CN116170110B - Time synchronization architecture, security method and device for time sensitive network - Google Patents
Time synchronization architecture, security method and device for time sensitive network Download PDFInfo
- Publication number
- CN116170110B CN116170110B CN202310438239.6A CN202310438239A CN116170110B CN 116170110 B CN116170110 B CN 116170110B CN 202310438239 A CN202310438239 A CN 202310438239A CN 116170110 B CN116170110 B CN 116170110B
- Authority
- CN
- China
- Prior art keywords
- master clock
- clock source
- heterogeneous
- time
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a time synchronization architecture, a security method and a device for a time sensitive network, wherein the architecture comprises the following components: the master clock source system is used for providing time information for the directly connected slave clocks by adopting a dynamic heterogeneous redundant safety architecture; the slave clocks are in a hierarchical form according to network topology and are in time synchronization with the master clock source system step by step; the master clock source system comprises a master clock source controller, a heterogeneous master clock source resource pool, a current master clock source and a master clock source online detection set. The method comprises the following steps: a master clock source election phase, a synchronization phase, a master clock source verification phase and a master clock source agility switching phase. The framework provided by the invention improves the election efficiency, the switching speed and the reliability of the master clock source in the time sensitive network. The security method further improves the security of the master clock source in the time-sensitive network. The invention can be widely applied to the real-time communication technology in the industrial Internet.
Description
Technical Field
The invention relates to a real-time communication technology in an industrial internet, in particular to a time synchronization architecture, a security method and a device for a time sensitive network.
Background
The best effort data transmission mode of the traditional network has obvious long tail effect on end-to-end delay and jitter, and cannot meet the deterministic communication requirement of the real-time field represented by the industrial Internet.
In a time sensitive network, a time synchronization mechanism is a key basic guarantee, and deterministic scheduling of time triggered flows with hard real-time requirements by the time sensitive network must be established on the basis of time synchronization of all network devices. The guarantee of strict time synchronization is lost, and the time sensitive network is difficult to normally operate. For this purpose, the IEEE 802.1AS standard defines a generalized accurate time synchronization protocol, in particular for time-sensitive networks, which through a master-slave clock mechanism is intended to achieve a time synchronization accuracy error of the time-sensitive network within 7 hops of no more than 1 microsecond. In principle, the standard proposes an optimal master clock election algorithm to determine the master clock of the whole network in a distributed manner, and uses time stamps to calibrate clocks of network element devices step by step in a distributed manner so that the clocks and the master clock source are kept consistent.
Because the topology and the flow requirements of the early time sensitive network are simpler, a fully distributed or partially distributed architecture is mostly adopted, and the optimal master clock election algorithm can effectively elect the master clock source of the whole network and can better adapt to the change of the network topology or nodes. However, with the continuous development of time-sensitive network technology and the increasing complexity of application scenarios, the distributed optimal master clock election algorithm has difficulty adapting to the completely centralized architecture of the current time-sensitive network mainstream, and simply specifying the master clock source is obviously not enough.
While secure operation of the whole network time synchronization is critical to the implementation and application of time sensitive networks, existing time synchronization security mechanisms remain inadequate. In particular, the existing research is mostly focused on encryption of link communication between time nodes to avoid the time synchronization information from being tampered with, eavesdropped, replayed, or forged. These security mechanisms can effectively address network threats such as packet content manipulation attacks, delay attacks, replay attacks, spoofing attacks, etc. among slave clock nodes. However, existing time-synchronized security mechanisms lack sufficient attention for the master clock source, and are difficult to defend against advanced persistent threats to the master clock source, i.e., against time-synchronized attacks initiated with a master clock source backdoor vulnerability. In addition, the existing distributed master clock source election algorithm lacks effective supervision on the master clock source, and the defending difficulty on the master clock source counterfeiting attack is increased to a certain extent.
In recent years, the academia and the industry have studied the security of a time synchronization mechanism in a time sensitive network, and the main time synchronization security methods currently mainly include the following steps:
the first prior art is: IEEE 1588 security accessory K
Principle of: the accessory is a secure accessory that is self-contained in the precision clock synchronization protocol, and comprises four parts. Most notably, the protocol encrypts communications between time synchronized nodes in a symmetric key manner, i.e., using symmetric keys to provide group source authentication, message integrity, and replay protection security. The accessory establishes a trust relationship using a challenge-response three-way handshake mechanism that relies on a predefined key shared by a group of devices or the entire domain. Related research efforts have improved the accessory, including the provision of improved handshaking and replay counters.
Disadvantages: although the accessory protects the communication between the time nodes by encryption, the accessory lacks an authentication mechanism for the master clock source so that any slave clock device can masquerade as the master clock source. In addition, a network attacker can manipulate one of the clock devices through a phishing software back door vulnerability, thereby acquiring a pre-distributed key, or initiating an internal attack that cannot be defended by the accessory.
And the second prior art is as follows: MAC sec protocol
Principle of: the time sensitive network operates at the link layer, while MAC sec is a link layer security protocol based on IEEE 802.1X and IEEE 802.1AE, the former specifying session initiation and key management, the latter specifying encryption and authentication protocols. The protocol can provide safe MAC layer data transmitting and receiving service for users, including user data encryption, data frame integrity check and data source authenticity check. The security architecture of MAC sec employs a hop-by-hop authentication and encryption method, where packets are decrypted and authenticated at each network node, then encrypted and authenticated again, and then moved forward.
