CN104717105A - Industrial sensor network data repeated detecting method based on standard ISA 100.11a - Google Patents
Industrial sensor network data repeated detecting method based on standard ISA 100.11a Download PDFInfo
- Publication number
- CN104717105A CN104717105A CN201510070566.6A CN201510070566A CN104717105A CN 104717105 A CN104717105 A CN 104717105A CN 201510070566 A CN201510070566 A CN 201510070566A CN 104717105 A CN104717105 A CN 104717105A
- Authority
- CN
- China
- Prior art keywords
- queue
- tpdu
- message
- duplicate detection
- mic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an industrial sensor network data repeated detecting method based on the standard ISA 100.11a, and the method comprises methods for repeatedly detecting terminal equipment and backbone network equipment in a DL subnet. By means of the repeated detecting method, the problems of repetition and disorder of messages in an ISA100.11a network can be effectively detected, the repeated detecting method executed on the terminal equipment is easy to achieve, and meanwhile the storage resources of the terminal equipment are saved, and the problem of replay attack of a sensor network is well solved.
Description
Technical field
The invention belongs to industrial sensor network communication technical field, particularly relate to a kind of method of transport layer data duplicate detection of ISA100.11a standard.
Background technology
At present, the investigation and application of industrial sensor network is carried out widely, is more and more applied in industry spot.But safety problem is the matter of utmost importance of industrial sensor network, must ensure the reliable data transmission between network-termination device.Although standards systems different at present has all done a lot of technical requirement to safe transmission, but due to complexity, the polytropy of the limitation of sensor network self and applied environment, information transmission is faced with multiple threat, and the safety problems such as the attack of malicious interference, integrality and Replay Attack are more outstanding.Wherein, Replay Attack refers to that the malicious node in Sensor Network pretends to be legitimate node, to network playback current message or historical data, although reset message itself be legal, message processed or be not current network need collect data.Replay Attack not only can busy channel resource but also can cause that network information transfer is chaotic, terminal equipment can not the problem such as other business of normal process.
ISA100.11a agreement is one of international standard of industrial sensor network, carrys out the application of supporting industry scene with low complex degree, low-power consumption, suitable communication data rate.Its protocol stack is made up of application layer, transport layer, network layer, data link layer and physical layer.Transport layer major function is responsible for communicating end to end and providing the Connectionless transport service with flexible fail safe, provides the reliability of transmission, avoid the makeing mistakes of message, lose, postpone, the mistake such as time disorder to application layer.The integrality of end-to-end TPDU (Transport layer protocol data unit, transport layer services data cell) is ensured by UDP School Affairs or message integrity check (Message Integrity Code, MIC).
The integrity protection of TPDU is achieved by these mechanism; the problem such as malicious interference, integrality attack can be solved; but for the Replay Attack problem of TPDU; this standard does not provide concrete technical requirement and technical specification; based on such background, the present invention proposes a kind of method that Data duplication detects.
Summary of the invention
The object of this invention is to provide a kind of industrial sensor network Data duplication detection method based on ISA100.11a standard, the method obtains good solution for the Replay Attack problem of Sensor Network.
According to the description of ISA100.11a standard, DL subnet is the sensor network connected by 2.4G radio frequency by terminal equipment, and a key routing device is responsible for other devices communicatings such as maintenance DL subnet equipment and gateway; Backbone network forms backbone network by the equipment and gateway device with key routing function, and the data that backbone network transmits are based on the packet of IPv6 form.Between the difference of DL subnet and backbone network, the duplicate detection method adopted in the protocol stack of terminal equipment and backbone device is not quite identical.
The TPDU transmitted between the transport layer of the terminal equipment in DL subnet, carries MIC information.MIC information is calculated by hash algorithm, and general principle is using the message of a variable length as input, exports the hash code of a regular length, is called message digest.The memory headroom that this message digest occupies will much smaller than the memory headroom occupied by message.Have two objects like this, one is verify whether the sender of message pretends; Another is the integrality of inspection message, and whether message is tampered in transmittance process.Identical for message digest and incoming message is different situation is computationally impossible.
Based on this integrity protection mechanism, consider that the hardware resource of sensor terminal equipment itself is more nervous, and MIC information committed memory space is few and uniquely can represent the message of reception.Therefore, using the diagnostic criterium of MIC as sensor terminal equipment duplicate detection.
