CN112468504B - Industrial control network access control method based on block chain - Google Patents
Industrial control network access control method based on block chain Download PDFInfo
- Publication number
- CN112468504B CN112468504B CN202011378886.5A CN202011378886A CN112468504B CN 112468504 B CN112468504 B CN 112468504B CN 202011378886 A CN202011378886 A CN 202011378886A CN 112468504 B CN112468504 B CN 112468504B
- Authority
- CN
- China
- Prior art keywords
- access
- requester
- intelligent contract
- authorization
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an industrial control network access control method based on a blockchain, which mainly solves the safety problem caused by illegal access or unauthorized access due to lack of user access behavior control measures in the existing industrial control network. The method includes (S1) writing access rights of the field device into smart contracts, including access authentication smart contracts and access authorization smart contracts; (S2) after verification by a common node in the block chain, carrying out uplink storage on the intelligent contract; (S3) after the access requester sends a request, calling the intelligent contract to verify the identity of the access requester, and if the identity passes the verification, completing access authorization, otherwise, having no authority; (S4) the industrial field device returning the access result to the requester in response to the access operation after the access requester obtains the access right. The invention effectively realizes the safety and reliability of the industrial control network through the block chain technology and the access control technology, and has high popularization value in industrial control safety.
Description
Technical Field
The invention relates to the technical field of industrial control networks, in particular to an industrial control network access control method based on a block chain.
Background
The industrial control system is a process control component for collecting and monitoring various facilities and real-time data for automatic production control, and is a business process control system which is constructed and used for ensuring the automatic operation, process control and monitoring of industrial infrastructure. The industrial control system comprises a monitoring control and data acquisition system, a distributed control system, a PLC, a field bus control system, a process control system, a remote terminal, intelligent electronic equipment and the like. The coming of the 4.0-era industry, the informatization and industrialization are more tightly and more rapidly fused together, and more safety problems are brought to the development of industrial control systems. On the one hand, once field devices in an industrial control network are invaded by viruses or malicious software, serious safety events are easily caused by device failure. On the other hand, the system takes control measures on the access behaviors of users (people, intelligent terminals or a section of programs), and once access information is tampered, the users can have unauthorized access or illegal access. Security protection for industrial control networks is currently mostly embodied in intrusion detection technology, however, when it detects abnormal behavior, the system has suffered some degree of harm.
Disclosure of Invention
The invention aims to provide an industrial control network access control method based on a blockchain, which mainly solves the safety problem caused by illegal access or unauthorized access due to lack of user access behavior management and control measures in the existing industrial control network.
In order to achieve the above purpose, the technical scheme adopted by the invention is as follows:
an industrial control network access control method based on block chain comprises the following steps:
(S1) writing access rights of the industrial field device into an access authentication smart contract, writing an access authorization smart contract for identity authentication of an access requester;
(S2) encrypting the access authentication intelligent contract and the access authorization intelligent contract, wherein a consensus node in the blockchain receives the encrypted authentication intelligent contract and the encrypted access authorization intelligent contract, verifies the contracts, stores the contracts in an uplink mode if the verification is passed, broadcasts the transaction ID and the storage address of the contract to other nodes, and broadcasts a transaction failure message if the verification is failed;
(S3) when the access requester accesses the resource in the industrial control network, calling an access authorization intelligent contract to verify whether the user is legal, if the user is legal, completing role authorization of the access requester, and broadcasting an authorization result; if the verification is not passed, the access requester has no authority to access the industrial field device;
(S4) after the access requester obtains the access right, sending an access operation to the industrial field device, and returning an access result to the access requester by the device in response to the access operation.
Further, in step (S2), elliptic curve cryptography is employed for encryption of the access authentication smart contract and the access authorization smart contract.
Further, the encryption process of the elliptic curve encryption algorithm is as follows:
(1) Let K be the private key and G be a point on the elliptic curve, then k=k×g for the public key;
(2) Randomly generating an integer r, and calculating rG= (x, y);
(3) According to the random number r, the hash value of the intelligent contract message M and the private key k, calculating s= (h+kx)/r, and taking { rG, s } as the signature of the private key;
(4) Transmitting the message M and the signature to each node of the blockchain network;
(5) After receiving the message M and the signature, obtaining a hash value h according to the message M, calculating hG/s+xK/s by using a sender public key K, comparing with rG, and if the hG/s+xK/s is equal to rG, completing verification.
Compared with the prior art, the invention has the following beneficial effects:
the access authority of the industrial field device is written into the access authentication intelligent contract, the access authentication intelligent contract is written at the same time and stored in the blockchain network, double access verification is carried out on the industrial field device and the access authority of the user, and meanwhile, the access control authority is distributed and stored on a plurality of hosts, so that the authority of the access control is very difficult to tamper, and compared with the existing access control method, the access control method can ensure the safety of the access control to a certain extent and ensure the access safety of the industrial control network.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The invention will be further illustrated by the following description and examples, which include but are not limited to the following examples.
Examples
As shown in fig. 1, the implementation steps of the industrial control network access control method based on the blockchain disclosed by the invention are as follows:
the first step: the access rights of an industrial field device are written as an access authentication smart contract, i.e. the device can be accessed after having been authenticated. In addition, an access authorization smart contract is written, which is mainly used for accessing the identity authentication of the requester so as to verify whether the requester can obtain the rights.
And a second step of: encrypting the access authentication intelligent contract and the access authorization intelligent contract by using an elliptic encryption algorithm, verifying the encrypted authentication intelligent contract and the encrypted access authorization intelligent contract by a consensus node in a blockchain, storing the contracts in an uplink mode if the verification is passed, broadcasting the transaction ID and the storage address of the contract to other nodes, and broadcasting a transaction failure message by the consensus node if the verification is failed. The encryption process of the elliptic curve encryption algorithm is as follows: let K be the private key and G be a point on the elliptic curve, then k=k×g for the public key; randomly generating an integer r, and calculating rG= (x, y); according to the random number r, the hash value of the intelligent contract message M and the private key k, calculating s= (h+kx)/r, and taking { rG, s } as the signature of the private key; transmitting the message M and the signature to each node of the blockchain network; after receiving the message M and the signature, obtaining a hash value h according to the message M, calculating hG/s+xK/s by using a sender public key K, comparing with rG, and if the hG/s+xK/s is equal to rG, completing verification.
And a third step of: when an access requester accesses resources in an industrial control network, calling an access authorization intelligent contract to verify whether the user is legal, if so, completing role authorization of the access requester, and broadcasting an authorization result; if the verification is not passed, the access requester has no access rights to the industrial field device.
Fourth step: and after the access requester obtains the access authority, sending an access operation to the industrial field device, and returning an access result to the access requester by the device in response to the access operation.
The access authority of the industrial field device is written into the access authentication intelligent contract, the access authentication intelligent contract is written at the same time and stored in the blockchain network, double access verification is carried out on the industrial field device and the access authority of the user, and meanwhile, the access control authority is distributed and stored on a plurality of hosts, so that the authority of the access control is very difficult to tamper, and compared with the existing access control method, the access control method can ensure the safety of the access control to a certain extent and ensure the access safety of the industrial control network. Thus, the present invention provides a significant and substantial advance over the prior art.
The above embodiment is only one of the preferred embodiments of the present invention, and should not be used to limit the scope of the present invention, but all the insubstantial modifications or color changes made in the main design concept and spirit of the present invention are still consistent with the present invention, and all the technical problems to be solved are included in the scope of the present invention.
Claims (1)
1. The industrial control network access control method based on the block chain is characterized by comprising the following steps:
(S1) writing access rights of the industrial field device into an access authentication smart contract, writing an access authorization smart contract for identity authentication of an access requester;
(S2) encrypting the access authentication intelligent contract and the access authorization intelligent contract, wherein a consensus node in the blockchain receives the encrypted authentication intelligent contract and the encrypted access authorization intelligent contract, verifies the contracts, stores the contracts in an uplink mode if the verification is passed, broadcasts the transaction ID and the storage address of the contract to other nodes, and broadcasts a transaction failure message if the verification is failed; wherein, the encryption of the access authentication intelligent contract and the access authorization intelligent contract adopts elliptic curve encryption algorithm;
the encryption process of the elliptic curve encryption algorithm is as follows:
(1) Let K be the private key and G be a point on the elliptic curve, then k=k×g for the public key;
(2) Randomly generating an integer r, and calculating rG= (x, y);
