CN110708227A - Automatic replay attack testing method in field bus - Google Patents

Automatic replay attack testing method in field bus Download PDF

Info

Publication number
CN110708227A
CN110708227A CN201910932019.2A CN201910932019A CN110708227A CN 110708227 A CN110708227 A CN 110708227A CN 201910932019 A CN201910932019 A CN 201910932019A CN 110708227 A CN110708227 A CN 110708227A
Authority
CN
China
Prior art keywords
attack
replay
field bus
application data
queue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910932019.2A
Other languages
Chinese (zh)
Inventor
傅晓
王志坚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hohai University HHU
Original Assignee
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hohai University HHU filed Critical Hohai University HHU
Priority to CN201910932019.2A priority Critical patent/CN110708227A/en
Publication of CN110708227A publication Critical patent/CN110708227A/en
Priority to PCT/CN2020/085958 priority patent/WO2021057017A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/4026Bus for use in automation systems

Abstract

The invention provides an automatic replay attack testing method in a field bus, which realizes automatic replay attack testing without manual intervention by deploying attack agent equipment on the field bus. The attack agent equipment deployed on the field bus monitors the normal application data unit transmitted on the field bus, automatically generates a test case, and performs replay attack test, so that the safety test efficiency can be effectively improved, and a vulnerability concept proof example is provided for safety personnel. The invention can reduce the security risk generated by the replay attack of the field bus channel in the automatic control system and provides reliable security guarantee for the automatic control system, in particular to the electric power, water conservancy and other systems which are used as key infrastructures in the national economy field. The attack agent equipment can be realized by using a single chip microcomputer system, does not need to use an industrial computer with higher price, has higher equipment compatibility and universality, and is convenient to popularize.

Description

Automatic replay attack testing method in field bus
Technical Field
The invention belongs to the technical field of information, and particularly relates to an automatic replay attack testing method in a field bus.
Background
Currently, the most widely used Modbus protocol is used in the field bus of the automatic control system in China. Modbus is a serial communication protocol published by Modicon corporation (now Schneider electric) in 1979 for communication using a PLC (programmable logic controller), and is an industry standard of communication protocols in the industrial field and a national standard (GB/T19582.1-2008 "Modbus protocol-based Industrial Automation network Specification"). The Modbus protocol can be realized in electrical interfaces such as RS-232 and RS-485, is convenient to deploy and low in development difficulty, and is widely applied to the field of control engineering.
Since The Modbus protocol does not consider authentication, data encryption, integrity check and other mechanisms In design, it is very vulnerable to Man-In-The-Middle (MITM) attacks of Replay (Replay) and other types. Especially in a link layer, the Modbus protocol does not consider the problems of device identification and authentication at the beginning of design, only distinguishes different devices through addresses, and does not support session-based device identification. This vulnerability results in a lack of identity authentication mechanisms for each device in the fieldbus network, and the inability to identify the true source of the data. An attacker can access the bypass equipment into the bus by using the bug and forge measurement and control data, so that the overall credibility of the system is damaged, and various security risks are caused.
Most of the previous penetration testing tools are directed to traditional computer networks, such as ethernet, and are therefore not suitable for fieldbus networks. How to realize the plug-and-play automatic replay attack security vulnerability test through low-cost equipment so as to help electrical engineers and security personnel to find the possible risks in the field bus network is a topic with higher research and application values.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the problems, the invention provides an automatic replay attack testing method in a field bus, which realizes the plug-and-play and automatic replay attack security vulnerability testing in the field bus.
The technical scheme is as follows: in order to realize the purpose of the invention, the technical scheme adopted by the invention is as follows:
an automatic replay attack testing method in a field bus comprises the following steps:
s1, accessing attack agent equipment on the field bus to be tested;
s2, after the attack agent device is powered on and started, an initialization process is executed;
s3, after the initialization process is finished, the attack agent device executes the monitoring and replaying process;
s4, checking whether the working state of the control equipment connected on the field bus is abnormal;
if the working state is not abnormal, the monitoring and replaying process is continuously executed;
if the working state is abnormal, the attack agent equipment is shut down and disconnected from the field bus;
and S5, after the attack agent device is disconnected from the field bus, if the abnormality disappears, the control device returns to normal, namely, the control device judges that the field bus has a replay attack loophole and the control device is influenced by the loophole.
Wherein, only one attack agent device is required to be accessed in each field bus. The control device operating state abnormality includes: the equipment is repeatedly started and the working condition is not controlled.
Further, the attack agent device is a single chip microcomputer and has a serial port communication function of UART, SPI, I2C or other forms; the attack agent equipment is connected with RX and TX signal lines of the field bus through a serial bus interface and can acquire voltage and current required by work through VCC and GND signal lines on the field bus; the voltage is a wide voltage input ranging from 12V to 48V.
Further, in step S1, after the attack agent device is powered on and booted, the initialization process is as follows:
reading attack load queue data in a memory and a saved replay interval time parameter;
checking whether an attack load queue in a memory is empty, and if the queue is not empty, emptying the attack load queue;
if the queue is empty, checking whether the replay interval time in the memory is less than a minimum threshold;
if the playback interval is greater than or equal to the minimum threshold, the initialization process ends;
if the replay interval is smaller than the minimum threshold, it means that the replay interval is too small, which may cause the fieldbus channel to be blocked, and thus normal communication packets of other devices on the bus cannot be monitored.
The default value of the playback interval time is set by a user in advance according to the baud rate of the fieldbus serial communication, and when the Modbus protocol is used, the default value is generally not less than the time required for transmitting 3.5 characters (Character), and the unit is millisecond.
Further, in step S3, the monitoring process is as follows:
the attack agent device monitors all serial port communication Application Data Units (ADUs) transmitted from the field bus through a serial bus interface;
after monitoring the application data Unit, acquiring a Function Code (Function Code) of a Protocol Data Unit (PDU) header in the Application Data Unit (ADU); when the Modbus protocol is used, the function code is the first Byte (Byte) of a Protocol Data Unit (PDU) header;
and executing corresponding operation on an attack load queue in a memory of the attack agent equipment according to the type of the function code.
Further, the types of the function code include: a write type and a read type; if the type of the application data is write type, adding the monitored application data unit into the tail part of an attack load queue in a memory; if the type is read, the monitored application data unit is abandoned, and the attack load queue in the memory is kept unchanged.
According to the type of the function code, executing corresponding operation, including:
if the value of the function code is 0x05 or 0x0F, the type is writing single or multiple coils; at this time, if the communication application data unit ADU is replayed, corresponding coil setting is performed, such as opening and closing a relay switch of the control device; therefore, the application data unit ADU is added to the tail of the attack payload queue in the memory;
if the value of the function code is 0x06 or 0x10, the type is write single or multiple registers; at this time, if the communication application data unit ADU is replayed, corresponding register setting is performed, such as increasing and decreasing the motor rotation speed of the control device; therefore, the application data unit ADU is added to the tail of the attack payload queue in the memory;
if the function code has other values, the type of the function code is read by single or multiple coils and register operation, and only data is generally requested during reproduction. No special processing is performed and no operation is performed on the attack payload queue in memory.
Further, in step S3, the playback process is as follows:
checking whether an attack payload queue in a memory is empty;
if the queue is empty, the monitoring process does not monitor any application data unit ADU capable of being replayed, the sending operation does not need to be executed, and the replaying process is repeatedly executed again after the replaying interval time T is waited;
if the queue is not empty, the monitoring process is indicated to acquire at least one application data unit ADU capable of being replayed, and therefore the application data units ADU in the attack load queue are sequentially sent to the field bus through the serial bus interface; when all ADUs in the attack load queue are completely sent, and after waiting for the replay interval time T, the replay process is repeatedly executed again.
The playback interval time is set by a user in advance according to the Baud rate of field bus serial communication, and when a Modbus protocol is used, the playback interval time is generally not less than the time required for transmitting 3.5 characters, and the unit is millisecond.
Further, after the attack agent device starts to perform the listening process and the replay process, the listening process and the replay process are terminated if and only if the attack agent device is powered off; otherwise, the monitoring process and the replaying process are always executed; after the attack agent device is powered off, the initialization process, the listening process and the replay process are re-executed if and only if the attack agent device is powered on again.
Has the advantages that: compared with the prior art, the technical scheme of the invention has the following beneficial technical effects:
the invention realizes the automatic replay attack test without manual intervention by deploying the attack agent equipment on the field bus. The attack agent equipment deployed on the field bus monitors the normal application data unit transmitted on the field bus, automatically generates a test case, and performs replay attack test, so that the safety test efficiency can be effectively improved, and a vulnerability concept proof example is provided for safety personnel. The invention can reduce the security risk generated by the replay attack of the field bus channel in the automatic control system and provides reliable security guarantee for the automatic control system, in particular to the electric power, water conservancy and other systems which are used as key infrastructures in the national economy field. The attack agent equipment can be realized by using a single chip microcomputer system, does not need to use an industrial computer with higher price, such as special equipment such as a programmable logic controller and the like, has higher equipment compatibility and universality, and is convenient to popularize.
Drawings
Fig. 1 is a field bus topology.
Detailed Description
The technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
The method comprises the steps that control equipment D1, D2 and D3 are arranged on a field bus FB to be tested respectively, wherein D1 is an upper computer and is set to be in a master mode, and the address is 0x 01; d2 and D3 are lower computers, set in slave mode, and have addresses of 0x02 and 0x03, respectively. The topology is shown in figure 1.
The attack agent device DA is a Single-chip computer (Single-chip microprocessor) based on an STM32 chip, and is connected with RX and TX signal lines of a field bus FB through a UART interface; the voltage reduction and rectification module is connected with VCC and GND signal lines of the field bus FB and is converted into working voltage and current according with DA working conditions, and the voltage range is from 12V to 48V.
The first embodiment is as follows:
the method for testing the automatic replay attack in the field bus comprises the following steps:
accessing the attack agent device DA into the field bus FB, and starting to execute an initialization process after the attack agent device DA is powered on and started, wherein the initialization process specifically comprises the following steps:
when starting up an attack agent device DA, reading attack load queue data in a memory and a saved replay interval time parameter; checking whether the attack payload queue QA in the memory is empty; if not, the QA of the attack load queue is set to be empty; if the playback interval is empty, checking whether the playback interval in the memory is less than a minimum threshold;
let the baud rate of the fieldbus FB be 9600bps, 1 start bit, 1 stop bit, no parity bit. With the Modbus protocol, 10 bits (1+8+1) are required to transmit 1 word (8 data bits). Therefore, when 3.5 characters are transmitted, the channel occupation time is (10 × 3.5)/(9600/1000) milliseconds, and after rounding off, the default value of the playback interval time T is set to 4 milliseconds;
if the playback interval is greater than or equal to the minimum threshold, the initialization process ends; if the replay interval is smaller than the minimum threshold, it means that the replay interval is too small, which may cause the fieldbus channel to be blocked, and thus normal communication packets of other devices on the bus cannot be monitored.
After the initialization process is finished, the attack agent DA starts to execute a listening process and a replay process.
The listening process always listens to the ADU transmitted from the field bus FB.
Since the current attack payload queue QA is empty, the replay process does not perform any operation.
When the upper computer D1 needs to control the lower computer D2 to start a relay switch, an application data unit ADU1 is sent to the D2 from the field bus FB, and the value of a function code in the ADU1 is set to be 0x 05.
After listening to the ADU1, the attack agent DA checks the function code of the header of the protocol data unit PDU therein. Since the function code has a value of 0x05, ADU1 is added to the attack payload queue QA, and only ADU1 is currently available in QA.
At this time, the attack payload queue QA is not empty, and the playback process transmits the ADU1 to the field bus FB via the serial bus interface, waits for the playback interval T, and repeats the playback process again. Since D2 has activated the relay switch, the repetitive process does not affect its operating state.
After a certain time is set, when the upper computer D1 needs to control the lower computer D2 to close the relay switch, an application data unit ADU2 is sent to the D2 from the field bus FB, and the value of the function code in the ADU2 is set to be 0x 05.
After listening to the ADU2, the attack agent DA checks the function code of the header of the protocol data unit PDU therein. Since the function code has a value of 0x05, ADU2 is added to the tail of attack payload queue QA, after ADU 1. Currently there are ADU1, ADU2 in QA.
At this time, the attack payload queue QA is not empty, and the playback process transmits the ADU1 and the ADU2 to the field bus FB via the serial bus interface in order, waits for the playback interval T, and then repeats the playback process again. D2 will turn on and off the relay switch repeatedly, causing abnormality of the device controlled by D2. When the abnormality is detected, the attack agent DA is shut down and disconnected from the field bus FB. If the attack agent DA is disconnected and the abnormality disappears, the device returns to normal, that is, the replay attack loophole exists on the site FB can be judged, and D2 and the device controlled by the same are affected by the loophole.
Example two:
the method for testing the automatic replay attack in the field bus comprises the following steps:
accessing the attack agent device DA into the field bus FB, starting to execute an initialization process after powering on and starting up, wherein the initialization process comprises the following steps: the attack payload queue QA in memory is left empty with a default value of 4 milliseconds for the playback interval time T.
After the initialization process is finished, the attack agent DA starts to execute a listening process and a replay process.
When the upper computer D1 needs to control the lower computer D3 to increase the motor speed, an application data unit ADU3 is sent to the D2 from the field bus FB, and the value of a function code in the ADU3 is set to be 0x 06.
After listening to the ADU3, the attack agent DA checks the function code of the header of the protocol data unit PDU therein. Since the function code has a value of 0x06, ADU3 is added to the tail of the attack payload queue QA, and only ADU3 is currently available in QA.
At this time, the attack payload queue QA is not empty, and the playback process transmits the ADU3 to the field bus FB via the serial bus interface, waits for the playback interval T, and repeats the playback process again. Since D3 has set the same motor speed, the repetition does not affect its operating state.
After a certain time is set, when the upper computer D1 needs to control the lower computer D3 to reduce the rotating speed of the motor, an application data unit ADU4 is sent to the D2 from the field bus FB, and the value of a function code in the ADU4 is set to be 0x 06.
After listening to the ADU4, the attack agent DA checks the function code of the header of the protocol data unit PDU therein. Since the function code has a value of 0x06, ADU4 is added to the tail of the attack payload queue QA, after ADU3, there are ADU3, ADU4 in the current QA.
At this time, the attack payload queue QA is not empty, and the playback process transmits the ADU3 and the ADU4 to the field bus FB via the serial bus interface in order, waits for the playback interval T, and then repeats the playback process again. D3 will repeatedly increase and decrease the motor speed, causing the abnormality of the equipment controlled by D3. When the abnormality is detected, the attack agent DA is shut down and disconnected from the field bus FB. If the attack agent DA is disconnected and the abnormality disappears, the device returns to normal, that is, the replay attack loophole exists on the site FB can be judged, and D3 and the device controlled by the same are affected by the loophole.
The embodiments are only for illustrating the technical idea of the present invention, and the technical idea of the present invention is not limited thereto, and any modifications made on the basis of the technical scheme according to the technical idea of the present invention fall within the scope of the present invention.

Claims (9)

1. An automatic replay attack testing method in a field bus is characterized in that: the method comprises the following steps:
s1, accessing attack agent equipment on the field bus to be tested;
s2, after the attack agent device is powered on and started, an initialization process is executed;
s3, after the initialization process is finished, the attack agent device executes the monitoring and replaying process;
s4, checking whether the working state of the control equipment connected on the field bus is abnormal;
if the working state is not abnormal, the monitoring and replaying process is continuously executed;
if the working state is abnormal, the attack agent equipment is shut down and disconnected from the field bus;
and S5, after the attack agent device is disconnected from the field bus, if the control device is recovered to be normal, judging that the field bus has a replay attack loophole and the control device is influenced by the loophole.
2. The automated replay attack testing method in a fieldbus according to claim 1, wherein: in step S1, after the attack agent device is powered on and started, the initialization process is as follows:
reading attack load queue data in a memory and a saved replay interval time parameter;
checking whether an attack load queue in a memory is empty, and if the queue is not empty, emptying the attack load queue;
if the queue is empty, checking whether the replay interval time in the memory is less than a minimum threshold;
if the playback interval is greater than or equal to the minimum threshold, the initialization process ends;
if the playback interval is less than the minimum threshold, the playback interval is reset to a default value and the initialization process ends.
3. The automated replay attack testing method in a fieldbus according to claim 2, wherein: in step S3, the monitoring process is as follows:
the attack agent device monitors a serial port communication application data unit transmitted from a field bus through a serial bus interface; after monitoring the application data unit, acquiring a function code of a protocol data unit header in the application data unit; and executing corresponding operation on an attack load queue in a memory of the attack agent equipment according to the type of the function code.
4. The automated replay attack testing method in a fieldbus according to claim 3, which is characterized in that: the types of the function codes include: a write type and a read type; if the type of the application data is write type, adding the monitored application data unit into the tail part of an attack load queue in a memory; if the type is read, the monitored application data unit is abandoned, and the attack load queue in the memory is kept unchanged.
5. The method for testing the automated replay attack in the fieldbus according to claim 4, wherein: the writing type of the function code comprises: a write coil and a write register; the coil setting operation corresponding to the writing coil includes: opening and closing a relay switch of the control equipment; the register setting operation corresponding to the write register comprises the following steps: the rotating speed of the motor of the control equipment is increased and reduced.
6. The automated replay attack testing method in a fieldbus according to any one of claims 3 to 5, which comprises: in step S3, the playback process is as follows:
checking whether an attack payload queue in a memory is empty;
if the queue is empty, the application data unit which is replayed is not monitored, the sending operation is not executed, and after the replay interval time T is waited, the replay process is repeatedly executed again;
if the queue is not empty, the application data units in the attack load queue are sent to the field bus through the serial bus interface in sequence; and when all the application data units in the attack load queue are completely sent and wait for the replay interval time T, repeatedly executing the replay process again.
7. The automated replay attack testing method in a fieldbus according to claim 1, wherein: the attack agent device is a single chip microcomputer and has the functions of UART, SPI, I2C or serial port communication in other forms; the attack agent equipment is connected with RX and TX signal lines of the field bus through a serial bus interface, and acquires voltage and current required by work through VCC and GND signal lines on the field bus; the voltage is a wide voltage input.
8. The automated replay attack testing method in a fieldbus according to claim 1, wherein: the replay interval time is set by a user in advance according to the serial communication baud rate of the field bus and is not less than the time required for transmitting 3.5 characters in the Modbus protocol.
9. The automated replay attack testing method in a fieldbus according to claim 1, wherein: after the attack agent device starts to execute the monitoring process and the replay process, the monitoring process and the replay process are terminated if and only if the attack agent device is powered off; otherwise, the monitoring process and the replaying process are always executed; after the attack agent device is powered off, the initialization process, the listening process and the replay process are re-executed if and only if the attack agent device is powered on again.
CN201910932019.2A 2019-09-29 2019-09-29 Automatic replay attack testing method in field bus Pending CN110708227A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910932019.2A CN110708227A (en) 2019-09-29 2019-09-29 Automatic replay attack testing method in field bus
PCT/CN2020/085958 WO2021057017A1 (en) 2019-09-29 2020-04-21 Method for automatic replay attack test in field bus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910932019.2A CN110708227A (en) 2019-09-29 2019-09-29 Automatic replay attack testing method in field bus

Publications (1)

Publication Number Publication Date
CN110708227A true CN110708227A (en) 2020-01-17

Family

ID=69197101

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910932019.2A Pending CN110708227A (en) 2019-09-29 2019-09-29 Automatic replay attack testing method in field bus

Country Status (2)

Country Link
CN (1) CN110708227A (en)
WO (1) WO2021057017A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021057017A1 (en) * 2019-09-29 2021-04-01 河海大学 Method for automatic replay attack test in field bus
CN113408144A (en) * 2021-07-13 2021-09-17 中国科学院国家空间科学中心 Design method of test case of spacecraft payload system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244753B (en) * 2021-11-29 2023-09-29 上海繁易信息科技股份有限公司 Quick communication method for multiple upper computers and controllers based on RS485 bus
CN114785581B (en) * 2022-04-14 2023-08-11 深圳开源互联网安全技术有限公司 Attack load generation method and device and computer readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100037319A1 (en) * 2008-08-08 2010-02-11 Microsoft Corporation Two stage access control for intelligent storage device
CN106411956A (en) * 2016-12-02 2017-02-15 北京奇虎科技有限公司 Method and device for analyzing automobile bus safety
CN106559431A (en) * 2016-12-02 2017-04-05 北京奇虎科技有限公司 A kind of visual analysis method and device for automotive safety detection
CN106603360A (en) * 2016-12-02 2017-04-26 北京奇虎科技有限公司 Method and apparatus for testing security of automobile bus based on bus batch data
CN107666476A (en) * 2017-05-25 2018-02-06 国家计算机网络与信息安全管理中心 A kind of CAN risk checking method and device
WO2018147595A1 (en) * 2017-02-13 2018-08-16 삼성전자 주식회사 Method and device for authenticating vehicle smart key

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101259897B1 (en) * 2009-10-19 2013-05-02 한국전자통신연구원 Apparatus for the efficient remote security threat diagnosis and its method
CN108809951A (en) * 2018-05-16 2018-11-13 南京大学 A kind of penetration testing frame suitable for industrial control system
CN108769022B (en) * 2018-05-29 2020-05-19 浙江大学 Industrial control system safety experiment system for penetration test
CN109768991B (en) * 2019-03-04 2021-04-27 杭州迪普科技股份有限公司 Message replay attack detection method and device and electronic equipment
CN110708227A (en) * 2019-09-29 2020-01-17 河海大学 Automatic replay attack testing method in field bus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100037319A1 (en) * 2008-08-08 2010-02-11 Microsoft Corporation Two stage access control for intelligent storage device
CN106411956A (en) * 2016-12-02 2017-02-15 北京奇虎科技有限公司 Method and device for analyzing automobile bus safety
CN106559431A (en) * 2016-12-02 2017-04-05 北京奇虎科技有限公司 A kind of visual analysis method and device for automotive safety detection
CN106603360A (en) * 2016-12-02 2017-04-26 北京奇虎科技有限公司 Method and apparatus for testing security of automobile bus based on bus batch data
WO2018147595A1 (en) * 2017-02-13 2018-08-16 삼성전자 주식회사 Method and device for authenticating vehicle smart key
CN107666476A (en) * 2017-05-25 2018-02-06 国家计算机网络与信息安全管理中心 A kind of CAN risk checking method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021057017A1 (en) * 2019-09-29 2021-04-01 河海大学 Method for automatic replay attack test in field bus
CN113408144A (en) * 2021-07-13 2021-09-17 中国科学院国家空间科学中心 Design method of test case of spacecraft payload system

Also Published As

Publication number Publication date
WO2021057017A1 (en) 2021-04-01

Similar Documents

Publication Publication Date Title
CN110708227A (en) Automatic replay attack testing method in field bus
US9800319B2 (en) Relay apparatus
US9146797B2 (en) Method for ensuring remediation of hung multiplexer bus channels
CN102681481B (en) Programmable logic controller (PLC) communication method based on universal serial bus (USB)
CN102647320B (en) Integrated circuit suitable for high-speed 1553 bus protocol control
US8527798B2 (en) Energy-saving circuit for a peripheral device, peripheral device, switching device and method of operation
CN106959935B (en) Method compatible with I2C communication and IPMB communication
CN114564427B (en) Bus bridge, system and method from AHB bus to I2C bus
JP2001085067A (en) Voltage level bus converter for battery module and safety interlock system
CN110557244B (en) Application data unit encryption method in water conservancy industrial control system
US8737419B2 (en) Network concentrator and method of controlling the same
CN110069437B (en) RS-485 bus polarity self-adaption method based on response frame validity
CN1960276B (en) Remote control system and method
CN105807886A (en) Chip arousing system, chip arousing method and mobile terminal
CN105119788A (en) Ethernet network interface system, network environment adaptive method thereof, and Ethernet equipment
CN111475368A (en) Serial port cascade regulation and control method and serial port equipment
CN103440218A (en) CAN (Control Area Network) bus monitoring method based on USB-HID (Universal Serial Bus-Human Input Device) protocol
WO2002009405A2 (en) Universal serial bus datapump command interpreter
CN113268358B (en) Data communication method, device and system and multi-equipment cascade system
US9385968B2 (en) Methods and devices for connecting to multiple interfaces
CN112822211A (en) Power-controlled portable self-learning industrial firewall system, device and use method
JP2004221904A (en) Method for controlling communication speed of field bus system, and master unit
CN105743927A (en) CANopen and DP protocol data converter and conversion method
CN218183360U (en) Wave recording data safety exchange circuit
CN220234721U (en) Protocol conversion system and generator set parallel controller

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200117