The message transmitted between equipment on backbone network is all the packet based on IPv6 form, and this packet can ensure integrality by School Affairs or MIC.If some packets carry out integrity checking by School Affairs, then cannot carry out duplicate detection by MIC.Therefore, consider and repeat to differentiate uniqueness, using the source and destination port numbers of message, source device address and the sequence number tags detected as message, carry out the distinguishing rule of duplicate detection.
Technical scheme of the present invention is: a kind of industrial sensor network Data duplication detection method based on ISA100.11a standard, and comprise terminal equipment and backbone device in duplicate detection DL subnet, wherein in DL subnet, terminal equipment duplicate detection method is:
When the Frame that terminal equipment receives, give transport layer after data link layer and network layer are parsed, transport layer carries out the recovery of pseudo-header, then carries out integrity checking to data, finally carries out the duplicate detection of message.After packet parsing completes, give application layer by unduplicated data.
Duplicate detection process: transport layer safeguards a MIC buffer queue, compares with the MIC of buffer memory in queue one by one by the MIC information of current TPDU, if comparative result is identical, shows that detected TPDU repeats, provides repeat alarms, abandon this TPDU; Otherwise, show that detected TPDU does not repeat, this MIC information added to after queue for storing time nearest one group of MIC, current TPDU is reported application layer.
In backbone network, equipment duplicate detection method is:
The recovery carrying out the pseudo-header of IPv6 is needed equally, to obtain port numbers, the source device address of source and destination equipment after the transport layer of backbone device receives TPDU.Carry out UDP School Affairs or integrity checking again.If packet is by verifying or checking, then carries out duplicate detection.Finally give application layer by the message that duplicate detection is passed through.
Transport layer maintains a buffer queue, the timestamp of each buffer unit stored messages and tags detected, and queue content and packet check label substance are as shown in Figure 1.Timestamp represents the time of reception of this TPDU, and tags detected is made up of the sequence number of TPDU, source address, source port and destination interface.Wherein:
Timestamp: current time of reception.
Sequence number a: count value of message sequence.
Source address: the IPv6 address sending TPDU equipment.
Source port: the port numbers sending TPDU process object.
Destination interface: the port numbers receiving TPDU process object.
Duplicate detection process: before carrying out duplicate detection, builds a packet check label according to relevant information in the message received.During duplicate detection, whether timestamp indicates this tags detected to be effective tags detected.If the difference of current time and this timestamp is greater than certain time window determined, then represent that this tags detected is invalid, during duplicate detection, these tags detected can not be compared again.
The tags detected content of current tags detected and queue for storing is compared, if comparative result is identical, shows that message has repeatability, provide repeat alarms; Otherwise, show that message does not repeat, the tags detected of current time stamp and new encapsulation added to after a queue for storing time nearest message identification, and give application layer by data.
In duplicate detection process, by the comparison of the sequence number in packet check label, can also detect that whether message is out of order, if equal for message source address, source port and destination interface, and sequence number non-increasing, then indicate packet out-ordering.
Invention effect
The duplicate detection method that the present invention proposes, effectively can to detect in ISA100.11a network that message repeats, the problem such as out of order, and the duplicate detection method performed on the terminal device is simple, is easy to realize, and has saved the storage resources of terminal equipment simultaneously.
Accompanying drawing explanation
Fig. 1 is buffer queue structure of the present invention and packet check label construction schematic diagram.
Fig. 2 is terminal equipment queue management schematic diagram of the present invention.
Fig. 3 is terminal equipment duplicate detection schematic flow sheet of the present invention.
Fig. 4 is backbone device duplicate detection queue management schematic diagram of the present invention.
Fig. 5 is backbone device duplicate detection schematic flow sheet of the present invention.
Fig. 6 is packet check label comparison procedure schematic diagram of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further details.
Different with the embodiment of the duplicate detection of equipment in backbone network for terminal equipment in DL subnet, be described further respectively below in conjunction with flow chart and example.
Terminal equipment duplicate detection process:
After terminal equipment transport layer receives TPDU, first carry out pseudo-header recovery; Judge that message is the need of deciphering or integrity checking again.If message is not encrypted, calculation check and; Otherwise, after message is decrypted, then carry out duplicate detection.Finally give application layer by TPDU.
