CN110493257A - Session key management method in a kind of water conservancy industrial control system encryption equipment - Google Patents

Session key management method in a kind of water conservancy industrial control system encryption equipment Download PDF

Info

Publication number
CN110493257A
CN110493257A CN201910841121.1A CN201910841121A CN110493257A CN 110493257 A CN110493257 A CN 110493257A CN 201910841121 A CN201910841121 A CN 201910841121A CN 110493257 A CN110493257 A CN 110493257A
Authority
CN
China
Prior art keywords
equipment
encryption equipment
encryption
session key
fieldbus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910841121.1A
Other languages
Chinese (zh)
Inventor
陈宁
高祥涛
王美玲
朱月
曹晓宁
张磊
王培�
陈辉
陆明
赵峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Province Hydrology And Water Resources Investigation Bureau
Original Assignee
Jiangsu Province Hydrology And Water Resources Investigation Bureau
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Province Hydrology And Water Resources Investigation Bureau filed Critical Jiangsu Province Hydrology And Water Resources Investigation Bureau
Priority to CN201910841121.1A priority Critical patent/CN110493257A/en
Publication of CN110493257A publication Critical patent/CN110493257A/en
Priority to PCT/CN2020/085870 priority patent/WO2021042735A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses session key management methods in a kind of water conservancy industrial control system encryption equipment, by conversating distribution, update and the removal of key for the encryption equipment for accessing water conservancy industrial control system, the distributed credible of each node on water conservancy industrial control system fieldbus is realized.On water conservancy industrial control system fieldbus, deployment encryption equipment between the node and bus of bus is accessed for each, and the session key based on symmetric encipherment algorithm is distributed to each encryption equipment, the authentication that equipment can be realized has the advantages that access efficiency is high, time overhead is small, compatible strong relative to rivest, shamir, adelman.The present invention is without being transformed existing bus-network topological structure, resistivity with higher for man-in-the-middle attack.It can reduce in the automatic control system of water conservancy industry, the security risk generated due to fieldbus channel is invaded, provide reliable safety guarantee for critical infrastructure in national economy field.

