ISA100.11기반 산업제어시스템을 위한 향상된 보안 프레임워크
Enhanced Security Framework in ISA 100.11a based Industrial Control System
- 주제(키워드) ICS , ISA100.11a , Wireless communication , security assurance program , security testing
- 발행기관 아주대학교
- 지도교수 손태식
- 발행년도 2016
- 학위수여년월 2016. 8
- 학위명 석사
- 학과 및 전공 일반대학원 컴퓨터공학과
- 파일정보 한글 2010
- 실제URI http://www.dcollection.net/handler/ajou/000000023339
- 본문언어 영어
- 저작권 아주대학교 논문은 저작권에 의해 보호받습니다.
초록/요약
In the existing Industrial Control System (ICS), wire communication was used mostly, because of the strict conditions by the characteristics of the environment of the industry, such as real-time communication, time-limited processing, high availability, functional safety, and security, but a lot of costs and issues occurred due to high costs of maintenance, lack of scalability and lack of interoperability. Accordingly, studies to solve these problems by applying the wireless communication technology to the existing ICT to the ICS began to be conducted, and wireless communication technologies and protocols specialized in the industrial environment began to be studied and applied. However, despite the necessity of security is gradually increasing in the ICS, there are lacking studies to test and evaluate the security of the wireless communication technology, so it is urgently necessary to conduct a related study. This study proposes a security assurance technology of the devices using the relevant standard, focusing on ISA100.11a, one of the ICS wireless communication protocols. The proposed security assurance technology is divided broadly into communication testing and security function assessment, and the communication testing is divided into baseline operation testing, resource robustness testing, and packet manipulation testing. A security function assessment conducted with the devices that have passed communication testing is proposed differing the required items, divided by the components of ISA100.11a, such as a field device, backbone router, and host so that an assessment appropriate for the hardware specifications and roles of each component is achieved. In addition, this study seeks to facilitate the implementation and application of the proposed security assurance technology by proposing concrete methods or criteria for communication testing and security function assessment. Lastly, this study attempts to verify the conformance of the proposed security assurance by testing the security assurance technology in a test-bed with a network environment where the standard ISA100.11a can work network environment.
more목차
Chapter 1 Introduction 1
Chapter 2 Background and Related Work 4
Section 1 Background of wireless communication in Industrial Control System(ICS) 4
Section 2 Wireless Communication Protocol for ICS 5
Section 3 Testing and Certification Program for ICS 15
Section 4 Related Work of ISA100.11a Vulnerability and Testing Methodology 19
Chapter 3 Proposed Security Assurance Framework for ISA100.11a based ICS 22
Section 1 Overview of Proposed security Assurance Framework 22
Section 2 Communication Testing 24
Section 3 Security Function testing 28
Chapter4 Methodology of Measurement and Evaluation for Proposed Security Assurance 32
Section 1 Methodology of Communication Testing 32
Section 2 Methodology of Security Function testing 39
Section 3 Experiment of Proposed framework 47
Chapter 5 Conclusion 48
Reference 49