• Review of KIISC
• /
• v.27 no.2
• /
• pp.34-40
• /
• 2017

제어시스템(발전시설, 전력시설, 교통시설 등)은 생산성, 가용성, 안전성을 목적으로 다양한 제어기기들로 구성되며, 물리적으로 다양한 위치에 분산되어 운영되고 있다. 그리고 안전성과 가용성을 유지하기 위해 시스템 도입 시 기존 시스템에 영향을 미치지 않는지 검증을 수행 후 시스템을 도입한다. 이러한 이유로 신규 기술의 도입이나, 기기의 변경이 자유롭지 않다. 이와 같은 제어시스템의 특성으로 인해 현재 증가되고 있는 제어시스템 사이버공격에 대한 보안대책 또는 기술들의 적용이 쉽지 않아 사이버공격에 취약한 상황이다. 제어시스템은 상위 시스템의 제어 명령을 통해 하위 제어기기 또는 필드기기를 제어하는 형태로 제어 명령의 무결성 유지가 특히 중요하다. 이는 곧 제어시스템에 환경에 접근한 공격자가 인가되지 않은 장비를 제어시스템에 연결하고, 악성 제어명령을 전송하게 된다면 제어기기는 이를 인지하지 못하고 정지되거나 오작동을 유발 할 수 있다는 것을 의미한다. 본 논문에서는 제어시스템 내 제어명령의 무결성 유지를 위해 임베디드 Add-on 단말을 통해 OTP 값을 생성, 전달, 검증하는 방안을 제안한다. 해당 방안은 상위노드와 하위노드 사이에 Add-on 장치를 두어 상위노드에서 제어명령 발생 시, 제어명령에 OTP값을 통해 캡슐화하고 하위노드로 전달한다. Add-on 장비는 일반 IT시스템과 상이한 제어시스템의 특성에 맞게 고안되었으며 제어시스템 내에 발생되는 제어명령 위변조, 제어명령 재사용 공격 등을 차단 할 수 있다.

• Proceedings of the KIEE Conference
• /
• 2005.05a
• /
• pp.194-196
• /
• 2005

The command processor in satellite handles the capability of the process of command transmitted from ground station and deliver the processed data to on board computer in satellite. The command processor is consisted of redundant box to increase the reliability and availability of the capability. At each command processor, the processing time of each command processor is different, so the mismatch of processing time makes it difficult to timely synchronize the reception to on board computer and even will be became worse under the command processor's fault. To minimize the tine loss induced by the command processor's fault on board computer must analyze the time distribution of command propagation. This paper presents the logic of minimizing the delay error of command propagation the logic of analyzing the output of command processor.

• Journal of Satellite, Information and Communications
• /
• v.10 no.3
• /
• pp.114-120
• /
• 2015

In this paper, we show the design requirements of the cryptographic module and its security algorithm designed to prevent the exposure of the command signal applied to Flight Termination System. The cryptographic module consists of two separate devices that are Command Insertion Device and Command Generation Device. The cryptographic module designed to meet the 3 principles(Confidentiality, Integrity and Availability) for the information security. AES-256 block encryption algorithm and SHA-256 Hash function were applied to the encrypted symmetric key encryption method. The proposed cryptographic module is expected to contribute to the security and reliability of the Flight Termination System for Space Launch Vehicle.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.12
• /
• pp.209-217
• /
• 2022

Naval CMS(Combat Management System) is linked to various sensors and weapon equipment and use DDS(Data Distribution Service) for efficient data communication between ICU(Interface Control Unit) Node and IPN(Information Processing Node). In order to use DDS, software in the system communicates in an PUB/SUB(Publication/Subscribe) based on DDS topic. If the DDS messages structure in this PUB/SUB method does not match, problems such as incorrect command processing and wrong information delivery occur in sending and receiving application software. To improve this, this paper proposes a DDS message structure integrity verification method. To improve this, this paper proposes a DDS message structure integrity verification method using a hash tree. To verify the applicability of the proposed method to Naval CMS, the message integrity verification rate of the proposed method was measured, and the integrity verification method was applied to CMS and the initialization time of the existing combat management system was compared and the hash tree generation time of the message structures was measured to understand the effect on the operation and development process of CMS. Through this test, It was confirmed that the message structure verification method for system stability proposed in this paper can be applied to the Naval CMS.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.11a
• /
• pp.356-357
• /
• 2023

본 논문에서는 구글 클라우드의 Healthcare API의 의료정보 표준에 따라 정의된 객체들을 저장하는 과정을 수행하고 활용방안을 설계한다. 클라우드에서 프로젝트 생성, API 활용 설정, 인증, 데이터 셋 생성 등의 과정을 거쳐 cloud shell을 통해 curl 명령을 수행함으로써 Json으로 표현된 의료자원들에 대해 CRUD 연산을 수행할 수 있다. 무결성 체크 과정에서 기본 객체의 id 필드 명세가 중요하며 데이터 저장시 객체에 구글 클라우드의 특정한 request 속성추가가 필요하다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.15 no.1
• /
• pp.115-125
• /
• 2011

Cryptographic hash functions are also called one-way functions and they ensure the integrity of communication data and command by detecting or blocking forgery. Also hash functions can be used with other security protocols for signature, authentication, and key distribution. The SHA-1 was widely used until it was found to be cryptographically broken by Wang, et. al, 2005. For this reason, NIST launched the SHA-3 competition in November 2007 to develop new secure hash function by 2012. Many SHA-3 hash functions were proposed and currently in review process. To choose new SHA-3 hash function among the proposed hash functions, there have been many efforts to analyze the cryptographic secureness, hardware/software characteristics on each proposed one. However there are few research efforts on the SHA-3 from the point of power consumption, which is a crucial metric on hardware module. In this paper, we analyze the power consumption characteristics of the SHA-3 hash functions when they are made in the form of ASIC hardware module. Also we propose power efficient hardware architecture on Luffa, which is strong candidate as a new SHA-3 hash function. Our proposed low power architecture for Luffa achieves 10% less power consumption than previous Luffa hardware architecture.

• Journal of Digital Convergence
• /
• v.20 no.2
• /
• pp.9-20
• /
• 2022

Supply chain attacks target critical infrastructure, causing large amounts of damage and evolving into a threat to public safety and national security. Accordingly, when establishing cybersecurity strategies and policies, supply chain risk management is specified to enhance security, and the US Biden administration recently issued the Executive Order on Improving the Nation's Cybersecurity, SBOM was mentioned as part of the guidelines for strengthening software supply chain security. If the government mandates SBOM and uses it as a security verification tool for supply chains, it can be affected by the domestic procurement system in the future and can be referenced when establishing a security system for domestic supply chains according to the progress of policy implementation. Accordingly, in this paper, countries that are promoting the SBOM policy as a way to strengthen the security of the software supply chain were selected and analyzed with a focus on related cases. In addition, through comparison and analysis of foreign SBOM policy trends, methods for using domestic SBOM in terms of technology, policy, and law were considered. As the value of using SBOM as a supply chain integrity/transparency verification tool is expected in the future, it is necessary to continuously identify trends in the establishment of international standardization and policy development for SBOM and study the standard format.