The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Advanced Key Management Architecture Based on Tree Structure for Secure SCADA Communications

안전한 SCADA 통신을 위한 트리 기반의 효율적인 키 관리 구조

  • 최동현 (성균관대학교 휴대폰학과) ;
  • 이성진 (성균관대학교 휴대폰학과) ;
  • 정한재 (성균관대학교 휴대폰학과) ;
  • 강동주 (한국전기연구원 연구원) ;
  • 김학만 (인천시립대학 전기과) ;
  • 김경신 (인덕대학 인터넷TV방송과) ;
  • 원동호 (성균관대학교 정보통신공학부) ;
  • 김승주 (성균관대학교 정보통신공학부)
  • Published : 2009.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

The SCADA(Supervisory Control And Data Acquisition) system is a control system for infrastructure of nation. In the past, the SCADA system was designed without security function because of its closed operating environment. However, the security of the SCADA system has become an issue with connection to the open network caused by improved technology. In this paper we review the constraints and security requirements for SCADA system and propose advanced key management architecture for secure SCADA communications. The contributions of the present work are that our scheme support both message broadcasting and secure communications, while the existing key management schemes for SCADA system don't support message broadcasting. Moreover, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power (RTU) nodes at minimal.

SCADA(Supervisory Control and Data Acquisition) 시스템은 국가 기반시설에서 주로 사용되는 제어 시스템이다. 과거 SCADA 시스템은 폐쇄 망에서 운영되어진다는 이유로 보안에 대한 고려 없이 설계되었다. 하지만 기술의 발달로 SCADA 시스템과 공용망과의 연계가 추진되면서 보안에 대한 문제점이 대두 되고 있다. 본 논문에서는 SCADA 시스템의 제약사항과 보안요구사항을 살펴보고, 안전한 SCADA 시스템을 위한 키 관리 구조를 제안한다. 기존에 제안되어있는 SCADA 시스템을 위한 키 관리 방식이 메시지 브로드캐스팅을 지원하지 못하는 반면, 제안하는 방식은 메시지 브로드캐스팅을 지원한다. 또한 제안하는 방식은 성능상의 제약을 가지고 있는 RTU의 계산량을 최소화하기 위해, 상위 노드(SUB-MTU 또는 MTU)에 계산량을 분배하여 RTU의 잠재적인 성능 병목을 해결하였다.

Keywords

References

  1. 김인중, 정윤정, 고재영, 원동호, “중요핵심시설(SCADA)에 대한 보안 관리 연구”, 한국통신학회논문지 Vol.30 No.8C, pp.838-848, 2005
  2. Curts, K. “A DNP3 protocol primer,” Technical report, DNP User Group, 2005
  3. GAO, “Critical Infrastructure Protection : Challenge and Efforts to Secure Control Systems,” http://www.gao.gov, Mar., 2004
  4. S. Mittra, “Iolus: A Framework for Scalable Secure Multicasting,” Proc. ACM SIGCOMM'97, pp.277-88, 1997 https://doi.org/10.1145/263109.263179
  5. Cheryl Beaver, Donald Gallup, Willian Neumann, Mark Torgerson, “Key Management for SCADA,” Sandia, http://www.sandia.org/scada/documnets/013252.pdf;, Mar. 2002
  6. Robert Dawson, Colin Boyd, Ed Dawson, Juan Manuel Gonzalez Nieto, “SKMA - A Key Management Architecture for SCADA Systems,” In Proc. Fourth Australasian Information Security Workshop, Vol. 54, pp.138-192, 2006
  7. H. Harney, E. Harder, “Logical Key Hierachy Protocol,” Internet Draft(work in progress), draft-harney-spartr-lkhpsec-00.txt, Internet Engeneering Task Force, Mar. 1999
  8. Marcel Waldvogel, ”The VersaKey Framework: Versatile Group Key Management,” IEEE JSAC, Vol.17, No.9, Sept., 1999 https://doi.org/10.1109/49.790485
  9. IEEE Standards Board, “IEEE standard definition, specification, and analysis of systems used for supervisory control, data acquisition, and automatic control”, Technical report, IEEE. http://ieeexplore.ieee.org/iel1/3389/10055/00478424.pdf, March 1994
  10. American Gas Association, “Cryptographic protection of SCADA communications Part 1: Background, Policies and Test Plan,” Technical Report 12-1 Draft 5 revision 3, American Gas Assocation. http://www.gtiservice.org/security/; 2005
  11. Information Technology - Security Techniques - Key Management - Part 2: Mechani는 Using Symmetric Techniques ISO/IEC 11770-2 International Standard, 1996
  12. Vinay M. Igure, Sean A. Laughter, Ronald D. Williams, “Security issues in SCADA networks,” Computers & Security 25, pp.498-506, 2006 https://doi.org/10.1016/j.cose.2006.03.001
  13. Roberto Di Pietro, Luigi V. Mancini, Sushil Jajodia, “Efficient and Secure Keys Management for Wireless Mobile Communications,” Proceedings of the second ACM international workshop on Principles of mobile computing, pp.66-73, 2002 https://doi.org/10.1145/584490.584504
  14. Instrumentation systems and Automation Society, “Security Technologies for Industrial Automation and Control Systems,” ANSI/ISA-TR99.00.01-2007, Research Triangle Park, North Carolina, 2007
  15. Instrumentation systems and Automation Society, “Integrating Electronic Security into the manufacturing and Control Systems Environment,” ANSI/ISA-TR99.00.02-2004, Research Triangle Park, North Carolina, 2004
  16. National Institute of Standards and Technology, “System Protection Profile - Industrial Control Systems v1.0,” Gaithersburg, Maryland, 2004
  17. American Petroleum Institute, “API 1164: Pipeline SCADA Security,” Washington, DC, 2004
  18. American Gas Association, “Cryptographic Protection of SCADA Communications; Part2: Retrofit Link Encryption for Asynchronous Serial Communications,” AGA Report No. 12 (Part 2), Draft, 2005
  19. Information Technology Laboratory, National Institute of Standards and Technology “Security Requirements for Cryptographic Modules,” FIPS PUB 140-1, 1994
  20. K. Stouffer, J. Falco and K. Kent, Guide to Supervisory Control and Initial Public Draft, National Institute of Standards and Technology, Gaithersburg, Maryland
  21. Chung Kei Wong, Hohamed Gouda, Simon S. Lam, “Secure Group Communications Using Key Graphs,” Proceedings of the ACM SIGCOMM '98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp.68-79, 1998