The content of the invention
In view of the shortcomings of the prior art, it is an object of the invention to provide strengthen communications security in a kind of industrial control system
Method, this method for it is unidirectional, just for important communication message, using the Elliptic Curve Cryptosystem of depth optimization, after
Sew formula design, using a series of targetedly method for security protection such as important traffic enrollment mechanism and timestamp mechanism, realize
The necessary security function such as authentication, integrity protection, while do not interfere with the work of the industrial control system.
The purpose of the present invention is realized using following technical proposals:
Strengthen the method for communications security in a kind of industrial control system, it is theed improvement is that, methods described is applied to
In industrial control system, the industrial control system includes the main website side being in communication with each other and end side, methods described pass through following
Three phases are implemented:
(1) preparatory stage before communicating;
(2) main website side transmission phase;
(3) end side reception, processing and recovery stage.
Further, the preparatory stage comprises the steps before the communication of described (1):
Step 102:Main website lateral root is according to SM2 disclosed in national No. 21 bulletins (issue on December 17th, 2010) of Password Management office
Ellipse curve public key cipher algorithm generates elliptic curve cryptography key pair, including private key PriK and public key PubK;
Step 104:The key pair of main website side preset ellipse curve cryptography algorithm, including private key PriK and public key PubK;Its
In private key PriK to be deposited by encrypted card, encryption chip or encryption equipment it is preset;Storage should be ensured that security, will not let out
Leakage;
Step 106:The public key PubK of the preset main website side in end side.
Further, the main website side transmission phase of described (2) comprises the steps:
Step 202:Main website side generates to be protected, original important traffic message, and the important traffic message is original
Message M;
Step 204:Local time stamp M is filled after original message M in main website side | | timestamp;
Step 206:Filled after timestamp by the preset private key PriK in main website side to original message M to timestamp main website side
The signed data signature=Sign (M | | timestamp, PriK) of this segment data;
Step 208:Safe packet end mark byte end, the compound peace of formation are filled after signed data in main website side
Full message SM, the SM=Signature | | end;
Step 210:Main website side sends composite safe message SM to end side.
Further, in the step 202, important traffic message refers to the control in industrial control system communication protocol
Message;It is unidirectional signature authentication to the signature verifications carried out of the original message M in communication in the step 206.
Further, the end side of described (3) receives, processing and recovery stage comprise the steps:
Step 302:End side receives composite safe message SM;
Step 304:End side extracts original important traffic message time according to composite safe message SM and stabbed
Timestamp and signed data signature;
Step 306:End side extraction local time stamp localtime;
Step 308:Compare time tolerance whether in reasonable time window W, i.e., (localtime-timestamp)<
WIf in rational time window W, step 310 is carried out;Otherwise, step 309 is carried out;Reasonable time window W value according to
Depending on concrete application scene, it is set as 30 seconds in industrial control system example.
Step 309:The composite safe message SM is abandoned, does not return to any data;
Step 310:Whether compare important traffic message time stamp timestamp in local registered timestamp list L
In;If so, then carry out step 311;Otherwise, step 312 is carried out;
Step 311:The composite safe message SM is abandoned, does not return to any data;
Step 312:Whether effective, the i.e. ret=verify according to the public key PubK checking signed datas that end side is preset
(signature, PubK), ret=0If so, carry out step 314;Otherwise, step 313 is carried out;
Step 313:The composite safe message SM is abandoned, does not return to any data;
Step 314:End side handles original message M, and whether observation result is normal;If normal, step 316 is carried out,
Otherwise, step 315 is carried out;
Step 315:Return to processing exception message;
Step 316:Important traffic message time stamp timestamp is registered in timestamp list L by end side;
Step 317:Return to processing normal message.
Compared with the prior art, the beneficial effect that reaches of the present invention is:
Particularity of the 1- present invention according to communication system, has analysed in depth that be likely encountered universal and special is a variety of to attack
Form is hit, devises targetedly safety measure, communication security can be effectively ensured and resist attack.
The safe enhanced scheme that the 2- present invention designs on the basis of the particularity of former communication system is analysed in depth, not only may be used
Effectively to strengthen communication security, while it ensure that communication efficiency is barely affected.
The 3- present invention has the characteristics of compatibility is strong at the same time, is especially suitable in large area terminal protocol transformation process, needs
Want compatible the old and new's agreement, the situation of the old and new's terminal.
