Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Derivation of Anti-Tamper System Requirements Based on CMVP Standard for Technology Protection of Weapon Systems

무기 시스템의 기술 보호를 위한 CMVP 표준 기반의 Anti-Tamper 시스템 요구사항 도출

  • 이민우 (아주대학교 시스템공학과) ;
  • 이재천 (아주대학교 시스템공학과)
  • Received : 2019.01.11
  • Accepted : 2019.04.05
  • Published : 2019.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

As the growth of the domestic defense industry is remarkable regarding technology level and export size, technology protection is necessary. Particularly, there is a need to apply anti-tamper measures to prevent critical technologies from illegally being taken out of weapon systems. However, there is no security protection strategy and system built yet in ROK. Precedent studies discussed the trend analysis and technical research for specific protective techniques, and the application of anti-tamper using limited procedures was provided. Recently, methods of how to select the technology for protection were studied based on risk management. Nonetheless, these studies cannot be associated with the acquisition process for the whole life-cycle, having difficulty with actual development and evaluation of the weapon systems. The objective of our study is to derive the system requirements of the weapon system for which anti-tamper measures have been determined to apply. Specifically, requirements items suitable for the development of anti-tamper weapon systems were derived based on ISO/IEC 19790, the CMVP standard for the development and verification of cryptographic modules. Also, its utilization in technical reviews and test & evaluations was presented. The usefulness of the research results was confirmed through inductive inference and comparative evaluation. The result can be expected to play a role in initiating extensive activities needed for technology protection of the weapon systems.

국내 방산분야의 기술적 성장과 수출 증대가 괄목함에 따라, 국가안보적 위협을 방지하기 위한 방위산업 분야 기술보호의 중요성이 강조되고 있으므로 기술보호 제도의 확립 및 수행이 필요하다. 특히 무기 시스템으로부터 중요기술을 불법으로 탈취하는 Tampering 시도에 대응하기 위한 Anti-Tampering 기법의 도입 필요성이 대두되고 있으나, 아직까지는 관련제도가 갖춰지지 않았고 기술자료 유출 예방 위주 수준의 활동이 이루어지고 있다. 선행연구로서 특정 기술 보호기법에 대한 기술적 연구와 동향 분석, 일부 절차를 적용한 Anti-Tampering 적용방안 등이 발표되었으며, 최근에는 위험관리 절차를 기반으로 보호대상 기술을 선정하는 방법이 연구되었다. 하지만 기존 연구들은 무기 시스템의 Life-cycle 차원에서 획득 프로세스와 연계하기에 용이하지 않거나, 실제로 개발 및 평가에서 활용하기는 어려운 것으로 판단된다. 이러한 문제를 해결하는 한 방법으로, 본 논문에서는 Anti-Tampering 적용이 결정된 무기 시스템의 개발에 직접적으로 활용될 수 있는 Anti-Tampering 요구사항의 도출에 대하여 연구하였다. 구체적으로, 암호 모듈의 개발 및 검증에 적용되는 CMVP 표준인 ISO/IEC 19790을 기반으로 무기 시스템 개발에 필요한 요구사항 항목들을 도출하였으며, 기술검토회의 및 시험평가 등에서의 활용방안을 제시하였다. 귀납적 추론 및 비교평가를 통해 연구결과의 유용성을 확인하였다. 본 연구의 결과들을 활용하면, 국내개발 무기 시스템의 본격적인 기술보호 활동 수행에 도움이 될 것으로 기대된다.

Keywords

SHGSCZ_2019_v20n4_470_f0001.png 이미지

Fig. 1. Tech. leakage cases in ‘Total life-cycle’ viewpoint

SHGSCZ_2019_v20n4_470_f0002.png 이미지

Fig. 2. Anti-Tamper Implementation Decision Process[15]

Table 1. Categories of FIPS 140-2 & ISO/IEC 19790[9-10]

SHGSCZ_2019_v20n4_470_t0001.png 이미지

Table 2. AT Requirement apply(From ISO/IEC 19790)

SHGSCZ_2019_v20n4_470_t0002.png 이미지

Table 3. Results of Comparative Evaluation

SHGSCZ_2019_v20n4_470_t0003.png 이미지

References

  1. H. J. Lee, "On the development of an Effective Defense Technology Security System," Defense & Technology, Korea Defense Industry Association, Nov. 2017, vol. 465.
  2. Department of Defense DIRECTIVE : Anti-Tamper(AT), DoD Directive 5200.47E, 2015.
  3. M. C. Park, W. K. Koo, D. G. Suh, I. S. Kim, D. H. Lee, “Two-stage tamper response in tamper-resistant software,” IET Software, Vol. 10, No. 3, pp. 81-88, 2016. DOI : http://dx.doi.org/10.1049/iet-sen.2014.0231
  4. M. H. Jang, Y. S. Ryu, H. K. Park, "A FPGA-Based scheme for protecting weapon system software technology," in Proc. ICCSA 2018, Melbourne, VIC, Austrailia, Jul. 2-5, 2018, pp. 148-157. DOI : https://doi.org/10.1007/978-3-319-95174-4_12
  5. Mikhail J. Atallah, Eric D. Bryant, and Martin R. Stytz, "A survey of anti-tamper technologies," CROSSTALK : The Journal of Defense Software Engineering, vol. 17, no. 11, pp. 12-16, 2004.
  6. H. K. Lee, W. S. Lee, Y. J. Oh, S. S. Park, “A Trend Analysis and Technology Application of Defense Technology Protection,” Journal of the KIMST, Vol. 20, No. 4, pp. 579-586, 2017. DOI : http://dx.doi.org/10.9766/KIMST.2017.20.4.579
  7. H. S. Chae, C. S. Lee, T. R. Kim, T. H. Kim, "The Design of the Response Method in Anti-tampering for UGV," in Proc. 2017 KIMST Fall Symposium, Daejeon, Republic of Korea, Nov. 14-15, 2017, pp. 819-820.
  8. M. W. Lee, J. C. Lee, "Risk Management-Based Application of Anti-Tampering Methods in Weapon Systems Development," Journal of KAIS, Vol. 19, No. 12, pp. 99-109, 2018. DOI : https://doi.org/10.5762/KAIS.2018.19.12.99
  9. Information technology - Security techniques - Security requirements for cryptographic modules, ISO/IEC Standard, 19790, 2012.
  10. Security requirements for cryptographic modules, FIPS PUB 140-2, 2001
  11. S. J. Ahn, C. K. Jung, K. S. Oh, J. Y. Lee, "A Study on the Development of Defence Technology Protection System," Sungkyunkwan Univ. Univ-Industry Collabo, Director General for Defense Technology Control of DAPA, Oct. 2016.
  12. Department of Defense Instruction : Critical Program Information(CPI) Protection Within the Department of Defense, DoD Instruction 5200.39, 2008.
  13. United States Government Accountability Office, "DoD Needs to Better support program managers' implementation of AT protection," GAO-04-302, Mar. 2004.
  14. United States Government Accountability Office, "Department-wide Direction Is Needed for Implementation of the Anti-tamper Policy," GAO-08-91, Jan. 2008.
  15. Statement of Anti-Tamper(AT) Measures in the Letter of Offer and Acceptance(LOA), DSCA 00-07, 2000.
  16. M. G. Choi, J. H. Jeong, “A Study on the Policy of Cryptographic Module Verification Program,” Journal of KAIS, Vol. 12, No. 1, pp. 255-262, 2011. DOI: https://doi.org/10.5762/KAIS.2011.12.1.255
  17. K. S. Kou, I. W. Bae, S. J. Choi, G. S. Lee, “Analysis on New Cryptographic Module Validation Standard FIPS PUB 140-3 Changes,” Review of KIISC, Vol. 17, No. 6, pp. 41-56, 2007.