The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Evaluation Scheme for Exchangeable CAS (XCAS)

다운로드형 수신제한시스템(XCAS)의 평가체계에 관한 연구

  • 황유나 (성균관대학교 전자전기컴퓨터공학과) ;
  • 정한재 (성균관대학교 휴대폰학과) ;
  • 원동호 (성균관대학교 정보통신공학) ;
  • 김승주 (성균관대학교 정보통신공학부)
  • Received : 2010.05.25
  • Accepted : 2010.07.20
  • Published : 2010.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

A condition access system (CAS) refers to a hardware-based system that allows only authenticated users to have access to contents. The CAS has many disadvantages found in that in the replacement of multiple service operator (MSO) a set-top box should be also changed and the smart-card often causes malfunction. To deal with the problems, exchangeable CAS (XCAS) was developed in 2009. However the standards or evaluation schemes for XCAS are absent. Existing evaluation schemes are not appropriate for evaluating XCAS due to the evaluation standard, the evaluation cost and efficiencies. Therefore, a specific scheme that can evaluate the security and suitability of exchangeable conditional access systems has been requested. In this paper, we propose an appropriate evaluation scheme for XCAS. The evaluation scheme includes an evaluation purpose and four components to evaluate the evaluation target, the evaluation process, the evaluation subject, and the evaluation cost involved.

CAS란 정당한 사용자만이 방송 콘텐츠에 접근할 수 있도록 하는 하드웨어 기반 시스템이다. CAS의 경우에는, 방송사업자 교체 시 셋탑 박스를 교체해야 한다는 점, 스마트카드에 의한 빈번한 오작동과 같은 문제점이 있었다. 이러한 문제점을 해결하기 위해 2009년에 XCAS가 개발되었다. 그러나 XCAS에 대한 평가체계는 현재까지 정해진 것이 없다. 기존의 평가체계는 XCAS에 그대로 적용하기에는 평가기준, 비용과 효율성 등이 떨어진다. 따라서 XCAS의 안전성 및 적합성을 검증 평가하는 체계가 필요하다. 본 논문에서는 기존에 존재하는 평가체계를 분석하고, XCAS에 적합한 평가체계를 제안한다. 제안하는 평가체계는 평가목적 및 대상, 평가주체, 평가절차, 평가제출물, 평가비용으로 구성되어 있다.

Keywords

References

  1. OpenCableTM Technical Reports, “DCAS System Overview Technical Report”, OC-TR-DCAS-D02-060912, 2006.
  2. NCTA, “Report of the National Cable & Telecommunications Association on Downloadable Security”, 2005.
  3. ISO/IEC 15408-1, “Information technology - Security techniques - Evaluation criteria for IT security - Part 1:Introduction and general model”
  4. ISO/IEC 15408-2, “Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements”
  5. ISO/IEC 15408-3, “Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements”
  6. NIST, “FIPS 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES,” May, 2001.
  7. EMVCo, LLC. “EMVCo Type Approval – Contact Terminal Level 1 – Administrative Process Version 5.0”, January 2009
  8. EMVCo, LLC. “EMVCo Type Approval – Contact Terminal Level 2 – Administrative Process Version 2.0,” January, 2009.
  9. PCI Security Standard Council, “Payment Card Industry (PCI) Data Security Standard: Requirements and Security Assessment Procedures Version 1.2.1,” July, 2009.
  10. Digital Cinema Initiatives, LLC, “Digital Cinema System Specification Compliance Test Plan Version 1.1,” May, 2009.
  11. Digital Cinema Initiatives, LLC, “Digital Cinema System Specification Version 1.2,” March, 2008.
  12. 국내.외 암호모듈 검증정책, IT보안인증사무국.
  13. 국가정보원 2009. 3. 20 정보보호제품 평가.인증 수행규정.
  14. 한국정보보호진흥원,“신청인을 위한 정보보호시스템 평가수수료 산정가이드”, 2008, 7.
  15. 황유나, 정한재, 조성규, 김송이, 원동호, 김승주, “다운로드형 수신제한시스템(XCAS)에 적합한 평가체계 제안”, 한국 소프트웨어공학 동계학술대회(KCSE 2010)논문집, pp.192-198, 2010.02.08-10.
  16. Yu-na Hwang, Hanjae Jeong, Sungkyu Cho, Songyi Kim, Dongho Won and Seungjoo Kim, “A proposal of appropriate evaluation scheme for exchangeable CAS (XCAS),” Information Security Practice and Experience Conference (ISPEC 2010), Seoul, Korea, March 12-13, 2010, pp.217-228.