The design of the 4- present invention is this asymmetric that scheme, main website side need to increase encryption due to the unilateral authentication of use
The password related hardwares such as card, encryption chip and encryption equipment, and terminal can be realized with pure software.Because main website quantity is few and close
Code product price is inexpensive, and if terminal transformation with software realizes that cost is lower, so the implementation economic benefit protrusion of the present invention, generation
Valency is low and high efficiency, it may be said that is quality-high and inexpensive.
Embodiment
The embodiment of the present invention is described in further detail below in conjunction with the accompanying drawings.
It is defined as follows term:
Ellipse curve signature function Sign (tosign, Prik)->Signature is ellipse curve signature function, defeated
It is data to be signed to enter tosign, and PriK is private key, and output signature is signature;
Elliptic curve sign test function verify (sign, Pubk)->0/err is elliptic curve sign test function, input
Sign is signature, and PubK is public key key, and output 0 is expressed as signature correctly, and other represent mistakes;
a||b:By character string b splicings behind character string a.
The invention solves a technical problem be to provide in a kind of industrial control system strengthen communications security side
Method, the communication in this industrial control system have that end side computing capability is weak, time of end side is from main website end, communication
Channel is unreliable, important traffic frequency is relatively low but the features such as requiring real-time and high security.For these features, the present invention is set
Counted it is a kind of it is unidirectional, just for important communication message, set using the Elliptic Curve Cryptosystem of depth optimization, using suffix formula
Count, using a series of targetedly method for security protection such as important traffic enrollment mechanism and timestamp mechanism, realize identity and recognize
The necessary security function such as card, integrity protection, while do not interfere with the work of the industrial control system.
Below in conjunction with the communication characteristic of this Special industrial control system, illustrate that the present invention strengthens the side of communications security
Method, while prove its security.
First, requirement of real-time and the high security requirement of the weak computing capability and important traffic of end side are considered.This hair
The communication both sides of bright targeted this Special industrial control system, i.e. main website and terminal, their computing capability is widely different,
Main website side configuration is higher, and end side configuration is relatively low, and the MCU dominant frequency of the use of low-end models therein may only have tens,
Internal memory only has tens K.Because application program will also take most of resource, leave the safety enhancing usable resource of work(for has very much
Limit.Simultaneously because the important traffic of this Special industrial control system also has requirement of real-time and high security requirement, and here
Security, most importantly to prevent terminal from receiving the important traffic message at illegal main website end.Not influence terminal to greatest extent
The application function of side, the design is not protected to all communications, and only important traffic therein is protected, and simply unidirectional
Protection.This unidirectional and only for crucial message design triggers a series of unique safety problems, follow-up design focal point
It is placed on and solves in these safety problems.
Before the safety problem that further analysis the design faces, here unidirectionally and only for key under detailed explanation
The specific meaning of message, to explain follow-up safety problem and solution.
It is so-called unidirectional, refer to that the message in the direction only from main website to terminal is signed.
So-called important traffic, refers to the control message in this Special industrial control system communication protocol, and control message makes
Frequency is relatively low, but operating result directly affects production and living and personal safety, extremely important.Control message to real-time and
Security requirement is all higher.
The unidirectional and design only for crucial message, refer to removing control report in communicating to this Special industrial control system
Message outside text, still by original realization, without modification.And to controlling message, message is signed by main website, is then sent to
End side, terminal make sign test after receiving message, if sign test decryption does not all have mistake, receive this message, and carry out next
Walk the work of application.And the reply message of terminal does not change, main website side is still replied with former plaintext version.
Design only for crucial message has no problem in most of agreement, but in the logical of this Special industrial control system
It can cause some problems or hidden danger in letter agreement.The both ends of the communication protocol of this Special industrial control system, i.e. main website side and end
There is correct time source side, main website side, and the time of end side derives from main website side, passes through the time synchronized report of communication
Text is realized, and this time synchronized message is protected not as crucial message.Due to the communication of this Special industrial control system
Channel is dangerous, so attacker can reach control terminal time, so as to control crucial report by control time sync message
The timestamp of text and the difference of end side time, this may cause to do the design of function of safety protection to exist using the end side time
Serious loophole.
It is above-mentioned to be explained in detail for Special industrial control system communication protocol, unique time synchronized message aggression,
In addition there are other general protocol attack forms, it is main for the communication protocol for employing certification and encryption mechanism
If Replay Attack.
Replay Attack is a kind of attack type, and attacker obtains effective transmission number first with network monitoring or other modes
According to it is issued destination host again again afterwards.Encryption and certification can effectively prevent the various attacks form such as Session Hijack,
But Replay Attack is not prevented.
In order to prevent Replay Attack, timestamp, sequence number and challenge 3 kinds of mechanism of question and answer can be typically used.
The basic thought of timestamp mechanism is:Main frame receives a message, and and if only if, and its timestamp distance included is worked as
The preceding moment is near enough.It requires that the clock of communicating pair keeps synchronous, and this basis is in this Special industrial control system
Without.Attacker can utilize the time of time synchronized message aggression change terminal, make expired crucial message still to reach
The purpose that can be received by end side.So timestamp mechanism strengthens uncomfortable for the communications security of this Special industrial control system
With.
One initial sequence number of offered and increment method are needed using the communication of sequence number mechanism, then according in message
Sequence number judge the freshness of message.Sequence number mechanism why for this Special industrial control system communications security increase
Strong inapplicable is because the process of negotiation sequence number needs two-way encryption certification in itself, and this method is needed to original agreement
Change is too many.
Put question to and the Basic practice of acknowledgement mechanism is:It is expected to obtain careful A from B, issue the random value N of B mono- in advance,
And it is A to require in the message of B responses comprising N or F (N), F, the simple function that B makes an appointment.And in replies of the A by judging B
N or consistent carefully whether being retransmitted to judge this of whether being sent with oneself of F (N).Because with phase as sequence number mechanism
As reason, put question to and acknowledgement mechanism do not apply to equally this Special industrial control system communications security enhancing.
To preventing the analysis of Replay Attack based on more than, it can be seen that conventional anti-replay mechanism is targeted to the present invention
Scene be inapplicable.The safety enhancing design of communication protocol employs timestamp mechanism in this Special industrial control system
Combined with important traffic enrollment mechanism to prevent Replay Attack.Timestamp mechanism therein is set by the way that whether detection time stamp exceedes
Fixed reasonable time window is come for preventing single message from resetting, important traffic enrollment mechanism requires that end side record is successful every time
The timestamp of important traffic, and prevent from combining time synchronized message aggression by refusing the important traffic of timestamp repetition
Replay Attack.The problem of causing registration list long in the presence of too high due to important traffic frequency in theory using enrollment mechanism,
But because important traffic frequency is relatively low in the actual use of this Special industrial control system, this problem is simultaneously not present.
The main contents of the above-mentioned communications security enhancing design for having analyzed industrial control system.Except the above,
The communications security enhancing of industrial control system is designed as further improving processing speed of the end side to encrypting message identifying, adopts
With security in ripe public key algorithm it is higher, calculate the more preferable elliptic curve of performance, and depth optimization has been done to algorithm.
The main advantage of elliptic curve cryptography be in some cases it used than other methods it is smaller close
Key --- such as RSA cryptographic algorithms --- provides suitable or greater degree safety.Therefore very tight to bandwidth requirement
Can particularly useful, the communication scenes just suitable for this Special industrial control system in connection.
In addition, the communications security enhancing of this Special industrial control system is designed to ensure that to this Special industrial control system
In do not apply the design terminal compatibility, employ suffix formula safe packet design, i.e., the original of important traffic is not changed,
Increase safe packet, including timestamp, signed data and verification data etc. behind, form composite safe message.Using we
The whole composite safe message of terminal processes of method, the terminal of the design is not used then only to handle original report in running status
Text.
It is provided by the invention enhancing communications security method flow chart as shown in figure 4, this method pass through it is following three
Stage is implemented:
(1) preparatory stage before communicating, flow chart is as shown in figure 1, comprise the steps:
Step 102:Main website lateral root is according to SM2 disclosed in national No. 21 bulletins (issue on December 17th, 2010) of Password Management office
Ellipse curve public key cipher algorithm generates elliptic curve cryptography key pair, including private key PriK and public key PubK.Here
Elliptic curve cryptography refers in particular to what the present invention used, by the elliptic curve cryptography of depth optimization.Here generation is calculated
Method key pair, it should be realized using by hard-wired encrypted card, encryption chip, encryption equipment, to ensure the safety of private key storage
Property.
Step 104:The key pair of main website side preset ellipse curve cryptography algorithm, including private key PriK and public key PubK.
Step 106:The public key PubK of the preset main website side in end side.
(2) main website side transmission phase, flow chart is as shown in Fig. 2 comprise the steps:
Step 202:Main website side generates to be protected, original important traffic message, and the message is referred to herein as original report
Literary M.
Step 204:Local time stamp M is filled after original message in main website side | | timestamp.
Step 206:Filled after timestamp by local preset private key to this hop count of original message to timestamp main website side
According to signed data signature=Sign (M | | timestamp, PriK).
Step 208:Safe packet end mark byte end, the compound peace of formation are filled after signed data in main website side
Full message SM;That is SM=Signature | | end;
Step 210:Main website side sends composite safe message.
(3) end side reception, processing and recovery stage, flow chart is as shown in figure 3, comprise the steps:
Step 302:End side receives composite safe message SM;
Step 304:End side extracts original important traffic message time according to composite safe message SM and stabbed
Timestamp and signed data signature;
Step 306:End side extraction local time stamp localtime;
Step 308:Compare time tolerance whether in reasonable time window W, i.e., (localtime-timestamp)<
WIf in rational time window W, step 310 is carried out;Otherwise, step 309 is carried out;Reasonable time window W value according to
Depending on concrete application scene, it is set as 30 seconds in industrial control system example.
Step 309:The composite safe message SM is abandoned, does not return to any data;
Step 310:Whether compare important traffic message time stamp timestamp in local registered timestamp list L
In;If so, then carry out step 311;Otherwise, step 312 is carried out;
Step 311:The composite safe message SM is abandoned, does not return to any data;
Step 312:Whether effective, the i.e. ret=verify according to the public key PubK checking signed datas that end side is preset
(signature, PubK), ret=0If so, carry out step 314;Otherwise, step 313 is carried out;
Step 313:The composite safe message SM is abandoned, does not return to any data;
Step 314:End side handles original message M, and whether observation result is normal;If normal, step 316 is carried out,
Otherwise, step 315 is carried out;
Step 315:Return to processing exception message;
Step 316:Important traffic message time stamp timestamp is registered in timestamp list L by end side;
Step 317:Return to processing normal message.
, can be according to original after receiving complex controll message M for the existing old terminal (substation) in running status
Data format, the normal original load m parts read in frame, ignores the processing to completeness check code.For example, in the Chinese people
Include length item in republic power industry standard IEC61850-8-1 1-ISO/IEC8802-3 frame formats, can record
The length of message.In " IEC60870-5-101/104 is applied to electrical power distribution automatization system " " the variable frame length format of 4.2101 stipulations "
In by the way that " length L " items can list the length of message.The length of integrity verification code/signature can be preset, Huo Zhegen
Determined according to algorithm, security parameter.
In above-described embodiment, main website side is signed to the summary info of message, and receiving terminal carries out data source according to signature
Certification and integrity verification, it ensure that the security that information exchanges;Signature is placed on behind original, the compatibility that can try one's best is
There is industrial control system communication protocol;End side carries out verification process, and old terminal can omit the processing of completeness check code,
It is compatible with existing system so as to try one's best, avoid the significant cost to all devices transformation.
When industrial control system control centre or controlled terminal send the message such as control or measurement as transmitting terminal, reporting
Completeness check code or signature are added after text;After receiving terminal receives message, completeness check code or signature are verified or solved
Label, message is handled again after success.It is (main using the technical scheme of the embodiment of the present invention, industrial control system control centre
Stand side) identity of message transmitting party can be verified with controlled terminal (substation side), prevent malicious persons from pretending to be in control
The heart (main website side) or controlled terminal (substation side) are controlled and destroyed to industrial control system;Simultaneously to measuring, controlling, parameter
The messages such as setting are protected, and prevent malicious persons from being distorted to message content.The present invention is supporting existing industry control communication protocol
On the premise of function, data source authentication between control centre (main website side) and controlled terminal (substation side), complete can be realized
Property protection and preventing playback attack function.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, to the greatest extent
The present invention is described in detail with reference to above-described embodiment for pipe, those of ordinary skills in the art should understand that:Still
The embodiment of the present invention can be modified or equivalent substitution, and without departing from any of spirit and scope of the invention
Modification or equivalent substitution, it all should cover among scope of the presently claimed invention.