• Journal of the Korean Society of Systems Engineering
• /
• v.14 no.2
• /
• pp.73-82
• /
• 2018

In this work, a hardware based cryptographic module for the cyber security of nuclear power plant is developed using a system engineering approach. Nuclear power plants are isolated from the Internet, but as shown in the case of Iran, Man-in-the-middle attacks (MITM) could be a threat to the safety of the nuclear facilities. This FPGA-based module does not have an operating system and it provides protection as a firewall and mitigates the cyber threats. The encryption equipment consists of an encryption module, a decryption module, and interfaces for communication between modules and systems. The Advanced Encryption Standard (AES)-128, which is formally approved as top level by U.S. National Security Agency for cryptographic algorithms, is adopted. The development of the cyber security module is implemented in two main phases: reverse engineering and re-engineering. In the reverse engineering phase, the cyber security plan and system requirements are analyzed, and the AES algorithm is decomposed into functional units. In the re-engineering phase, we model the logical architecture using Vitech CORE9 software and simulate it with the Enhanced Functional Flow Block Diagram (EFFBD), which confirms the performance improvements of the hardware-based cryptographic module as compared to software based cryptography. Following this, the Hardware description language (HDL) code is developed and tested to verify the integrity of the code. Then, the developed code is implemented on the FPGA and connected to the personal computer through Recommended Standard (RS)-232 communication to perform validation of the developed component. For the future work, the developed FPGA based encryption equipment will be verified and validated in its expected operating environment by connecting it to the Advanced power reactor (APR)-1400 simulator.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.231-233
• /
• 2013

A lot of information is exchanged using data communications in today's modern society. Nowadays many important communications are susceptible to interception and theft for malicious purposes, and is under threat from hackers. Crackers are able to hack into data flows even if the data is encrypted. To ensure strong encryption properties, these cryptographic algorithms are often a burden on devices used for authentication such as a PC or smart phone. This paper proposes an authentication system using the Arduino module. Implementation and application of the communication scheme is designed to minimize the burden of delivering data communication between devices especially where password and encryption is concerned.

• Journal of information and communication convergence engineering
• /
• v.6 no.2
• /
• pp.177-181
• /
• 2008

The more improved the Internet and the information technology, the stronger cryptographic system is required which can satisfy the information security on the platform of personal hand-held devices or smart card system. This paper introduces a case study of designing an elliptic curve cryptographic processor of a high performance that can be suitably used in a wireless communicating device or in an embedded system. To design an efficient cryptographic system, we first analyzed the operation hierarchy of the elliptic curve cryptographic system and then implemented the system by adopting a serial cell multiplier and modified Euclid divider. Simulation result shows that the system was correctly designed and it can compute thousands of operations per a second. The operating frequency used in simulation is about 66MHz and gate counts are approximately 229,284.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.739-751
• /
• 2019

Security in embedded devices has become a significant issue. Threats on the sup-ply chain, like using counterfeit components or inserting backdoors intentionally are one of the most significant issues in embedded devices security. To mitigate these threats, high-level security evaluation and certification more than EAL (Evaluation Assurance Level) 5 on CC (Common Criteria) are necessary on hardware components, especially on the cryptographic module such as AES. High-level security evaluation and certification require detecting covert channel such as backdoors on the cryptographic module. However, previous studies have a limitation that they cannot detect some kinds of backdoors which leak the in-formation recovering a secret key on the cryptographic module. In this paper, we present an expanded definition of backdoor on hardware AES module and show how to detect the backdoor which is never detected in Verilog HDL using model checker NuSMV.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.91-103
• /
• 2009

A cryptographic module (CM) is an implementation of various cryptographic algorithms and functions by means of hardware or software, When a CM is validated or certified under the CM validation program(CMVP), a finite state model(FSM) of the CM should be developed and provided, However, guides or methods of modeling and analysis of a FSM is not well-known, because the guide is occasionally regarded as a proprietary know-how by developers as well as verifiers of the CM. In this paper, we propose a set of guides on modeling and analysis of a FSM, which is needed for validation of a CM under CMVP, and a transition test path generation algorithm, as well as implement a simple modeling tool (CM-Statecharter). A FSM of a CM is modeled by using the Statechart of UML 2.0, Statechart, overcoming weakness of a FSM, is a formal and easy specification model for finite state modeling of a CM.

• Nuclear Engineering and Technology
• /
• v.55 no.1
• /
• pp.25-36
• /
• 2023

Nuclear power plants have recognized the importance of nuclear cybersecurity. Based on regulatory guidelines and security-related standards issued by regulatory agencies around the world including IAEA, NRC, and KINAC, nuclear operating organizations and related systems manufacturing organizations, design companies, and regulatory agencies are considering methods to prepare for nuclear cybersecurity. Cryptographic algorithms have to be developed and applied in order to meet nuclear cybersecurity requirements. This paper presents methodologies for validating cryptographic algorithms that should be continuously applied at the critical control system of I&C in NPPs. Through the proposed schemes, validation programs are developed in the PLC, which is a critical system of a NPP's I&C, and the validation program is verified through simulation results. Since the development of a cryptographic algorithm validation program for critical digital systems of NPPs has not been carried out, the methodologies proposed in this paper could provide guidelines for Cryptographic Module Validation Modeling for Control Systems in NPPs. In particular, among several CMVP, specific testing techniques for ECB mode-based block ciphers are introduced with program codes and validation models.

• Convergence Security Journal
• /
• v.5 no.3
• /
• pp.87-92
• /
• 2005

The performance of a cryptographic module is the most important thing to achieve a high performance VPN system which realizes information security by encrypting and decrypting all the communicating data packets. However the cryptographic operations require much computation power and software cryptographic systems reveal bad performance. Thus, it is strongly recommended to develop a VPN system employing hardware component. This paper introduces a case study of developing a PCI add-on card which supports several block cipher algorithms such as DES, 3DES, AES, and SEED. The performance of them was measured by embedding the card in a commercial VPN system.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.311-316
• /
• 2003

정보통신기술의 발달로 대부분 사회의 기반구조가 사이버 사회로 전환되었고 다양한 형태의 경제사회 활동을 수행키 위해 정보보호제품의 활용이 극대화되었으며 더욱 중요시되었다. 이러한 사회흐름에 기반하여 정보보호제품의 안전한 선택 및 사용을 위한 기본적 선택기준은 검증받은 암호화 모듈을 바탕으로 하는 정보보호제품에 대한 신뢰 기관의 안전성 평가 결과일 것이다. 암호화 모듈에 대한 안전성 평가로 가장 널리 참조되는 것은 미국의 NIST(National Institute of Standards and Technology)가 수행하는 CMVP(Cryptographic Module Validation Program)이며, 세계적으로 인정받고 있다. 본 논문에서는 암호 모듈의 평가체계에 대해 설명하였으며 그 기준인 FIPS 140-2 DTR을 분석하여 향후 개발 가능한 CMVP의 안전성 평가 툴 기준에 대해 제시하였다.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.25 no.5 s.216
• /
• pp.29-32
• /
• 2007

• The KIPS Transactions:PartC
• /
• v.12C no.4 s.100
• /
• pp.495-502
• /
• 2005

Cryptographic algorithm testing is performed to ensure that a specific algorithm implementation is implemented correctly and functions correctly. CMVP(Cryptographic Module Validation Program) of NIST in US is the well-known testing system that validates cryptographic modules to Federal Information Processing Standards (FIPS). There is no FIPS-approved stream cipher, and CMVP doesn't involve its validation testing procedure. In this paper we provide validation systems for three currently used light-weight stream ciphers: Bluetooth encryption algorithm E0, 3GPP encryption algorithm A5/3, and RC4 used for WEP and SSL/TLS Protocols. Moreover we describe our validation tools implemented by JAVA programing.