년 - 년
4,000원
본 논문은 갈수록 치밀해지고 정교해지는 위협으로부터 SCADA망을 지키기 위한 보안 방안에 대해 연구하 였다. 현재 SCADA 시스템 보안은 일반 IT 보안 시스템과 거의 유사한 방법이 사용되고 있다. 공통적으로 필 요한 보안 기법들도 있겠지만, 일반 IT 시스템과는 다른 SCADA 시스템만을 위한 보안 기법이 필요한 실정이 다. 따라서 본 논문은 현재 SCADA 시스템에 사용되는 보안 기법에 대해 알아보고, 현재 보안 기법을 사용하였 을 시 생기는 문제점을 SCADA 시스템의 공격에 따른 피해 사례들을 통해 알아볼 예정이다. 마지막으로 현재 SCADA 시스템에 필요한 가용성과 무결성을 보장하기 위한 새로운 대응 방안으로 Blockchain과 SCADA 시 스템의 연계를 제안하였다.
This paper studied security measures to protect the SCADA network from the increasingly sophisticated threats. Currently, SCADA system security uses methods that are almost like regular IT security systems. While there may be some common security techniques, security techniques are needed only for SCADA systems that are different fr om typical IT systems. Therefore, this paper will explore the security techniques currently used in SCADA system s, and the problems that arise when the current security techniques are used will be identified through the damage cases resulting from attacks in SCADA systems. Finally, as a new solution to ensure the availability and integrity r equired for current SCADA systems, we proposed linking Blockchain and SCADA systems.
TCP/IP환경에 기반한 SCADA 시스템의 ARP Spoofing 공격 가능성 연구
한국융합보안학회 융합보안논문지 제9권 제3호 2009.09 pp.9-17
※ 기관로그인 시 무료 이용이 가능합니다.
4,000원
국내 외에서 국가 중요 기반 시설들을 제어하고 관리하기 위해 사용되었던 기존의 폐쇄적인 형태의 전자 제어시스템은 최근에는 단독 운영으로부터 네트워크 환경 기반의 시스템으로 발전하고 있다. 그러나 TCP/IP와 같은 기존의 네트워크 프로토콜의 보안 표준의 부재로 인하여 전자 제어시스템에서의 취약점이 나타났고 취약점을 이용한 공격 기법이 존재하게 되었으며 대표적으로 ARP Spoofing 공격이 있다. 우리의 테스트베드는 ARP Spoofing 공격을 이용한 전자제어 시스템에서의 MTU(Master Terminal Unit)와, RTU(Remote Terminal Unit)의 연결 통로인 Gateway 사이에서의 packet capturing을 구현하였고, 이를 통해 SCADA 시스템이 TCP/IP 상에 서 공격을 받을 수 있는 가능성을 제시하고자 한다.
SCADA(Supervisory Control and Data Acquisition) in order to manage and control the important facilities of nation has been developed from closed system to network-based electronic control system. However the security standards of existing network protocol such as TCP/IP result in several vulnerabilities and attacks, ARP Spoofing attack, in bound of the SCADA system. Our proposed test-bed is constructed for packet capturing between MTU(Master Terminal Unit) and SCADA Gateway connected to RTU(Remote Terminal Unit) using ARP Spoofing attack.
Review: Distributed System Network Architecture for Securing SCADA system
보안공학연구지원센터(IJSH) International Journal of Smart Home Vol.4 No.1 2010.01 pp.13-22
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
Intentional and unintentional cyber threats are an ever-present risk for such critical infrastructures and for businesses that rely on 100 percent uptime of their operational facilities. The need for remote monitoring, control, maintenance, and data access have resulted in many Supervisory Control and Data Acquisition (SCADA) systems and Distributed Control Systems (DCS) to be accessible either directly from the Internet or through corporate networks. This paper proposed a Distributed Control System Network Architecture for Securing SCADA system. It is consists of a layered defense-in-depth approach that will enable administrator to watch their networks at every level. The primary concerns for the control system network includes securing remote access, validating and authenticating every device and user on the control system network, and assuring the integrity of the data.
Advanced Protocol to Prevent Man-in-the-middle Attack in SCADA System SCOPUS
보안공학연구지원센터(IJSIA) International Journal of Security and Its Applications Vol.8 No.2 2014.03 pp.1-8
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
SCADA system is a computer system that monitors and controls the national infrastructure or industrial process including transportation facilities, water treatment and distribution, electrical power transmission and distribution, and gas pipelines. If a SCADA system is infected by a malicious worm, such as the Stuxnet, disaster is inevitable. Since the appearance of Stuxnet, researchers focused on detecting this intrusion in SCADA networks. As a result, various methods have been presented by researchers. One of them is to monitor traffic and detect anomalous patterns. However, it is not able to detecting a spoofed packet. This study present three cases of system anomaly by example of pattern based on real data of PROFINET/DCP protocol. And propose protection method using the authentication.
