Journal of Korea Multimedia Society (한국멀티미디어학회논문지)

Korea Multimedia Society (한국멀티미디어학회)
권호 표지
DOI QR코드

DOI QR Code

Fault Tree Analysis and Fault Modes and Effect Analysis for Security Evaluation of IC Card Payment Systems

IC카드 지불결제 시스템의 보안성 평가를 위한 고장트리 분석(FTA)과 고장유형과 영향 분석(FMEA)

  • 김명희 (부경대학교 교육대학원 전산교육전공) ;
  • 진은지 (부경대학교 대학원 첨단 정보과학 및 정보기술학과) ;
  • 박만곤 (부경대학교 공과대학 IT융합응용공학과)
  • Received : 2012.08.22
  • Accepted : 2012.11.08
  • Published : 2013.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

The demands of IC card payment system has been increased according to the rapid advancement of the IT convergence application technologies. Recently IC card payment systems are in demands of the usage space at anytime and anywhere by developing the wireless communication technology and its related multimedia processing technology. Therefore the security of IC card payment system becomes more important and necessary. There are many fault analysis methods to evaluate the security and safety of information systems according to their characteristics and usages. However, the only assessment method to evaluate the security of information systems is not enough to analyse properly on account of the various types and characteristics of information systems by the progress of IT convergence and their applications. Therefore, this paper proposes an integrative method of the Fault Tree Analysis (FTA) and Fault Modes and Effect Analysis/Criticality (FMEA/C) based on criticality to evaluate and improve the security of IC card payment system as an illustration.

IT융합 응용 기술의 발전으로 스마트 디바이스들의 활용이 증대되고 있고 지불결제 시스템에서도 스마트 IC카드의 사용이 급증하고 있다. 또한 무선 이동통신기술과 멀티미디어 처리 기술의 발전에 따라 언제 어디서나 IC카드 지불결제 시스템의 사용이 요구되고 있다. 이에 IC카드 지불결제 시스템의 보안성(security) 역시 중요한 이슈로 떠오르고 있다. IC카드 지불결제 시스템들과 같은 정보 시스템의 보안성을 평가하기 위한 여러 가지 결함 분석 기법들이 있다. 그러나 IT융합 응용 기술이 확대 발전함에 따라 정보 시스템의 종류와 특성이 다양해지면서 단지 하나의 시스템 보안성 평가 방법으로는 적절한 분석이 이루어 질 수 없다. 따라서 본 논문에서는 IC카드 지불결제 시스템의 보안성을 평가하기 위해서 두 가지 중요 결함 분석 기법인 결함 트리 분석(Fault Tree Analysis; FTA) 기법과 치명도(Criticality)기반의 고장모드별 영향 분석(Fault Modes and Effect Analysis/Criticality; FMEA/C)기법을 통합하여 사용함으로서 IC카드 지불결제 시스템의 결함 분석을 수행하여 보안성을 평가하고 개선하는 방법을 제안한다.

Keywords

References

  1. Doo-Hyun Kim and Jong-Ho Lee, "Qualitative Assessment for Hazard on the Electric Power Installations of a Construction Field using FMEA," Journal of the Korean Society of Safety, Vol. 19, No. 14, pp. 36-41, 2004.
  2. S.Y. Kim, W.Y. Yun, and H.G. kim, "Reestablishment of RPN Evaluation Method in FMEA Procedure for Motors in Household Appliances," Journal of the Korean Society for Quality Management, Vol. 35 No. 1, pp. 1-9, 2007.
  3. Rajiv Kumar Sharma and Pooja Sharma, "System Failure Behavior and Maintenance Decision Making using, RCA, FMEA and FM," Journal of Quality in Maintenance Engineering, Vol. 16, No. 1 pp. 64-88, 2010. https://doi.org/10.1108/13552511011030336
  4. Hyo Young Kim and Hyuk Soo Han, "A Defect Prevention Model based on SW-FMEA," Journal of Korean Information Science Society, Vol. 33, No. 7, pp. 605-614, 2006.
  5. Myonghee Kim and Man-Gon Park, "A Study on the Software Fault Modes and Effect Analysis for Software Safety Evaluation," Journal of the Korean Multimedia Society, Vol. 15, No. 1, pp. 113-130, 2012. https://doi.org/10.9717/kmms.2012.15.1.115
  6. Hyun Ki Park, A Study on Methods of Fault Analysis and the Failure Effect Analysis for Security Improvement of e-Teaching and Learning System, Ph.D. Dissertation, PuKyong National University, 2012.
  7. Ik-Sung Lee, "A Study for Quality Improvement of Convention by Failure Mode and Effects Analysis," Journal of the Korean Convention Society, Vol. 5, No. 1, pp. 101-107, 2005.
  8. Joong-Soon Jang, "A Study on Performing FMEA Effectively," Journal of the Korean Institute of Plant Engineering, Vol. 4, No. 4, pp. 69-77, 1999.
  9. Joong-Soon Jang and Dong-Geun An, "How to Perform FMEA Effectively," Journal of the Korean Society of Quality Management, Vol. 25, No. 1, pp. 156-172, 1997.
  10. Adem Sabic, jasmin Azemovic, "Model of Efficient Assessment System with Accent on Privacy, Security and Integration with e-University Components," Second International Conference on Education Technology and Computer(ICETC), Vol. 3, pp. 128-131, 2010.
  11. M. Ben-Daya and Abdul Raouf, "A Revised Failure Mode and Effects Analysis Model," International Journal of Quality & Reliability Management, Vol. 13, No. 1, pp. 43-47, 1996. https://doi.org/10.1108/02656719610108297
  12. N. Snooke and C. Price, "Model-driven Automated Software FMEA," Proc. Reliability and Maintainability Symposium (RAMS), pp. 1-6, 2011.
  13. Rodrigo de Queiroz Souza and Alberto Jose Álvares, "FMEA and FTA Analysis for Application of the Reliability Centered Maintenance Methodology: Case Study on Hydraulic Turbines," ABCM Symposium Series in Mechatronic, Vol. 3, pp. 803-812, 2008.
  14. Thomas Maier, "FMEA and FTA to Support Safety Design of Embedded Software in Safety-Critical Systems," Proc. CSR 12th Annual Workshop on Safety and Reliability of Software Based Systems, pp. 351-367, 1997.
  15. Zhang Hong and Liu Binbin, "Integrated Analysis of Software FMEA and FTA," Proc. International Conference on Information Technology and Computer Science, pp. 184-187, 2009.

Cited by

  1. A Study on the Fault Analysis and Security Assessment for Smart Card Management System vol.17, pp.1, 2014, https://doi.org/10.9717/kmms.2014.17.1.052
  2. A Study on the Design of Automatic Billing Information Systems for Long-Term Home Care Services Business Using iBeacon vol.19, pp.3, 2016, https://doi.org/10.9717/kmms.2016.19.3.612
  3. Analysis of Throttle Body's Remanufacturing Process and RPN vol.25, pp.4, 2016, https://doi.org/10.7844/kirr.2016.25.4.11
  4. Simulation-Based Risk Analysis of Integrated Power System vol.42, pp.2, 2016, https://doi.org/10.7232/JKIIE.2016.42.2.151
  5. FTA-FMEA-based validity verification techniques for safety standards vol.34, pp.3, 2017, https://doi.org/10.1007/s11814-016-0321-1
  6. Fault Tree Analysis and Failure Mode Effects Analysis for Software Security Improvements in Mobile Banking Information Systems vol.18, pp.11, 2015, https://doi.org/10.9717/kmms.2015.18.11.1342
  7. 제조물 책임(PL)법 대응을 위한 품질 리스크 진단 모델 개발 vol.40, pp.3, 2013, https://doi.org/10.11627/jkise.2017.40.3.027
  8. 교육행정정보시스템의 보안성 개선을 위한 결함 분석 방법에 관한 연구 vol.20, pp.12, 2017, https://doi.org/10.9717/kmms.2017.20.12.1970