Disadvantages: in time sensitive networks, deployment of the MAC sec protocol on all devices is costly, requiring support by the switches and terminal hardware. In addition, although the MAC sec can protect the connection of the trusted node, the attack initiated by the same trusted node cannot be prevented, i.e. the APT attack cannot be effectively defended. The network attacker can penetrate into trusted time nodes and in turn initiate PTP attacks (e.g., packet content modification attacks), thereby reducing the accuracy of time synchronization.
The third prior art is: master clock source of master-slave architecture
Principle of: in the precision clock synchronization protocol, it is proposed to build redundant master clock sources. When the running main clock source fails or suffers from attack, the main clock source is hot switched into a standby main clock source, so that adverse effects on time synchronization caused by failure or network attack are reduced.
Disadvantages: the main clock source of the main clock source and the standby clock source are preset during network initialization, so that the dynamic property and the real-time property are often lacked, and the safety performance is still to be improved. In addition, the standby master clock source in the time-sensitive network is often acted as a switch in practice, and the switch also needs to perform traffic transmission work, and before being switched to the formal master clock source, the master clock source may be damaged by an attacker due to software and hardware loopholes. That is, the standby master clock sources contain a time synchronization domain and a traffic transmission domain at the same time, so that the security cannot be sufficiently ensured.
The prior art is four: deploying independent security supervision nodes
Principle of: since the conventional security protocols and security standards are difficult to fully meet the time-synchronized security requirements in time-sensitive networks, there have also been studies in recent years to propose deploying independent security supervision nodes in time-synchronized networks, which nodes are secure and trusted and do not require time synchronization with the rest of the devices. In operation, the node collects and analyzes the delay and offset outputs of the monitored slave clock nodes and the time stamps embedded in the synchronization messages so that it can detect abnormal patterns directed to the attack and isolate the affected time synchronization domains when an attack is detected, thereby guaranteeing the clock reliability of each node.
Disadvantages: this technique requires statistics of whole network time information for security detection, occupies a large amount of precious link resources, and generates a large amount of overhead for normal operation of the time-sensitive network, so as to reduce the possibility that the time synchronization mechanism changes from out-of-band communication to in-band communication.
Aiming at the current situations that in the time synchronization mechanism of the existing time sensitive network, the selection efficiency of a master clock source is low and the time cost of switching is high, and the safety problem that an effective master clock source safety defense method is lacking and is difficult to resist the fake attack of the master clock source and the safety problem of the master clock source attack initiated by using unknown vulnerabilities, the embodiment of the invention provides a time synchronization architecture and the master clock source safety defense method contained in the time synchronization architecture.
Disclosure of Invention
In order to solve at least one of the technical problems existing in the prior art to a certain extent, the invention aims to provide a time synchronization architecture, a security method and a device for a time sensitive network.
The technical scheme adopted by the invention is as follows:
a time-sensitive network oriented time synchronization architecture comprising:
the master clock source system is used for providing time information for the directly connected slave clocks by adopting a dynamic heterogeneous redundant safety architecture;
The slave clocks are in a hierarchical form according to network topology and are in time synchronization with the master clock source system step by step;
the master clock source system comprises a master clock source controller, a heterogeneous master clock source resource pool, a current master clock source and a master clock source online detection set;
the master clock source controller is internally provided with a pulse signal generator and is connected with each heterogeneous candidate master clock source in the heterogeneous master clock source resource pool;
the heterogeneous master clock source resource pool comprises a plurality of heterogeneous candidate master clock sources;
the current master clock source is selected from the heterogeneous master clock source resource pool and used for providing time information of the whole time sensitive network;
and the master clock source online detection set is dynamically formed by partial heterogeneous candidate master clock sources in the heterogeneous master clock source resource pool, and provides security detection reference information of the master clock source after receiving an instruction of the master clock source controller.
Further, the master clock source controller is logically connected to a controller of a time sensitive network, and functions of the master clock source controller include:
1) Managing the directly connected various heterogeneous candidate master clock sources and the state of the current master clock source;
2) Transmitting time and frequency information of a master clock source to each directly connected slave clock to measure the mutual link time delay and correct the slave clock in real time;
3) The security method is stored and executed to elect the master clock source, periodically detect the security of the master clock source and realize agile switching of the master clock source.
Further, each heterogeneous master clock source in the master clock source online detection set is transparent to each other and works independently.
The invention adopts another technical scheme that:
a security method of a time-sensitive network-oriented time synchronization architecture, comprising the steps of:
a main clock source election stage: selecting a current master clock source from a heterogeneous master clock source resource pool;
synchronization phase: the current main clock source and all network devices except the current main clock source controller in the time sensitive network are controlled in a fixed periodPerforming time synchronization;
and (3) a master clock source verification stage: according to the multimode dynamic scheduling mechanism, the method uses fixed periodScheduling part of heterogeneous master clock sources from the heterogeneous master clock source resource pool to dynamically form a master clock source online detection set, and checking the current master clock source information and the master clock source online detection set so as to detect whether the current master clock source is safe or not in real time;
And (3) a primary clock source agile switching stage: when the current master clock source is detected to be unsafe, a new master clock source is dynamically selected from the heterogeneous master clock source resource pool to replace the original unsafe master clock source.
Further, in the master clock source verification stage, the verifying the current master clock source information and the master clock source online detection set includes:
the clock source controller obtains the time information sent by the current main clock source;
The clock source controller obtains the time information of each heterogeneous candidate master clock source in the master clock source online detection set;
Calculating the current legal time window according to the obtained time informationW;
Checking time informationAnd a time windowWExamination time information->Whether or not it falls within the current legal time windowWAnd judging whether the current master clock source is in a normal running state.
Further, the time windowWThe expression of (2) is:
wherein, the liquid crystal display device comprises a liquid crystal display device,is a scaling factor, +.>Is the number of heterogeneous candidate master clock sources in the master clock source online detection set,。mis the number of heterogeneous candidate master clock sources in the heterogeneous master clock source resource pool.
Further, in the master clock source verification stage, the multimode dynamic scheduling mechanism for constructing the master clock source online detection set comprises the following steps:
Screening out heterogeneous candidate master clock sources which do not support the master clock source function or are possibly closed in running in the heterogeneous master clock source resource pool, and alarming to a network administrator to report equipment abnormality;
using feedback indicatorsReflecting the real-time security performance of all the rest heterogeneous candidate master clock sources which are not the current master clock source in the heterogeneous master clock source resource pool;
setting the scale of the main clock source on-line detection set as(i.e. the number of heterogeneous candidate master clock sources in the master clock source online detection set), obtaining all candidate master clock source online detection sets by means of permutation and combination, and adopting heterogeneous index +.>Reflecting the heterogeneity of the master clock source online detection sets of different candidates. /> ,mThe number of heterogeneous candidate master clock sources in the heterogeneous master clock source resource pool;
calculating comprehensive evaluation indexes of each candidate master clock source online detection setSelecting comprehensive evaluation index->The highest candidate set is used as the final scheduled master clock source online detection set.
Further, the feedback indexThe real time difference differential feedback updating method is adopted for updating, and specifically comprises the following steps:
on-line detection of master clock source information and preamble master clock source After the information verification is carried out on the measurement set, feedback indexes of all heterogeneous candidate master clock sources except the master clock source are fed backUpdates are made, wherein the updates include positive feedback updates and negative feedback updates:
if the heterogeneous candidate master clock source belongs to the master clock source online detection set, and the time information of the heterogeneous candidate master clock source is in a legal time windowWIn accordance with the threshold valueAnd feedback index->Performing a positive feedback update, the positive feedback update including two cases:
1) If the current feedback index of the online heterogeneous candidate master clock source is a non-negative value, judging the feedback indexWhether or not it is less than a threshold +.>If the feedback index is smaller than s, the feedback index is increased; conversely, the feedback index increases +.>The method comprises the steps of carrying out a first treatment on the surface of the Wherein->For discount rate->;
2) If the current feedback index of the online heterogeneous candidate master clock source is a negative value, the feedback index is increasedWhereinFor recovery rate->,/>The feedback index is used for the feedback index when the online heterogeneous candidate master clock source is successfully attacked;
the negative feedback update includes:
if the heterogeneous candidate master clock source belongs to the master clock source online detection set, and the time information of the heterogeneous candidate master clock source exceeds the current legal time windowWThe feedback index is updated to a negative value Reflecting that the heterogeneous candidate master clock source cannot safely run, and simultaneously storing the feedback index of the online heterogeneous candidate master clock source at the moment as +.>。
Further, the steps of positive feedback updating and negative feedback updating further include:
if the heterogeneous candidate master clock source does not belong to the master clock source online detection set, judging whether the current feedback index of the online heterogeneous candidate master clock source is a non-negative value, if so, feeding back the indexNot updating; if it is negative, the feedback index is increased +.>。
Further, the firstjComprehensive evaluation index of online detection set of candidate master clock sourcesThe calculation formula of (2) is as follows:
wherein, the liquid crystal display device comprises a liquid crystal display device,detecting the number of heterogeneous candidate master clock sources in the set on line for the master clock source, +.>,mThe number of heterogeneous candidate master clock sources in the heterogeneous master clock source resource pool; /> 、/>All are weight values manually set according to the requirements,;/>is the firstjThe first candidate master clock source in the online detection setiAnd heterogeneous candidate master clock sources.
The invention adopts another technical scheme that:
a security device for a time-sensitive network-oriented time synchronization architecture, comprising:
at least one processor;
at least one memory for storing at least one program;
The at least one program, when executed by the at least one processor, causes the at least one processor to implement the method described above.
The beneficial effects of the invention are as follows: the framework provided by the invention improves the election efficiency, the switching speed and the reliability of the master clock source in the time sensitive network. The security method provided by the invention further improves the security of the master clock source in the time sensitive network. The architecture and the security method thereof are widely applicable to various different time-sensitive network application scenes, and have good practical effect and universality.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description is made with reference to the accompanying drawings of the embodiments of the present invention or the related technical solutions in the prior art, and it should be understood that the drawings in the following description are only for convenience and clarity of describing some embodiments in the technical solutions of the present invention, and other drawings may be obtained according to these drawings without the need of inventive labor for those skilled in the art.
Fig. 1 is a schematic diagram of the overall structure of a time synchronization architecture for a time sensitive network according to an embodiment of the present invention;
FIG. 2 is a flow chart of a security method of a time synchronization architecture for a time sensitive network according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of the security verification of the current master clock source performed in the master clock source verification stage in an embodiment of the present invention;
FIG. 4 is a flow chart of a multi-mode dynamic scheduling mechanism according to which a master clock source check phase is implemented in an embodiment of the present invention;
fig. 5 is a flowchart of a real-time differentiated feedback updating method according to an embodiment of the invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention. The step numbers in the following embodiments are set for convenience of illustration only, and the order between the steps is not limited in any way, and the execution order of the steps in the embodiments may be adaptively adjusted according to the understanding of those skilled in the art.