A Study on Efficiency of ISMS for ICS with Compliance SCOPUS
보안공학연구지원센터(IJMUE) International Journal of Multimedia and Ubiquitous Engineering Vol.9 No.5 2014.05 pp.301-306
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
A policy is a set of ideas or plans that is used as a basis for making decisions, especially in politics, economics, or business, and it serves as a reference for the organization’s activities or specific individual. In this sense, it is important to strengthen the capability of security performance. When it comes to Industrial Control Systems (ICS) which considerably affect the national security, policy compliance with consideration of ICS’s characteristic is crucial. This paper is based on data from evaluating the degree of compliance of specific country’s infrastructure with survey. Method used in this paper consists of four steps. First, an employee of specific company participates as a subject and evaluates the compliance of his/her organization with personal discretion. Second, determine criteria for further analysis. Third, analyze data for existence and compliance of policy. Fourth, calculate ‘Policy-Domain-System (P-D-S)’ index from data processed in the previous step. PDS and ISMS data can be used at the same time. This paper will contribute the efficiency of existing ISMS standard.
Applying Asymmetric Key Encryption to Secure Internet based SCADA
국제인공지능학회(구 한국인터넷방송통신학회) International Journal of Internet, Broadcasting and Communication Vol.4 No.2 2012.08 pp.17-21
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
As an acronym for Supervisory Control and Data Acquisition, SCADA is a concept that is used to refer to the management and procurement of data that can be used in developing process management criteria. The use of the term SCADA varies, depending on location. Conventionally, SCADA is connected only in a limited private network. In current times, there are also demands of connecting SCADA through the internet. The internet SCADA facility has brought a lot of advantages in terms of control, data generation and viewing. With these advantages, come the security issues regarding web SCADA. In this paper, we discuss web SCADA and its connectivity along with the issues regarding security and suggests a web SCADA security solution using asymmetric-key encryption.
Recent Advances in SCADA alarm System
보안공학연구지원센터(IJSH) International Journal of Smart Home Vol.4 No.4 2010.11 pp.1-10
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
SCADA stands for supervisory control and data acquisition- any application that gets data about a system in order to control that system is a SCADA. Some sensors detect conditions“on” or an “off”. That “on” or an “off” originate as an on/off, Such as a valve sensor or it can represent an analog value that crosses a threshold value. Other sensors measure more complex situations where exact measurement is required. So we have developed a system in which SCADA system may be able to gets the more alarm details than a single discrete alarm point can provide in real time.
Automation of Soda Ash Handling System using PLC and SCADA in Glass Production Line
보안공학연구지원센터(IJAST) International Journal of Advanced Science and Technology Vol.92 2016.07 pp.37-48
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
Automation is a one of the most popular technology. Now a day’s all production based industries need automation, because it gives more advantages over manual control system such as it reduce the man power, it reduces the operational errors, it reduce the failure rates, Easy to trouble shoot the system, it reduce the maintenance cost, it eliminate the hard wiring, it gives less rejection etc. The main aim of the paper is to automate the soda ash handling system in glass production line at leading glass production industry. The glass production line all systems are controlled by DCS (Distributed control system) but some sub systems are controlled by electromechanical relay system (Hard wired control system). The relay control system looks toward many issues. To limit that issues the system change from relay control system to PLC (Programmable logic controller) control system, because it gives more advantages over relay control system. In this proposed system all parameters are controlled, processed and monitored with help of Allen Bradley PLC and Wonderware intouch SCADA software.
Construction and Reduction Methods of Vulnerability Index System in Power SCADA SCOPUS
보안공학연구지원센터(IJSIA) International Journal of Security and Its Applications Vol.8 No.6 2014.12 pp.335-352
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
Electric power SCADA (Supervisory Control and Data Acquisition) system gradually transforming from a separate private network to an open public network, seriously increases the vulnerability risk in electric power SCADA. In order to assess the vulnerability risk in electric power SCADA system, the paper firstly uses Delphi method and AHP (Analytic Hierarchy Process) to build an index system of vulnerability risk assessment, to fully represent the vulnerability of electric power SCADA system. As index data of vulnerability risk assessment in power SCADA is characterized by strong relation and high dimensionality, the method of Autoencoder is proposed to reduce dimensionality of index data by representing high-dimensional data in a low dimensional space. Auto encoder method can obtain the optimal initial weight in pre-training and then back-propagate error derivatives adjusting weights with the initial weights to minimize the reconstruction error finally getting the best reconstructed results. The paper conducts simulation experiments about reconstruction error in pre-training and fine-tuning process in MATLAB experimental platform, and the experimental results show that dimensional code received by reducing dimensionality of data can basically fully represent high-dimensional data. The low-dimensional code as input can significantly reduce the complexity in the construction of model of vulnerability risk assessment in Electric power SCADA system in later work.
