• The Journal of the Korea Contents Association
• /
• v.19 no.12
• /
• pp.416-424
• /
• 2019

The authentication technologies used to access computers in both IT and operational technology (OT) network areas include ID/PW, public certificate, and OTP. These authentication technologies can be seen as reflecting the nature of the business-driven IT network. The same authentication technologies is used in SCADA control networks where the operational technology is centered. However, these authentication technologies do not reflect the characteristics of the OT control network environment, which requires strict control. In this paper, we proposed a new enhanced user authentication method suitable for the OT SCADA control network centered on control information processing, utilizing the physical terminal address and operator location information characteristics of the operator's mobile terminal and control network.

• The Journal of the Korea Contents Association
• /
• v.22 no.9
• /
• pp.64-75
• /
• 2022

The method of accessing multiple control systems in the OT control network centered on operation technology uses the operator authentication technology of each control system. An example is ID/PW operator authentication technology. In this case, since the OT control network is composed of multiple control systems, operator authentication technology must be applied to each control system. Therefore, the operator must bear the inconvenience of having to manage authentication information for each control system he manages. To solve these problems, SSO technology is used in business-oriented IT networks. However, if this is introduced into the OT control network as it is, the characteristics of the limited size of the OT control network and rapid operator authentication are not reflected, so it cannot be seen as a realistic alternative. In this paper, a public key-based authentication mechanism was newly proposed as an operator authentication technology to solve this problem. In other words, an integrated public key certificate that applies equally to all control systems in the OT control network was issued and used to access all control systems, thereby simplifying the authentication information management and making access to the control system more efficient and secure.

• Journal of Information Technology Services
• /
• v.19 no.5
• /
• pp.33-47
• /
• 2020

In recent years, due to the demand for operating efficiency and cost reduction of industrial facilities, remote access via the Internet is expanding. the control network accelerates from network separation to network connection due to the development of IIoT (Industrial Internet of Things) technology. Transition of control network is a new opportunity, but concerns about cybersecurity are also growing. Therefore, manufacturers must reflect security compliance and standards in consideration of the Internet connection environment, and enterprises must newly recognize the connection area of the control network as a security management target. In this study, the core target of the control system security threat is defined as the network boundary, and issues regarding the security architecture configuration for the boundary and the role & responsibility of the working organization are covered. Enterprises do not integrate the design organization with the operation organization after go-live, and are not consistently reflecting security considerations from design to operation. At this point, the expansion of the control network is a big transition that calls for the establishment of a responsible organization and reinforcement of the role of the network boundary area where there is a concern about lack of management. Thus, through the organization of the facility network and the analysis of the roles between each organization, an static perspective and difference in perception were derived. In addition, standards and guidelines required for reinforcing network boundary security were studied to address essential operational standards that required the Internet connection of the control network. This study will help establish a network boundary management system that should be considered at the enterprise level in the future.

• Journal of the Korean Institute of Telematics and Electronics B
• /
• v.33B no.11
• /
• pp.127-139
• /
• 1996

In this paper we propose a new controller design method using hybrid fuzzy-neural netowrk and neural network identification in order ot control systems which are more and more getting nonlinearity. Proposed method performs, for a nonlinear plant with unknown functions, hybird identification using a fuzzy-neural network and a neural network, and then a stable nonlinear controller is designed with those identified informations. To identify a nonlinear function, which is directly related to input signals, we can use a neural network which is satisfied with the proposed stable condition. To identify a nonlinear function, which is not directly related to input signals, we can use a fuzzy-neural network which has excellent identification characteristics. In order to verify excellent control performances of the proposed method, we compare the porposed control method with a conventional neural network control method through simulations and experiments with one link manipulator.

• Journal of the Korean Institute of Telematics and Electronics A
• /
• v.33A no.7
• /
• pp.76-91
• /
• 1996

In this paper, we proposed the new medium access control protocol for the virtual token bus netowrk. The network is applied to inter-processor communication network of large capacity digital switching system and digital mobile system with distributed control architecture. in the virtual token bus netowrk, the existing medium access control protocols hav ea switchove rtime overhead when traffic load is light or asymmetric according ot arbitration address of node that has message to send. The proposed protocol optimized average message delay using cyclic bus access chain to exclude switchover time of node that do not have message to send. Therefore it enhanced bus tuilization and average message delay that degrades the performance of real time communication netowrks. It showed that the proposed protocol is more enhacned than virtual token medium access control protocol and virtual token medium access control protocol iwth reservation through performance analysis.

