전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향
- 소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로 -
한국전기연구원 전문가 자문 발표
발표일 :2009 년 10 월 20 일발표장소 : 한국전기연구원
발표자 : 강장묵 ( 세종대 정보통신공학과 )[email protected]
Who is kang, JM?
• 공학박사 ( 정보보호 전공 )• 정보보호진흥원 등 자문 활동
• ( 현 ) 세종대학교 정보통신공학과 교수- 유비쿼터스 컴퓨팅 사업단 -
• 미디어 다음 열린사용자 위원회 위원
2
연구 분야1. 웹 2.0 중 소셜 네트워크 서비스2. 유비쿼터스 컴퓨팅 중 증강현실3. 디지털컨텐츠 중 UCC4. 정보보호 중 개인정보5. 학제간 연구 ( 정보 소통 및 사회문화의 기술사회구성론적 분석 )
3
생각할 문제
방송과 통신 융합은 서비스간 경계를 허물었다 . 트위터와 페이스북은 OPEN 환경에서 연동 및 공유된다 . 유비쿼터스 컴퓨팅기술로 공간 융합 , 서비스 통합 , mash-up 으로 정보 공유는 취약점을 키우는가 ? 편리함만 주는가 ?서비스간 보안 규칙과 보안 대상 수준과 다루는 정보의 민감도도 허물어지지 않는가 ?개인화된 서비스와 광고로 수익을 얻는 비즈니스는 개인정보 더 나아가 프라이버시에 치명적 위협이지 않은가 ?전력기반 통신에 적용 가능한 유연한 기술은 새로운 보안 취약점을 야기하지 않는가 ?
발표 내용 및 보안 토픽
PGP S/MIME
SSL TLS
IPSec
Cryptography
Symmetric Key
Public Key
Algorithms
Encryption
Digital Signatures
Certificates
Algorithms
Encryption
Key Mgmt
발표내용간략한 보안 이슈 중 선별한 개론 수준의 개념
소셜 네트워크 환경에서 보안 이슈와 적용전력계통망에서 새로운 비즈니스에 대한 플랫폼 차원의 보안
발표자가 관심 갖는 보안 관련 연구 내용 ( 기관 요청 )
5
Platform Security
• Protecting your information, technology, property, products and people, thus protecting your business.
• The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA.
• Confidentiality• Integrity• Availability
IPSec – IP Security• Secures the IP packet by adding additional header
• Selection of encryption, authentication and hashing methods left to the user
• It requires a logical connection between two hosts, achieved using Security Association (SA)
• An SA is defined by:– A 32-bit security parameter index (SPI)– Protocol type: Authentication Header (AH) Or Encapsulating Security
Payload (ESP)– The source IP address
IP HeaderIPSec Header Rest of the PacketNew IP Header
IP Header IPSec Header Rest of the Packet Transport Mode
Tunnel Mode
OR
보안 기술 소개 1.
Pretty Good Privacy (PGP)
110.ico
Alice
Hash Function
Digest
Encrypt
Alice’s private key
1116.ico
+ 110.ico
Signed Digest
Message plus Signed Digest
Encrypted (secret key & message + digest) to Bob
1
2
3Encrypt
1116.ico
Bob’s public key
Encrypt
1116.ico
One-time secret key
+
4
5
6
Sender site
The message and digest are encrypted using one time
secret key created by Alice
보안 기술 소개 2.
PGP (contd.)
110.ico
Receiver site
Bob
Decrypt Hash Function
Digest
1116.ico
Alice’s public key
DigestX
Compare
9 10
11
Encrypted (secret key & message + digest)
1116.ico
Bob’s private key
1116.ico
Decrypt
Decrypt
Encrypted (message + digest)
One-time secret key
7
8
The two digests are compared, thus providing
authentication and integrity
보안 기술 소개 2.
S/MIME• Working principle similar to PGP• S/MIME uses multipart MIME type to include the cryptographic information
with the message• S/MIME uses Cryptographic Message Syntax (CMS) to specify the
cryptographic information • Creating S/MIME message:
MIME EntityCMS Object S/MIME
Certificates
Algo identifiers
CMS Processing
MIME Wrapping
보안 기술 소개 3.
10
Transport Layer Security (TLS)• Designed by IETF; derived from SSL• Lies on top of Transport layer• Uses two protocols:
– Handshake Protocol
– Data exchange protocol– Uses secret key to encrypt data.– Secret key already shared during handshake
Hello
Certificate
Secret key
End Handshaking
Encrypted Ack
Client Server
Server decrypts secret key with its private key.
