CN107065750B - The industrial control network dynamic security method of interior raw safety - Google Patents
The industrial control network dynamic security method of interior raw safety Download PDFInfo
- Publication number
- CN107065750B CN107065750B CN201710338986.7A CN201710338986A CN107065750B CN 107065750 B CN107065750 B CN 107065750B CN 201710338986 A CN201710338986 A CN 201710338986A CN 107065750 B CN107065750 B CN 107065750B
- Authority
- CN
- China
- Prior art keywords
- dynamic
- industrial control
- key
- control network
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
- G05B19/054—Input/output
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/10—Plc systems
- G05B2219/11—Plc I-O input output
- G05B2219/1103—Special, intelligent I-O processor, also plc can only access via processor
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the industrial control network dynamic security methods of safety raw in one kind, it is characterized in that, by carrying out dynamic reconfigurable to Encryption Algorithm, and it combines key and authenticates the dynamic change of password, safe reconstruct is carried out to IP packet in transport network layer, to establish commissioner's office's data transmission channel of interior raw safety between node device.The present invention provides the industrial control network dynamic security method of raw safety in one kind, its traditional industry control network security system there are aiming at the problem that, multimode, dynamic, transparent safe commissioner's office's channel are constructed on open ethernet communication chain road, effective unauthorized access for preventing to carry out automatic network, man-in-the-middle attack and replay attack, for change Passive Defence into Initiative Defense, variable boundary is interior raw safety safely.The present invention also provides a kind of methods that the industrial control network dynamic security method using interior raw safety carries out data transmission.
Description
Technical field
The industrial control network dynamic security method towards industry control security fields that the present invention relates to a kind of.More specifically,
The present invention relates to a kind of established between industrial control equipment multimode, dynamic, the exclusive data transmission channel of transparent safety specific side
Method.
Background technique
With information-based with industrialized depth integration and " industry 4.0 ", " intelligence manufacture ", and " internet+" are pushed away
Out and development, industrial control network is being not one closed " isolated island ", need with internet, Internet of Things depth integration, for
Huge security risk certainly will be brought for the very fragile control network of safety.
In face of control networked-induced delay, reliability requirement height, control equipment, that is, node is set for traditional Prevention-Security measure
Standby specificity is strong, it is difficult to when the particular problems such as deployment secure strategy, can only take with subregion be isolated based on depth defense skill
Art is isolated between control net, enterprise network and extranets by firewall layer by layer.
But controlling network itself is still an open system, specific manifestation are as follows: communications protocol is open, and data clear text passes
Defeated, data validation, integrity verification are insufficient, control and lack authentication and access control etc. between equipment, to across firewall
Attack and Intranet attack are hard to work, the prevention policies taken also based on Passive Defence traditional, based on priori knowledge,
Lack variation, protection effect is to be improved.
Summary of the invention
It is excellent it is an object of the invention to solve at least the above problems and/or defect, and provide at least to will be described later
Point.
It is a still further object of the present invention to provide the industrial control network dynamic security methods of safety raw in one kind, are directed to
Traditional industry control network security system there are the problem of, on open ethernet communication chain road construct multimode, dynamic,
Transparent safe exclusive channel effectively prevents the unauthorized access for carrying out automatic network, man-in-the-middle attack and replay attack, becomes passive anti-
It drives as Initiative Defense, variable boundary is interior raw safety safely.
It is a still further object of the present invention to provide a kind of industrial control network dynamic security method using interior raw safety into
The method of row data transmission, this method can controlled in the case where not influencing control system agreement and data packet routes
Multimode, dynamic, transparent safe exclusive channel are established between control equipment, effectively evade the control various peaces of network opening bring
Full blast danger gets rid of the dependence to firewall and security gateway by controlling the Initiative Defense function of network itself.
In order to realize object of the present invention and further advantage, the industrial control network for providing raw safety in one kind is dynamic
State defence method by carrying out dynamic reconfigurable to Encryption Algorithm, and combines key and authenticates the dynamic change of password, in network
Transport layer carries out safe reconstruct to the IP packet that need to be transmitted, to establish commissioner's office's data transmission of interior raw safety between node device
Channel.
