Sinkyu Kim

Cluster-Based certificate chain for mobile ad hoc networks

A recent trend of wireless technology is to set up the wireless connections among close-by mobile nodes. This class of network is called as Mobile Ad Hoc Network (MANET). In MANET, mobile nodes can temporarily form a network and they cooperatively offer several functions. Hence, it is hard to apply traditional security techniques such as public key certification based on PKI. In this paper, we propose a practical model of public key certificate chain for MANET. Our scheme does not rely on a central server, but rather we utilize the Cluster-Based Routing Protocol (CBRP) for MANET to issue certificates in a distributed fashion. In our scheme, the certificates are chained very effectively and the signed messages can be transferred over certificate chain. Our scheme works well in a setting where the network topology is dynamically changed. Also, our scheme is more efficient than the related localized scheme [15].

Design and Analysis of Improved GSM Authentication Protocol for Roaming Users

In this paper, we improve the GSM (Global System for Mobile Communications) authentication protocol to reduce the signaling loads on the network. The proposed protocol introduces a notion of the enhanced user profile containing a few of VLR IDs for the location areas where a mobile user is most likely to visit. We decrease the authentication costs for roaming users by exploiting the enhanced user profile. Our protocol is analyzed with regard to efficiency and is compared with the original protocol.

Smart proactive caching scheme for fast authenticated handoff in wireless LAN

Handoff in IEEE 802.11 requires the repeated authentication and key exchange procedures, which will make the provision of seamless services in wireless LAN more difficult. To reduce the overhead, the proactive caching schemes have been proposed. However, they require too many control packets delivering the security context information to neighbor access points. Our contribution is made in two-fold: one is a significant decrease in the number of control packets for proactive caching and the other is a superior cache replacement algorithm.

Statistical Similarity of Critical Infrastructure Network Traffic Based on Nearest Neighbor Distances

Industrial control systems (ICSs) operate a variety of critical infrastructures such as waterworks and power plants using cyber physical systems (CPSs). Abnormal or malicious behavior in these critical infrastructures can pose a serious threat to society. ICS networks tend to be configured such that specific tasks are performed repeatedly. Further, for a specific task, the resulting pattern in the ICS network traffic does not vary significantly. As a result, most traffic patterns that are caused by tasks that are normally performed in a specific ICS have already occurred in the past, unless the ICS is performing a completely new task. In such environments, anomaly-based intrusion detection system (IDS) can be helpful in the detection of abnormal or malicious behaviors. An anomaly-based IDS learns a statistical model of the normal activities of an ICS. We use the nearest-neighbor search (NNS) to learn patterns caused by normal activities of an ICS and identify anomalies. Our method learns the normal behavior in the overall traffic pattern based on the number of network packets transmitted and received along pairs of devices over a certain time interval. The method uses a geometric noise model with lognormal distribution to model the randomness on ICS network traffic and learns solutions through cross-validation on random samples. We present a fast algorithm, along with its theoretical time complexity analysis, in order to apply our method in real-time on a large-scale ICS. We provide experimental results tested on various types of large-scale traffic data that are collected from real ICSs of critical infrastructures.

POSTER: CPS Security Testbed Development Using Controller-in-the-Middle

Cyber-physical systems (CPSs) are used in a variety of domains such as critical infrastructure, smart factory, transportation, etc. Since dependable CPSs tend to be configured for specific tasks that are performed repeatedly, security threats to CPSs have started increasing. To enhance CPS security, it is necessary to realistically reproduce and test scenarios that reflect the characteristics of the target system. Prior to developing technologies for CPS security, individual experimental environments are necessary to evaluate the developed technologies. In this paper, we propose a Controller-in-the-Middle (CitM) scheme that provides a flexible experimental environment for CPS security, which consists of an independent process exchanged between field devices and a complex process combining different independent processes. Using the proposed scheme, various scenarios and test environment can be reproduced flexibly.

One Step More: Automatic ICS Protocol Field Analysis

Industrial control system (ICS) protocols have been developed to obtain the values measured using sensors, control the field devices, and share the collected information. It is necessary to monitor the ICS network continuously based on the ICS protocol knowledge (protocol field’s meaning and protocol’s behavior) for detecting ICS attackers’ suspicious activities. However, the ICS protocols are often proprietary, making it difficult to obtain their exact specifications. Hence, we need an automatic ICS protocol analysis because the tasks involved in the manual reverse engineering are tedious. After analyzing the network traffic obtained from a real ICS, we found that the variable structures were common and packet fragmentation frequently occurred during the operation. We recognized the need for an automated process wherein the packet fragmentation and variable structures are considered. In this paper, we describe our ongoing research to resolve the intricate structures of the ICS protocols in addition to the existing statistical analysis approach and present the implementation results.

Analysis of Security Requirements on DCU and Development Protection Profile based on Common Criteria Version 3.1

ABSTRACT Smart Grid Devices could have security vulnerabilities that hav e legacy communication networks because of the fact that Smart Grid employs bi-directional communications and adopted a variety of communication interface. Consequently, it is require d to build concrete response processes and to minimize the damage of the cyber attacks including security evaluation and certification methods. DCU is designed to collect meter data fr om numerous smart meter and send to utility’s server so DCU installed between smart meter and utility’s server. For this re ason, If DCU compromised by attacker then attacker could use DCU to launching point for and attack on other devices. However, DCU’s security evaluation and certification techniques do not suffice to be deployed in smart grid infrastructure. This work development DCU protection profile based on CC, it is expected that provide some assistance to DCU manufacturer for developmen t of DCU security target and to DCU operator for help safety management of DCUKeywords: DCU, Smart Grid, Protection Profile, Common Criteria 접수일(2014년 8월 29일), 수정일(1차: 2014년 10월 6일, 게재확정일(2014년 10월 6일)* 본 연구는 2012년도 지식경제부의 재원으로 한국에너지기술평가원(KETEP)의 지원을 받아 수행한 연구 과제입니다.(2012101050004A)†주저자, yjcho@ensec.re.kr‡교신저자, skkim@ensec.re.kr(Corresponding author)

Replacing Cryptographic Keys in AMI Mesh Networks with Small Latency

Advanced Metering Infrastructures (AMI) facilitate efficient and reliable exchange of electricity information between the homes and utilities. Their unique characteristics (e.g., connecting millions of smart meters; accessing customers’ private information), however, make them a lucrative target for adversaries. For example, an attacker might try to compromise the head-end of an AMI and send “remote disconnect commands” to the smart meters, disconnecting a large number of customers. To implement message authentication and protect message integrity and confidentiality, a number of cryptographic keys are being utilized. A “command key”, for example, signs messages that are sent from the head-end to the meters. Such keys, however, introduce their own set of problems if they ever get compromised. A stolen command key would allow an adversary to continuously send malicious commands to the meters. Hence, the compromised keys must be revoked and replaced as quickly as possible. This paper proposes an efficient and reliable key distribution framework for the AMI mesh networks based on the connected dominating set approach. The keys are replaced with minimal latency through our “hexagon-tile coloring scheme”, which allows the maximum number of keys to be transmitted in parallel, free of collision.

SG-RBAC : Role Based Access Control Model for Smart Grid Environment

Smart grid is composed of variable domains including different systems, and different types of the access control are needed in the multiple domain. Therefore, the access control model suitable for the smart grid environment is required to minimize access control error and deny the unauthorized access. This paper introduce the access control requirements in the smart grid environment and propose the access control model, SG-RBAC, satisfied with the requirements. SG-RBAC model imposes constraints on the access right activation according to the user property, the role property, and the system property. It also imposes constraints on the delegation and the inheritance of access right according to temporal/spatial information and a crisis occurrence.

Digital Evidence Acquisition Scheme using the Trusted Third Party in Smart Grid Infrastructure

Considerable number of major countries have put great efforts to leverage the efficiency of power consumption using Smart Grid in order to resolve the critical issues with drastical growing demands regarding electricity, the crisis of environmental pollution and so on. There has been increasing number of researches to construct Smart Grid in Korea as well. The threats of cyber terror attacks which might cause national crisises in terms of economy and society have been climbing up because of the fact that Smart Grid employs bi-directional communications embedding the cyber threats from existing/legacy communication networks. Consequently, it is required to build concrete response processes including investigation and analysis on cyber breaches into Smart Grid. However, the digital evidence acquisition techniques do not suffice to be deployed in Smart Grid systems despite of the fact that the techniques, against cyber breaches into well-known networks, have been studied in plenty of time. This work proposes a novel digital evidence acquisition scheme appropriate to Smart Grid systems through intensive investigation of the evidence acquisition requirements in Smart Grid and the historical evidence acquisition methods.