Uses secret key to decode message ad sends encrypted ack
보안 기술 소개 4.
11
Chain of Trust• Query propagation similar to DNS queries • At any level, the CA can certify performance of CAs in the next level
i.e. level-1 CA can certify level-2 CAs.• Thumb-rule: Everyone trusts Root CA
Root CA
Level-1CA 1
Level-2CA 3
Level-2CA 4
Level-2CA 5
Level-2CA 6
Level-2CA 2
Level-2CA 1
Level-1CA 2
보안 기술 소개 5.
12
DDoS Attack Scenario
공격자
ZombieiZombie
n
Zombie
1. . . . . . . . . . . .
Step 1.Probing vulnerable computers to make them zombies
Step 2.Install attack program in
Compromised zombies
Step 3.Send attack commands to zombies to launch DDoS* Source: Random Spoofed Address* Destination: Victim Address
Step 4.Victim network capacity was
Saturated by DDoS attack traffic
희생자
최근 분산공격 사례
13
• The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA.
• People• Processes• Technology
The Components of Information Security
Need for message security
• Privacy– Am I sure no body else knows this?
• Authentication– Am I sure that the sender is genuine and not an imposter?
• Integrity– Am I sure that the message has not been tampered on its way?
• Non-repudiation– What will I do if the sender denies sending the message?
15
XML 의 발전과 위협
16
Web 2.0 기반 언어 체계의 위협
17
정책의 유연성 : 융합 환경에서 이기종 간 정책의 일관성 유지 수준에서
What is International Telecommunication Union (ITU) ?
• Headquartered in Geneva, is the UN specialized agency for telecom
ITU-TTelecommunicatio
nstandardization of
network and serviceaspects
ITU-DAssisting
implementationand operation of
telecommunications in
developing countries
ITU-RRadiocommunicationstandardization and
global radio spectrummanagement
Study Group Organization
(TSAG)
(WTSA)
SG 17, Security, Languages and Telecommunication Software Lead Study Group on Telecommunication Security
SG 2, Operational Aspects of Service Provision, Networks and Performance
SG 4, Telecommunication Management SG 5, Protection Against Electromagnetic Environment Effects SG 9, Integrated Broadband Cable Networks and Television and
Sound Transmission SG 11, Signalling Requirements and Protocols SG 13, Next Generation Networks SG 15, Optical and Other Transport Network Infrastructures SG 16, Multimedia Terminals, Systems and Applications SG 19, Mobile Telecommunication Networks
19
Federal Information Security Management Act
Roles & Responsibilities• Agency Head
• CIO
• Agency Security Officer
Security Program
1. Periodic risk assessments
2. Policies and procedures
3. Security plans
4. Security awareness training
5. Periodic testing & evaluation
6. Remediation activities
7. Incident response capabilities
8. Continuity of operations
Annual Security Review
•Determine sufficiency of security program
•Independent Evaluation (e.g., IG)
•Safeguard evaluation data
Annual Reporting• Reports from CIO & IG
• Report material weaknesses
• Provide performance plans
§3544(a)
§3544(b)
§§ 3544(c), 3545 (e)§§
3544(c), 3545 (e)
인증과 인가 :IT Security in the SDLC
2 3 4 5
1 - 1
1 - 1
· Security Categorization
· Preliminary Risk Assessment
· Perception of a need
· Linkage to mission and performance objectives
· Assessment of alternatives to capital assets
· Preparing for investment review and budgeting
Needs Determination
SD
LC
Sec
uri
ty C
on
sid
erat
ion
s
3 - 43 - 4 3 - 4 4 - 5 4 - 54 - 5 4 - 5 4 - 5
· Fun. Stmt of Need· Market Research· Feasibility Study· Req. Analysis· Alt. Analysis· Cost Ben. Analysis· Software
Conversion Study· Cost Analysis· RM Plan· Acquisition
Planning
· Risk Assessment· Sec. Funct. Req.
Analysis· Sec. Assurance
Req. Analysis· Cost
Considerations and Reporting
· Sec. Control Dev.· Dev. ST&E· Other Planning
· Inspection and Acceptance
· System Integration· Security
Certification· Security
Accreditation
· Configuration Management and Control
· Continuous Monitoring
· Information Preservation
· Media Sanitization· Hardware and
Software Disposal
· Installation· Inspection· Acceptance Testing· Initial User Training· Documentation
· Appropriateness of Disposal
· Exchange and sale· Internal
Organization screening
· Transfer and Donation
· Contract Closeout
· Performance Measurement
· Contract Modification
· Operations· Maintenance
InitiationAcquisition/
Development ImplementationOperations/ Maintenance Disposition
--NIST SP 800-64
21
Security Control Automation Protocol—SCAP
• XML and protocols to exchange technical security information between products
• “Glue Code” between the following data sets:– Common Vulnerabilities and Exposures (CVE) – Common Configuration Enumeration (CCE) – Common Platform Enumeration (CPE) – Common Vulnerability Scoring System (CVSS) – Extensible Configuration Checklist Description Format
(XCCDF) – Open Vulnerability and Assessment Language (OVAL)
• More products certified weekly
22
Observations and Truthinesses( 보안 방식의 결정 )
• Control v/s audit burdens• Skill of the constituency• Need a security professional at each layer
Is it all just a matter of centralized v/s decentralized?
NGN architecture overview (Y.2012)
Transport stratum
Service stratum
ControlMedia
Managem
ent
Funct
ions
ANI
Transport Control Functions
Resource and Admission
Control Functions
Network Attachment Control Functions
NNIUNI
Application Support Functions & Service Support Functions
Applications
Transport Functions
End-UserFunctions
OtherNetworks
Service ControlFunctions
Service UserProfiles
Transport User Profiles
Packet-based network with QoS sup-port and Security
Separation between Services and Transport
Access can be provided using many underlying technologies Should be reflected in policy
Decoupling of service provision from network
Support wide range of services/applications Converged services between Fixed/Mobile
Broadband capabilities with end-to-end QoS Compliant with regulatory requirements
Emergency communications, security, privacy, lawful interception
ENUM Resources, Domain Names/ Inter-net Addresses
NGN Peering Trust Model
TrustedZone
Trusted butVulnerable
Zone
UntrustedZone
NGNnetwork
Elements
DomainBorder
Elements(DBE)
NGNnetwork
Elements
DomainBorder
Elements(DBE)
Provider B fromProvider A’s point of
view
Provider A
IdentityConnecting users with services
and with others (Federation)
At your Desk
Managed Office
Whatever you’re doing(applications)
In the Air
On the Road
Collaboration
Voice Telephony
ERP
In Town
PDA
Cellular
Smart Phon
e
Wherever you are(across various access types)
Whatever you’re using(devices)
At Home
Video
Web Apps
• Network Identity is essential• Need end-to-end trust model
PC
People have multiple identities, each within a specific context or domain
Work – [email protected] – [email protected] – [email protected] – [email protected]
26
노드 - 허브 - 클러스트 등 네트워크 계층
• At what layer do you address a specific problem?
• Can a specific solution “scale up” to the Federation/ Community Layer?
• How do I get “clueful” people at each layer?
• How do I communicate between layers?
27
Trusted Internet Connections—TIC
• Reduce Government Internet connections to 50
• Lowers the demand for skilled personnel• Uses models from DoD and DHS• Agencies share Internet connections• In theory: simplifies protecting Internet
connections Government-wide• http://www.whitehouse.gov/omb/memoran
da/fy2008/m08-05.pdf
28
The Cybertastic Future: Management
• Use the Enterprise, Project, and Integration Layers
• Start in bite-sized pieces and consolidate wherever possible
• Need “clueful” people at all layers• Organization at the Federation Layer for
self-regulation—some people are already doing it
Some useful web resources
• ITU-T Home page http://www.itu.int/ITU-T/• Security Roadmap
http://www.itu.int/ITU-T/studygroups/com17/ict/index.html• Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/en• Cybersecurity Portal http://www.itu.int/cybersecurity/• Cybersecurity Gateway
http://www.itu.int/cybersecurity/gateway/index.html• Recommendations http://www.itu.int/ITU-T/publications/recs.html• ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtml• ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.html• LSG on Security
http://www.itu.int/ITU-T/studygroups/com17/tel-security.html
30
질의와 토론
최근 특허 사례 ( 출원인 : 세종대 , 동국대 , 발명가 : 강장묵 외 )
효율적인 개인정보 유통경로의 안전관리를 위한 개인 정보 보호 장치 및 방법{PERSONAL INFORMATION PROTECTION APPARATUS AND METHOD
FOR MANAGING DISTRIBUTION CHANNEL OF PERSONAL INFORMATION EFFICIENTLY AND SAFELY}