In the description of the present invention, it should be understood that references to orientation descriptions such as upper, lower, front, rear, left, right, etc. are based on the orientation or positional relationship shown in the drawings, are merely for convenience of description of the present invention and to simplify the description, and do not indicate or imply that the apparatus or elements referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be construed as limiting the present invention.
In the description of the present invention, a number means one or more, a number means two or more, and greater than, less than, exceeding, etc. are understood to not include the present number, and above, below, within, etc. are understood to include the present number. The description of the first and second is for the purpose of distinguishing between technical features only and should not be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present invention, unless explicitly defined otherwise, terms such as arrangement, installation, connection, etc. should be construed broadly and the specific meaning of the terms in the present invention can be reasonably determined by a person skilled in the art in combination with the specific contents of the technical scheme.
As shown in fig. 1, the present embodiment provides a time synchronization architecture for a time sensitive network, including:
the master clock source system is used for providing time information for the directly connected slave clocks by adopting a dynamic heterogeneous redundant safety architecture;
and each slave clock adopts a hierarchical form according to the network topology and is in time synchronization with the master clock source system step by step.
Wherein, the master clock source system: the system consists of a master clock source controller, a heterogeneous master clock source resource pool, a current master clock source and a master clock source online detection set logically, and is a one-hop wired local area network physically, and the system integrally provides the master clock source service to the outside. Slave clock: in the time synchronization architecture of the present embodiment, a multi-stage slave clock is included in accordance with an actual deployment scenario. The slave clocks are physically time-sensitive network devices, e.g. time-sensitive network switches, end devices.
In this embodiment, the architecture adopts a master-slave clock mechanism, which accords with a time synchronization mode of a main stream in the communication field. In the time synchronization architecture, the master clock source system is directly connected to the time sensitive network controller, which is highly compatible with the mainstream fully centralized time sensitive network architecture. In a specific beneficial effect, the master clock source of the time synchronization architecture is generated from a heterogeneous master clock source resource pool containing limited heterogeneous candidate master clock sources, and the heterogeneous candidate master clock sources are artificially added by a network manager during network initialization. Compared with the existing optimal master clock election algorithm, the time synchronization architecture has higher election efficiency, can effectively resist the master clock source counterfeiting attack, and improves the reliability of the master clock source. In addition, the introduction of the master clock source controller can also remarkably improve the switching efficiency of the master clock source.
The following describes each module in the master clock source system in detail.
A master clock source controller: which is logically connected to the controller of the time sensitive network, physically may be built-in to the controller of the time sensitive network, or use dedicated hardware devices. The master clock source controller is internally provided with a stable pulse signal generator and is connected with each heterogeneous candidate master clock source in the heterogeneous master clock source resource pool in a wired mode The method is core equipment of a master clock source system, and comprises the following functions and implementation methods:
(1) Managing the directly connected heterogeneous candidate master clock sources and the state of the current master clock source.
The status of each directly connected heterogeneous candidate master clock source and the current master clock source are managed through state management. For example, the states of the heterogeneous candidate master clock sources may be marked from three dimensions, such as whether they are the current master clock source, whether they belong to the master clock source online detection set, whether they are currently operating normally, whether they are in a state to be cleaned, and so on. In addition, the master clock source controller also stores software and hardware information of each heterogeneous candidate master clock source and is configured with a northbound interface which interacts with a network manager or a time sensitive network controller.
(2) The time and frequency information of the master clock source is sent to each directly connected slave clock to measure the inter-link delay and correct the slave clock in real time.
Specifically, a point-to-point (peer to peer) or end-to-end (end to end) mode of the main stream in the current time synchronization mechanism can be adopted to perform link delay measurement and slave clock correction, and the specific measurement and correction mode is not the content of the patent and is not protected by the patent;
(3) The security method of the time synchronization architecture facing the time sensitive network is stored and executed, so that the current master clock source is elected, the security of the current master clock source is detected at fixed time, and the agile switching of the master clock source is realized.
Specifically, compared with the existing optimal master clock election algorithm, the time synchronization architecture reduces the range of candidate master clock sources and ensures the safety and reliability of the candidate master clock sources. In a specific election method, a clock source priority-based manner used in the IEEE 801.1AS standard may be adopted, or an initial master clock source may be formulated by a network administrator, and a specific election algorithm is not described in this patent, so that details are not described herein.
In addition, the main clock source controller uses a built-in pulse signal generator at each intervalkPeriodically sending instructions by the signals to obtain the time information of the current main clock sourceAnd time information of each heterogeneous candidate master clock source in the master clock source online detection set +.>And when the current master clock source is not safe, electing and agilely switching to a new master clock source through the state management.
Heterogeneous master clock source resource pool: candidate master clock source server logically comprising multiple heterogeneous software and hardware The heterogeneous candidate master clock source servers should be as different as possible in the software and hardware implementation layers such as internal software and hardware interfaces, clock source forms, security programs, operating systems (if any), etc. to avoid memoryIn common mode holes.
Current master clock source: the current master clock source is selected from the heterogeneous master clock source resource pool by the master clock source controller according to the master clock source security method.
Master clock source online detection set: is a logical set of heterogeneous master clock source resource poolsn() The heterogeneous master clock source is dynamically composed. Each heterogeneous master clock source in the master clock source online detection set is mutually transparent and works independently, and after receiving an instruction of the master clock source controller, the master clock source online detection set returns own time information +_ to the master clock source controller>To provide security detection reference information for the master clock source. An example of one such set of master clock source online detections is provided in FIG. 1, namelynWhen=3, heterogeneous candidate master clock source {>-forming said master clock source online detection set.
Based on the above-mentioned time synchronization architecture, the embodiment of the present invention also proposes a security defense method of a master clock source under the time synchronization architecture, which includes the following four phases:
A main clock source election stage: selecting a current master clock source from a heterogeneous master clock source resource pool;
synchronization phase: the current main clock source and all network devices except the current main clock source controller in the time sensitive network are controlled in a fixed periodT 1 Performing time synchronization;
and (3) a master clock source verification stage: according to the multimode dynamic scheduling mechanism, the method uses fixed periodScheduling partial heterogeneous master clock sources from a heterogeneous master clock source resource pool to dynamically form master clock sources inThe line detection set is used for checking the current main clock source information and the main clock source on-line detection set, so that whether the current main clock source is safe or not is detected in real time;
and (3) a primary clock source agile switching stage: when the current master clock source is detected to be unsafe, a new master clock source is dynamically selected from the heterogeneous master clock source resource pool to replace the original unsafe master clock source.
In this embodiment, because the implementation manners of the heterogeneous candidate master clock source servers are different, that is, the software and hardware vulnerabilities of the heterogeneous candidate master clock source servers are different, and the current master clock source time information is periodically checked, it is often difficult for a network attacker to simultaneously permeate and break the current master clock source and the master clock source online detection set. The security method contained in the architecture can actively defend against security attack to the master clock source initiated by utilizing unknown vulnerabilities, namely, the situation that defense strategies are driven in a time synchronization mechanism is radically twisted, and the security of the master clock source is improved. The architecture and the security method thereof have no special requirements on the actual application scene of the time-sensitive network, are widely applicable to various different time-sensitive network application scenes, and have good actual effect and universality.
The above method will be described in detail with reference to the accompanying drawings and specific examples.
As shown in fig. 2, the present embodiment provides a security method of a time synchronization architecture for a time sensitive network, which may be executed by the master clock source controller, and the security method specifically includes the following steps:
step S201: and selecting the current master clock source from the heterogeneous master clock source resource pool, and changing the state of the current master clock source into a heterogeneous candidate master clock source if the current master clock source exists at the moment, wherein the current master clock source does not participate in the selection of the current master clock source.
In a specific election method, a clock source priority-based mode used in the IEEE 801.1AS standard may be adopted, or an initial master clock source may be formulated by a network administrator, and a specific election algorithm is not the content of this patent and is not protected by this patent.
Step S202:each network device and the current main clock source are periodically arrangedAnd (5) synchronizing.
Specifically, the link delay measurement and slave clock correction may be performed in a point-to-point (peer to peer) or end-to-end (end to end) manner of the main stream in the current time synchronization mechanism, and the specific measurement and correction manner is not the content of this patent, so that the description is not repeated.
Step S203: whether the security method for the master clock source remains running is judged, and the security method can be stopped by a network administrator or can be stopped along with the stop of the whole time sensitive network. If the security method for the master clock source still keeps running, jumping to step S204; if the security method for the master clock source needs to be stopped, ending.
Step S204: according to the multimode dynamic scheduling mechanism, the method uses the periodAnd scheduling part of heterogeneous master clock sources in the heterogeneous master clock source resource pool to dynamically form a master clock source online detection set.
Step S205: and obtaining the reference information provided by the main clock source online detection set, and comparing the reference information with the time information of the current main clock source to verify the current main clock source.
Step S206: and judging whether the current master clock source is safe or not according to a confidence judging mechanism. If the current master clock source is judged to be unsafe, the step S201 is skipped, and the current master clock source is reelected; if the current master clock source is decided to be safe, the process goes to step S203.
As an alternative embodiment, as shown in fig. 3, the step of performing the security check of the current master clock source in the master clock source check stage step S205 specifically includes the following steps:
step S301: master clock source controller with periodPeriodically obtaining the current master clock source time information +.>。
Step S302: master clock source controller with periodPeriodically obtaining time information of each candidate master clock source。
Step S303: calculating a time window of current legal
,/>
Wherein the method comprises the steps ofIs a scaling factor, set by network manager, defaults to 0; / >Is the number of heterogeneous candidate master clock sources in the master clock source online detection set,/the number of heterogeneous candidate master clock sources in the master clock source online detection set>。mIs the number of heterogeneous candidate master clock sources in the heterogeneous master clock source resource pool.
Step S304: verification ofAndWcheck if it falls within the current legal time windowWIn, judging whether the current main clock source is in normal operationRow status. If the current master clock source is operating normally, jumping to step S305; if the current master clock source is abnormal, the process goes to step S306.
Step S305: the master clock source controller marks the current master clock source state as normal.
Step S306: the master clock source controller marks the current master clock source state as abnormal, and simultaneously marks the current feedback index of the current master clock sourceRecorded as->And then changing the feedback indicator to (-C), which is the positive feedback increase threshold.
As an alternative embodiment, as shown in fig. 4, the steps of the multimode dynamic scheduling mechanism according to the master clock source verification stage step S204 specifically include the following steps:
step S401: and screening out heterogeneous candidate master clock sources which do not support the master clock source function or are possibly closed in the running process from the heterogeneous master clock source resource pool, and alarming to a network administrator to report the equipment abnormality.
Step S402: using feedback indicatorsS f And reflecting the real-time security performance of all the rest heterogeneous candidate master clock sources which are not current master clock sources in the heterogeneous master clock source resource pool, wherein the real-time security performance is updated by the feedback of the preamble information verification.
Step S403: setting the scale of the online detection set of the master clock source as the scale of the online detection set of the master clock source by a network administrator,mAnd obtaining the online detection set of all candidate master clock sources in a permutation and combination mode for the number of heterogeneous candidate master clock sources in the heterogeneous master clock source resource pool.
Step S404: calculating heterogeneous indexes of each candidate master clock source online detection set. The index reflects the difference of each heterogeneous candidate master clock source in the software and hardware layers in the online detection set of each candidate master clock source. Specifically, heterogeneous layer equal scoring may be performed for different heterogeneous candidate master clock sources pairwise. The heterogeneous layers may include internal software and hardware interfaces of heterogeneous candidate master clock sources, clock source forms, security procedures, and an operating system.
Step S405: calculating comprehensive evaluation indexes of each candidate master clock source online detection set. Wherein, the firstjComprehensive evaluation index of online detection set of candidate master clock sources>:
Wherein, the liquid crystal display device comprises a liquid crystal display device, 、/>all are weight values manually set according to the requirements, ;/>Is the firstjThe first candidate master clock source in the online detection setiAnd heterogeneous candidate master clock sources.
Step S406: selecting a comprehensive evaluation indexThe highest candidate master clock source online detection set is used as the final scheduled master clock source online detection set.
As an alternative embodiment, as shown in fig. 5, the steps of the real-time differentiated feedback update method adopted in step S402 of the multimode dynamic scheduling mechanism specifically include the following steps:
step S501: determining whether all heterogeneous candidate master clock sources except the current candidate master clock source in the heterogeneous master clock source resource pool have been traversed. If the real-time differential feedback updating method is traversed, ending the real-time differential feedback updating method; otherwise, the process goes to step S502.
Step S502: judging current heterogeneous candidate master clock sourceWhether in the master clock source online detection set. If the current heterogeneous candidate master clock source +.>Not in the master clock source online detection set, jumping to step S503; if the current heterogeneous candidate master clock source +.>In the master clock source online detection set, the process goes to step S504.
Step S503: judging the current heterogeneous candidate master clock sourceFeedback index of->Whether it is a non-negative value. If the current heterogeneous candidate master clock source +. >Feedback index of->Is a non-negative value, indicating->If not scheduled and can work normally before, the process goes to step S501; if the current heterogeneous candidate master clockSource->Feedback index of->If the value is negative, the recovery phase after the attack or the fault is shown, and the process jumps to the step S507 to update +.>Feedback index of->。
Step S504: according to the current heterogeneous candidate master clock sourceTime information of->And the currently legal time window calculated according to step S303 +.>Judging the current heterogeneous candidate master clock source +.>Whether or not to work normally. If the current heterogeneous candidate master clock source +.>Failure to work, indicate->If the network attack or the failure occurs and the negative feedback update is needed, the step S505 is skipped; otherwise, if the current heterogeneous candidate master clock source +.>If the operation is normal, the positive feedback update is required, and the process goes to step S506.
Step S505: the master clock source controller transmits the current data to the master clock source controllerHeterogeneous candidate master clock sourceMarking the state of the current heterogeneous candidate master clock source as abnormal while>Is>Recorded as->And then feedback index +.>Update to-C),CThe threshold is increased for positive feedback.
Step S506: judging the current heterogeneous candidate master clock sourceIs>Whether it is a non-negative value. If the current heterogeneous candidate master clock source +.>Feedback index of->Negative, indicating that it is in the recovery stage after attack or failure, jumping to step S507; if the current heterogeneous candidate master clock source +.>Feedback index of->If it is non-negative, indicating that it is continuously operating normally, the process goes to step S508.
Step S507: the current heterogeneous candidate master clock sourceFeedback index of->Add->。
Step S508: judging the current heterogeneous candidate master clock sourceIs>Whether or not it exceeds a threshold value set by man>. If->Indicating the current heterogeneous candidate master clock source +.>In the positive feedback normal growth phase, jump to step S509; on the contrary, if->Indicating the current heterogeneous candidate master clock source +.>Having a larger positive feedback value, the growth rate thereof needs to be controlled to increase the likelihood that the remaining heterogeneous candidate master clock sources are scheduled online, and the process goes to step S510.
Step S509: the current heterogeneous candidate master clock sourceFeedback index of->Add->。/>
Step S510: the current heterogeneous candidate master clock source Feedback index of->Add->Wherein->For discount rate->。
As can be seen from the above, the time synchronization architecture provided in this embodiment conforms to the existing mainstream time-sensitive network architecture, and can effectively improve the election efficiency and reliability of the master clock source, and perform agile switching when the master clock source fails or is unsafe. In addition, in the security method of the master clock source, software and hardware structures of candidate master clock source servers in the heterogeneous master clock source resource pools are different, and the current master clock source information is periodically checked with the master clock source online detection set, so that a network attacker is extremely difficult to permeate the current master clock source and the master clock source online detection set at the same time, and the accuracy of time information published by the master clock source is ensured. Further, the security method of the master clock source provides a quantization feedback index reflecting the real-time security of each heterogeneous candidate master clock sourceThe main clock source online detection set is dynamically transformed according to a multimode dynamic scheduling mechanism, so that the 'inaccurate measurement' capability associated with the framework is provided for the attack surface of the main clock source, the safety of the main clock source can be further improved, and further the orderly operation of a time-sensitive network is ensured.