보안 모듈을 도입한 안전한 SCADA 시스템 KCI 등재후보
보안공학연구지원센터(JSE) 보안공학연구논문지 Vol.7 No.3 2010.06 pp.205-214
※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.
SCADA (원방감시제어, Supervisory control and data acquisition) 시스템은 과거 폐쇄형 시스템이었기 때문에 외부 공격으로부터 비교적 안전했지만, 빠른 IT산업의 발달과 더불어 시스템이 범용성을 갖도록 요구되면서 기존 인터넷 망과 결합된 개방형 SCADA 시스템으로 발전하고 있다. 이로써 외부와의 접촉이 가능해짐에 따라 각종 외부로부터 위협의 대상이 되어오고 있어 이에 대한 보안 기술의 도입이 시급하다. 본 논문은 현존하는 SCADA 시스템의 취약점에 대응할 수 있는 안전한 SCADA 시스템의 모델에 응용될 수 있는, 보안 모듈들에 대해서 소개한다. SCADA 시스템에 특성화된 보안 모듈로는 SCADA 시스템 정책 등을 관리하는 보안 관리모듈, 암호와 인증을 담당하는 보안 장치, 침입탐지시스템(IDS, Intrusion Detection System)모듈이 있다. 아울러, 본 논문은 보안공학연구논문지에 게재하도록 논문게재 추천 위원회로부터 추천받은 논문으로서, 2010년 2월에 한국통신학회 동계종합학술발표회에서 발표한 “보안 관리와 침입 탐지 시스템을 도입한 안전한 SCADA 시스템” 논문의 확장본임을 밝힌다.
Because the SCADA (Supervisory control and data acquisition) system was closed system previously, it was more secure from external attacks, however, the open SCADA system including the Internet infrastructure have been needed in order to be widely used as dramatically developed IT services. Since the SCADA system can contact with external internet and this system has been purpose of several threats, the adopting security technology for the SCADA system is needed as soon as possible. This paper introduces security modules which can be applied in the SCADA system against vulnerabilities of the SCADA system existing. The characterized security modules are security management that manages system policies, security devices that charge encryption and authentication, and the IDS (Intrusion Detection system).
전력감시제어설비(SCADA)의 open system architecture 적용
[Kisti 연계] 제어로봇시스템학회 제어로봇시스템학회 학술대회논문집 1996 pp.992-995
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
The major roles of Power SCADA System are continuous monitoring of electrical equipments state, real-time data processing and dispatching. Especially, SCADA system demands fast response time in heavy load condition, high reliability, fault tolerance, expansion capacity for the future. According to developing computer system technology, SCADA system is changing system configuration from centralized processing system to distributed processing system. This paper describes operational benefits, problems and improvement (which is studying in theory) in the application of Open System Architecture SCADA which has been installed since 1994, Seoul regional control center in KEPCO.
SCADA System에서의 방사상계통 자동판별을 위한 제어 알고리즘 개발
[Kisti 연계] 대한전기학회 대한전기학회 학술대회논문집 2007 pp.667-668
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
운전하고 있으나 방사상계통 운전에 대한 정보공유가 미비하여 특정 계통조작시 정전으로 이어질 우려가 상존하고 있다. 본 논문에서는 방사상 계통과 환상계통을 자동 판단하여 계통조작시 정전사고로 이어질 수 있는 경우 사전 경고를 발생하여 정전조작을 미연에 방지할 수 있도록 하는 알고리즘을 개발하였다. 개발된 알고리즘은 SCADA와 미리 구축된 Rule Base를 이용하여 인근지역의 정보를 공유하고, 간단한 집합론을 이용한 수학적 연산작업을 통해 방사상계통인지 환상계통인지를 판단한다. SCADA 시뮬레이터를 통한 다양한 시험을 통해 개발된 알고리즘의 신뢰성을 검증하였으며 이를 구현한 방사상계통 자동판별시스템을 개발하여 실계통에 적용하였다.
[Kisti 연계] 대한전기협회 대한전기협회지 Vol.1986 No.5 1986 pp.18-23
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
[Kisti 연계] 대한전기협회 대한전기협회지 Vol.5 1978 pp.18-23
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
Wide-Area SCADA System with Distributed Security Framework
[Kisti 연계] 한국통신학회 Journal of communications and networks Vol.14 No.6 2012 pp.597-605
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
With the smart grid coming near, wide-area supervisory control and data acquisition (SCADA) becomes more and more important. However, traditional SCADA systems are not suitable for the openness and distribution requirements of smart grid. Distributed SCADA services should be openly composable and secure. Event-driven methodology makes service collaborations more real-time and flexible because of the space, time and control decoupling of event producer and consumer, which gives us an appropriate foundation. Our SCADA services are constructed and integrated based on distributed events in this paper. Unfortunately, an event-driven SCADA service does not know who consumes its events, and consumers do not know who produces the events either. In this environment, a SCADA service cannot directly control access because of anonymous and multicast interactions. In this paper, a distributed security framework is proposed to protect not only service operations but also data contents in smart grid environments. Finally, a security implementation scheme is given for SCADA services.
무인발전소 SCADA SYSTEM 에서의 AQR 제어 운영
[Kisti 연계] 대한전기학회 대한전기학회 학술대회논문집 2009 pp.58-59
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
Generator excitation system, supplying the voltage to power system, is controlled by various manners as aspects of power system. Previously excitation systems mainly used AVR(Automatic Voltage Regulator) and FCR(Field Current Regulator) to control voltage, but nowadays the excitation systems have the tendency to adopt AQR(Automatic Reactive power Regulator) and APFR(Automatic Power Factor Regulator) to do it so as to get into step with diverse requirements of power system and high digital technology. This paper presents which operation methods is effective for the equipment, according to increase the unmanned power station thanks to automation technic.
Development of New SCADA System for 500kV Substations
[Kisti 연계] 대한전기학회 Journal of international council on electrical engineering Vol.3 No.1 2013 pp.50-55
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
We developed a new SCADA system for 500-kV substations. To apply existing LAN-based SCADA system for unmanned 275-kV or 77-kV substations, we had to develop three functions. Firstly, the new SCADA system enables that 500-kV substation is supervised and controlled from multiple operating sites. Secondly, the database of the new SCADA system can be downloaded the maintenance data from the SCADA system for 500-kV control center via an IP network. Finally, the new SCADA system has supervisory control capability for manned 500-kV substations. In this paper, we describe these functional over view of the new SCADA system. Currently, 500-kV substations are manned substations. And these substations are supervised and controlled by human operators on sites. Using the new SCADA system, 500-kV substations will be realized remote supervisory control from the 500-kV control center a few years later. Therefore, manned 500-kV substations will convert into unmanned substations.
원방감시제어(SCADA) System에 이용되는 정보통신시설
[Kisti 연계] 한국통신학회 정보와 통신 Vol.11 No.4 1994 pp.43-53
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
Application Design for SCADA using Utility Management System(UMS)
[Kisti 연계] 대한전기학회 대한전기학회 학술대회논문집 2007 pp.171-172
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
우리나라 전력계통 네트워크는 SCADA를 통해 데이터를 취득하고 있다. 초창기 SCADA를 도입할 당시에는 이 시스템이 성능과 기능면에서 그 당시의 최신기술이며 유일한 네트워크 모델이었다. 특히 핵심적인 부분에서는 국내 순수 기술이 아닌 외국 제품이 적용되었다. 그러나 근래에 기술동향은 정보통신의 점진석인 발달과 하드웨어의 성능 향상 등을 통해 동일조건에서 동인 시스템을 구축할 경우 이전과 비교해 볼 때 월등한 효율성과 경제성을 갖출 수 있다. 특히나 전력계통의 경우 신뢰성을 기반으로 한 국가 기간산업이므로 이러한 기술을 적용한 파급효과는 보수적인 면이 있다. 따라서 본 논문에서는 이런 특성을 고려하여 현재의 SCADA를 분석해보고 애플리케이션을 추가할 경우에 어떻게 설계해야 할지에 대해 살펴보고자 한다.
[Kisti 연계] 한국조명전기설비학회 조명·전기설비학회 논문지 Vol.23 No.11 2009 pp.34-43
※ 협약을 통해 무료로 제공되는 자료로, 원문이용 방식은 연계기관의 정책을 따르고 있습니다.
SCADA (Supervisory Control and Data Acquisition) system has been used for remote measurement and control on the critical infrastructures as well as modem industrial facilities. As cyber attacks increase on communication networks, SCADA network has been also exposed to cyber security problems. Especially, SCADA systems of energy industry such as electric power, gas and oil are vulnerable to targeted cyber attack and terrorism Recently, many research efforts to solve the problems have made progress on SCADA network security. In this paper, flexible key distribution concept is proposed for improving the security of SCADA network using Multiagent System (MAS).
0개의 논문이 장바구니에 담겼습니다.
선택하신 파일을 압축중입니다.
잠시만 기다려 주십시오.