(3) According to the random number r, the hash value of the intelligent contract message M and the private key k, calculating s= (h+kx)/r, and taking { rG, s } as the signature of the private key;
(4) Transmitting the message M and the signature to each node of the blockchain network;
(5) After receiving the message M and the signature, obtaining a hash value h according to the message M, calculating hG/s+xK/s by using a sender public key K, comparing with rG, and if the hG/s+xK/s are equal to rG, finishing verification;
(S3) when the access requester accesses the resource in the industrial control network, invoking an access authorization smart contract to verify whether the access requester is legal, if the verification is passed, completing role authorization of the access requester, and broadcasting an authorization result; if the verification is not passed, the access requester has no authority to access the industrial field device;
(S4) after the access requester obtains the access right, sending an access operation to the industrial field device, and returning an access result to the access requester by the device in response to the access operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011378886.5A CN112468504B (en) | 2020-11-30 | 2020-11-30 | Industrial control network access control method based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011378886.5A CN112468504B (en) | 2020-11-30 | 2020-11-30 | Industrial control network access control method based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112468504A CN112468504A (en) | 2021-03-09 |
| CN112468504B true CN112468504B (en) | 2023-06-20 |
Family
ID=74805836
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011378886.5A Active CN112468504B (en) | 2020-11-30 | 2020-11-30 | Industrial control network access control method based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112468504B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113179311A (en) * | 2021-04-23 | 2021-07-27 | 上海和数软件有限公司 | Block chain authority multiple control method and system |
| CN113177234A (en) * | 2021-04-29 | 2021-07-27 | 中国工商银行股份有限公司 | Gray scale switch switching method and device |
| JP7357096B1 (en) | 2022-03-24 | 2023-10-05 | 株式会社日立製作所 | Data delivery system, data delivery method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019150176A1 (en) * | 2018-02-05 | 2019-08-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for managing service access authorization using smart contracts |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR3079322B1 (en) * | 2018-03-26 | 2021-07-02 | Commissariat Energie Atomique | METHOD AND SYSTEM FOR MANAGING ACCESS TO PERSONAL DATA BY MEANS OF A SMART CONTRACT |
| CN109936569B (en) * | 2019-02-21 | 2021-05-28 | 领信智链(北京)科技有限公司 | Decentralized digital identity login management system based on Ether house block chain |
| CN111046352B (en) * | 2019-12-13 | 2021-05-18 | 浙江师范大学 | Identity information security authorization system and method based on block chain |
| CN111629057B (en) * | 2020-05-27 | 2021-07-09 | 广西师范大学 | Block chain based Internet of things access control method with privacy protection function |
-
2020
- 2020-11-30 CN CN202011378886.5A patent/CN112468504B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019150176A1 (en) * | 2018-02-05 | 2019-08-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for managing service access authorization using smart contracts |
Non-Patent Citations (1)
| Title |
|---|
| 金剑 ; .广电数字媒体版权区块链管理平台的设计建设.《广播与电视技术》.2020,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112468504A (en) | 2021-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112468504B (en) | Industrial control network access control method based on block chain | |
| Li et al. | A blockchain-based authentication and security mechanism for IoT | |
| CN111429254B (en) | Business data processing method and device and readable storage medium | |
| CN106878318B (en) | Block chain real-time polling cloud system | |
| EP2278513A1 (en) | Method for preventing the use of a cloned user unit communicating with a server | |
| CN109509108B (en) | Insurance policy processing method and device based on block chain technology and computer equipment | |
| CN110908786A (en) | Intelligent contract calling method, device and medium | |
| CN112152778B (en) | Node management method and device and electronic equipment | |
| CN102035838A (en) | Trust service connecting method and trust service system based on platform identity | |
| CN112131309A (en) | Data evidence storing method and system based on block chain technology | |
| CN115065469B (en) | Data interaction method and device for power internet of things and storage medium | |
| CN113473458A (en) | Equipment access method, data transmission method and computer readable storage medium | |
| CN115967941A (en) | Power 5G terminal authentication method and authentication system | |
| CN117155716B (en) | Access verification method and device, storage medium and electronic equipment | |
| CN113630421A (en) | Method for preventing data migration of web system based on asymmetric encryption algorithm | |
| CN112613033A (en) | Method and device for safely calling executable file | |
| CN111800390A (en) | Abnormal access detection method, device, gateway equipment and storage medium | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN116032643A (en) | Application layer implicit unidirectional isolation device penetration method for national network chain service call | |
| CN111753308B (en) | Information verification method and electronic equipment | |
| CN114978677A (en) | Asset access control method, device, electronic equipment and computer readable medium | |
| CN108449753B (en) | Method for reading data in trusted computing environment by mobile phone device | |
| CN114024682A (en) | Cross-domain single sign-on method, service equipment and authentication equipment | |
| CN114679284A (en) | Trusted remote attestation system, storage method, verification method and storage medium thereof | |
| CN112926956A (en) | Block chain financial payment management method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |