CN111224856A - Multi-node cooperation and linkage method for industrial control mimicry security gateway - Google Patents

Multi-node cooperation and linkage method for industrial control mimicry security gateway Download PDF

Info

Publication number
CN111224856A
CN111224856A CN202010039019.2A CN202010039019A CN111224856A CN 111224856 A CN111224856 A CN 111224856A CN 202010039019 A CN202010039019 A CN 202010039019A CN 111224856 A CN111224856 A CN 111224856A
Authority
CN
China
Prior art keywords
gateway
linkage
transformation
industrial control
gateways
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010039019.2A
Other languages
Chinese (zh)
Other versions
CN111224856B (en
Inventor
吴春明
陈双喜
潘高宁
张晟
曲振青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN202010039019.2A priority Critical patent/CN111224856B/en
Publication of CN111224856A publication Critical patent/CN111224856A/en
Application granted granted Critical
Publication of CN111224856B publication Critical patent/CN111224856B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design

Abstract

The invention provides a multi-node cooperation and linkage method for an industrial control mimicry security gateway, which is characterized in that a secret feature set, a pseudorandom sequence generation function set, a secret transformation rule and the like are agreed in advance among the multi-node gateways; and by using a tunnel technology, through the embedded synchronous message of the protocol, the cooperation among the nodes of the multiple gateways and the application of a dynamically agreed pseudorandom sequence, the industrial control protocol integrally presents the characteristics of random and dynamic change.