• Journal of the Korea Society for Simulation
• /
• v.8 no.2
• /
• pp.45-56
• /
• 1999

It is necessary that we should control the traffic to not only efficiently use the rich bandwidth of ATM network but also satisfy the users various requirements for service quality. However, it is very difficult to decide which control mechanism would be applied in real network because there are various types of ATM traffic and traffic control mechanisms. In this paper, a smart simulator is developed ot analyze the performance of a UPC(Usage Parameter Control) mechanism which is a typical traffic control mechanism. The simulator consists of a user interface that supports a menu-driven input form and a simulation program that is executed with the users input parameters. Especially, the simulator establishes more powerful and flexible simulation environment since it supports a more complex simulation applying various source traffic to several different UPC mechanisms at the same time and allows an arbitrary user-defined traffic in addition to some well-known traffic.

• ETRI Journal
• /
• v.44 no.6
• /
• pp.991-1003
• /
• 2022

Industrial control systems (ICSs) used to be operated in closed networks, that is, separated physically from the Internet and corporate networks, and independent protocols were used for each manufacturer. Thus, their operation was relatively safe from cyberattacks. However, with advances in recent technologies, such as big data and internet of things, companies have been trying to use data generated from the ICS environment to improve production yield and minimize process downtime. Thus, ICSs are being connected to the internet or corporate networks. These changes have increased the frequency of attacks on ICSs. Despite this increased cybersecurity risk, research on ICS security remains insufficient. In this paper, we analyze threats in detail using STRIDE threat analysis modeling and DREAD evaluation for distributed control systems, a type of ICSs, based on our work experience as cybersecurity specialists at a refinery. Furthermore, we verify the validity of threats identified using STRIDE through case studies of major ICS cybersecurity incidents: Stuxnet, BlackEnergy 3, and Triton. Finally, we present countermeasures and strategies to improve risk assessment of identified threats.

• The Transactions of the Korea Information Processing Society
• /
• v.4 no.2
• /
• pp.377-383
• /
• 1997

This paper presents the design and the implemenration of a Mutiuser Multimedia Confernce System for synchronous groupwork.The infrastructure of this system is a hybrid srchiercture of centralized and replicated archietctures,that is to maintain sharde information cinsistently and to reduce the overhead of network traffic to the central part.The communication control of data for groupwerk managrment is centralized to the virtual node and the communication control of real data such as audio,video,text is replicated.In order ot provide a realtime audio and video processing,this system uses synamic queues and multithreads.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.7 no.5
• /
• pp.34-45
• /
• 1997

In this paper, we present hardware implemcntation of self-organizing feature map (SOFM) neural networkwith constant adaptation gain and binary reinforcement function on FPGA. Whereas a tnme-varyingadaptation gain is used in the conventional SOFM, the proposed SOFM has a time-invariant adaptationgain and adds a binary reinforcement function in order to compensate for the lowered abilityof SOFM due to the constant adaptation gain. Since the proposed algorithm has no multiplication operation.it is much easier to implement than the original SOFM. Since a unit neuron is composed of 1adde $r_tracter and 2 adders, its structure is simple, and thus the number of neurons fabricated onFPGA is expected to he large. In addition, a few control signal: ;:rp sufficient for controlling !he neurons.Experimental results show that each componeni ot thi inipiemented neural network operates correctlyand the whole system also works well.stem also works well.

• Convergence Security Journal
• /
• v.24 no.1
• /
• pp.51-57
• /
• 2024

Although industrial control systems (ICSs) recently keep evolving with the introduction of Industrial IoT converging information technology (IT) and operational technology (OT), it also leads to a variety of threats and vulnerabilities, which was not experienced in the past ICS with no connection to the external network. Since various control command messages are sent to field devices of the ICS for the purpose of monitoring and controlling the operational processes, it is required to guarantee the message integrity as well as control center authentication. In case of the conventional message integrity codes and signature schemes based on symmetric keys and public keys, respectively, they are not suitable considering the asymmetry between the control center and field devices. Especially, compromised node attacks can be mounted against the symmetric-key-based schemes. In this paper, we propose message authentication scheme based on double hash chains constructed from cryptographic hash function without introducing other primitives, and then propose extension scheme using Merkle tree for multiple uses of the double hash chains. It is shown that the proposed scheme is much more efficient in computational complexity than other conventional schemes.