Concrete implementation is: the MIC information first obtaining current message, compares with the MIC information deposited recently in queue.As shown in Figure 2, MIC_5 content in detected label and queue compared, if it is identical to compare content, then represent that message repeats, instruction message repeat alarms, terminates duplicate detection; Otherwise, continue to compare with the nearest MIC preserved in queue, namely compare with MIC_4, the whole queue of final traversal.If after traversal queue, there is no identical MIC information, then add current MIC to queue end, cover the MIC information that cache-time is the longest, cover by MIC_1 information.The flow process of the duplicate detection of queue management as shown in Figure 3.
Backbone network equipment duplicate detection process:
Transport layer recovers the pseudo-header of IPv6 after receiving message, and obtains source and destination port numbers and source address information.Then UDP checksum test or integrity protection inspection is carried out.If by verification or integrity protection inspection, then enter duplicate detection process, the flow process of duplicate detection as shown in Figure 5.
As shown in Figure 4, first, build a tags detected for duplicate detection, a tags detected of this tags detected and queue being preserved recently compares.First judge whether the difference of the timestamp of this detection in current time and queue is greater than special time window value, if be greater than, think this tags detected be certain special time before the message that receives, not within the limit of consideration of Replay Attack, do not need to carry out duplicate detection; Otherwise, carry out the comparison of tags detected content.Tags detected content compares flow process as shown in Figure 6.
Whether the sequence number of relatively more detected label is consistent with the sequence number in detection; If consistent, then whether equally compare its remainder, if its remainder is also equal, represents that message repeats, send repeat alarms.Otherwise sequence number is inconsistent, then judge that whether other information are equal again, if equal, whether provide out of order alarm continuously according to sequence number.Otherwise address port information is unequal, represents that detected label is not identical with the tags detected content of currentitem, continue to compare forward, until all detections of queue have traveled through.
Finally, this tags detected is added to the nearest index place of queue, and move after index sequence number.TPDU is given application layer by transport layer, completes the duplicate detection process of a message.
Claims (5)
1., based on an industrial sensor network Data duplication detection method for ISA100.11a standard, comprise terminal equipment and backbone device in duplicate detection DL subnet, it is characterized in that
In DL subnet, terminal equipment duplicate detection method is: transport layer safeguards a MIC buffer queue, the MIC information of current TPDU is compared one by one with the MIC of buffer memory in queue, if comparative result is identical, shows that detected TPDU repeats, provide repeat alarms, abandon this TPDU; Otherwise, show that detected TPDU does not repeat, this MIC information added to after queue for storing time nearest one group of MIC, current TPDU is reported application layer; In backbone network, equipment duplicate detection method is:
Before carrying out duplicate detection, build a packet check label according to relevant information in the message received; During duplicate detection, whether timestamp indicates this tags detected to be effective tags detected, if the difference of current time and this timestamp is greater than the time window that certain is determined, then represents that this tags detected is invalid, can not compare these tags detected again during duplicate detection;
The tags detected content of current tags detected and queue for storing is compared, if comparative result is identical, shows that message has repeatability, provide repeat alarms; Otherwise, show that message does not repeat, the tags detected of current time stamp and new encapsulation added to after a queue for storing time nearest message identification, and give application layer by data.
2. the industrial sensor network Data duplication detection method based on ISA100.11a standard as shown in claim 1, it is characterized in that in DL subnet, terminal equipment duplicate detection method is: the MIC information first obtaining current TPDU, compare with the MIC information deposited recently in queue; If it is identical to compare content, then represent that message repeats, instruction message repeat alarms, terminates duplicate detection; Otherwise, continue to compare with the nearest MIC preserved in queue, the whole queue of final traversal; If after traversal queue, there is no identical MIC information, then add current MIC to queue end, cover the MIC information that cache-time is the longest, current TPDU is reported application layer.
