Search

KR-20260067869-A - APPARATUS AND METHOD FOR MESSAGE AUTHENTICATION BASED ON RESPONSE DELAY TIME OF REMOTE TERMINAL IN MIL-STD-1553 SYSTEMS

KR20260067869AKR 20260067869 AKR20260067869 AKR 20260067869AKR-20260067869-A

Abstract

A message authentication device based on the response delay time of a remote terminal in a MIL-STD-1553 system comprises: an authentication agent module included in the remote terminal, which generates a sequence of response delay times based on a key value, determines a transmission time according to the sequence of response delay times, and transmits a response message at the transmission time; and an authentication module included in the bus controller, which transmits a response request message to the authentication agent module, receives the response message, and authenticates the response message by verifying, based on the key value, whether the response message is received at a normal response delay time.

Inventors

  • 이동환
  • 최원우
  • 김동화
  • 안명길
  • 김주엽
  • 김용현
  • 권미영

Assignees

  • 국방과학연구소

Dates

Publication Date
20260513
Application Date
20241106

Claims (17)

  1. In a message authentication device based on the response delay time of a remote terminal in a MIL-STD-1553 system, An authentication agent module included in a remote terminal, which generates a sequence of response delay times based on a key value, determines a transmission time according to the sequence of response delay times, and transmits a response message at the transmission time; and A message authentication device comprising an authentication module included in a bus controller, which transmits a response request message to the authentication agent module, receives the response message, and authenticates the response message by verifying whether the response message is received at a normal response delay time based on the key value.
  2. In Article 1, A BC key management module included in the above bus controller, which generates the key value and provides it to the authentication module; and A message authentication device further comprising an RT key management module included in the above remote terminal, which receives the key value from the above BC key management module and provides it to the above authentication agent module.
  3. In Article 1, A message authentication device wherein the authentication module generates a sequence of response delay times based on the key value, determines the response message as normal if the response message is delayed according to the sequence of response delay times, and determines the response message as abnormal if the response message is not delayed according to the sequence of response delay times.
  4. In Article 1, A message authentication device in which the above response delay time is the time from the time of completion of transmission of the above response request message to the time of start of transmission of the above response message.
  5. In Paragraph 4, A message authentication device in which the authentication agent module transmits the response message between a first time point after a predetermined minimum delay time from the time of completion of transmission of the response request message and a second time point after a predetermined maximum delay time from the time of completion of transmission of the response request message.
  6. In Article 5, The time between the first time point and the second time point is divided into multiple slots, and The above authentication agent module selects a slot corresponding to a sequence of response delay times generated based on the key value among the plurality of slots, and a message authentication device that transmits the response message within the selected slot.
  7. In Article 6, The above plurality of slots are divided into a plurality of priority areas, and The authentication agent module above selects one of the plurality of priority areas, and regardless of the selected priority area, mathematical formula Calculate the delay value of the above response message using, and D is the delay value of the above response message, S is the slot number within the priority area where the above response message is transmitted, A message authentication device representing the number of slots allocated per priority area.
  8. In Article 7, A message authentication device that authenticates the response message by the above authentication module calculating the delay value of the response message and verifying whether the delay value of the response message matches the sequence number of the response delay time.
  9. In a message authentication method based on the response delay time of a remote terminal in a MIL-STD-1553 system, A step in which an authentication module included in the bus controller sends a response request message to an authentication agent module included in the remote terminal; The authentication agent module generates a sequence of response delay times based on a key value, determines a transmission time according to the sequence of response delay times, and transmits a response message at the transmission time; and A message authentication method comprising the step of the authentication module verifying whether the response message is received at a normal response delay time based on the key value to authenticate the response message.
  10. In Article 9, A step in which a BC key management module included in the bus controller generates the key value and provides it to the authentication module; and A message authentication method further comprising the step of distributing the key value to the RT key management module included in the remote terminal by the BC key management module.
  11. In Article 9, A message authentication method wherein the authentication module generates a sequence of response delay times based on the key value, determines the response message as normal if the response message is delayed according to the sequence of response delay times, and determines the response message as abnormal if the response message is not delayed according to the sequence of response delay times.
  12. In Article 9, The time between the first time point after a predetermined minimum delay time from the time of completion of transmission of the above response request message and the second time point after a predetermined maximum delay time from the time of completion of transmission of the above response request message is divided into a plurality of slots, and A message authentication method in which the authentication agent module selects a slot corresponding to a sequence of response delay times generated based on the key value among the plurality of slots, and transmits the response message within the selected slot.
  13. In Article 12, The above plurality of slots are divided into a plurality of priority areas, and The authentication agent module above selects one of the plurality of priority areas, and regardless of the selected priority area, mathematical formula Calculate the delay value of the above response message using, and The authentication module calculates the delay value of the response message and authenticates the response message by checking whether the delay value of the response message matches the sequence number of the response delay time. D is the delay value of the above response message, S is the slot number within the priority area where the above response message is transmitted, is a message authentication method that means the number of slots allocated per priority area.
  14. In a message authentication method based on the response delay time of a remote terminal in a MIL-STD-1553 system, A step in which the bus controller performs synchronization for all remote terminals; The step of the bus controller performing deactivation of all remote terminals; The step of the above bus controller performing additional authentication for an abnormal response remote terminal where the delay value of the response message does not match the sequence number of the response delay time; and A message authentication method comprising the step of, if the above abnormal response remote terminal passes additional authentication, the bus controller performing additional authentication for the remaining remote terminals excluding the above abnormal response remote terminal.
  15. In Article 14, When the remote terminal receives a response request message from the bus controller, it determines the transmission time according to a sequence of response delay times generated based on key values and transmits a response message at the transmission time. A message authentication method in which the bus controller generates a sequence of response delay times based on the key value, determines the response message as normal if the response message is delayed according to the sequence of response delay times, and determines the response message as abnormal if the response message is not delayed according to the sequence of response delay times.
  16. In Article 15, The time between the first time point after a predetermined minimum delay time from the time of completion of transmission of the above response request message and the second time point after a predetermined maximum delay time from the time of completion of transmission of the above response request message is divided into a plurality of slots, and A message authentication method in which the above remote terminal selects a slot corresponding to a sequence of response delay times generated based on the key value among the above plurality of slots, and transmits the response message within the selected slot.
  17. In Article 16, The above plurality of slots are divided into a plurality of priority areas, and The above remote terminal selects one of the above multiple priority areas, and regardless of the selected priority area, a mathematical formula Calculate the delay value of the response message using, and The above bus controller calculates the delay value of the response message and authenticates the response message by checking whether the delay value of the response message matches the sequence number of the response delay time, and D is the delay value of the response message, S is the slot number within the priority area where the response message is transmitted, is a message authentication method that means the number of slots allocated per priority area.

