DOI QR코드

DOI QR Code

The development of a ship's network monitoring system using SNMP based on standard IEC 61162-460

  • Wu, Zu-Xin (Navigation Collage, Dalian Maritime University) ;
  • Rind, Sobia (Division of Control Engineering, Graduate School of Korea Maritime and Ocean University) ;
  • Yu, Yung-Ho (Division of Information Technology Engineering, Korea Maritime and Ocean University) ;
  • Cho, Seok-Je (Division of Information Technology Engineering, Korea Maritime and Ocean University)
  • 투고 : 2016.09.20
  • 심사 : 2016.12.23
  • 발행 : 2016.12.31

초록

In this study, a network monitoring system, including a secure 460-Network and a 460-Gateway, is designed and developed according with the requirements of the IEC (International Electro-Technical Commission) 61162-460 network standard for the safety and security of networks on board ships. At present, internal or external unauthorized access to or malicious attack on a ship's on board systems are possible threats to the safe operation of a ship's network. To secure the ship's network, a 460-Network was designed and implemented by using a 460-Switch, 460-Nodes, and a 460-Gateway that contains firewalls and a DMZ (Demilitarized Zone) with various application servers. In addition, a 460-firewall was used to block all traffic from unauthorized networks. 460-NMS (Network Monitoring System) is a network-monitoring software application that was developed by using an simple network management protocol (SNMP) SharpNet library with the .Net 4.5 framework and a backhand SQLite database management system, which is used to manage network information. 460-NMS receives network information from a 460-Switch by utilizing SNMP, SNMP Trap, and Syslog. 460-NMS monitors the 460-Network load, traffic flow, current network status, network failure, and unknown devices connected to the network. It notifies the network administrator via alarms, notifications, or warnings in case any network problem occurs. Once developed, 460-NMS was tested both in a laboratory environment and for a real ship network that had been installed by the manufacturer and was confirmed to comply with the IEC 61162-460 requirements. Network safety and security issues onboard ships could be solved by designing a secure 460-Network along with a 460-Gateway and by constantly monitoring the 460-Network according to the requirements of the IEC 61162-460 network standard.

키워드

참고문헌

  1. BIMCO, CLIA, ICS, INTERCARGO, and INTERTANKO, "The Guidelines on Cyber Security onboard Ships," BIMCO Bagsvaerdvej 161 Denmark, 2880 Bagsvaerd, Version 1.1., 2016, https://www.marad.dot.gov/wp-content/uploads/pdf/Guidelines_on_cyber_security_onboard_ships_version_1-1_Feb2016.pdf, Accessed August 10, 2016.
  2. O. J. Rodseth, "Design challenges and decisions for a new ship data network," ISIS 2011, Hamburg, September 15-16, 2011.
  3. ISO 16425-CD: Ships and marine technology Installation guideline for ship communication network of improving communication for shipboard equipment and systems (Committee Draft), 2012. ISO/TC 8/SC 6, Feb, 2013, http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=56739, Accessed July 15, 2016.
  4. IEC TECHNICAL COMMITTEE 80: MARITIME NAVIGATION AND RADIOCOMMUNICATION EQUIPMENT AND SYSTEMS, International Electro technical Commission. IEC, http://www.iec.ch/index.htm, Accessed August 15, 2016.
  5. IEC 61162-450: Maritime navigation and radio communication equipment and systems - Digital interfaces - Part 450: Multiple talkers and multiple listeners - Ethernet interconnection, first edition, 2011. IEC, https://webstore.iec.ch/preview/info_iec61162-450/Bed1.0/Den.pdf, Accessed August 11, 2016.
  6. IEC 61162-460: Maritime navigation and radio communication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and Security, 2015. IEC, https://webstore.iec.ch/preview/info_iec61162-460/Bed1.0/Den.pdf, Accessed July 11, 2016.
  7. ISOC RFC 791: Internet Protocol (IP), Standard STD0005 (and updates), https://tools.ietf.org/html/rfc791, Accessed July 21,2016.
  8. CISCO. CISCO CATALYST 3560 SERIES SWITCHES, http://www.cisco.com/c/en/us/index.html, Accessed October 21, 2016.
  9. A. Bristow, Bill Dickie, Bruce Davis., "the FortiGate Cookbook 5.2", FortiGate/FortiOS, FortiGate 5.2.0, 2015, http://docs.fortinet.com/d/fortigate-the-fortigate-cookbook-5.2, Accessed July 12, 2016.
  10. W. Barth, Nagios: System and Network Monitoring, William Pollock , 2nd Edition, 2008.
  11. ISOC RFC 5424: The Syslog Protocol, https://tools.ietf.org/html/rfc5424, Accessed July 21,2016.
  12. A. Ghoda, Windows 8 MVVM Patterns are Revealed: covers both C# and JavaScript, Apress, 2013.
  13. S. Haldar, SQLite Database System Design and Implementation, Second Edition, Version 1, Self-publisher 2015.
  14. M. Michaelis, E. Lippert, Essentials C# 6.0, 1st edition, Addison-Wesley Professional, 2015.
  15. NET-SNMP, current release: 5.7.3, http://net-snmp.sourceforge.net/docs/mibs/interfaces.html, Accessed June 21,2016.
  16. ISOC RFC 3418: Management Information Base (MIB) for the Simple Network Management Protocol (SNMP), https://tools.ietf.org/html/rfc3418, Accessed 19 August, 2016.
  17. ISOC RFC 3411: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks, https://tools.ietf.org/html/rfc3411, Accessed 19 August, 2016.
  18. Z. X. Wu, S. Rind, Y. H. Yu, and S. J. Cho, "Ship's network security and monitoring system using SNMP," Proceedings of the ISMT 2016, p. 74, 2016.