Preferably, wherein in the method for carrying out dynamic reconfigurable to Encryption Algorithm, the repeating query time of the Encryption Algorithm
Dynamic random variation of the number between 8-12, to realize the dynamic restructuring of Encryption Algorithm, and each node in industrial control network
Between ensure the consistency of dynamic restructuring process and result by synchronous coordination method.
Preferably, wherein key and the dynamic change method for authenticating password include:
Changed by the dynamic random of initial key, using the AES key expansion algorithm of standard, generates 48 32 dynamics
Sub-key;
XOR operation is carried out based on first dynamic sub-key and the last one dynamic sub-key, to obtain dynamic authentication mouth
It enables;
Ensure the one of dynamic restructuring process and result by synchronous coordination method between node each in industrial control network
Cause property.
Preferably, wherein key and the dynamic generation algorithm for authenticating password include:
64 user's preset passwords are split, high 32 initial conditions as linear feedback shift register,
Low 32 participations subsequent arithmetic;
32 pseudo random numbers are generated by LFSR linear feedback shift register;
"AND", "or", NOT sum exclusive logic fortune are carried out respectively by low 32 of pseudo random number and user's preset password
It calculates, obtains 4 groups of medians (C1, C2, C3, C4);
4 groups of medians are merged, one 128 initial keys are generated;
Using the AES key expansion algorithm of standard, 48 32 dynamic sub-key W0~W47 are generated;
To W0With W47Dynamic sub-key carries out XOR operation, to obtain the dynamic authentication for data source legitimate verification
Password S.
Preferably, wherein the method for the synchronous coordination includes:
Identical Dynamical Secret Key Building Algorithm is implanted into the multimode judgment device of each network node and dynamic reconfigurable adds
Close algorithm;
The multimode judgment device of any one node in industrial control network is chosen as management node, to other nodes
Dynamic restructuring process synchronize control;The multimode judgment device of management node irregularly starts dynamic restructuring event, with certainly
The dynamic pseudo random number one generated between one 8~12, the repeating query number as Encryption Algorithm, and generate one 64 it is pseudo- with
Machine number two, as the seed for generating dynamic key, to obtain the basic information for dynamic restructuring, and will by broadcasting packet
Basic information encryption is sent in the multimode judgment device of other nodes in network;
The multimode judgment device of other nodes obtains basic information from broadcasting packet, to reconstruct AES according to repeating query number
Encryption Algorithm, and unified dynamic key and certification password are generated according to key seed value, realize the synchronous coordination between node.
Preferably, wherein the foundation of the exclusive data transmission channel of safety, by being connected on each node device ether
Multimode judgment device hardware realization on net communication link.
Preferably, wherein the multimode judgment device includes:
One FPGA with dynamic reconfigurable function;
Two separate network chips being connected on FPGA;
Toggle switch is arranged in one function;
Two panels memory device;
Three independent data processing engines being built in FPGA.
Preferably, wherein in the method that IP packet is reconstructed safely, comprising:
The multimode judgment device that source is transmitted by being located at data intercepts and captures the IP of its corresponding node sending on communication link
Original message;
IP original message data section of the multimode judgment device based on acquisition, is separately added into its tail portion and recognizes for identity
The certification password information of card and access control, for the time tag information of replay attack protection and for integrity protection
Summary info;
The multimode judgment device utilizes dynamic key and Encryption Algorithm, to be inserted into the relevant information of data segment trailer into
Row encryption, to form the safe packet after reconstruct.
Preferably, wherein the relevant information for being inserted into IP original message data segment trailer further includes safe packet fragment
Mark;
Wherein, the message fragment is that IP original message that length is greater than 1500 bytes is into two pieces, by first, the
Two segmental identifications are respectively configured as 01H, 10H, and configure the segmental identification that message length is no more than 1500 bytes to
00H。
A kind of method carried out data transmission using the industrial control network dynamic security method, comprising:
The IP packet of its corresponding node equipment transmission is obtained in the multimode judgment device of source, in the data field tail of message
Portion is sequentially inserted into dynamic authentication password information, time tag information and summary info, and encrypts to these information, is formed
Safe packet, then carried out data transmission by disclosed internet;
The safe packet for being sent to target object is intercepted and captured in the multimode judgment device of target side, passes through the dynamic authentication in message
Password information, time tag information and summary info carry out legitimacy, integrality, timeliness sex determination, filter out various illegal
Data packet, will valid data message reduction after be transmitted to corresponding node device, with established between node device multimode,
Dynamically, transparent safe proprietary information transmission channel.
The industrial control network dynamic security method of interior raw safety proposed by the invention, successively includes following content:
First, safe packet building method, refers specifically to intercept and capture the IP packet that control equipment is sent in source, in data field tail
Portion is sequentially inserted into " dynamic authentication password " for authentication and access control, " the time label " for replay attack protection
With " abstract " protected for the property completed, and these key messages are encrypted, forms safe packet, then pass through open network
Transmission.
Second, safe packet parsing, verifying, restoring method, refer specifically to be sent to the safety report of target object in eye end intercepting and capturing
Text filters out various invalid data packets by legitimacy, integrality, timeliness sex determination, will be transmitted to after the reduction of valid data report
Control equipment.
Third, security mechanism dynamic reconfiguration method, refers specifically to Encryption Algorithm, key used by secure transfer protocol and recognizes
The variation of password dynamic random is demonstrate,proved, security protocol itself is made to have multimode, dynamic, random Initiative Defense characteristic.
Fourth, the synchronisation control means of dynamic restructuring link, refers specifically to management node start by set date dynamic restructuring event, it is raw
Other nodes are passed information at the essential information for reconstruct, and by broadcasting packet, it is made to utilize identical kind of Ziwen
Part (algorithm) generates consistent dynamic key, certification password and Encryption Algorithm.
The present invention is include at least the following beneficial effects:
First, the dynamic security method of interior raw safety of the invention, can not influence control system agreement and
Data packet establishes multimode, dynamic safe exclusive channel between control equipment, effectively evades control network in the case where
The open various security risks of bring are got rid of by controlling the Initiative Defense function of network itself to firewall and safety net
The dependence of pass.
Second, the dynamic security method of interior raw safety of the invention, this method pass through certification password, key and Encryption Algorithm
Dynamic change, change Passive Defence keeps the attack based on priori knowledge hard to work, further increases control into Initiative Defense
The Prevention-Security performance of network processed.
Third, the dynamic security method of interior raw safety of the invention, this method is by being connected on ethernet communication chain road
Special hardware realize, to control device transparency, do not change the inherent characteristic of industrial control system, easy promotion and implementation,
The tandem working mode of the hardware implementation method and external hanging type based on FPGA proposed, ensures control network to the full extent
Real-time, effectively evaded the closing of control equipment (such as PLC) kernel and be difficult to the practical problem of deployment secure strategy.
Further advantage, target and feature of the invention will be partially reflected by the following instructions, and part will also be by this
The research and practice of invention and be understood by the person skilled in the art.
Detailed description of the invention
Fig. 1 is safe packet lattice in the industrial control network dynamic security method of safety raw in one embodiment of the present of invention
The structural schematic diagram of formula;
Fig. 2 is safe packet structure in the industrial control network dynamic security method of safety raw in one embodiment of the present of invention
Make flow chart;
In industrial control network dynamic security method of the Fig. 3 to give birth to safety in one embodiment of the present of invention at safe packet
Set flow chart;
Fig. 4 is dynamic restructuring machine in the industrial control network dynamic security method of safety raw in one embodiment of the present of invention
The flow diagram of system;
Fig. 5 is that multimode judgement fills in the industrial control network dynamic security method of raw safety in one embodiment of the present of invention
Set system structure composition schematic diagram;
Fig. 6 be in one embodiment of the present of invention in the industrial control network dynamic security method of raw safety dynamic password and
The flow diagram of key schedule.
Specific embodiment
Present invention will be described in further detail below with reference to the accompanying drawings, to enable those skilled in the art referring to specification text
Word can be implemented accordingly.
It should be appreciated that such as " having ", "comprising" and " comprising " term used herein do not allot one or more
The presence or addition of a other elements or combinations thereof.
The way of realization of the industrial control network dynamic security method of raw safety in one kind according to the present invention, now in conjunction with
The present invention is described further for lower 6 examples.