3. the method that the industrial sensor network Data duplication based on ISA100.11a standard as shown in claim 1 detects, is characterized in that in backbone network, equipment duplicate detection method is:
First, build a tags detected for duplicate detection, a tags detected of this tags detected and queue being preserved recently compares; First judge whether the difference of the timestamp of this detection in current time and queue is greater than special time window value, if be greater than, think this tags detected be certain special time before the message that receives, not within the limit of consideration of Replay Attack, do not need to carry out duplicate detection; Otherwise, carry out the comparison of tags detected content;
Whether the sequence number of relatively more detected label is consistent with the sequence number in detection; If consistent, then whether equally compare its remainder, if its remainder is also equal, represents that message repeats, send repeat alarms; Otherwise sequence number is inconsistent, then judge that whether other information are equal again, if equal, whether provide out of order alarm continuously according to sequence number; Otherwise address port information is unequal, represents that detected label is not identical with the tags detected content of currentitem, continue to compare forward, until all detections of queue have traveled through;
Finally, this tags detected is added to the nearest index place of queue, and move after index sequence number; TPDU is given application layer by transport layer, completes the duplicate detection process of a message.
4. the method that the industrial sensor network Data duplication based on ISA100.11a standard as shown in claim 1,2,3 detects, it is characterized in that timestamp represents the time of reception of this TPDU, tags detected is made up of the sequence number of TPDU, source address, source port and destination interface, wherein:
Timestamp: current time of reception;
Sequence number a: count value of message sequence;
Source address: the IPv6 address sending TPDU equipment;
Source port: the port numbers sending TPDU process object;
Destination interface: the port numbers receiving TPDU process object.
5. the method that detects of the industrial sensor network Data duplication based on ISA100.11a standard as stated in claim 3, is characterized in that for message source address, source port and destination interface equal, and sequence number non-increasing, then indicate packet out-ordering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070566.6A CN104717105B (en) | 2015-02-11 | 2015-02-11 | A kind of industrial sensor network Data duplication detection method based on ISA100.11a standards |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510070566.6A CN104717105B (en) | 2015-02-11 | 2015-02-11 | A kind of industrial sensor network Data duplication detection method based on ISA100.11a standards |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104717105A true CN104717105A (en) | 2015-06-17 |
| CN104717105B CN104717105B (en) | 2018-07-13 |
Family
ID=53416096
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510070566.6A Active CN104717105B (en) | 2015-02-11 | 2015-02-11 | A kind of industrial sensor network Data duplication detection method based on ISA100.11a standards |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104717105B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357047A (en) * | 2015-11-23 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Network management system equipment data synchronization method, device and system |
| CN106817319A (en) * | 2017-03-03 | 2017-06-09 | 国动物联网技术(上海)有限公司 | A kind of lora repeaters and gateway receive the processing method of data cases simultaneously |
| CN106851735A (en) * | 2017-03-03 | 2017-06-13 | 国动物联网技术(上海)有限公司 | A kind of method that LoRaWAN treatment multiple gateways Data duplication sends |
| CN108737287A (en) * | 2018-05-22 | 2018-11-02 | 北京中创腾锐技术有限公司 | Repeated packets recognition methods, device and convergence shunting device |
| CN109614246A (en) * | 2018-11-09 | 2019-04-12 | 深圳英飞拓科技股份有限公司 | A kind of method, apparatus and message processing server of Message Processing |
| CN110430103A (en) * | 2019-09-18 | 2019-11-08 | 光大兴陇信托有限责任公司 | A kind of message monitoring method |
| CN111800773A (en) * | 2020-06-30 | 2020-10-20 | 深圳市中科蓝讯科技股份有限公司 | Bluetooth Mesh node message repetition identification method, system and storage medium |
| CN112261060A (en) * | 2020-10-30 | 2021-01-22 | 四川创智联恒科技有限公司 | Repeated data packet detection method for reliable communication transmission |
