배전자동화 시스템 통신망에 대한 사이버 공격에 대해 인증의 기법을 이용한 보안 알고리즘 적용방안

Applying Security Algorithms using Authentication Against Cyber Attacks in DAS Communication Network

  • 발행 : 2008.03.01

초록

As communication is becoming increasingly prevalent and especially communication architecture is more relying on the open standard communication protocols, the security issues become major concerns. In this paper we consider possible cyber attacks in the applications based on the current distribution communication architecture, and then derive the security goals. Next we propose how the security algorithms can be adapted to achieve these security goals. We intend to adapt the most efficient ways of secure message exchange, taking the resource-constrained FRTUs into account Finally we show some experiments to validate the protocols.

키워드

참고문헌

  1. 임일형, 홍석원, 최면송, 이승재, 하복남, "배전지능화 시스템의 서비스 향상을 위한 P2P 기반의 분산형 통신망 구조", 대한전기학회 논문집, 56권 3호 pp. 443-450, 2007.
  2. Sanghun Jeon, "Critical Alert for Cyber Terror - Security for Nation's Infrastructure(SCADA & DCS)", 2002.
  3. National SCADA Test Bed, "A Summary of Control System Security Standards Activities in the Energy Section", 2005.
  4. P. Oman, E. O. Schweitzer, III, and J. Roberts, "Safeguarding IEDs, substations, and SCADA systems against electronic intrusions", 2005.
  5. A. Creery and E. J. Byres, "Industrial Cybersecurity for Power System and SCADA Network", Industry Application Magazine, IEEE, Vol 13:4, July-Aug. 2007.
  6. Arturo Herrera, "NERC/CIP Security Standards : What you need to know to comply", WPRC, Oct, 2007.
  7. Rhett Smith, "Tutorial : Security in Electric Utility Control Systems", WPRC, Oct, 2007
  8. F. CLeveland, "IEC TC57 Secuirty Standards for the Power System's Information Infrastructure - Beyond Simple Encryption", 2005.
  9. IEC technical committee 57, "Part 1: Communication network and system security - Introduction ti security issues", IEC 52351-1, May 2007.
  10. IEC technical committee 57, "Part 3: Communication network and system security - Communication network and system security - Profiles including TCP/IP", IEC 62351-3, June 2007.
  11. IEC technical committee 57, "Part 4: Communication network and system security - Profiles including MMS", IEC 62351-4, June 2007.
  12. IEC technical committee 57, "Part 6: Data and communication security - Security for IEC 61850", June 2007.
  13. IEC technical committee 57, "Part 5: Communication network and system security - Security for IEC 60870-5 and derivatives", IEC 62351-5, February 2008.
  14. T. Mander, F. Nabhani, L. Wang, and R. Cheung, "Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security", Power Engineering Society General Meeting IEEE, June 2007.
  15. R. Rivest and A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public Key Cryptosystems", Communications of the ACM, February 1978.
  16. Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
  17. R. Rivest, "The MD5 Message-Digest Algorithms", RFC 1321, April 1992..
  18. Eastlake, D. and T. Hansen, "US Secure Hash Algorithms(SHA)", RFC 4634, July 2006.
  19. "Secure Hash Standard", (SHA-1/224/256/384/512) US Federal Information Processing Standard, with Change Notice 1, February 2004.
  20. D. Harkins and D. Carrel, "The Internet Key Exchange(IKE)", RFC 2409, November 1998.