In example 1, safe packet format is given in conjunction with Fig. 1, specifically safe packet is in TCP/IP message 101
On the basis of be defined, in data field, 102 back segment is sequentially inserted into " certification password " 103, " time label " 104, " abstract "
The additional informations such as 105 and " segmental identification " 106 form new data field 107, and encrypt to new data, ultimately form peace
Full message 108.
In specific implementation, safe packet field definition is as shown in Figure 1:
IP header: 20 bytes, in safe packet construction process, only " total length " and " header check and " field according to
Data field length value changes, and other fields remain unchanged;
Password: 4 bytes is authenticated, is authenticated for data source legitimacy, is accessed control using the field, illegal visit is prevented
Ask the transmitting of data packet;
Time label: 6 bytes, the timeliness for data source are verified, and carry out Replay Attack protection using the field;
Abstract: 16 bytes prevent data tampering and forgery for the integrity verification of data source;
In example 2, in conjunction with Fig. 2 give source safe packet construct process, specifically the following steps are included:
The first step 201: the original IP packet that control equipment is sent is intercepted and captured from ethernet communication chain road.
Second step 202: " dynamic authentication password " and " time label " are sequentially inserted into former data field tail portion;
Third step 203: using MD5 algorithm to the source address in message, purpose location, TCP header, former data field and slotting
Added field entered etc. carries out hash operations, generates digest value, and be inserted into after " time label ".
4th step 204: utilizing dynamic key and AES encryption algorithm, encrypt to the data field of new message, forms safety
Message;
5th step 205: message fragment is classified as two panels, first fragment if message length is greater than 1500 bytes
Mark is set as " 01H ", and second segmental identification is set as " 10H ", if message length is no more than 1500 bytes, segmental identification is set
The 6th step is directly entered for " 00H " (indicating no fragment);
6th step 206: calculating message length, modifies " total length " and " stem verification with " field of IP header, other words
Section remains unchanged;
6th step 207: safe packet is sent to network, is transmitted by interchanger.
In example 3, give the safe packet disposal process of eye end in conjunction with Fig. 3, specifically the following steps are included:
The first step 301: the IP packet (safe packet) that interchanger issues target device is intercepted and captured from network;
Second step 302: fragment assembling.Judge whether the message has carried out fragment according to segmental identification first, nothing then enters
Third step has and the message is then stored in buffer area, and scans in buffer area whether there is or not matching fragment, after having duty to be assembled
Into third step, nothing then returns to listening state;
Third step 303: data field is decrypted;
4th step 304: integrity verification is carried out to data packet according to digest value, distorts, abandons the data packet;
5th step 305: legitimate verification is carried out to data packet according to certification password, does not conform to rule and abandons the data packet;
6th step 306: timeliness verifying is carried out to data packet according to time label, time consistency is unsatisfactory for requiring then to lose
Abandon data packet;
7th step 307: deleting the additional information in data packet, restores IP packet;
8th step 308: the original IP packet after reduction is sent to target device.
In example 4, the realization process of dynamic reconfiguration method is given in conjunction with Fig. 4, specifically includes the following contents:
The identical Dynamical Secret Key Building Algorithm of implantation, AES encryption are calculated in all " industrial network multimode judgment device "
Method and user's preset password;
Some " industrial network multimode judgment device " is chosen dynamic restructuring process is synchronized and controlled as management node
System.Specific implementation step is as follows:
Step 1: management node is under the driving of cycle timer 401, clocked flip dynamic restructuring event passes through random number
Two pseudo random numbers that generator 402 generates, one 404 is used to generate the seed of dynamic key, and one 405 is calculated for encrypting
The repeating query number of method;
Step 2: seed of the management section by random number 1 and user's preset password 406 as Dynamical Secret Key Building Algorithm 407
Value input generates dynamic key 409 and certification password 410 by calculating;
Step 3: management node is reset according to repeating query number of the random number 2 to AES encryption algorithm 408, complete
Encryption Algorithm reconstruct;
Step 4: encrypted transmission gives other equipment by two random numbers by broadcasting packet 411 after completing itself reconstruct;
Step 5: other equipment adopt execution dynamic restructuring algorithm identical with management node after receiving broadcasting packet, generate
Completely the same dynamic key and dynamic authentication password, is completed at the same time the dynamic restructuring of Encryption Algorithm.
In example 5, the realization process of dynamic password and key schedule is given in conjunction with Fig. 6, specifically includes
Following steps:
Step 1: user's preset password 501 by 64 is split, high 32 are used as linear feedback shift register
502 initial conditions, low 32 participations subsequent arithmetic;
Step 2: generating 32 pseudo random numbers 503 by LFSR linear feedback shift register 502;
Step 3: carrying out "AND", "or", NOT sum distance respectively for low 32 of pseudo random number and user's preset password
Logical operation 504 obtains 4 groups of medians 505;
Step 4: 4 groups of medians C1, C2, C3, C4 are merged, one 128 initial key inputs 506 are generated;
Step 5: generating 48 dynamic sub-keys 508 using the AES key expansion algorithm 507 of standard;
Step 6: carrying out XOR operation 509 to first dynamic sub-key and the last one dynamic sub-key, dynamic is obtained
Authenticate password 510.
In example 6, the system structure of multimode judgment device is given in conjunction with Fig. 5, is specifically included:
One fpga chip 601 with dynamic reconfigurable function, for algorithm and the hardware realization of process;
Two separate network chips 602 being connected on FPGA, receiving and transmission for IP packet;
A piece of SDRAM603 is used for data pack buffer;
A piece of flash604 is permanently stored for user configuration information;
One toggle switch 605, the setting for node type;
Three independent data processing engines being built in FPGA, wherein 607 are used for the construction of safe packet, 608 are used
It is disposed in safe packet, 609 are used for security system dynamic restructuring.
Number of devices and treatment scale described herein are for simplifying explanation of the invention.To Nei Shengan of the invention
The application of complete industrial control network dynamic security method and related algorithm, modifications and variations are to one skilled in the art
It is obvious.
Although the embodiments of the present invention have been disclosed as above, but its is not only in the description and the implementation listed
With.It can be applied to various suitable the field of the invention completely.It for those skilled in the art, can be easily
Realize other modification.Therefore without departing from the general concept defined in the claims and the equivalent scope, the present invention is simultaneously unlimited
In specific details and legend shown and described herein.
Claims (9)
1. the industrial control network dynamic security method of raw safety in one kind, which is characterized in that by being moved to Encryption Algorithm
State is restructural, and combines key and authenticate the dynamic change of password, carries out safe reconstruct to IP packet in transport network layer, with
The raw exclusive data transmission channel of safety in being established between node device;
Wherein, the dynamic change method of the key and certification password includes:
Changed by the dynamic random of initial key, using the AES key expansion algorithm of standard, it is close to generate 48 32 dynamic
Key;
XOR operation is carried out to first dynamic sub-key and the last one dynamic sub-key, to obtain dynamic authentication password;
Ensure the consistency of dynamic restructuring process and result by synchronous coordination method between node each in industrial control network.
2. the industrial control network dynamic security method of raw safety in as described in claim 1, which is characterized in that encryption
Algorithm carries out in the method for dynamic reconfigurable, and the repeating query number of Encryption Algorithm dynamic random between 8~12 changes, and
Ensure the consistency of dynamic restructuring process and result in industrial control network between each node by synchronous coordination method.
3. the industrial control network dynamic security method of raw safety in as described in claim 1, which is characterized in that key and recognize
Card password dynamic generation algorithm include:
64 user's preset passwords are split, high 32 initial conditions as linear feedback shift register, low 32
Position participates in subsequent arithmetic;
32 pseudo random numbers are generated by LFSR linear feedback shift register;
"AND", "or", NOT sum exclusive logic operation are carried out respectively by low 32 of pseudo random number and user's preset password, are obtained
To 4 groups of medians C1, C2, C3, C4;
4 groups of medians are merged, one 128 initial keys are generated;
Using the AES key expansion algorithm of standard, 48 32 dynamic sub-keys are generated;
First dynamic sub-key and last sub- dynamic key are subjected to XOR operation, to obtain for data source legitimacy
The dynamic authentication password S of verifying.
4. the industrial control network dynamic security method of raw safety in as claimed in claim 2, which is characterized in that the synchronization
The method of coordination includes:
It is implanted into identical Dynamical Secret Key Building Algorithm in the multimode judgment device of each network node and dynamic reconfigurable encryption is calculated
Method;
The multimode judgment device of any one node in industrial control network is chosen as management node, to move to other nodes
State restructuring procedure synchronizes control;
The multimode judgment device of management node irregularly starts dynamic restructuring event, to automatically generate the puppet between one 8~12
Random number one, the repeating query number as Encryption Algorithm, and one 64 pseudo random numbers two are generated, it is used as and generates dynamic key
Seed, to obtain the basic information for dynamic restructuring, and basic information encryption is sent to by net by broadcasting packet
In network in the multimode judgment device of other nodes;
The multimode judgment device of other nodes obtains basic information from broadcasting packet, to reconstruct AES encryption according to repeating query number
Algorithm, and unified dynamic key and certification password are generated according to key seed value, realize the synchronous coordination between node.
5. the industrial control network dynamic security method of raw safety in as described in claim 1, which is characterized in that the safety
The foundation of exclusive data transmission channel, by the multimode judgment device hardware for being connected on each node device ethernet communication chain road
It realizes.
6. the industrial control network dynamic security method of raw safety in as claimed in claim 5, which is characterized in that the multimode
Judgment device includes:
One FPGA with dynamic reconfigurable function;
Two separate network chips being connected on FPGA;
Toggle switch is arranged in one function;
Two panels memory device;
Three independent data processing engines being built in FPGA.
7. the industrial control network dynamic security method of raw safety in as described in claim 1, which is characterized in that in IP packet
In the method reconstructed safely, comprising:
The multimode judgment device that source is transmitted by being located at data, the IP that the sending of its corresponding node is intercepted and captured on communication link are original
Message;
IP original message data section of the multimode judgment device based on acquisition, be separately added into for authentication in its tail portion and
The certification password information of access control, for the time tag information of replay attack protection and for the abstract of integrity protection
Information;
The multimode judgment device utilizes dynamic key and Encryption Algorithm, adds to the relevant information for being inserted into data segment trailer
It is close, to form the safe packet after reconstruct.
8. the industrial control network dynamic security method of raw safety in as claimed in claim 7, which is characterized in that be inserted into IP
The relevant information of original message data segment trailer further includes safe packet segmental identification;
Wherein, the safe packet fragment is that IP original message that length is greater than 1500 bytes is into two pieces, by first, the
Two segmental identifications are respectively configured as 01H, 10H, and configure the segmental identification that message length is no more than 1500 bytes to
00H。
9. it is a kind of application as described in claim 1-8 any one industrial control network dynamic security method between industrial control equipment
Establish the implementation method of the exclusive data transmission channel of safety characterized by comprising
The multimode judgment device of source obtain its corresponding node equipment transmission IP packet, with the data field tail portion of message according to
Secondary insertion dynamic authentication password information, time tag information and summary info, and these information are encrypted, form safety
Message, then carried out data transmission by disclosed internet;
The safe packet for being sent to target object is intercepted and captured in the multimode judgment device of target side, passes through the dynamic authentication password in message
Information, time tag information and summary info carry out legitimacy, integrality, timeliness sex determination, filter out various invalid datas
Packet will be transmitted to corresponding node device after the reduction of valid data message, to establish multimode between node device, move
State, the exclusive data transmission channel of transparent safety.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710338986.7A CN107065750B (en) | 2017-05-15 | 2017-05-15 | The industrial control network dynamic security method of interior raw safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710338986.7A CN107065750B (en) | 2017-05-15 | 2017-05-15 | The industrial control network dynamic security method of interior raw safety |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107065750A CN107065750A (en) | 2017-08-18 |