| CN113656448A (en) * | 2021-08-09 | 2021-11-16 | 国家计算机网络与信息安全管理中心 | Message processing method, device, equipment and readable storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101800989A (en) * | 2010-01-19 | 2010-08-11 | 重庆邮电大学 | Anti-replay-attack system for industrial wireless network |
-
2015
- 2015-02-11 CN CN201510070566.6A patent/CN104717105B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101800989A (en) * | 2010-01-19 | 2010-08-11 | 重庆邮电大学 | Anti-replay-attack system for industrial wireless network |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105357047A (en) * | 2015-11-23 | 2016-02-24 | 上海斐讯数据通信技术有限公司 | Network management system equipment data synchronization method, device and system |
| CN106817319A (en) * | 2017-03-03 | 2017-06-09 | 国动物联网技术(上海)有限公司 | A kind of lora repeaters and gateway receive the processing method of data cases simultaneously |
| CN106851735A (en) * | 2017-03-03 | 2017-06-13 | 国动物联网技术(上海)有限公司 | A kind of method that LoRaWAN treatment multiple gateways Data duplication sends |
| CN106851735B (en) * | 2017-03-03 | 2020-08-04 | 国动物联网技术(上海)有限公司 | Method for processing repeated transmission of multi-gateway data through L oRaWAN |
| CN108737287A (en) * | 2018-05-22 | 2018-11-02 | 北京中创腾锐技术有限公司 | Repeated packets recognition methods, device and convergence shunting device |
| CN109614246A (en) * | 2018-11-09 | 2019-04-12 | 深圳英飞拓科技股份有限公司 | A kind of method, apparatus and message processing server of Message Processing |
| CN110430103B (en) * | 2019-09-18 | 2020-06-05 | 光大兴陇信托有限责任公司 | Message monitoring method |
| CN110430103A (en) * | 2019-09-18 | 2019-11-08 | 光大兴陇信托有限责任公司 | A kind of message monitoring method |
| CN111800773A (en) * | 2020-06-30 | 2020-10-20 | 深圳市中科蓝讯科技股份有限公司 | Bluetooth Mesh node message repetition identification method, system and storage medium |
| CN111800773B (en) * | 2020-06-30 | 2021-08-24 | 深圳市中科蓝讯科技股份有限公司 | Bluetooth Mesh node message repetition identification method, system and storage medium |
| CN112261060A (en) * | 2020-10-30 | 2021-01-22 | 四川创智联恒科技有限公司 | Repeated data packet detection method for reliable communication transmission |
| CN112261060B (en) * | 2020-10-30 | 2023-04-07 | 四川创智联恒科技有限公司 | Repeated data packet detection method for reliable communication transmission |
| CN113656448A (en) * | 2021-08-09 | 2021-11-16 | 国家计算机网络与信息安全管理中心 | Message processing method, device, equipment and readable storage medium |
| CN113656448B (en) * | 2021-08-09 | 2023-12-26 | 国家计算机网络与信息安全管理中心 | Message processing method, device, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104717105B (en) | 2018-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104717105A (en) | Industrial sensor network data repeated detecting method based on standard ISA 100.11a | |
| Mazurczyk et al. | Retransmission steganography and its detection | |
| CN100403736C (en) | Message serial number inspection and inspector with multi-unit transmission | |
| Jankowski et al. | Information hiding using improper frame padding | |
| US8351605B2 (en) | Stealth message transmission in a network | |
| CN103765847A (en) | Apparatus and methods for media access control header compression | |
| CN104025550B (en) | The method and device of information is obtained from data item | |
| JP2009525708A (en) | Protocol link layer | |
| JP2006211632A (en) | Detection method of crc inspection error out of range | |
| CN105187209A (en) | Ethernet communication security protection method | |
| US8243736B2 (en) | Packet capturing device | |
| CN101605063A (en) | Network fault positioning system and method | |
| CN104660730B (en) | The means of communication and its system of server-side and far-end unit | |
| Abdullaziz et al. | Network packet payload parity based steganography | |
| US9432274B1 (en) | Intermediary facilitated packet loss recovery | |
| CN101030912A (en) | Fast ring network method against attack based on RRPP, apparatus and system | |
| CN103634166A (en) | Equipment survival detection method and equipment survival detection device | |
| CN113206740A (en) | Method and system for processing the content of data packets/frames using an adapted bloom filter | |
| Cheng et al. | Securing robust header compression (rohc) | |
| CN103036984B (en) | One-way flow detection method and network equipment | |
| CN101115055B (en) | Device and method for reporting all-level error in tunnel data package of communication network | |
| CN102711163A (en) | Method for rapidly detecting alarm link failure in IP (internal protocol)-RAN (random access network) equipment | |
| CN108243034B (en) | Fault determination method, receiver and transmitter | |
| KR102052388B1 (en) | Apparatus for ARQ operation based on MPEG media transport and ARQ operation method | |
| CN114499949B (en) | Device binding method and device, electronic device and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |