Cryptographic algorithm function validation modeling for nuclear I&C systems

Abstract

It is necessary to apply cyber security functions to control system in nuclear power plant complying with Regulatory Guide 5.71. According to the regulations, B.4.9 Cryptographic Module Authentication of Appendix B, technical security controls, Critical Data Asset (CDA) s authenticate cryptographic modules has to accord with FIPS 140-2. The specification explains the cyber security functional requirements are evaluated at the Common Criteria (CC) evaluation assurance. Thus, the security function algorithms for encryption and decryption developed in Nuclear Instrumentation and Control (I&C) control system have to consider a cryptographic module validation program (CMVP) which is validation scheme in Common Criteria Standard. As regulatory guide 5.71, many cyber security technical functions have to be developed and applied to CDAs. The functions are most going to utilize the encryption and decryption functions. Therefore it must be important for satisfying the functions to validation process on the developed encryption and decryption algorithms. There has been no experience to apply and evaluate the cyber security functions to control systems in nuclear power plant I&C. The standards for each cryptographic algorithms provide the test vectors and process of validation. In case of Korea CMVP standards and National Institute of Standards and Technology (NIST) CMVP, they include validation objects, target modules, validation baselines, process schemes, process terms, validation test cases. This paper proposes modeling schemes to perform the procedure of validating test vectors among CMVP procedures for the cryptographic algorithms to be developed in the nuclear control system such as Programmable Logic Control (PLC) and Distributed Control System (DCS). By utilizing the proposed methodologies, it is possible to further validate the stability of the algorithm implementation function as well as the test vectors of the necessary procedures with standard test methodologies and standard documents which must be satisfied.