Description

Multi-node cooperation and linkage method for industrial control mimicry security gateway
Technical Field
The invention belongs to the technical field of network security, relates to the field of mimicry gateways, and particularly relates to a multi-node cooperation and linkage method for an industrial control mimicry security gateway.
Background
The traditional industrial control security gateway is used as an important defense line of a security guarantee system and defends against hacker attacks through access control. But as more and more operating system bugs per se and application system bugs are discovered, the security gateway becomes an attack target. How to effectively solve the problems of static structure and instantaneous protection effect of the existing industrial safety gateway becomes a difficult problem to be faced when the industrial safety gateway is deployed.
Different from the traditional network defense means, the mimicry defense changes the operation or execution environment of a network information system by means of dynamic, randomization and active means, breaks through the embarrassment of the traditional network information security passive defense, converts the passive defense of ' sheep death reinforcement ' type into the active defense which is difficult to detect, and changes the current situation of easy attack and difficulty guard '.
Because the availability of the industrial control system is always put at the head, and any equipment and components applied in the industrial control system must meet availability limiting conditions in real-time performance, reliability and performance, a DHR model proposed by the current mimicry mechanism cannot be simply adopted, the functions and industrial control network particularity of the industrial gateway need to be deeply analyzed, and a novel industrial control mimicry security gateway system architecture is constructed, so that the industrial control security gateway system architecture not only can meet the functions and performance requirements of the industrial control gateway, but also has the characteristics of heterogeneity, diversity, dynamic randomness and initiative required by mimicry defense.
Disclosure of Invention
The invention aims to provide a multi-node cooperation and linkage method for an industrial control mimicry security gateway, aiming at the defects of the prior art.
The purpose of the invention is realized by the following technical scheme: a multi-node cooperation and linkage method for an industrial control mimicry security gateway comprises the following steps:
(1) the industrial control site comprises a data management layer, a monitoring operation layer and a site bus layer, the industrial control mimicry security gateway is deployed at the boundary of each layer of the data management layer, the monitoring operation layer, the site bus layer and the like, and the upper and lower level relations are defined among the gateways according to the flow direction of engineering data, so that the industrial control site is called a group of linkage gateways. The specific process for specifying the relationship between the upper level and the lower level is as follows: the direction of the data flow passing through the data management layer, the monitoring operation layer and the field bus layer is defined as the positive direction of the data flow, and the data flow passes through the upper gateway G in the positive direction of the data flowkFlow direction subordinate gateway Gk+1And no other gateway in the middle.
(2) And (2) agreeing a secret feature set S and a pseudo-random sequence function set F of each gateway in the group of linkage gateways in the step (1) through an IPSec protocol tunnel mode, and forming a secret transformation rule (S, F).
(3) Upper gateway GkWhen linkage change is needed, the secret transformation rule (S, F) and the lower gateway G are connected through an IPSec protocol tunnel mode according to the secret transformation rule (S, F) in the step (2)k+1A lower gateway G for performing communication and performing linkage changek+1Deciding whether to inform its forward linkage gateway G according to communication contentk+2And linkage is carried out.
(3.1) if the current communication content needs the lower gateway to continue the linkage transformation, namely the current communication content does not reach the transformation range boundary, Gk+1Needs to inform its linkage gateway Gk+2And performing linkage according to the IPSec protocol tunnel mode and the secret transformation rule (S, F). The transformation range boundary is based on the communication content, GkN gateways are required to implement slave Gk+1To Gk+nPerforming linkage transformation, and the transformation range boundary is Gk+n
(3.2) if the current communication content does not need the downstream gateway to continue the linkage transformation, that is, the transformation range boundary is reached, Gk+1Without notifying it of the linkage gateway Gk+2And performing linkage to stop forward communication.
(4) And (4) repeating the step (3) until all gateways complete linkage, and reversely transmitting the linkage transformation result to the gateway at the center according to the IPSec protocol tunnel mode.
Compared with the prior art, the invention has the following beneficial effects:
(1) the mimicry mechanism DHR model cannot be well adapted to the industrial control network, the industrial control gateway particularity is deeply analyzed, a multi-gateway node linkage method is adopted, and a secret characteristic set is agreed, so that the heterogeneity, diversity, dynamic randomness and the like of the industrial control gateway can be met;
(2) the invention adopts IPSec protocol tunnel mode to establish a transmission tunnel from the gateway to the gateway, thereby ensuring the integrity and confidentiality of data.
Drawings
FIG. 1 is an industrial control mimicry security gateway deployment diagram;
FIG. 2 is a flow chart of gateway collaborative linking;
fig. 3 is a schematic diagram of IPSec tunnel mode.
Detailed Description
The invention provides a multi-node cooperation and linkage method for an industrial control mimicry security gateway, which is characterized in that a secret feature set, a pseudorandom sequence generation function set, a secret transformation rule and the like are agreed in advance among the multi-node gateways; and by using a tunnel technology, through the embedded synchronous message of the protocol, the cooperation among the nodes of the multiple gateways and the application of a dynamically agreed pseudorandom sequence, the industrial control protocol integrally presents the characteristics of random and dynamic change.
Fig. 1 shows a multi-node cooperation and linkage method for an industrial control mimicry security gateway, which specifically includes the following steps:
(1) the industrial control mimicry gateway group shown in fig. 2 is deployed, an industrial control field comprises a data management layer, a monitoring operation layer and a field bus layer, the industrial control mimicry security gateway is deployed at boundary boundaries of the data management layer, the monitoring operation layer, the field bus layer and other layers, and a more targeted access control strategy is implemented according to characteristics of engineering data streams of the layers. And according to the flow direction of the engineering data, the upper and lower level relations are defined among the gateways, and the gateways are called a group of linkage gateways. The specific process for specifying the relationship between the upper level and the lower level is as follows: the direction of the data flow passing through the data management layer, the monitoring operation layer and the field bus layer is defined as the positive direction of the data flow, and the data flow passes through the upper gateway G in the positive direction of the data flowkFlow direction subordinate gateway Gk+1And no other gateway in the middle.
(2) And (2) agreeing a secret feature set S and a pseudorandom sequence function set F of each gateway in the group of linkage gateways in the step (1) through an IPSec protocol tunnel mode, and forming a secret transformation rule (S, F) which is used as a basis of the gateway transformation rule.
(3) Upper gateway GkWhen linkage change is needed, the secret transformation rule (S, F) and the lower gateway G are connected through an IPSec protocol tunnel mode according to the secret transformation rule (S, F) in the step (2)k+1A lower gateway G for performing communication and performing linkage changek+1Deciding whether to inform its forward linkage gateway G according to communication contentk+2And linkage is carried out, so that the usability and the real-time performance of the industrial control system are guaranteed.
(3.1) if the current communication content needs the lower gateway to continue the linkage transformation, namely the current communication content does not reach the transformation range boundary, Gk+1Needs to inform its linkage gateway Gk+2And performing linkage according to the IPSec protocol tunnel mode and the secret transformation rule (S, F). The transformation range boundary is based on the communication content, GkN gateways are required to implement slave Gk+1To Gk+nPerforming linkage transformation, and the transformation range boundary is Gk+n。;
(3.2) if the current communication content does not need the downstream gateway to continue the linkage transformation, that is, the transformation range boundary is reached, Gk+1Without notifying it of the linkage gateway Gk+2And performing linkage to stop forward communication.
(4) And (4) repeating the step (3) until all gateways are linked, reversely transmitting the linkage transformation result to the gateway at the center according to the IPSec protocol tunnel mode, checking feedback by the gateway at the center, if the feedback fails, repeatedly executing the step (3), and if the feedback succeeds, outputting the linkage transformation result.
Therefore, according to an industrial control system attack chain model, key nodes for blocking an attack chain and a 'nondeterministic' technology of node operation are researched, and the 'determinacy' of the processing result and the processing performance of the industrial control gateway is ensured.