| CN107065750B true CN107065750B (en) | 2019-04-02 |
Family
ID=59597207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710338986.7A Active CN107065750B (en) | 2017-05-15 | 2017-05-15 | The industrial control network dynamic security method of interior raw safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107065750B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111163022B (en) * | 2018-11-08 | 2023-01-10 | 深圳市中兴微电子技术有限公司 | Message transmission method and device and computer readable storage medium |
| CN110795754B (en) * | 2019-11-12 | 2022-02-18 | 中核控制系统工程有限公司 | Information security maintenance method based on FPGA |
| CN111132153B (en) * | 2019-12-19 | 2021-07-09 | 中山大学 | Endogenous safety communication method based on wireless channel characteristics |
| CN111556132B (en) * | 2020-04-26 | 2021-03-23 | 湖南大学 | Method and system for generating intelligent defense schematic diagram for industrial Internet of things |
| CN111487658A (en) * | 2020-06-02 | 2020-08-04 | 西安沣华电子科技有限责任公司 | High-reliability GPS line patrol system for unmanned automobile and working method thereof |
| CN112969184B (en) * | 2021-02-07 | 2023-03-28 | 中国联合网络通信集团有限公司 | Endogenous security control method for 6G network, electronic device and storage medium |
| CN114115099B (en) * | 2021-11-08 | 2024-01-02 | 浙江高信技术股份有限公司 | PLC system supporting network security |
| CN114615354B (en) * | 2022-04-12 | 2024-09-13 | 支付宝(杭州)信息技术有限公司 | Method and device for processing message |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100338923C (en) * | 2002-10-31 | 2007-09-19 | 中兴通讯股份有限公司 | Method of realizing IP message partition and recombination based on network processor |
| CN100454806C (en) * | 2004-07-29 | 2009-01-21 | 北京航空航天大学 | Safety group broadcast management system and method |
| CN100423507C (en) * | 2006-12-06 | 2008-10-01 | 胡祥义 | VPN system based on dynamic encryption algorithm |
| CN102932354A (en) * | 2012-11-02 | 2013-02-13 | 杭州迪普科技有限公司 | Verification method and device for internet protocol (IP) address |
| CN103457931B (en) * | 2013-08-15 | 2016-08-10 | 华中科技大学 | A kind of network deception and the active defense method of counteroffensive |
| CN104580248A (en) * | 2015-01-27 | 2015-04-29 | 中復保有限公司 | Secured logon method for variable secret key encryption under HTTP |
-
2017
- 2017-05-15 CN CN201710338986.7A patent/CN107065750B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN107065750A (en) | 2017-08-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107065750B (en) | The industrial control network dynamic security method of interior raw safety | |
| Aman et al. | Low power data integrity in IoT systems | |
| Amoah et al. | Securing DNP3 broadcast communications in SCADA systems | |
| Gaba et al. | Robust and lightweight key exchange (LKE) protocol for industry 4.0 | |
| Wang | sSCADA: securing SCADA infrastructure communications | |
| CN101917270B (en) | Weak authentication and key agreement method based on symmetrical password | |
| CN105162599B (en) | A kind of data transmission system and its transmission method | |
| CN103037367B (en) | Cipher hash computing based authentication method in wireless sensor network | |
| CN105610848A (en) | Centralized data preservation method and system with source data security guaranty mechanism | |
| Sani et al. | Xyreum: A high-performance and scalable blockchain for iiot security and privacy | |
| RU2645597C2 (en) | Method of authentication in data hidden terminal transmission channel | |
| CN105610837A (en) | Method and system for identity authentication between master station and slave station in SCADA (Supervisory Control and Data Acquisition) system | |
| CN104780177A (en) | Information security guarantee method of internet of things sensing device cloud simulation system | |
| Musa et al. | Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security | |
| Li et al. | Lightweight secure communication mechanism towards UAV networks | |
| CN102892113B (en) | Method for safety transmission of data between nodes in hierarchical wireless sensor network | |
| CN101299752B (en) | Method for establishing cipher protocol security based on trustful greenness | |
| Kobeissi | Formal verification for real-world cryptographic protocols and implementations | |
| Zhang et al. | Old School, New Primitive: Toward Scalable PUF-Based Authenticated Encryption Scheme in IoT | |
| CN108768958B (en) | Verification method for data integrity and source based on no leakage of verified information by third party | |
| Yun et al. | Dynamic Defense Methods for Endogenously Secure Industrial Control Networks | |
| RU2287222C1 (en) | Method for generating cryptographic-algorithm sync pulses in communication systems incorporating provision for simulation protection and privacy of messages transferred | |
| CN110233735B (en) | Comprehensive safety protection method and system for grid-connected power station industrial control system | |
| Wei et al. | An Efficient and Secure DAG-based LoRaWAN System | |
| Alqallaf | Towards a safe and secure internet of things critical infrastructure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |