전자통신동향분석 (Electronics and Telecommunications Trends)

한국전자통신연구원 (Electronics and Telecommunications Research Institute)
권호 표지
DOI QR코드

DOI QR Code

공급망 보안기술 동향

Trends in Supply-Chain Security Technologies

  • 발행 : 2020.08.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Security threats in supply-chains can be targeted at all the users who use products related to these supply-chains as well as at single equipment or individuals. This implies that these security threats can cause nationwide economic and social damages. In particular, it is true that hardware security threat analysis technology in supply-chains has significant technical barriers due to the lack of software knowledge as well as the need to study and understand undisclosed hardware designs. In this paper, we discuss the future direction of studies by introducing basic concepts and attack cases, along with domestic and foreign technology trends related to supply-chain security technology.

키워드

참고문헌

  1. "공급망 공격 사례 분석 및 대응 방안," KISA, 2019-KA-T02, 2019.
  2. "Operation ShadowHammer," Kaspersky, Mar. 2019. https://securelist.com/operation-shadowhammer/89992
  3. OndrejVlckk, "CCleaner APT Attack: A Technical Look Inside," RSAConference2018.
  4. "The Untold Story of NotPetya, the Most Devastating Cyberattack in History," Wired, Oct. 2019. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
  5. "2017 cyberattacks on Ukraine," Wikipedia, Oct. 2019. https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine
  6. "ShadowPad in corporate networks," Kaspersky, Aug. 2017. https://securelist.com/shadowpad-in-corporatenetworks/81432/
  7. "Supply Chain Risks for Information and Communication Technology," Cybersecurity and Infrastructure Security Agency, Dec. 2018. https://www.cisa.gov/sites/default/files/publications/19_0424_cisa_nrmc_supply-chain-risks-forinformation-and-communication-technology.pdf
  8. "The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies," Bloomberg Businessweek, Oct. 2018. https://www.bloomberg.com/news/features/2018-10-04/the-bighack-how-china-used-a-tiny-chip-to-infiltrate-america-stop-companies
  9. "Planting Tiny Spy Chips in Hardware Can Cost as Little as $200," Wired, Oct. 2019. https://www.wired.com/story/plantspy-chips-hardware-supermicro-cheap-proof-of-concept/
  10. 박재현, 김승주, "정형 기법을 이용한 하드웨어 AES 모듈 백도어 탐색 연구," 한국정보보호학회 논문지, 제29권 제4호, 2019. 8.
  11. 김동원, 한근희, 전인석, 최진영, "자동차 공급망 위험관리(ASCRM) 방안 연구," 한국정보보호학회 논문지, 제25권 제4호, 2015. 8.
  12. Trust-Hub. https://trust-hub.org
  13. Prashast Srivastava, Hui Peng, Jiahao Li, Hamed Okhravi, Howard Shrobe, Mathias Payer, "FirmFuzz: Automated IoT Firmware Introspection and Analysis," Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things, 2019. 11.
  14. The Firmware Analysis and Comparison Tool (FACT). https://github.com/fkie-cad/FACT_core