Claims (1)

1. A multi-node cooperation and linkage method for an industrial control mimicry security gateway is characterized by comprising the following steps:
(1) the industrial control site comprises a data management layer, a monitoring operation layer and a site bus layer, the industrial control mimicry security gateway is deployed at the boundary of each layer of the data management layer, the monitoring operation layer, the site bus layer and the like, and the upper and lower level relations are defined among the gateways according to the flow direction of engineering data, so that the industrial control site is called a group of linkage gateways. The specific process for specifying the relationship between the upper level and the lower level is as follows: specifying the direction of flow through the data management layer-monitoring operation layer-field bus layer as the forward direction of the data flow, inData flow is from the upper gateway G in the positive directionkFlow direction subordinate gateway Gk+1And no other gateway in the middle.
(2) And (2) agreeing a secret feature set S and a pseudo-random sequence function set F of each gateway in the group of linkage gateways in the step (1) through an IPSec protocol tunnel mode, and forming a secret transformation rule (S, F).
(3) Upper gateway GkWhen linkage change is needed, the secret transformation rule (S, F) and the lower gateway G are connected through an IPSec protocol tunnel mode according to the secret transformation rule (S, F) in the step (2)k+1A lower gateway G for performing communication and performing linkage changek+1Deciding whether to inform its forward linkage gateway G according to communication contentk+2And linkage is carried out.
(3.1) if the current communication content needs the lower gateway to continue the linkage transformation, namely the current communication content does not reach the transformation range boundary, Gk+1Needs to inform its linkage gateway Gk+2And performing linkage according to the IPSec protocol tunnel mode and the secret transformation rule (S, F). The transformation range boundary is based on the communication content, GkN gateways are required to implement slave Gk+1To Gk+nPerforming linkage transformation, and the transformation range boundary is Gk+n
(3.2) if the current communication content does not need the downstream gateway to continue the linkage transformation, that is, the transformation range boundary is reached, Gk+1Without notifying it of the linkage gateway Gk+2And performing linkage to stop forward communication.
(4) And (4) repeating the step (3) until all gateways complete linkage, and reversely transmitting the linkage transformation result to the gateway at the center according to the IPSec protocol tunnel mode.
CN202010039019.2A 2020-01-14 2020-01-14 Multi-node cooperation and linkage method for industrial control mimicry security gateway Active CN111224856B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010039019.2A CN111224856B (en) 2020-01-14 2020-01-14 Multi-node cooperation and linkage method for industrial control mimicry security gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010039019.2A CN111224856B (en) 2020-01-14 2020-01-14 Multi-node cooperation and linkage method for industrial control mimicry security gateway

Publications (2)

Publication Number Publication Date
CN111224856A true CN111224856A (en) 2020-06-02
CN111224856B CN111224856B (en) 2020-12-29

