• Title/Summary/Keyword: 공통평가기준(CC)

Search Result 64, Processing Time 0.025 seconds

Protection Profile for Smart Meters: Vulnerability and Security Requirements Analysis (스마트미터의 취약성/보안요구사항 분석 CC v3.1 기반 보호프로파일 개발)

  • Jung, Chul-Jo;Eun, Sun-Ki;Choi, Jin-Ho;Oh, Soo-Hyun;Kim, Hwan-Koo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.20 no.6
    • /
    • pp.111-125
    • /
    • 2010
  • There is a growing interest in "smart grid" technology, especially after the government recently announced "low-carbon green-growth industry" project. A smart grid uses "smart meters", which can be deployed in any power-consuming places like homes and factories. It has been shown that smart meters have several security weaknesses. There is, however, no protection profile available for smart meters, which means that safety with using them is not guaranteed at all. This paper analyzes vulnerabilities of smart meters and the relevant attack methods, thereby deriving the security functions and requirements for smart meters. Finally, we propose a protection profile based on Common Criterion v3.l for smart meters.

Development of a Key Recovery System for Recovery of Encrypted Data (암호화된 정보의 복구를 위한 키복구 시스템 개발)

  • Kang, Sang-Seung;Lim, Shin-Young;Ko, Jeong-Ho;Jun, Eun-Ah;Lee, Gang-Soo
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.7 no.4
    • /
    • pp.324-335
    • /
    • 2001
  • Information systems, which support information security functions such as CALS and EC systems, should have cryptographic functions for information in order to storage and communicate securely. Additionally, including recovery of lost keys, lots of cryptographic keys should be securely managed. In this paper, we present some results of development of a key recovery system for recovery of encrypted data. The proposed system, in a type of key encapsulation approach, confirms to NIST's RKRP(Requirements for Key Recovery Products) that is a defecto international key recovery standard, as well as CC 2.0 that is a international security evaluation criteria. A message sender secretly choices two or more key recovery agents from a pool of key recovery agents. The key recovery information is generated by using the recovering key, random keys and public keys of the chosen agents. A message receiver can not know which key recovery agents are involved in his key recovery service. We have developed two versions of prototype of key recovery system such as C/Unix and Java/NT versions. Our systems can be used for recovery of communicating informations as well as storing informations, and as a new security service solution for electronic commerce service infrastructures.

  • PDF

Analysis on Vulnerability of Secure USB Flash Drive and Development Protection Profile based on Common Criteria Version 3.1 (보안 USB 플래시 드라이브의 취약점 분석과 CC v3.1 기반의 보호프로파일 개발)

  • Jeong, Han-Jae;Choi, Youn-Sung;Jeon, Woong-Ryul;Yang, Fei;Won, Dong-Ho;Kim, Seung-Joo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.6
    • /
    • pp.99-119
    • /
    • 2007
  • The USB flash drive is common used for portable storage. That is able to store large data and transfer data quickly and carry simply. But when you lose your USB flash drive without any security function in use, all stored data will be exposed. So the new USB flash drive supported security function was invented to compensate for the problem. In this paper, we analyze vulnerability of 6 control access program for secure USB flash drives. And we show that exposed password on communication between secure USB flash drive and PC. Also we show the vulnerability of misapplication for initialization. Further we develop a protection profile for secure USB flash drive based on the common criteria version 3.1. Finally, we examine possible threat of 6 secure USB flash drives and supports of security objectives which derived from protection profile.

A Case Study of Software Architecture Design by Applying the Quality Attribute-Driven Design Method (품질속성 기반 설계방법을 적용한 소프트웨어 아키텍처 설계 사례연구)

  • Suh, Yong-Suk;Hong, Seok-Boong;Kim, Hyeon-Soo
    • The KIPS Transactions:PartD
    • /
    • v.14D no.1 s.111
    • /
    • pp.121-130
    • /
    • 2007
  • in a software development, the design or architecture prior to implementing the software is essential for the success. This paper presents a case that we successfully designed a software architecture of radiation monitoring system (RMS) for HANARO research reactor currently operating in KAERI by applying the quality attribute-driven design method which is modified from the attribute-driven design (ADD) introduced by Bass[1]. The quality attribute-driven design method consists of following procedures: eliciting functionality and quality requirements of system as architecture drivers, selecting tactics to satisfy the drivers, determining architectures based on the tactics, and implementing and validating the architectures. The availability, maintainability, and interchangeability were elicited as duality requirements, hot-standby dual servers and weak-coupled modulization were selected as tactics, and client-server structure and object-oriented data processing structure were determined at architectures for the RMS. The architecture was implemented using Adroit which is a commercial off-the-shelf software tool and was validated based on performing the function-oriented testing. We found that the design method in this paper is an efficient method for a project which has constraints such as low budget and short period of development time. The architecture will be reused for the development of other RMS in KAERI. Further works are necessary to quantitatively evaluate the architecture.