손태식 Kim Hyunjin 2016-08 23339 https://aurora.ajou.ac.kr/handle/2018.oak/12468 학위논문(석사)--아주대학교 일반대학원 :컴퓨터공학과,2016. 8 Chapter 1 Introduction 1 Chapter 2 Background and Related Work 4 Section 1 Background of wireless communication in Industrial Control System(ICS) 4 Section 2 Wireless Communication Protocol for ICS 5 Section 3 Testing and Certification Program for ICS 15 Section 4 Related Work of ISA100.11a Vulnerability and Testing Methodology 19 Chapter 3 Proposed Security Assurance Framework for ISA100.11a based ICS 22 Section 1 Overview of Proposed security Assurance Framework 22 Section 2 Communication Testing 24 Section 3 Security Function testing 28 Chapter4 Methodology of Measurement and Evaluation for Proposed Security Assurance 32 Section 1 Methodology of Communication Testing 32 Section 2 Methodology of Security Function testing 39 Section 3 Experiment of Proposed framework 47 Chapter 5 Conclusion 48 Reference 49 eng The Graduate School, Ajou University 아주대학교 논문은 저작권에 의해 보호받습니다. ISA100.11기반 산업제어시스템을 위한 향상된 보안 프레임워크 Enhanced Security Framework in ISA 100.11a based Industrial Control System Thesis 아주대학교 일반대학원 HyunJin Kim 일반대학원 컴퓨터공학과 2016. 8 Master http://dcoll.ajou.ac.kr:9080/dcollection/jsp/common/DcLoOrgPer.jsp?sItemId=000000023339 ICS ISA100.11a Wireless communication security assurance program security testing In the existing Industrial Control System (ICS), wire communication was used mostly, because of the strict conditions by the characteristics of the environment of the industry, such as real-time communication, time-limited processing, high availability, functional safety, and security, but a lot of costs and issues occurred due to high costs of maintenance, lack of scalability and lack of interoperability. Accordingly, studies to solve these problems by applying the wireless communication technology to the existing ICT to the ICS began to be conducted, and wireless communication technologies and protocols specialized in the industrial environment began to be studied and applied. However, despite the necessity of security is gradually increasing in the ICS, there are lacking studies to test and evaluate the security of the wireless communication technology, so it is urgently necessary to conduct a related study. This study proposes a security assurance technology of the devices using the relevant standard, focusing on ISA100.11a, one of the ICS wireless communication protocols. The proposed security assurance technology is divided broadly into communication testing and security function assessment, and the communication testing is divided into baseline operation testing, resource robustness testing, and packet manipulation testing. A security function assessment conducted with the devices that have passed communication testing is proposed differing the required items, divided by the components of ISA100.11a, such as a field device, backbone router, and host so that an assessment appropriate for the hardware specifications and roles of each component is achieved. In addition, this study seeks to facilitate the implementation and application of the proposed security assurance technology by proposing concrete methods or criteria for communication testing and security function assessment. Lastly, this study attempts to verify the conformance of the proposed security assurance by testing the security assurance technology in a test-bed with a network environment where the standard ISA100.11a can work network environment.