Family

ID=70828255

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010039019.2A Active CN111224856B (en) 2020-01-14 2020-01-14 Multi-node cooperation and linkage method for industrial control mimicry security gateway

Country Status (1)

Country Link
CN (1) CN111224856B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080075068A1 (en) * 2000-06-01 2008-03-27 Tekelec Methods and systems for providing converged network management functionality in a gateway routing node
CN104994104A (en) * 2015-07-06 2015-10-21 浙江大学 Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateway
CN106254231A (en) * 2016-08-18 2016-12-21 中京天裕科技(北京)有限公司 A kind of industrial safety encryption gateway based on state and its implementation
CN106990745A (en) * 2017-06-06 2017-07-28 承德龙庆智能科技有限公司 A kind of vehicle intelligent terminal and monitoring system based on Beidou navigation
CN108234657A (en) * 2018-01-04 2018-06-29 江苏十月中宸科技有限公司 A kind of high performance information safe processing system based on Internet of Things
CN209805847U (en) * 2019-08-09 2019-12-17 烟台东方纵横科技股份有限公司 Safety production data front-end processor

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080075068A1 (en) * 2000-06-01 2008-03-27 Tekelec Methods and systems for providing converged network management functionality in a gateway routing node
CN104994104A (en) * 2015-07-06 2015-10-21 浙江大学 Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateway
CN106254231A (en) * 2016-08-18 2016-12-21 中京天裕科技(北京)有限公司 A kind of industrial safety encryption gateway based on state and its implementation
CN106990745A (en) * 2017-06-06 2017-07-28 承德龙庆智能科技有限公司 A kind of vehicle intelligent terminal and monitoring system based on Beidou navigation
CN108234657A (en) * 2018-01-04 2018-06-29 江苏十月中宸科技有限公司 A kind of high performance information safe processing system based on Internet of Things
CN209805847U (en) * 2019-08-09 2019-12-17 烟台东方纵横科技股份有限公司 Safety production data front-end processor

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈双喜等: "《基于攻击转移的拟态安全网关技术的研究》", 《通信学报》 *

Also Published As

Publication number Publication date
CN111224856B (en) 2020-12-29

Similar Documents

Publication Publication Date Title
CN110943913A (en) Industrial safety isolation gateway
Igbe et al. Deterministic dendritic cell algorithm application to smart grid cyber-attack detection
CN105282172B (en) Uniprocesser system and network security partition method based on hardware data converter technique
CN111770092B (en) Numerical control system network security architecture and secure communication method and system
Giannetsos et al. Spy-sense: Spyware tool for executing stealthy exploits against sensor networks
Hosseinzadeh et al. Security in the internet of things through obfuscation and diversification
Shao et al. Blockchain-based SDN security guaranteeing algorithm and analysis model
Huang et al. An authentication scheme to defend against UDP DrDoS attacks in 5G networks
CN111224856B (en) Multi-node cooperation and linkage method for industrial control mimicry security gateway
AbuEmera et al. Security framework for identifying threats in smart manufacturing systems using STRIDE approach
Wang et al. Mdpas: Markov decision process based adaptive security for sensors in internet of things
Abdulghani et al. Vulnerabilities and security issues in IoT protocols
Alampalayam et al. An adaptive security model for mobile agents in wireless networks
Yi et al. A security-enhanced Modbus TCP protocol and authorized access mechanism
Das et al. A novel security scheme for wireless adhoc network
Wang Research on edge data Processing security technology in Industrial Internet
CN106789318B (en) Network power supply safety management system
Nigussie et al. Energy-aware adaptive security management for wireless sensor networks
Feng et al. A Cross-domain Collaborative DDoS Defense Scheme Based on Blockchain-SDN in the IoT
Adat et al. Risk transfer mechanism to defend DDoS attacks in IoT scenario
Zhonghua et al. Detection of deception attacks on the backward channel of networked control systems
Lin et al. Research on the vulnerability of software defined network
Jin et al. Research on network security technology of industrial control system
Hu et al. A Lightweight and Confidential Communication Scheme for on-Vehicle ECUs
Karimireddy et al. A hybrid method for secure and reliable transmission on industrial automation and control networks in Industry 4.0

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant