• Review of KIISC
• /
• v.31 no.1
• /
• pp.41-49
• /
• 2021

NIST(National Institute of Standards and Technology) 양자 내성 암호 표준화 사업이 3차 라운드에 접어들면서, 3라운드 후보자에 대한 실제 구현 결과 및 관심이 꾸준히 증가하고 있다. 3라운드 후보자 중 대부분(5/7)은 격자 기반 암호이며, 격자 기반 암호는 다른 기반의 양자 내성 암호보다 효율적인 연산 처리로 인해 제약적인 리소스를 가진 임베디드 환경에서도 적용이 가능한 장점이 존재한다. 그러나 특히 임베디드 환경에서는 암호 알고리즘이 동작 시 발생하는 추가적인 정보(전력, 전자파, 시간차, 오류주입 등)를 이용한 부채널 공격에 취약하다. 실제 다수의 연구가 양자 내성 암호의 부채널 공격에 대한 가능성을 제시하고 있다. 여전히 부채널 공격은 양자 내성 암호를 표준화하기 위해 상당한 장애물이며, 이에 대응하기 위해서는 구현 시 부채널 대응 기법이 적용되어야 한다. 따라서 본 논문에서는 NIST PQC 3라운드 격자 기반 암호의 부채널 대응 방안에 대한 최신 동향을 분석한다, 또한 향후, NIST PQC 3라운드 격자 기반 암호의 연구 전망을 논의한다.

• Review of KIISC
• /
• v.34 no.3
• /
• pp.5-12
• /
• 2024

오늘날 보안 패러다임은 경계 기반 보안 체계에서 제로 트러스트로 변화하고 있다. 이에 NIST는 NIST SP 800-207(Zero Trust Architecture)을 발간하며 제로 트러스트 기본 원칙인 7 Tenets를 제시하였다. 하지만 7 Tenets에 대한 구체적인 구현 및 검증 방안이 부재하여, 제로 트러스트 기술 적용 범위를 정하는 데 어려움을 겪고 있다. 이에 본 논문은 제로 트러스트 제품이 제로 트러스트 표준 모델에 부합하는지 검증할 수 있는 NIST 7 Tenets 기반 점검 항목을 제안한다. 점검항목은 총 59개의 문항으로, 필수적으로 요구되는 필수 기능 28개와 선택적으로 요구되는 선택 기능 31개로구성된다. 수립한 내용에 근거하여 5개의 기업 제품을 검증한 결과, 필수 기능을 모두 만족하는 제품은 없었으며 적용된 제로 트러스트 원칙이 상이함을 확인하였다. 이는 본 논문에서 제안한 점검 항목을 통한 제품의 표준 모델 부합성 검증이 가능함을 보여주며, 향후 국가·공공기관에서의 제로 트러스트 사용 및 유연한 국외 제품 도입 시 활용될 것으로 기대한다.

• TTA Journal
• /
• s.47
• /
• pp.77-86
• /
• 1996

본 고에서는 각국에서 논란이 되고 있는 기관별 표준화기술에 대한 동향을 파악하기 위해 기술 선진국인 미국의 표준화 기술을 구체화하고 있는 미국표준기술연구소(NIST)의 현황을 조사 분석 정리하였다.

• Journal of the KSME
• /
• v.57 no.8
• /
• pp.44-48
• /
• 2017

이 글에서는 현재 미국 상무부 예하기관인 국립표준기술연구소(NIST)에서 진행하고 있는 '스마트제조 프로그램'과 관련된 연구에 대해 소개하고자 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.449-457
• /
• 2017

In this paper, we analyze the security and performance of the Quantis Quantum random number generator in terms of cryptography through experiments. The Quantis' post-processing is designed to output full-entropy via bit-matrix-vector multiplication based on mathematical background, and we used the min-entropy estimating test of NIST SP 800-90B so as to verify whether the output is full-entropy. Quantis minimizes the effect on the random bit rate by using an optimization technique for bit-matrix-vector multiplication, and compared the performance to conditioning functions of NIST SP 800-90B by measuring the random bit rate. Also, we have distinguished what is in Quantis' post-processing to the standard model of NIST in USA and BSI in Germany, and in case of applying Quantis to cryptographic systems in accordance with the CMVP standard, it is recommended to use the output of Quantis as the seed of the approved DRBG.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.111-120
• /
• 2019

As cyber-attacks become more intelligent and sophisticated, the importance of Security Operations Center(SOC) has increased and the number of SOC has been increasing. In order to cope with cyber threats, institutions and organizations use a variety of cyber security standards to create business procedures. However, SOC often need to be improved in accordance with the SOC environment because they collaborate with managed security service specialists rather than their own personnel. The NIST cyber security framework, information security management system, and managed security service companies were compared and analyzed. As a result, it was found that the NIST CSF is a framework that is easy to apply to managed security service, The content was judged to be insufficient. Therefore, in this study, NIST CSF was used as a reference model to derive the management items required for SOC environment, and the necessity, importance and ease of each item were confirmed through an Delphi technique and an improved cyber security framework was proposed.

• Proceedings of the Korean Ceranic Society Conference
• /
• 2003.10a
• /
• pp.47.2-47
• /
• 2003

• Analytical Science and Technology
• /
• v.10 no.5
• /
• pp.307-314
• /
• 1997

Inductively coupled plasma atomic emission spectrometry(ICP/AES) was used for the determination of uranium and thorium in geological materials. Samples were predecomposed by mixed acid digestion technique. The separation of the uranium and thorium was achieved by systematic solvent extraction with TTA(thenoyltrifluoroacetone) and TOA (tri-n-octylamine) and back extraction into HCl. The results for standard rock sample, NIST SRM 278, showed a good agreement with those certified from NIST as well as found values by other non-destructive techniques. Additional purification for extracted portions was carried out by anion exchange chromatography for measurement of several natural radioisotopes of uranium and thorium by alpha spectrometry.

• Korean Journal of Optics and Photonics
• /
• v.9 no.4
• /
• pp.258-263
• /
• 1998

Quasi-elastic light scattering is utilized to measure the mean diameter of the 0.3 $\mu\textrm{m}$-dimeter polystyrene sphere. The mean diameter of the polystyrene sphere is required to be known within the uncertainty of a few per centages. The systematic error has been considerably reduced by improving the system for the angle alignment and temperature measurement of cell. NIST SRM 1691 (0.269$\pm$0.007 $\mu\textrm{m}$: TEM; 0.275$\pm$0.007 $\mu\textrm{m}$: QELS) is measured to be 0.273 $\mu\textrm{m}$$\pm$0.006 $\mu\textrm{m}$ in mean diameter. Detailed description is given of the improved method and the resultant uncertainty, and the comparison of results with NIST is followed.

• Journal of Information Technology Applications and Management
• /
• v.26 no.4
• /
• pp.31-39
• /
• 2019

The 129 public institutions in Korea are subject to Information Security Management Condition Evaluation (ISMCE) as a part of the government management evaluation system by the Ministry of Economy and Finance. ISMCE is started in 2006 with the central government institutions, and applied to the all public institutions in 2009. This evaluation is annually conducted by the National Intelligence Service through the site visits, and the number of the evaluated institutions is increasing year by year. However, the process of ISMCE - identifying existing vulnerabilities in the information system - is conducted manually. To improve this inconvenience, this paper introduces the various evaluation system in the major countries, especially in the United States, and analyzes the Security Content Automation Protocol (SCAP) by NIST. SCAP is automation protocol for the system vulnerability management (in technical fields) and security policy compliance evaluation. Based on SCAP, this paper suggests an improvement plan for the ISMCE of Korea.