Description

Apparatus and method for message authentication based on response delay time of remote terminal in MIL-STD-1553 systems The present invention relates to a message authentication device and method based on the response delay time of a remote terminal in a MIL-STD-1553 system. The MIL-STD-1553 data bus is a highly reliable communication standard widely used in the military and aerospace fields. This standard guarantees high-speed and high-reliability data transmission and is designed to enable multiple Remote Terminals (RTs) and Bus Controllers (BCs) to communicate over a single bus. MIL-STD-1553B plays an essential role in various systems, such as aircraft, missiles, and military vehicles, by enabling real-time data communication and tight synchronization between systems. Existing MIL-STD-1553 communication systems utilize various technologies to ensure the reliability and accuracy of data transmission. However, while the MIL-STD-1553 data bus fundamentally guarantees the reliability and integrity of communication, certain vulnerabilities exist in terms of security. There is a possibility that a malicious attacker could monitor the data bus or manipulate data during transmission. Such vulnerabilities can threaten the security of the system. In particular, if an external intruder detects and exploits communications within the system, critical military information could be leaked. Furthermore, the existing MIL-STD-1553 standard does not provide sufficient authentication mechanisms between each communicating terminal. This increases the possibility that an external intruder could access the system, impersonate a malicious terminal, or disrupt the communication of a valid terminal. Such issues can degrade the reliability of the entire system and lead to catastrophic consequences, especially during military operations. These issues are major factors that degrade the security and reliability of systems using MIL-STD-1553 data buses. Therefore, a new authentication mechanism is required to address these problems. However, authentication techniques based on the physical and temporal characteristics of transmitted signals, which are currently mainly proposed in academia, require very complex authentication mechanisms, necessitating implementations that deviate significantly from the MIL-STD-1553 standard. FIG. 1 is a block diagram showing a message authentication device based on the response delay time of a remote terminal in a MIL-STD-1553 system according to one embodiment of the present invention. FIG. 2 shows an example of message authentication through response delay between a bus controller and a remote terminal according to an embodiment of the present invention. FIG. 3 is a flowchart illustrating a message additional authentication method according to one embodiment of the present invention. Hereinafter, embodiments of the present invention will be described in detail with reference to the attached drawings so that those skilled in the art can easily implement the present invention. The present invention may be embodied in various different forms and is not limited to the embodiments described herein. To clearly explain the present invention, parts unrelated to the explanation have been omitted, and the same reference numerals are used for identical or similar components throughout the specification. Furthermore, throughout the specification, when a part is described as "including" a certain component, this means that, unless specifically stated otherwise, it does not exclude other components but may include additional components. Hereinafter, with reference to FIGS. 1 and 2, a message authentication device and method based on the response delay time of a remote terminal in a MIL-STD-1553 system according to an embodiment of the present invention will be described. FIG. 1 is a block diagram showing a message authentication device based on the response delay time of a remote terminal in a MIL-STD-1553 system according to one embodiment of the present invention. FIG. 2 shows an example of message authentication through a response delay between a bus controller and a remote terminal according to one embodiment of the present invention. Referring to FIGS. 1 and 2, the MIL-STD-1553 system includes a bus controller (BC) and a plurality of remote terminals (RT). In the MIL-STD-1553 system according to one embodiment of the present invention, a message authentication device (100) based on the response delay time of the remote terminals may include an authentication module (110) and a BC key management module (120) included in the bus controller (BC), and an authentication agent module (130) and an RT key management module (140) included in the remote terminals (RT). The authentication module (110) requests a key value from the BC key management module (120) to authenticate the response delay time of each of the multiple remote terminals (RT), and the BC key management module (120) generates and stores the key value i