A practical challenge-response authentication mechanism for a Programmable Logic Controller control system with one-time password in nuclear power plants

  • Son, JunYoung (Korea Atomic Energy Institute, ICT Department) ;
  • Noh, Sangkyun (FairApp) ;
  • Choi, JongGyun (Korea Atomic Energy Institute, ICT Department) ;
  • Yoon, Hyunsoo (Department of Graduate School of Information Security, Korea Advanced Institute of Science and Technology)
  • Received : 2019.04.12
  • Accepted : 2019.05.14
  • Published : 2019.10.25


Instrumentation and Control (I&C) systems of nuclear power plants (NPPs) have been continuously digitalized. These systems have a critical role in the operation of nuclear facilities by functioning as the brain of NPPs. In recent years, as cyber security threats to NPP systems have increased, regulatory and policy-related organizations around the world, including the International Atomic Energy Agency (IAEA), Nuclear Regulatory Commission (NRC) and Korea Institute of Nuclear Nonproliferation and Control (KINAC), have emphasized the importance of nuclear cyber security by publishing cyber security guidelines and recommending cyber security requirements for NPP facilities. As described in NRC Regulatory Guide (Reg) 5.71 and KINAC RS015, challenge response authentication should be applied to the critical digital I&C system of NPPs to satisfy the cyber security requirements. There have been no cases in which the most robust response authentication technology like challenge response has been developed and applied to nuclear I&C systems. This paper presents a challenge response authentication mechanism for a Programmable Logic Controller (PLC) system used as a control system in the safety system of the Advanced Power Reactor (APR) 1400 NPP.


Supported by : Korea Ministry of Science and ICT


  1. U.S Nuclear Regulatory Commission, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, Regulatory Guide 1.152, US Department of Energy, Washington, USA, July 2011. Revision 3.
  2. U.S. Nuclear Regulatory Commission, Cyber Security Programs for Nuclear Facilities, Regulatory Guide 5.71, US Department of Energy, Washington, USA, January 2010.
  3. International Atomic Energy Agency, Computer Security at Nuclear Facilities, IAEA Nuclear Security Series No 17, 2011.
  4. KINAC, KINAC RS-015 Rev 01, KOREA.
  5. KINAC, KINAC RS-019 Rev 00, KOREA.
  6. D. M'Raihi, M. Bellare, F. Hoornaert, D. Naccache, O. Ranen, HTOP: an HMACBased One-Time Password Algorithm, Request for Comments: 4226, Category, Informational, Dec. 2005.
  7. KAERI, RR-2915, Development of the Digital Reactor Safety Systems, Development of the Licensing Support Technology for Digital I&C, 2007.
  8. K.C. Choi, S.W. Song, Y.H. Noh, D.H. Yun, C.H. Jung, The international Federation of Automatic Control, Design of High Reliable Safety Data Link(HR-SDL) for Safety Grade PLC for Nuclear Power Plants, Junly 2008.
  9. Y.J. Lee, S.J. Hwang, A.Y. Sung, H.S. Son, Transactions of the Korean Nuclear Society Spring Meeting, Component testing methodology for safety grade PLC(POSAFE-Q) operating systems, May 2006.
  10. Y.C. Shin, H.Y. Chung, T.Y. Song, Advanced MMIS Design Characteristics of APR1400, GENES4/ANP2003, Sep. 2003. Paper 1066.
  11. M.K.Lee, S.W.Song, D.W.Yun, Development and Application of POSAFE-Q PLC Platform, IAEA.
  12. A. Behrouz, Forouzan, Cryptography and Network Security, McGraw-Hill, 2008.
  13. M. R, M. I, M. S, W. H, A survey of password attacks and comparative analysis on methods for secure authentication world, Applied Sciences Journal 439-444 (2012).
  14. M.V. R.R, A.G, D.S, Creating Industrial Network with PROFINET Communication for Education Purpose, ActaMechanica Slovaca, ISSN 1335-2393.
  15. S.C and M.S, Password-Based Authentication: Preventing Dictionary Attacks, Computer, IEEE Computer Society.
  16. S. Cho, K. Koo, B. You, T-W.K, T. Shim, J. Lee, Development of the loader software for PLC programming, IEIE 30 (1) (2007) 959-960.
  17. J.G. Choi, W.M. Park, D.Y. Lee, The Testing Strategy for the Embedded Software Implementation in I/O Module of KNICS PLC, KNS, May, 2006.
  18. K.H. Cha, J.Y. Kim, J.S. Lee, S.W. Cheon, K.C. Kwon, Software qualification of a programmable logic controller for nuclear instrumentation and control applications, in: Proceedings of the 6th WSEAS, Aug. 18-20, 2006.
  19. J.B. Yoo, E.-S. Kim, J.-S. Lee, A Behavior-preserving translation from fbd design to c implementation for reactor protection system software, Nuclear Engineering and Technology 45 (4) (Aug., 2013) 489-504.
  20. A.C.R. Paiva, J.C.P. Faria, N. T, R.A.M. Vidal, A model-to-implementation mapping tool for automated model-based GUI testing, ICFEM 2005 (2005) 450-464. LNCS 3785.