Description

Session key management method in a kind of water conservancy industrial control system encryption equipment
Technical field
The invention belongs to session keys in information technology field more particularly to a kind of water conservancy industrial control system encryption equipment Management method.
Background technique
In the existing water conservancy industrial control system in China, most use site buses between host computer and slave computer Network implementations data communication, communication protocol are mostly Modbus.The structure of Modbus application data (ADU) is in security of system There are higher fragility for aspect: protocol Data Unit (PDU) therein lacks confidentiality with plaintext transmission;Completeness check Mechanism is too simple, is easily tampered;There is no any repellence to Replay Attack.In order to be directed in fieldbus networks due to above-mentioned Security risk caused by fragility, can be by disposing between automation control appliances, with fieldbus in host computer, slave computer etc. Equipment is encrypted, realizes the safe transmission of ADU.How the key of such encryption equipment is managed, is currently one and relatively attaches most importance to The problem of wanting.
Due to the lower traffic rate of Channel Sharing characteristic and automation control appliance of bus-network, at the scene Individual Public Key Infrastructure (PKI) is established in bus and authentication center (CA) realizes the encryption key distribution and management of centralization, it will The efficiency of system can be produced bigger effect, it could even be possible to causing the reduction of availability.
Therefore, how under the premise of guaranteeing system effectiveness and availability, the fieldbus letter of a set of decentralization is designed Road encrypted device keys management method realizes convenient, efficient encryption key distribution, update and removal, improves for man-in-the-middle attack Resistivity, prevent unwarranted illegality equipment monitor on the channel of bus, intercept at the scene, altered data monitoring and control Information processed reduces the safety generated due to fieldbus channel is invaded in the industrial automation control system of water conservancy industry Risk provides reliable safety guarantee for critical infrastructure in national economy field, be one have it is higher academic and The project of application value.
Summary of the invention
Goal of the invention: in view of the above problems, the present invention proposes that session is close in a kind of water conservancy industrial control system encryption equipment Key management method realizes the distributed cryptographic device keys management function of decentralization.
Technical solution: to achieve the purpose of the present invention, the technical scheme adopted by the invention is that: a kind of water conservancy Industry Control Session key management method, includes the following steps: in system encryption equipment
S1: setting a certain field bus FB of water conservancy industrial control system, in the network object of control equipment and fieldbus Access encryption equipment between interface is managed, encryption equipment is initialized, initialization procedure includes that encryption equipment session key is raw At and encryption equipment session cipher key pre-distribution;
S2: when the address code of the control equipment DD in field bus FB changes, it is that control equipment DD is connected plus Close equipment session key is updated, and renewal process includes generating the encryption equipment new session key, cancel former session key with And encryption equipment session cipher key pre-distribution;
S3: when the control equipment DD in field bus FB is temporarily or permanently disconnected and other equipment in field bus FB Logical connection, the session key in encryption equipment connected to control equipment DD carries out removal processing, removes process packet The session key resetting of the encryption equipment is included, and the encryption equipment original cipher key is encrypted from other each in field bus FB It is deleted in equipment.
Further, pair encryption equipment described in step S1 initializes;Method is as follows:
Using the symmetrical encryption module built in encryption equipment, a session key PK is generated, corresponding symmetric cryptography is calculated Method includes but is not limited to DES, AES, SM1;If the address code for encrypting the control equipment of equipment connection is DADR;
Using PK, DADR as a binary group, write-in is encrypted in the memory of equipment, which includes but is not limited to NAND Flash,eMMC;It using PK, DADR as a binary group, exports into mobile device MD, in case pre-allocation stage makes With the form of mobile device MD includes but is not limited to mobile hard disk, USB flash disk, SD card;
After the session keys of all encryption equipment generate in completion field bus FB, each encryption equipment is executed respectively Predistribution operation, after the completion of predistribution, initialization procedure terminates.
Further, predistribution operation is executed respectively to each encryption equipment in field bus FB;Method is as follows:
If encryption equipment connection control equipment be main equipment (Master), by field bus FB it is all connection other from It exports to binary group PK, DADR of mobile device MD in the encryption equipment of equipment (Slave), is respectively written into and is connect with main equipment In the memory of the encryption equipment;
If the control equipment for encrypting equipment connection is from equipment (Slave), by uniquely connection master sets in field bus FB It is exported in the encryption equipment of standby (Master) to binary group PK, DADR of mobile device MD, what write-in was connect with from equipment should add In the memory of close equipment.
Further, described in step S2 when the address code of the control equipment DD in field bus FB changes, control is set The encryption equipment session key that standby DD is connected is updated;If the raw address code for controlling equipment DD is DADR, for its connection Encryption equipment, update method is as follows:
S2.1: using the symmetrical encryption module built in the encryption equipment, a session for regenerating the encryption equipment is close Key PK_NEW, corresponding symmetric encipherment algorithm include but is not limited to DES, AES, SM1;If the new address code of control equipment DD is DADR_NEW;
It using PK_NEW, DADR_NEW as a binary group, is written in the memory of the encryption equipment, and covers the encryption Former binary group PK, DADR of equipment;Using PK_NEW, DADR_NEW as a binary group, export to mobile device MD, and cover Former binary group PK, DADR of the stored encryption equipment in MD, in case pre-allocation stage uses, the form packet of mobile device MD Include but be not limited to mobile hard disk, USB flash disk, SD card;
S2.2: after the new session key generation for completing the encryption equipment, other each encryption in field bus FB is set Back-up Zhi Hang not cancel encryption equipment original session key operation, if depositing in the memory of other encryption equipment in field bus FB In former binary group PK, DADR for the encryption equipment having been written into, which is deleted;
S2.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, to the encryption equipment Execute predistribution operation;
If the changed control equipment DD of the address code that the encryption equipment is connected be main equipment (Master), by this plus Close equipment is exported to binary group PK_NEW, DADR_NEW of mobile device MD, be respectively written into field bus FB it is all connection its He is from the memory of the encryption equipment of equipment (Slave);
If the changed control equipment DD of the address code that the encryption equipment is connected be from equipment (Slave), by this plus Close equipment is exported to binary group PK_NEW, DADR_NEW of mobile device MD, is written and is uniquely connected main set in field bus FB In the memory of the encryption equipment of standby (Master);
After the completion of S2.4: step S2.3 executes predistribution, renewal process terminates.
Further, described in step S3 when the control equipment DD in field bus FB temporarily or permanently disconnect it is total with scene The logical connection of other equipment on line FB removes the session key in encryption equipment that control equipment DD is connected; If the raw address code of control equipment DD is DADR, for encryption equipment connected to it, removing method is as follows:
S3.1: if there is binary group PK, DADR having been written into the memory of the encryption equipment, which being deleted, The memory of the encryption equipment is reset into reset condition;
S3.2: after the completion of the encryption equipment replacement, other each encryption equipment in field bus FB is executed respectively and is removed Sell encryption equipment original session key operation;If there is the original for the encryption equipment having been written into the memory of other encryption equipment Binary group PK, DADR deletes the binary group;
S3.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, removal process terminates.
The utility model has the advantages that compared with prior art, technical solution of the present invention has technical effect beneficial below:.
The present invention passes through the method that symmetric session keys are distributed offline, update and removed, and realizes fieldbus channel and adds The distributed management of close device keys decentralization.In the fieldbus networks of existing water conservancy industrial control system, without building Found individual Public Key Infrastructure (Public Key Infrastructure) and authentication center (Certificate Authority), the authentication of control equipment can be realized, there is stronger equipment compatibility.The present invention is compatible existing total Linear topology network can effectively prevent unwarranted illegal without being transformed to fieldbus physical layer and link layer Equipment is implemented on the channel of bus the man-in-the-middle attacks such as monitor, intercept, distorting at the scene.Compared with asymmetrical encryption approach, this Symmetric encryption scheme of the invention employed in session key has the characteristics that access efficiency is high, time overhead is few, thus is setting Competitive advantage with higher in standby cost and node processing time delay, can reduce under the premise of saving computing resource in water conservancy The security risk of fieldbus channel in the industrial control system of industry mentions critical infrastructure in national economy field For reliable safety guarantee.
Detailed description of the invention
Fig. 1 is the method for the present invention hierarchical chart;
Fig. 2 is initialization flowchart of the present invention;
Fig. 3 is that the present invention updates flow chart;
Fig. 4 is that the present invention removes flow chart.
Specific embodiment
Further description of the technical solution of the present invention with reference to the accompanying drawings and examples.
If in certain water conservancy industrial control system, in a field bus FB, being respectively present control equipment D1, D2, D3, wherein D1 is host computer, is set as master mode, address 0x01;D2, D3 are slave computer, are set as slave mode, address is respectively 0x02,0x03.Control equipment D1, D2, D3 are connected directly to field bus FB, do not dispose any add between field bus FB Close equipment.
Session key management method in a kind of encryption equipment of water conservancy industrial control system described in the present embodiment, such as Fig. 1 institute Show, comprising the following steps:
S1: by new encryption equipment ND1, ND2, ND3 respectively be deployed to control equipment D1, D2, D3 and field bus FB it Between, following operation successively is executed to ND1, ND2, ND3:
Using the symmetrical encryption module built in ND1, a session key PK1 is generated, corresponding symmetric encipherment algorithm is SM1.The address code DADR1 of the control equipment D1 of ND1 connection is 0x01, and using PK1, DADR1 as a binary group, ND1 is written Memory in, the memory be NAND Flash.Using PK1, DADR1 as a binary group, export into mobile device MD, The form of mobile device MD is USB flash disk.
Using the symmetrical encryption module built in ND2, a session key PK2 is generated, corresponding symmetric encipherment algorithm is SM1.The address code DADR2 of the control equipment D2 of ND2 connection is 0x02, and using PK2, DADR2 as a binary group, ND2 is written Memory in, the memory be NAND Flash.Using PK2, DADR2 as a binary group, export into mobile device MD.
Using the symmetrical encryption module built in ND3, a session key PK3 is generated, corresponding symmetric encipherment algorithm is SM1.The address code DADR3 of the control equipment D3 of ND3 connection is 0x03, and using PK3, DADR3 as a binary group, ND3 is written Memory in, the memory be NAND Flash.Using PK3, DADR3 as a binary group, export into mobile device MD.
The control equipment D1 of ND1 connection is main equipment (Master), connects other from equipment for all in field bus FB (Slave) it is exported in encryption equipment ND2, ND3 of D2, D3 to binary group PK2, DADR2 and PK3, the DADR3 of mobile device MD, It is respectively written into the memory of ND1.
The control equipment D2 of ND2 connection is that main equipment will be uniquely connected in field bus FB from equipment (Slave) (Master) it exports in the encryption equipment ND1 of D1 to binary group PK1, DADR1 of mobile device MD, is written in the memory of ND2.
The control equipment D3 of ND3 connection is that main equipment will be uniquely connected in field bus FB from equipment (Slave) (Master) it exports in the encryption equipment ND1 of D1 to binary group PK1, DADR1 of mobile device MD, is written in the memory of ND3.
At this point, initialization procedure terminates, the session key of oneself is written in the memory of ND1, ND2, ND3.Wherein, Address and the session key of ND2, ND3 are written in the memory of ND1, be written in the memory of ND2, ND3 the address of ND1 with Session key.Therefore, ND1 can carry out data communication with ND2, ND3 respectively, due to lacking the session of other side between ND2 and ND3 Key can not carry out data communication, realize and be isolated from the communication data of equipment room.Initialization process is as shown in Figure 2.
S2: as the control equipment D2 in field bus FB because failure needs replacing, the address code of the new equipment D2 after replacement Become 0x04 from 0x02, for the ND2 being deployed between D2 and FB, successively execute following operation:
Using the symmetrical encryption module built in ND2, a session key PK4 is regenerated, corresponding symmetric cryptography is calculated Method is SM1.The new address code DADR4 of the new equipment D2 of ND2 connection is 0x04, using PK4, DADR4 as a binary group, write-in In the memory of ND2, and cover former binary group PK2, DADR2.Using PK4, DADR4 as a binary group, exports to movement and set Standby MD, and cover stored original binary group PK2, DADR2 in MD.
Then, former binary group PK2, DADR2 that ND2 is successively searched in the memory of ND1, ND3, due to the storage of ND1 The binary group is had been written into device, therefore needs to be implemented revocation ND2 original cipher key operation, and the binary group in ND1 memory is deleted It removes.
Finally, executing predistribution operation.Since control equipment D2 is that will export from equipment (Slave) to mobile device MD Binary group PK4, DADR4, be written in field bus FB and uniquely connect the encryption equipment ND1 of main equipment (Master) D1 and deposit In reservoir.
At this point, renewal process terminates.The PK2 of original equipment D2 is removed from the memory of encryption equipment ND2, even if will Original equipment D2 can not also be communicated by encryption equipment ND2 connection field bus FB with main equipment D1.New equipment D2 can be just Often communicated with main equipment D1.More new technological process is as shown in Figure 3.
S3: when the control equipment D3 in field bus FB scraps, need permanently to disconnect with the logical connection of D1, D2, For the encryption equipment ND3 being deployed between D3 and FB, following operation is successively executed:
Due to there is binary group PK3, DADR3 having been written into the memory of ND3, first the binary group is deleted, then will The memory of ND3 resets to the state before initialization procedure.
In the memory for the encryption equipment ND1 being connect with main equipment D1 exist have been written into ND3 former binary group PK3, DADR3 deletes the binary group.
At this point, the process of removal terminates.PK3 is not present in ND1, ND2, ND3, it is logical that D3 can not carry out any data with D1 Letter.At this point, even if the D3 after scrapping is obtained by malicious attacker, it can not be in field bus FB after access encryption equipment ND3 D1, D2 attacked.When if desired connecting with encryption equipment ND3 by new control equipment and access field bus FB, then need Again encryption equipment ND1, ND2, ND3 are initialized.It is as shown in Figure 4 to remove process.
Embodiment is merely illustrative of the invention's technical idea, and this does not limit the scope of protection of the present invention, it is all according to Technical idea proposed by the present invention, any changes made on the basis of the technical scheme are fallen within the scope of the present invention.

Claims (7)

1. session key management method in a kind of water conservancy industrial control system encryption equipment, it is characterised in that: this method includes such as Lower step:
S1: for a fieldbus of water conservancy industrial control system, in the network physical interface of control equipment and fieldbus Between access encryption equipment, to encryption equipment initialize;Initialization procedure includes that encryption equipment session key generates and adds Close equipment session cipher key pre-distribution;
S2: when the address code of the control equipment on water conservancy industrial control system fieldbus changes, to the control equipment institute The encryption equipment session key of connection is updated processing;Renewal process includes generating the encryption equipment new session key, revocation Former session key and encryption equipment session cipher key pre-distribution;
S3: when the control equipment on water conservancy industrial control system fieldbus temporarily or permanently disconnect with fieldbus on its The logical connection of his equipment, the session key in encryption equipment connected to the control equipment carry out removal processing;It removed Journey includes the session key resetting of the encryption equipment, and by the encryption equipment original session key from fieldbus other are each It is deleted in platform encryption equipment.
2. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 1, special Sign is: pair encryption equipment described in step S1 initializes;Method is as follows:
Using the symmetrical encryption module built in encryption equipment, a session key PK is generated;If the control of encryption equipment connection is set Standby address code is DADR;
Using PK, DADR as a binary group, write-in is encrypted in the memory of equipment;Using PK, DADR as a binary group, lead Out into mobile device MD;
After the session keys of all encryption equipment generate on completion fieldbus, predistribution is executed respectively to each encryption equipment Operation, after the completion of predistribution, initialization procedure terminates.
3. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 2, special Sign is: executing predistribution operation respectively to each encryption equipment, the method is as follows:
If the control equipment of encryption equipment connection is main equipment (Master), other are connected from equipment by all on fieldbus (Slave) it exports in encryption equipment to binary group PK, DADR of mobile device MD, is respectively written into this connecting with main equipment and adds In the memory of close equipment;
If the control equipment of encryption equipment connection is that will uniquely connect main equipment on fieldbus from equipment (Slave) (Master) it is exported in encryption equipment to binary group PK, DADR of mobile device MD, the encryption connecting with from equipment is written In the memory of equipment.
4. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 3, special Sign is: when the address code of the control equipment on fieldbus changes described in step S2, it is that control equipment is connected plus Close device keys are updated;If the raw address code for controlling equipment is DADR, for the encryption equipment of its connection, update method is such as Under:
S2.1: using the symmetrical encryption module built in the encryption equipment, a session key PK_ of the encryption equipment is regenerated NEW;If the new address code for controlling equipment is DADR_NEW;
It using PK_NEW, DADR_NEW as a binary group, is written in the memory of the encryption equipment, and covers the encryption equipment Former binary group PK, DADR;Using PK_NEW, DADR_NEW as a binary group, export to mobile device MD, and cover in MD Former binary group PK, DADR of the stored encryption equipment;
S2.2: after the new session key generation for completing the encryption equipment, to other each encryption equipment difference on fieldbus It executes and cancels encryption equipment original session key operation, had been written into if existing in the memory of other encryption equipment on fieldbus The encryption equipment former binary group PK, DADR, which is deleted;
S2.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, which is executed Predistribution operation;
If the changed control equipment of the address code that the encryption equipment is connected is main equipment (Master), by the encryption equipment Export to binary group PK_NEW, DADR_NEW of mobile device MD, be respectively written on fieldbus all connections other from equipment (Slave) in the memory of encryption equipment;
If the changed control equipment of the address code that the encryption equipment is connected is from equipment (Slave), by the encryption equipment It exports to binary group PK_NEW, DADR_NEW of mobile device MD, is written on fieldbus and uniquely connects main equipment (Master) in the memory of encryption equipment;
After the completion of S2.4: step S2.3 executes predistribution, renewal process terminates.
5. session key manager in a kind of encryption equipment of the water conservancy industrial control system according to Claims 2 or 3 or 4 Method, it is characterised in that: described in step S3 when the control equipment on fieldbus temporarily or permanently disconnect with fieldbus on The logical connection of other equipment, the session key in encryption equipment connected to the control equipment carry out removal processing;If should The raw address code for controlling equipment is DADR, and for encryption equipment connected to it, removing method is as follows:
S3.1: if there is binary group PK, DADR having been written into the memory of the encryption equipment, which is deleted, by this The memory of encryption equipment resets to reset condition;
S3.2: after the completion of the encryption equipment replacement, executing revocation respectively to other each encryption equipment on fieldbus should add Close equipment original session key operation;If there is the former binary group for the encryption equipment having been written into the memory of other encryption equipment PK, DADR delete the binary group;
S3.3: after completing every other encryption equipment to the revocation of the encryption equipment original session key, removal process terminates.
6. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 2 or 4, It is characterized in that: using the symmetrical encryption module built in encryption equipment, generating a session key PK, corresponding symmetric cryptography is calculated Method includes but is not limited to DES, AES, SM1.
7. session key management method in a kind of water conservancy industrial control system encryption equipment according to claim 2 or 4, Be characterized in that: the memory for encrypting equipment includes but is not limited to NAND Flash, eMMC;The form of mobile device MD includes but not It is limited to mobile hard disk, USB flash disk, SD card.
CN201910841121.1A 2019-09-06 2019-09-06 Session key management method in a kind of water conservancy industrial control system encryption equipment Pending CN110493257A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910841121.1A CN110493257A (en) 2019-09-06 2019-09-06 Session key management method in a kind of water conservancy industrial control system encryption equipment
PCT/CN2020/085870 WO2021042735A1 (en) 2019-09-06 2020-04-21 Session key management method in encryption device of water conservancy industrial control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910841121.1A CN110493257A (en) 2019-09-06 2019-09-06 Session key management method in a kind of water conservancy industrial control system encryption equipment

Publications (1)

Publication Number Publication Date
CN110493257A true CN110493257A (en) 2019-11-22

Family

ID=68555555

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910841121.1A Pending CN110493257A (en) 2019-09-06 2019-09-06 Session key management method in a kind of water conservancy industrial control system encryption equipment

Country Status (2)

Country Link
CN (1) CN110493257A (en)
WO (1) WO2021042735A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988288A (en) * 2020-08-04 2020-11-24 网络通信与安全紫金山实验室 Key exchange method, system, equipment and storage medium based on network time delay
WO2021042735A1 (en) * 2019-09-06 2021-03-11 江苏省水文水资源勘测局 Session key management method in encryption device of water conservancy industrial control system
CN113014385A (en) * 2021-03-25 2021-06-22 黑龙江大学 Double-port hardware network data encryption system and method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401528A (en) * 2019-07-16 2019-11-01 河海大学 A kind of fieldbus single channel encryption device keys management method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104767618B (en) * 2015-04-03 2018-02-09 清华大学 A kind of CAN authentication method and system based on broadcast
EP3182674B1 (en) * 2015-12-14 2019-03-13 Deutsche Telekom AG System for secure communication in robot-retrofitting
CN106790053B (en) * 2016-12-20 2019-08-27 江苏大学 A kind of method of ECU secure communication in CAN bus
CN106899404B (en) * 2017-02-15 2020-06-02 同济大学 Vehicle-mounted CAN FD bus communication system and method based on pre-shared key
CN108390754B (en) * 2018-01-24 2020-12-04 上海航天芯锐电子科技有限公司 Scrambling method of chip internal bus scrambling device based on variable parameters
CN110493257A (en) * 2019-09-06 2019-11-22 江苏省水文水资源勘测局 Session key management method in a kind of water conservancy industrial control system encryption equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110401528A (en) * 2019-07-16 2019-11-01 河海大学 A kind of fieldbus single channel encryption device keys management method

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021042735A1 (en) * 2019-09-06 2021-03-11 江苏省水文水资源勘测局 Session key management method in encryption device of water conservancy industrial control system
CN111988288A (en) * 2020-08-04 2020-11-24 网络通信与安全紫金山实验室 Key exchange method, system, equipment and storage medium based on network time delay
CN113014385A (en) * 2021-03-25 2021-06-22 黑龙江大学 Double-port hardware network data encryption system and method
CN113014385B (en) * 2021-03-25 2023-09-01 黑龙江大学 Double-network-port hardware network data encryption system

Also Published As

Publication number Publication date
WO2021042735A1 (en) 2021-03-11

Similar Documents

Publication Publication Date Title
CN109412794B (en) Quantum key automatic charging method and system suitable for power business
CN110493257A (en) Session key management method in a kind of water conservancy industrial control system encryption equipment
CN109190384B (en) Multi-center block chain fusing protection system and method
CN111245597B (en) Key management method, system and equipment
WO2021008181A1 (en) Key management method for fieldbus channel encryption device
WO2020192285A1 (en) Key management method, security chip, service server and information system
CN107733654B (en) Intelligent equipment firmware updating and official user certificate distribution method based on combined key
JP2011223544A (en) Powerful hybrid key management method and session key generation method for scada system
CN105610837B (en) For identity authentication method and system between SCADA system main website and slave station
CN110855707A (en) Internet of things communication pipeline safety control system and method
CN108632251A (en) Authentic authentication method based on cloud computing data service and its Encryption Algorithm
CN205584238U (en) Network data encryption equipment
CN102710638A (en) Device and method for isolating data by adopting non-network manner
CN208015762U (en) Support transmission encryption device, system and the decryption device of industry control agreement
CN114866778B (en) Monitoring video safety system
Ahmadi et al. A 3-level re-encryption model to ensure data protection in cloud computing environments
CN106411559A (en) Low voltage transformer area anti-electricity-stealing diagnosis system
CN115776375A (en) Face information identification encryption authentication and data security transmission method based on Shamir threshold
CN115694922A (en) File transmission encryption method and equipment under domestic CPU and OS
CN110463157A (en) For distributing the System and method for of SPI value
CN109688584B (en) Data security storage system and method suitable for resource-limited network node
CN114500020A (en) Network security management method based on big data
CN109379335B (en) Equipment checking method, system and storage medium
CN108154037A (en) Data transmission method and device between process
CN103647654B (en) A kind of power distribution terminal key management method based on trust computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191122