[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.14248/JKOSSE.2018.14.2.073

Systems Engineering Approach to develop the FPGA based Cyber Security Equipment for Nuclear Power Plant

Kim, Jun Sung (Department of NPP Engineering, KEPCO International Nuclear Graduate School)
Jung, Jae Cheon (Department of NPP Engineering, KEPCO International Nuclear Graduate School)

Publication Information

Journal of the Korean Society of Systems Engineering / v.14, no.2, 2018 , pp. 73-82 More about this Journal

Abstract

In this work, a hardware based cryptographic module for the cyber security of nuclear power plant is developed using a system engineering approach. Nuclear power plants are isolated from the Internet, but as shown in the case of Iran, Man-in-the-middle attacks (MITM) could be a threat to the safety of the nuclear facilities. This FPGA-based module does not have an operating system and it provides protection as a firewall and mitigates the cyber threats. The encryption equipment consists of an encryption module, a decryption module, and interfaces for communication between modules and systems. The Advanced Encryption Standard (AES)-128, which is formally approved as top level by U.S. National Security Agency for cryptographic algorithms, is adopted. The development of the cyber security module is implemented in two main phases: reverse engineering and re-engineering. In the reverse engineering phase, the cyber security plan and system requirements are analyzed, and the AES algorithm is decomposed into functional units. In the re-engineering phase, we model the logical architecture using Vitech CORE9 software and simulate it with the Enhanced Functional Flow Block Diagram (EFFBD), which confirms the performance improvements of the hardware-based cryptographic module as compared to software based cryptography. Following this, the Hardware description language (HDL) code is developed and tested to verify the integrity of the code. Then, the developed code is implemented on the FPGA and connected to the personal computer through Recommended Standard (RS)-232 communication to perform validation of the developed component. For the future work, the developed FPGA based encryption equipment will be verified and validated in its expected operating environment by connecting it to the Advanced power reactor (APR)-1400 simulator.

Keywords

Cyber Security; Advanced Encryption Standard; Field Programmable Gate Array; Hardware Description Language; Manin-the-middle Attack; System Engineering; Nuclear Power Plant; Advanced Power Reactor-1400;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	M. Nagendra and M. Chandra Sekhar, "Performance Improvement of Advanced Encryption Algorithm using Parallel Computation," International Journal of Software Engineering and Its Applications, vol. 8, no. 2, pp. 287-296, 2014. DOI
2	XILINX, "Vivado Design Suite Tutorial: Using Constraints," April 2018. [Online]. Available: https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_1/ug945-vivado-using-constraints-tutorial.pdf.
3	Elaine Barker, William Barker and William Burr, "NIST Special Publication 800-57: Recommendation for Key Management - Part 1: General(Revision 3)," July 2012. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-57p1r3.pdf.
4	National Institute of Standards and Technology, "NIST Speacial Publication 800-38A," December 2001. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/legacy/sp
5	N. Falliere, "W32.Stuxnet Dossier," symantec, Feb 2011. [Online]. Available: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf.
6	M. A. Elakrat, "Development of field programmable gate array-based encryption module to mitigate man-inthe-middle attack for nuclear power plant data communication network," Nuclear Engineering and Technology, vol. Volume 50, no. Issue 5, p. 780-787, June 2018. DOI
7	D. Brecht, "Tales from the Crypt: Hardware vs Software," Infosecurity, [Online]. Available: https://www.infosecuritymagazine.com/magazine-features/talescrypt-hardware-software/.
8	International Atomic Energy Agency, "Application of Field Programmable Gate Arrays in Instrumentation and Control Systems of Nuclear Power Plants," IAEA, p 4, 2016.
9	E. Phneah, "ZDNet," 13 Februrary 2013. [Online]. Available: https://www.zdnet.com/article/hardwarebased-security-more-effectiveagainst-new-threats/.
10	Protection of Digital Computer and Communication Systems and Networks Available, vol. 10 CFR 73.54, U.S. NRC, 2009.
11	"Cyber Security Programs for Nuclear Facilities," January 2010. [Online]. Available: http://www.nrc.gov/readingrm/doc-collections/.
12	Vitech Corporation, "COREsim User Guide," June 2015. [Online]. Available: http://www.vitechcorp.com/support/documentation/core/900/COREsimuserguide.pdf.
13	FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION, "Standards for Security Categorization of Federal Information and Information Systems: FIPF PUB 199," U.S. DEPARTMENT OF COMMERCE, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY, 2004.
14	William Stallings, CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE, FIFTH EDITION, NY 07458: PERASON, 2011.