The embodiment also provides a security device of a time synchronization architecture facing to a time sensitive network, which comprises:
at least one processor;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the at least one processor to implement the methods illustrated in fig. 2-5.
The security device of the time synchronization architecture for the time sensitive network of the embodiment can execute the security method of the time synchronization architecture for the time sensitive network provided by the embodiment of the method of the invention, and can execute any combination implementation steps of the embodiment of the method, thereby having the corresponding functions and beneficial effects of the method.
The present application also discloses a computer program product or a computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions may be read from a computer-readable storage medium by a processor of a computer device, and executed by the processor, to cause the computer device to perform the methods shown in fig. 2-5.
In some alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flowcharts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed, and in which sub-operations described as part of a larger operation are performed independently.
Furthermore, while the invention is described in the context of functional modules, it should be appreciated that, unless otherwise indicated, one or more of the described functions and/or features may be integrated in a single physical device and/or software module or one or more functions and/or features may be implemented in separate physical devices or software modules. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary to an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be apparent to those skilled in the art from consideration of their attributes, functions and internal relationships. Accordingly, one of ordinary skill in the art can implement the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative and are not intended to be limiting upon the scope of the invention, which is to be defined in the appended claims and their full scope of equivalents.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the foregoing description of the present specification, reference has been made to the terms "one embodiment/example", "another embodiment/example", "certain embodiments/examples", and the like, means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.
While the preferred embodiment of the present invention has been described in detail, the present invention is not limited to the above embodiments, and various equivalent modifications and substitutions can be made by those skilled in the art without departing from the spirit of the present invention, and these equivalent modifications and substitutions are intended to be included in the scope of the present invention as defined in the appended claims.
Claims (7)
1. A security method of a time synchronization architecture for a time sensitive network, comprising the steps of:
a main clock source election stage: selecting a current master clock source from a heterogeneous master clock source resource pool;
synchronization phase: the current main clock source and all network devices except the current main clock source controller in the time sensitive network are controlled in a fixed periodT 1 Performing time synchronization;
and (3) a master clock source verification stage: according to the multimode dynamic scheduling mechanism, the method uses fixed periodScheduling part of heterogeneous master clock sources from the heterogeneous master clock source resource pool to dynamically form a master clock source online detection set, and checking the current master clock source information and the master clock source online detection set so as to detect whether the current master clock source is safe or not in real time;
And (3) a primary clock source agile switching stage: when the current main clock source is detected to be unsafe, dynamically selecting a new main clock source from the heterogeneous main clock source resource pool to replace the original unsafe main clock source;
in the master clock source verification stage, the verifying the current master clock source information and the master clock source online detection set includes:
acquiring time information sent by the current master clock source;
Obtaining time information of each heterogeneous candidate master clock source in the master clock source online detection set;
Calculating the current legal time window according to the obtained time informationW;
Checking time informationAnd a time windowWExamination time information->Whether or not it falls within the current legal time windowWAnd judging whether the current master clock source is in a normal running state.
2. The method for security of time-sensitive network-oriented time synchronization architecture of claim 1, wherein the time windowWThe expression of (2) is:
wherein, the liquid crystal display device comprises a liquid crystal display device,is a scaling factor, +.>Is the number of heterogeneous candidate master clock sources in the master clock source online detection set.
3. The method according to claim 1, wherein in the master clock source verification phase, the multimode dynamic scheduling mechanism for constructing the master clock source online detection set comprises the following steps:
Screening out heterogeneous candidate master clock sources which do not support the master clock source function or are possibly closed in running in the heterogeneous master clock source resource pool, and reporting equipment abnormality;
using feedback indicatorsReflecting the real-time security performance of all the rest heterogeneous candidate master clock sources which are not the current master clock source in the heterogeneous master clock source resource pool;
setting the scale of the main clock source on-line detection set asObtaining all candidate main clock source online detection sets by means of permutation and combination, and adopting isomerism index +.>Reflecting the heterogeneity of the master clock source online detection sets of different candidates;
calculating comprehensive evaluation indexes of each candidate master clock source online detection setSelecting comprehensive evaluation index->The highest candidate set is used as the final scheduled master clock source online detection set.
4. A method for security of a time synchronization architecture for a time sensitive network as claimed in claim 3, wherein said feedback indicatorThe real time difference differential feedback updating method is adopted for updating, and specifically comprises the following steps:
after the information verification is carried out on the master clock source information and the preamble master clock source online detection set, feedback indexes of all heterogeneous candidate master clock sources except the master clock source are fed back Updates are made, wherein the updates include positive feedback updates and negative feedback updates:
if the heterogeneous candidate master clock source belongs to the master clock source online detection set, and the time information of the heterogeneous candidate master clock source is in a legal time windowIn accordance with the threshold->And feedback index->Performing a positive feedback update, the positive feedback update including two cases:
1) If the current feedback index of the online heterogeneous candidate master clock source is a non-negative value, judging the feedback indexWhether or not it is less than a threshold +.>If the feedback index is smaller than s, the feedback index is increased; conversely, the feedback index increases +.>The method comprises the steps of carrying out a first treatment on the surface of the Wherein->For discounted rate,/>;
2) If the current feedback index of the online heterogeneous candidate master clock source is a negative value, the feedback index is increasedWherein->For recovery rate->,/>The feedback index is used for the feedback index when the online heterogeneous candidate master clock source is successfully attacked;
the negative feedback update includes:
if the heterogeneous candidate master clock source belongs to the master clock source online detection set, and the time information of the heterogeneous candidate master clock source exceeds the current legal time windowThe feedback indicator is updated to be negative +.>Storing feedback indexes of the online heterogeneous candidate master clock source at the moment as +.>。
5. The method of claim 4, wherein the steps of positive feedback updating and negative feedback updating further comprise:
If the heterogeneous candidate master clock source does not belong to the master clock source online detection set, judging whether the current feedback index of the online heterogeneous candidate master clock source is a non-negative value, if so, feeding back the indexNot updating; if it is negative, the feedback index is increased +.>。
6. A method for security in a time-sensitive network-oriented time synchronization architecture as recited in claim 3, wherein the first step isjComprehensive evaluation index of online detection set of candidate master clock sourcesThe calculation formula of (2) is as follows:
wherein, the liquid crystal display device comprises a liquid crystal display device,detecting the number of heterogeneous candidate master clock sources in a set on line for the master clock sources; /> 、/>All of the weight values are the weight values,;/>is the firstjThe first candidate master clock source in the online detection setiAnd heterogeneous candidate master clock sources.
7. A security device for a time-sensitive network-oriented time synchronization architecture, comprising:
at least one processor;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the at least one processor to implement the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310438239.6A CN116170110B (en) | 2023-04-23 | 2023-04-23 | Time synchronization architecture, security method and device for time sensitive network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310438239.6A CN116170110B (en) | 2023-04-23 | 2023-04-23 | Time synchronization architecture, security method and device for time sensitive network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116170110A CN116170110A (en) | 2023-05-26 |
| CN116170110B true CN116170110B (en) | 2023-07-18 |
Family
ID=86416685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310438239.6A Active CN116170110B (en) | 2023-04-23 | 2023-04-23 | Time synchronization architecture, security method and device for time sensitive network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116170110B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117278190B (en) * | 2023-11-21 | 2024-03-29 | 北京智芯微电子科技有限公司 | Time synchronization unit, method, chip architecture, network device and medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112073388A (en) * | 2020-08-20 | 2020-12-11 | 上海交通大学 | Time-sensitive heterogeneous network system of industrial control system and management method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11336687B2 (en) * | 2020-01-03 | 2022-05-17 | Disney Enterprises, Inc. | System and method for providing security for master clocks |
| CN114826466A (en) * | 2022-03-14 | 2022-07-29 | 上海映驰科技有限公司 | Selection and switching method of redundant master clock |
| CN115967644A (en) * | 2022-12-05 | 2023-04-14 | 国家工业信息安全发展研究中心 | Switch security testing method facing time sensitive network |
| CN115996205B (en) * | 2023-03-21 | 2023-05-16 | 北京智芯微电子科技有限公司 | TSN Ethernet switching module and electric power Internet of things message processing method |
-
2023
- 2023-04-23 CN CN202310438239.6A patent/CN116170110B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112073388A (en) * | 2020-08-20 | 2020-12-11 | 上海交通大学 | Time-sensitive heterogeneous network system of industrial control system and management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116170110A (en) | 2023-05-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11316869B2 (en) | Systems and methods for providing attestation of data integrity | |
| US11470105B2 (en) | Attestation service gateway | |
| US11956273B2 (en) | Discovering trustworthy devices using attestation and mutual attestation | |
| US11343261B2 (en) | Technologies for proving packet transit through uncompromised nodes | |
| US11863434B2 (en) | System and method of providing policy selection in a network | |
| US11838283B2 (en) | Network enclave attestation for network and compute devices | |
| Mizrak et al. | Detecting and isolating malicious routers | |
| US11277442B2 (en) | Verifying the trust-worthiness of ARP senders and receivers using attestation-based methods | |
| US11196634B2 (en) | Establishing trust relationships of IPv6 neighbors using attestation-based methods in IPv6 neighbor discovery | |
| CN116170110B (en) | Time synchronization architecture, security method and device for time sensitive network | |
| US11652824B2 (en) | Trustworthiness evaluation of network devices | |
| CN113395247A (en) | Method and equipment for preventing replay attack on SRv6HMAC verification | |
| CN103139219B (en) | Based on the attack detection method of the Spanning-Tree Protocol of credible switchboard | |
| Wang et al. | A data plane security model of SR-BE/TE based on zero-trust architecture | |
| US11122346B1 (en) | Attestation in optical transport network environments | |
| US20210314161A1 (en) | Real-time attestation of cryptoprocessors lacking timers and counters | |
| Al Salti et al. | LINK-GUARD: an effective and scalable security framework for link discovery in SDN networks | |
| Lent et al. | Strengthening the security of cognitive packet networks | |
| Alghamdi et al. | An Analysis of Internal Attacks on PTP-based Time Synchronization Networks | |
| Treytl et al. | Investigations on security aspects in clock synchronized industrial ethernet | |
| Reynolds et al. | Using External Security Monitors to Secure BGP | |
| Huang | On the protection of link state routing and discovery of PKI certificate chain in MANET | |
| Zhang et al. | ShortMAC: Efficient Data-Plane Fault Localization (CMU-CyLab-11-007) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |