Your SlideShare is downloading. ×
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-

1,186
views

Published on

주최 : 한국전기연구원 전문가 자문 발표 …

주최 : 한국전기연구원 전문가 자문 발표
발표장소 : 한국전기연구원
발표주제 :전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향 -소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
발표일:2009년 10월 20일
발표자 : 강장묵(세종대학교 정보통신공학과 BK사업단 소속 교수)
redsea@sejong.ac.kr
mooknc@gmail.com

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,186
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • 공학 박사 후 컴퓨터공학과에서 주로 강의와 연구를 수행하였다. 기술 및 비즈니스 특허 및국내외 논문과 저술을 다수 발표하였다.최근에는 기업체 CTO 및 위원, 국제교류에 주로 활동한다.mooknc@gmail.com 으로 연락,가능하다. 본 발표 내용은 발표 후 슬라이드 쉐어를 통해 공유되며, 슬라이드 하단에 주요 참조 연결이 있다.
  • (Michael Smith, SecTor 2009, Massively Scaled Security Solutions for Massively Scaled IT 의발표를 강장묵이2009.10.한국전기연구원 전문가자문을 위해 인용함) 자세한 내용은 http://www.slideshare.net/search/slideshow?q=+security&submit=post&searchfrom=header 에서 참조. While it’s easy to divorce the Certification and the Accreditation decision from the system development life cycle, understanding the relationship of the various activities within the life-cycle provides the context for our discussion.Successful AO/DAAs, project managers, security engineers, and certification and accreditation staff understand that in order to achieve a favorable accreditation decision, they need to communicate with each other early and often throughout the process.
  • (Michael Smith, SecTor 2009, Massively Scaled Security Solutions for Massively Scaled IT 의발표를 강장묵이2009.10.한국전기연구원 전문가자문을 위해 인용함) 자세한 내용은 http://www.slideshare.net/search/slideshow?q=+security&submit=post&searchfrom=header 에서 참조.
  • (Michael Smith, SecTor 2009, Massively Scaled Security Solutions for Massively Scaled IT 의발표를 강장묵이2009.10.한국전기연구원 전문가자문을 위해 인용함) 자세한 내용은 http://www.slideshare.net/search/slideshow?q=+security&submit=post&searchfrom=header 에서 참조.
  • Transcript

    • 1. 한국전기연구원 전문가 자문 발표
      전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜네트워크 서비스 등 차세대 기술 환경 맥락으로-
      발표일:2009년 10월 20일
      발표장소 : 한국전기연구원
      발표자 : 강장묵(세종대 정보통신공학과)
      redsea@sejong.ac.kr
    • 2. Who is kang, JM?
      연구 분야
      웹 2.0 중 소셜 네트워크 서비스
      유비쿼터스 컴퓨팅 중 증강현실
      디지털컨텐츠 중 UCC
      정보보호 중 개인정보
      학제간 연구(정보 소통 및 사회문화의 기술사회구성론적 분석)
      • 공학박사(정보보호 전공)
      • 3. 정보보호진흥원 등 자문 활동
      • 4. (현)세종대학교 정보통신공학과 교수
      -유비쿼터스 컴퓨팅 사업단-
      • 미디어 다음 열린사용자 위원회 위원
      2
    • 5. 생각할 문제
      3
      방송과 통신 융합은 서비스간 경계를 허물었다. 트위터와페이스북은OPEN환경에서 연동 및 공유된다.
      유비쿼터스 컴퓨팅기술로 공간 융합, 서비스 통합, mash-up으로 정보 공유는 취약점을 키우는가? 편리함만 주는가?
      서비스간 보안 규칙과 보안 대상 수준과 다루는 정보의 민감도도 허물어지지 않는가?
      개인화된 서비스와 광고로 수익을 얻는 비즈니스는 개인정보 더 나아가 프라이버시에 치명적 위협이지 않은가?
      전력기반 통신에 적용 가능한 유연한 기술은 새로운 보안 취약점을 야기하지 않는가?
    • 6. 발표 내용 및 보안 토픽
      PGP S/MIME
      SSL TLS
      IPSec
      Cryptography
      Symmetric Key
      Public Key
      Algorithms
      Encryption
      Digital Signatures
      Certificates
      Algorithms
      Encryption
      Key Mgmt
      발표내용
      간략한 보안 이슈 중 선별한 개론 수준의 개념
      소셜 네트워크 환경에서 보안 이슈와 적용
      전력계통망에서 새로운 비즈니스에 대한 플랫폼 차원의 보안
      발표자가 관심 갖는 보안 관련 연구 내용(기관 요청)
    • 7. Platform Security
      5
      Protecting your information, technology, property, products and people, thus protecting your business.
      The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA.
      • Confidentiality
      • 8. Integrity
      • 9. Availability
    • 보안 기술 소개 1.
      IPSec – IP Security
      Secures the IP packet by adding additional header
      Selection of encryption, authentication and hashing methods left to the user
      It requires a logical connection between two hosts, achieved using Security Association (SA)
      An SA is defined by:
      A 32-bit security parameter index (SPI)
      Protocol type: Authentication Header (AH) Or Encapsulating Security Payload (ESP)
      The source IP address
      Transport Mode
      IP Header
      IPSec Header
      Rest of the Packet
      OR
      Tunnel Mode
      IP Header
      IPSec Header
      Rest of the Packet
      New IP Header
    • 10. 보안 기술 소개 2.
      Pretty Good Privacy (PGP)
      One-time secret key
      Sender site
      Alice
      3
      +
      Encrypt
      Bob’s public key
      4
      Message plus Signed Digest
      1
      Alice’s private key
      Hash Function
      Encrypt
      5
      Encrypt
      Digest
      Signed Digest
      2
      +
      6
      The message and digest are encrypted using one time secret key created by Alice
      Encrypted (secret key & message + digest) to Bob
    • 11. 보안 기술 소개 2.
      PGP (contd.)
      Receiver site
      Bob’s private key
      One-time secret key
      7
      Encrypted (secret key & message + digest)
      Decrypt
      Bob
      Decrypt
      Encrypted (message + digest)
      8
      9
      10
      Decrypt
      Hash Function
      Alice’s public key
      The two digests are compared, thus providing authentication and integrity
      11
      Digest
      Digest
      X
      Compare
    • 12. 보안 기술 소개 3.
      S/MIME
      • Working principle similar to PGP
      • 13. S/MIME uses multipart MIME type to include the cryptographic information with the message
      • 14. S/MIME uses Cryptographic Message Syntax (CMS) to specify the cryptographic information
      • 15. Creating S/MIME message:
      MIME Entity
      CMS Object
      S/MIME
      Certificates
      MIME
      Wrapping
      CMS
      Processing
      Algoidentifiers
    • 16. 보안 기술 소개 4.
      Transport Layer Security (TLS)
      Server decrypts secret key with its private key. Uses secret key to decode message ad sends encrypted ack
      • Designed by IETF; derived from SSL
      • 17. Lies on top of Transport layer
      • 18. Uses two protocols:
      • 19. Handshake Protocol
      Hello
      Certificate
      Secret key
      End Handshaking
      Encrypted Ack
      Client
      Server
      • Data exchange protocol
      • 20. Uses secret key to encrypt data.
      • 21. Secret key already shared during handshake
      10
    • 22. 11
      보안 기술 소개 5.
      Chain of Trust
      • Query propagation similar to DNS queries
      • 23. At any level, the CA can certify performance of CAs in the next level i.e. level-1 CA can certify level-2 CAs.
      • 24. Thumb-rule: Everyone trusts Root CA
      Root CA
      Level-1
      CA 1
      Level-1
      CA 2
      Level-2
      CA 3
      Level-2
      CA 4
      Level-2
      CA 5
      Level-2
      CA 6
      Level-2
      CA 2
      Level-2
      CA 1
    • 25. 12
      최근 분산공격 사례
      DDoS Attack Scenario
      공격자
      Step 1.
      Probing vulnerable computers
      to make them zombies
      Step 2.
      Install attack program in
      Compromised zombies
      Zombiei
      Zombien
      Zombie1
      . . . . . .
      . . . . . .
      Step 3.
      Send attack commands
      to zombies to launch DDoS
      * Source: Random Spoofed Address
      * Destination: Victim Address
      Step 4.
      Victim network capacity was
      Saturated by DDoS attack traffic
      희생자
    • 26. 13
      The Components of Information Security
      • The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA.
      • 27. People
      • 28. Processes
      • 29. Technology
    • Need for message security
      Privacy
      Am I sure no body else knows this?
      Authentication
      Am I sure that the sender is genuine and not an imposter?
      Integrity
      Am I sure that the message has not been tampered on its way?
      Non-repudiation
      What will I do if the sender denies sending the message?
    • 30. 15
      XML의 발전과 위협
    • 31. 16
      Web 2.0 기반 언어 체계의 위협
    • 32. 17
      정책의 유연성
      : 융합 환경에서 이기종 간 정책의 일관성 유지 수준에서
    • 33. Study Group Organization
      (WTSA)
      (TSAG)
      ITU-T
      Telecommunication
      standardization of
      network and service
      aspects
      ITU-D
      Assisting implementation
      and operation of
      telecommunications in
      developing countries
      ITU-R
      Radiocommunication
      standardization and
      global radio spectrum
      management
      What is International Telecommunication Union (ITU) ?
      • SG 17, Security, Languages and Telecommunication Software
      • 34. Lead Study Group on Telecommunication Security
      • 35. SG 2, Operational Aspects of Service Provision, Networks and Performance
      • 36. SG 4, Telecommunication Management
      • 37. SG 5, Protection Against Electromagnetic Environment Effects
      • 38. SG 9, Integrated Broadband Cable Networks and Television and Sound Transmission
      • 39. SG 11, Signalling Requirements and Protocols
      • 40. SG 13, Next Generation Networks
      • 41. SG 15, Optical and Other Transport Network Infrastructures
      • 42. SG 16, Multimedia Terminals, Systems and Applications
      • 43. SG 19, Mobile Telecommunication Networks
      Headquartered in Geneva, is the UN specialized agency for telecom
    • 44. Federal Information Security Management Act
      19
      Roles & Responsibilities
      Security Program
      Periodic risk assessments
      Policies and procedures
      Security plans
      Security awareness training
      Periodic testing & evaluation
      Remediation activities
      Incident response capabilities
      Continuity of operations
      Annual Security Review
      • Determine sufficiency of security program
      • 47. Independent Evaluation (e.g., IG)
      • 48. Safeguard evaluation data
      Annual Reporting
      • Reports from CIO & IG
      • 49. Report material weaknesses
      • 50. Provide performance plans
      §§ 3544(c), 3545 (e)
      §3544(a)
      §§ 3544(c), 3545 (e)
      §3544(b)
    • 51. 인증과 인가:IT Security in the SDLC
      --NIST SP 800-64
    • 52. Security Control Automation Protocol—SCAP
      XML and protocols to exchange technical security information between products
      “Glue Code” between the following data sets:
      Common Vulnerabilities and Exposures (CVE)
      Common Configuration Enumeration (CCE)
      Common Platform Enumeration (CPE)
      Common Vulnerability Scoring System (CVSS)
      Extensible Configuration Checklist Description Format (XCCDF)
      Open Vulnerability and Assessment Language (OVAL)
      More products certified weekly
      21
    • 53. Observations and Truthinesses(보안 방식의 결정)
      Control v/s audit burdens
      Skill of the constituency
      Need a security professional at each layer
      Is it all just a matter of centralized v/s decentralized?
      22
    • 54. Applications
      Service User
      Profiles
      ANI
      Application Support Functions & Service Support Functions
      Service Control
      Functions
      Transport User
      Profiles
      Network Attachment
      Control Functions
      Service stratum
      Management Functions
      End-User
      Functions
      Resource and
      Admission
      Control Functions
      Other
      Networks
      Transport Control Functions
      Transport Functions
      UNI
      NNI
      Transport stratum
      Control
      Media
      NGN architecture overview (Y.2012)
      • Packet-based network with QoS supportand Security
      • 55. Separation between Services and Transport
      • 56. Access can be provided using many underlying technologies
      • 57. Should be reflected in policy
      • 58. Decoupling of service provision from network
      Support wide range of services/applications
      Converged services between Fixed/Mobile
      • Broadband capabilities with end-to-end QoS
      • 59. Compliant with regulatory requirements
      • 60. Emergency communications, security, privacy, lawful interception
      • 61. ENUM Resources, Domain Names/ Internet Addresses
    • Provider B from
      Provider A’s point of view
      Provider A
      Trusted
      Zone
      Trusted but
      Vulnerable
      Zone
      Untrusted
      Zone
      Domain
      Border
      Elements
      (DBE)
      Domain
      Border
      Elements
      (DBE)
      NGN
      network
      Elements
      NGN
      network
      Elements
      NGN Peering Trust Model
    • 62. PDA
      Cellular
      At your Desk
      In the Air
      Managed Office
      On the Road
      In Town
      At Home
      IdentityConnecting users with services and with others (Federation)
      People have multiple identities, each within a specific context or domain
      Work – me@company.com
      Family – me@smith.family
      Hobby – me@icedevils.team
      Volunteer – me@association.org
      Collaboration
      PC
      Video
      Voice Telephony
      Smart Phone
      Whatever you’re doing
      (applications)
      Whatever you’re using
      (devices)
      Web Apps
      ERP
      Wherever you are
      (across various access types)
      • Network Identity is essential
      • 63. Need end-to-end trust model
    • 노드-허브-클러스트 등 네트워크 계층
      26
      • At what layer do you address a specific problem?
      • 64. Can a specific solution “scale up” to the Federation/ Community Layer?
      • 65. How do I get “clueful” people at each layer?
      • 66. How do I communicate between layers?
    • Trusted Internet Connections—TIC
      Reduce Government Internet connections to 50
      Lowers the demand for skilled personnel
      Uses models from DoD and DHS
      Agencies share Internet connections
      In theory: simplifies protecting Internet connections Government-wide
      http://www.whitehouse.gov/omb/memoranda/fy2008/m08-05.pdf
      27
    • 67. The Cybertastic Future: Management
      Use the Enterprise, Project, and Integration Layers
      Start in bite-sized pieces and consolidate wherever possible
      Need “clueful” people at all layers
      Organization at the Federation Layer for self-regulation—some people are already doing it
      28
    • 68. Some useful web resources
      ITU-T Home page http://www.itu.int/ITU-T/
      Security Roadmap http://www.itu.int/ITU-T/studygroups/com17/ict/index.html
      Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/en
      Cybersecurity Portal http://www.itu.int/cybersecurity/
      Cybersecurity Gateway http://www.itu.int/cybersecurity/gateway/index.html
      Recommendations http://www.itu.int/ITU-T/publications/recs.html
      ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtml
      ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.html
      LSG on Security http://www.itu.int/ITU-T/studygroups/com17/tel-security.html
    • 69. 30
      질의와 토론
    • 70. 최근 특허 사례 (출원인:세종대,동국대, 발명가:강장묵 외)
      효율적인 개인정보 유통경로의 안전관리를 위한 개인 정보 보호 장치 및 방법
      {PERSONAL INFORMATION PROTECTION APPARATUS AND METHOD
      FOR MANAGING DISTRIBUTION CHANNEL OF PERSONAL INFORMATION EFFICIENTLY AND SAFELY}