new security vulnerabilities when interconnecting each component technologies. Of cause, it has the security vulnerabilities of each element in the technology itself because the technology integrates several components to configure a specific service. It is difficult to keep security in IoT environment because there are various subjects such as devices provider, communication & network provider, service developer, API developer, platform providers, and data owners, etc. According to Cisco [6], there are devices connected to each other more than 10 billion worldwide and is expected to be exceeded 50 billion by 2020, and is expected to record 50% growth over the next three years. When this occurs, the security threats targeted on IoT is expected to increase as much. It found that zombie home appliances were real when detecting spam and phishing e-mail cases of 75 million using smart TV or refrigerator connected to the Internet like zombie PC. And it is demonstrated that hacker can manipulate to break into the wireless IP camera via a search engine Shodan which find all the component things connected the server, webcam, printer, and router to the internet. In Black Hat 2013, researchers revealed how Toyota Prius and the Ford Escape, which are the most popular vehicles in the US, are hacked, and can be manipulated at will in the notebook. In Black Hat 2014, security researcher show off hacking techniques that the drone would fly around Copyright 2015 SERSC 95

sniffing out WiFi networks has hardware inside that allows it to spoof a cell phone tower [7]. There could be caused the reverse effects such as information disclosure, data modulation, service stop, an invasion of privacy and so on. The following table shows the security threats on the IoT components. Table 1. Security Threats on the IoT Components Devices Networks Platforms Services Security Threats Infrastructure paralysis by devices and equipment malfunctions, information leakage and forgery caused by device loss, theft and forgery, malware transition and threats between devices, difficulties of IP security technology application in lightweight and low power required equipment, Information leakage and forgery in the interworking communication between heterogeneous IoT, network and gateway hacking, IoT DDoS by the large-scale things Bots, the signal data confidentiality and integrity violations Unauthorized access and attacks on platforms by malicious devices and users, platform collapsed threat by the encryption key hacking Invalid authentication by sniffing attacks, personal information leakage and privacy invasion in cloud and big data 3 Security Threats on IoT applied National Defense ICT Department of defense (DoD) said it would promote the transformation to operations readiness based on IoT. It is intelligent technologies and service to communicate information between human and things, things and things which are connected information and communication technologies and all the things to internet. If such initiatives are realized, it is possible to perform mission in condition that command post as well as various weapons systems and even each soldier linked to the internet. It is also possible to share allies and enemies information in real-time. IoT is applicable to the various field of national defense such as surveillance and reconnaissance systems, soldiers combat uniform, logistics supply, etc. In particular, IoT can be applied unmanned combat systems, combat soldiers, precise guided munitions, Army/Navy/Air Force combat platforms, surveillance and reconnaissance systems, and so on. In the modern battlefield, if IoT is applied to a process of information collection and analysis, target acquisition, weapons selection, and target attack, it may cause important security threats such as illegal remote control, information leakage, false information insert, and signal disturbance. Illegal remote control is to seize control by acquiring access authorization of unmanned combat systems. Firstly, the attacker obtains access authorization of user as cracking the password or finding system vulnerability. And it seizes the super user privilege, using the user s access authorization. The attacker can degrade the enemy s combat power as preventing attack by the unmanned combat systems, and making to attack allies each other, using privilege of unmanned combat systems. 96 Copyright 2015 SERSC

Information Leakage is to extract information that is propagated through the network by sniffing or ARP spoofing attack techniques. By identifying enemy s operations plan or location in advance, it is possible to faster deploy a military operation than enemy. False information insert is inserted into incorrect information on target or replaced fake information, using replay or session hijacking attack techniques. By doing so, it is possible to delay the friendly operations or cause the confusion. Signal disturbance is to paralyze the communication as emitting a stronger output of frequency noise than radio wave frequency of the radar or communications equipment from ally s area. It is difficult to obtain the enemy information when the signal is jammed. The following figure is showing security threats on modern battlefield applied to IoT. Fig. 1 Security threats on IoT applied battlefield 4 Conclusion We drew new security threats on network centric battlefield applied to IoT in the modern warfare. IoT is applicable to the various field of national defense such as surveillance and reconnaissance systems, soldiers combat uniform, logistics supply, etc. If IoT is applied to a combat process such as information collection and analysis, target acquisition, weapons selection, and target attack, it will be happened important security threats like remote control, information leakage, and false information insert, and signal disturbance. In future, we will analyze in detail on the security threats, and we will propose a countermeasure accordingly. Copyright 2015 SERSC 97

References 1. Jung-ho Eom: An Introduction of cyber Warfare, hongpub, (2012) 2. Ho-won Kim and Dong-kyu Kim: IoT Technology and Security, Journal of Information Security, Vol.22, No.1, pp.7-13 (2012) 3. Ho-won Kim: Issues of Security/privacy in IoT Environment, TTA Journal Vol.153, pp.35-39 (2014) 4. http://en.wikipedia.org/wiki/internet_of_things 5. Kai Zhao and Lina Ge: A Survey on the Internet of Things Security, Proceedings of Ninth International Conference on Computational Intelligence and Security (CIS2013), pp.663-667 (2013) 6. Increasing Security Threats targeted on IoT, KISA Monthly Cyber Security Issue, pp.7-8, (2014) 7. Jung-ho Eom: New ICT Techniques Security Threats and Countermeasure, 2014 National Defense Information Conference, (2014) 98 Copyright 2015 SERSC

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information