KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Security Requirements Analysis on IP Camera via Threat Modeling and Common Criteria

보안위협모델링과 국제공통평가기준을 이용한 IP Camera 보안요구사항 분석

  • 박지수 (고려대학교 정보보호대학원 정보보호학과) ;
  • 김승주 (고려대학교 사이버국방학과/정보보호대학원)
  • Received : 2016.11.02
  • Accepted : 2016.12.10
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

With rapid increasing the development and use of IoT Devices, requirements for safe IoT devices and services such as reliability, security are also increasing. In Security engineering, SDLC (Secure Development Life Cycle) is applied to make the trustworthy system. Secure Development Life Cycle has 4 big steps, Security requirements, Design, Implementation and Operation and each step has own goals and activities. Deriving security requirements, the first step of SDLC, must be accurate and objective because it affect the rest of the SDLC. For accurate and objective security requirements, Threat modeling is used. And the results of the threat modeling can satisfy the completeness of scope of analysis and the traceability of threats. In many countries, academic and IT company, a lot of researches about drawing security requirements systematically are being done. But in domestic, awareness and researches about deriving security requirements systematically are lacking. So in this paper, I described about method and process to drawing security requirements systematically by using threat modeling including DFD, STRIDE, Attack Library and Attack Tree. And also security requirements are described via Common Criteria for delivering objective meaning and broad use of them.

다양한 산업에 걸쳐 IoT 기기의 보급이 급격히 증가하면서 신뢰성, 보안성과 같은 안전한 IoT 기기 및 서비스를 위한 요구가 증가하고 있으며 보안공학에서는 고 신뢰(Trustworthy) 시스템의 설계 및 구현을 위해 안전한 개발 생명주기를 활용한다. 안전한 개발 생명주기는 보안요구사항 도출, 설계, 구현, 운영 단계로 구분되며 각 단계별로 달성하기 위한 목표 및 활동이 존재한다. 그 중 보안요구사항 도출 단계는 가장 첫 단계로 향후 설계, 구현 단계의 목표를 달성을 위해 정확하고 객관적인 보안요구사항을 도출하는 것이 중요하다. 정확하고 객관적인 보안요구사항을 도출하기 위해 보안위협모델링을 활용하며 이를 통해 도출된 보안요구사항은 위협 식별 범위에 대한 완전성과 대응되는 위협에 대한 추적성을 만족시킬 수 있다. 해외에서는 다양한 대상과 보안위협방법론을 활용한 연구가 진행되고 있는 반면 국내 연구는 중요성에 비해 상대적으로 미흡한 편이다. 따라서 본 논문에서는 IP Camera를 대상으로 Data Flow Diagram, STRIDE, Attack Tree와 같은 체계적인 보안위협모델링을 통해 보안요구사항을 도출하는 과정에 대해 설명하고 객관적인 의미 전달을 위해 도출한 보안요구사항은 국제표준인 공통평가기준을 활용하여 표현한다.

Keywords

References

  1. Microsoft, Security Development Lifecycle [Internet], https://www.microsoft.com/en-us/sdl/.
  2. Cisco, Cisco Secure Development Lifecycle(SDL) [Internet], http://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle.html.
  3. VMware, VMware Security Development Lifecycle [Internet], http://www.vmware.com/security/sdl.html.
  4. OWASP, OWASP Secure Development Lifecycle Cheat Sheet [Internet], https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet.
  5. Guttorm Sindre and Andreas L. Opdahl, "Capturing Security Requirements through Misuse Cases," in Proceedings of the Norsk Informatikkonferanse, Bergen, 2001.
  6. Guttorm Sindre and Andreas L. Opdahl, "Eliciting security requirements with misuse cases," Requirements Engineering, Vol.10, Issue 1, pp.34-44, 2005. https://doi.org/10.1007/s00766-004-0194-4
  7. Edward G. Amosoro, "Fundamentals of computer security technology," AT&T Bell labs, 1994.
  8. Chris Salter, O. Sami Saydjari, Bruce Schneier, and Jim Wllner, "Toward A Secure System Engineering Methodology," in Proceedings of the 1998 Workshop on New Security Paradigms, pp.2-10, 1998.
  9. Bruce Schneier, Attack Trees [Internet], https://www.schneier.com/academic/archives/1999/12/attack_trees.html.
  10. Adam Shostack, "Experiences Threat Modeling at Microsoft," Microsoft, 2008.
  11. Microsoft, Microsoft Threat Modeling Tool 2016 [Internet], https://www.microsoft.com/en-us/download/details.aspx?id=49168.
  12. DistriNet Research Group, LINDDUN [Internet], https://distrinet.cs.kuleuven.be/software/linddun/contributors.php.
  13. CERT, Software Engineering Institute, Carnegie Mellon University, OCTAVE [Internet], http://www.cert.org/resilience/products-services/octave/.
  14. Octotrike, Trike [Internet], http://octotrike.org/home.shtml.
  15. Tony UcedaVelez, "Real World Threat Modeling using the PASTA Methodology," in Proceedings of OWASP AppSec Research 2012, Athens, 2012.
  16. OWASP, Threat Risk Modeling [Internet], https://www.owasp.org/index.php/Threat_Risk_Modeling.
  17. Donn B. Parker, "Our Excessively Simplistic Information Security Model and How to Fix it," ISSA Journal of Requirements Engineering, Springer-Verlag, 2010.
  18. Shostack, Adam, Threat Modeling: Designing for Security," John Wiley & Sons, 2014.
  19. Aaron Marback, Hyunsook Do, Ke He, Samuel Kondamarri, and Dianxiang Xu, "Security Test Generation using Threat Trees," in Proceedings of Automation of Software Test on ICSE Workshop, 2009.
  20. Inger Anne Tondel, Jostein Jensen, Lillian Rostad, "Combining misuse cases with attack trees and security activity models," in Availability, Reliability, and Security on ARES'10 International Conference, 2010.
  21. Goncalo Martins, Sajal Bhatia, Xenofon Koutsoukos, Keith Stouffer, CheeYee Tang, and Richard Candell, "Toward a Systematic Treat Modelling Approach for Cyber-Physical Systems," in Proceedings of National Symposium on Resilient Critical Infrastructure, Philadelphia, 2015.
  22. Dr. Marnix Dekker and Dr.Giles Hogben, "Appstore security - 5 lines of defence against malware," European Network and Information Security Agency(ENISA), 2011.
  23. Tong Xin and Ban Xiaofang, "Online Banking Seucurity Analysis based on STRIDE Threat Model," International Journal of Security and its Applications 8, pp.271-282, 2014. https://doi.org/10.14257/ijsia.2014.8.2.28
  24. Anthony Hadding, and Dr. J. Zalewski, "Threat Modeling in Embedded Systems," Dissertation, Florida Gulf Coast University, 2012.
  25. Kristian Beckers, Stephan Fabbender, Maritta Heisel, and Santiago Suppan, "A Threat Analysis Methodology for Smart Home Scenarios, Technical Report," in Proceeding of the International Workshop on Smart Grid Security, Munich, pp.94-124, 2014.
  26. Anton Bretting and Mei Ha, "Vehicle Control Unit Security using Open Source AUTOSAR," M.S. disseration, University of Gothenburg, Gothenburg, Sweden, 2015.
  27. Katrina Mansfield, Timothy Eveleigh, Thomas H. Holzer, and Shahryar Sarkani, "DoD Comprehensive Military Unmanned Aerial Vehicle Smart Device Ground Control Station Threat Modeling," Defense ARJ, USA, 2015.
  28. Mark Yampolskiy, Peter Horvath, Xenofon D. Koutsoukos, Yuan Xue, and Janos Sztipanovits, "Systematic Analysis of Cyber-Attacks on CPS-Evaluating Applicability of DFDbased Approach," in Proceedings of the International Symposium on Resilient Control System, Salt Lake City, pp.55-62, 2012.
  29. Cletus O. Ohaneme, James Eke, Augustine C. O. Azubogu, Emmanuel N. Ifeagwu, and Louisa C. Ohaneme, "Design and Implementation of an IP-Based Security Surveillance System," International Journal of Computer Science Issues, Vol.9, No.5, Sept., 2012.
  30. Craig Heffner, "Exploiting Surveillance cameras, Like a Hollywood Hacker," Tactical Network Solutions, 2013.
  31. Sergey Shekyan and Artem Hartutyunyan, "Watching the watchers: hacking wireless IP Security Cameras," Shape Security and Qualys Inc., 2013.
  32. Fransico Falcon, Nahuel Riva, Do you know who's watching you? An in-depth examination of IP Camera attack surface [Internet], https://www.coresecurity.com/corelabs-research/ publications/examination-ip-cameras-attack-surface-ekoparty2013.
  33. Lee Tobin, "Reverse Engineering a CCTV system, A case study," Digital Investigation, Vol.11, No.3, pp.179-186, 2014. https://doi.org/10.1016/j.diin.2014.07.002
  34. Red ALert, SysSec Lab, "Security threat report Foreignmade CCTV, IP-Camera," NSHC and KAIST, 2015.
  35. CCMB, "Common Criteria for Information Technology Security Evaluation - Part 1 : Introduction and general model," Version 3.1 Revision 4, CCRA, 2012.
  36. CCMB, "Common Criteria for Information Technology Security Evaluation - Part 2 : Security functional components," Version 3.1 Revision 4, CCRA, 2012.
  37. James Ransome and Anmol Misra, "Core Software Security, Security at the source," CRC Press, 2013.
  38. Jae-ki Kim, Jeong-Hoon Shin, and Seung-joo Kim, "Study on the Femtocell Vulnerabiltiy Analysis Using Threat Modeling," The KIPS Tr. Comp. and Comm. Sys. Vol.5, No.8 pp.197-210, 2016. https://doi.org/10.3745/KTCCS.2016.5.8.197
  39. Suvda Myagmar, Adam J.Lee, William Yurcik, "Threat Modeling as a Basis for Security Requirements," in Symposium on Requirements Engineering for Information Security, Pittsburgh, 2005.
  40. Vineet Saini, Qiang Duan, Vamsi Paruchuri, "Threat Modeling Using Attack Tree," Journal of Computing Science in Colleges, Vol.23, Issue 4, pp.124-131, 2008.
  41. Steven F Burns, "Threat Modeling: A Process to Ensure Application Security," OWSP, 2005.
  42. Caroline Mockel and Ali E. Abdallah, "Threat modeling approaces and tools for securing architectural designs of an E-banking application," in Proceedings of the Information Assurance and Security, pp.149-154, 2010.
  43. Sathya Prakash Kadhirvelan and Andrew Soderberg-Rivkin, "Threat Modelling and Risk Assessment within Vehicular Systems," M.S. dissertation, Chlmers University of Technology, Goteborg, Germany, 2014.
  44. Jia Di and Scott Smith, "A Hardware Threat Modeling Concept for Trustable Integrated Circuits," in Proceedings of the Region 5 Technical Conference, 2007.
  45. Marwan Abi-Antoun, Daniel Wang, and Peter Torr, "Checking Treat Modeling Data Flow Diagrams for Implementation Conformance and Security," in Proceeding of the International conference on Automated Software Engineering, pp.393-396, 2007.
  46. ITSCC, "Supporting Document for Korean National Protection Profile for Network Device," V1.0, 2016.
  47. ITSCC, "Supporting Document for Korean National Protection Profile for Virtual Private Network", V1.0, 2016.
  48. ITSCC, "Supporting Document for Koeran National Protection Profile for Firewall", V1.0, 2016.