CN112468504A - Industrial control network access control method based on block chain - Google Patents

Industrial control network access control method based on block chain Download PDF

Info

Publication number
CN112468504A
CN112468504A CN202011378886.5A CN202011378886A CN112468504A CN 112468504 A CN112468504 A CN 112468504A CN 202011378886 A CN202011378886 A CN 202011378886A CN 112468504 A CN112468504 A CN 112468504A
Authority
CN
China
Prior art keywords
access
intelligent contract
requester
block chain
industrial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011378886.5A
Other languages
Chinese (zh)
Other versions
CN112468504B (en
Inventor
占梦来
张军
胡航宇
李良
占峰波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Wiscred Technology Co ltd
Original Assignee
Sichuan Wiscred Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Wiscred Technology Co ltd filed Critical Sichuan Wiscred Technology Co ltd
Priority to CN202011378886.5A priority Critical patent/CN112468504B/en
Publication of CN112468504A publication Critical patent/CN112468504A/en
Application granted granted Critical
Publication of CN112468504B publication Critical patent/CN112468504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Abstract

The invention discloses an industrial control network access control method based on a block chain, which mainly solves the safety problem caused by illegal access or unauthorized access due to lack of user access behavior control measures in the existing industrial control network. The method includes (S1) compiling access rights for the field devices into intelligent contracts, including access authentication intelligent contracts and access authorization intelligent contracts; (S2) after the block chain common identification node verifies, the intelligent contract is subjected to uplink storage; (S3) after the access requester sends the request, calling an intelligent contract to verify the identity of the access requester, if the identity is verified, completing the access authorization, otherwise, having no authority; (S4) the industrial field device responds to the access operation after the access requester obtains the access right, and returns the access result to the requester. The invention effectively realizes the safety and reliability of the industrial control network through the block chain technology and the access control technology, and has high popularization value in industrial control safety.

Description

Industrial control network access control method based on block chain
Technical Field
The invention relates to the technical field of industrial control networks, in particular to an industrial control network access control method based on a block chain.
Background
The industrial control system is a process control assembly for collecting and monitoring various facilities and real-time data for automatic production control, and is a service flow management and control system for ensuring automatic operation, process control and monitoring of industrial infrastructure. The industrial control system comprises a monitoring control and data acquisition system, a distributed control system, a PLC, a field bus control system, a process control system, a remote terminal, intelligent electronic equipment and the like. With the coming of the industrial 4.0 era, informatization and industrialization are more closely and more quickly integrated, so that development of an industrial control system is brought, and meanwhile, more and more safety problems are brought. On one hand, once a field device in an industrial control network is invaded by virus or malicious software, the device is easy to malfunction, and serious security events are caused. On the other hand, the system manages the access behavior of the user (person, intelligent terminal or a piece of program), and once the access information is tampered, the user may have unauthorized access or illegal access. Most of the current security protection for industrial control networks is present in intrusion detection technology, however, when abnormal behavior is detected, the system is already compromised to some extent.
Disclosure of Invention
The invention aims to provide an industrial control network access control method based on a block chain, which mainly solves the safety problem caused by illegal access or unauthorized access due to lack of user access behavior control measures in the existing industrial control network.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
an industrial control network access control method based on a block chain comprises the following steps:
(S1) writing access rights of the industrial field device into an access authentication intelligent contract, writing an access authorization intelligent contract for accessing identity authentication of the requester;
(S2) encrypting the access authentication intelligent contract and the access authorization intelligent contract, the common identification node in the blockchain receives the encrypted authentication intelligent contract and the encrypted access authorization intelligent contract, verifying the contract, if the contract passes the verification, performing uplink storage on the contract, broadcasting the transaction ID and the storage address of the contract to other nodes, and if the verification fails, broadcasting a transaction failure message by the common identification node;
(S3) when the access requester accesses the resources in the industrial control network, calling an access authorization intelligent contract to verify whether the user is legal, if the user is legal, completing role authorization of the access requester, and broadcasting an authorization result; if the verification fails, the access requester has no authority to access the industrial field device;
(S4) when the access requester obtains the access right, the access requester sends the access operation to the industrial field device, and the device responds to the access operation and returns the access result to the access requester.
Further, in step (S2), an elliptic curve encryption algorithm is adopted for the encryption of the access authentication intelligent contract and the access authorization intelligent contract.
Further, the encryption process of the elliptic curve encryption algorithm is as follows:
(1) setting the private key as K, and setting G as a point on an elliptic curve, and then setting a public key K as K x G;
(2) randomly generating an integer r, and calculating rG ═ x, y;
(3) calculating s ═ h + kx)/r according to the random number r, the hash value of the intelligent contract message M and the private key k, and then { rG, s } is a signature of the private key;
(4) sending the message M and the signature to each node of the block chain network;
(5) and after receiving the message M and the signature, solving a hash value h according to the message M, calculating hG/s + xK/s by using the public key K of the sender, comparing the hG/s + xK/s with rG, and finishing verification if the hG/s + xK/s and the rG are equal.
Compared with the prior art, the invention has the following beneficial effects:
the access control method has the advantages that the access authority of the industrial field equipment is compiled into the access authentication intelligent contract, the access authorization intelligent contract is compiled at the same time and is stored in the block chain network, the access authority of the industrial field equipment and the user is subjected to double access verification, the access control authority is distributed and stored on a plurality of hosts, and the access control authority is difficult to tamper.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The present invention will be further described with reference to the following description and examples, which include but are not limited to the following examples.
Examples
As shown in fig. 1, the method for controlling access to an industrial control network based on a block chain according to the present invention includes the following steps:
the first step is as follows: the access authority of the industrial field device is written into an access authentication intelligent contract, namely the device can be accessed after being authenticated. In addition, an access authorization intelligent contract is written, which is mainly used for accessing the identity authentication of a requester so as to verify whether the requester can obtain the right.
The second step is that: the method comprises the steps that an access authentication intelligent contract and an access authorization intelligent contract are encrypted by an elliptic encryption algorithm, a consensus node in a block chain receives the encrypted authentication intelligent contract and the encrypted access authorization intelligent contract, the contracts are verified, if the contracts are verified, the contracts are subjected to uplink storage, a transaction ID and a storage address of the contracts are broadcasted to other nodes, and if the contracts are verified, a transaction failure message is broadcasted by the consensus node. The encryption process of the elliptic curve encryption algorithm is as follows: setting the private key as K, and setting G as a point on an elliptic curve, and then setting a public key K as K x G; randomly generating an integer r, and calculating rG ═ x, y; calculating s ═ h + kx)/r according to the random number r, the hash value of the intelligent contract message M and the private key k, and then { rG, s } is a signature of the private key; sending the message M and the signature to each node of the block chain network; and after receiving the message M and the signature, solving a hash value h according to the message M, calculating hG/s + xK/s by using the public key K of the sender, comparing the hG/s + xK/s with rG, and finishing verification if the hG/s + xK/s and the rG are equal.
The third step: when an access requester accesses resources in the industrial control network, calling an access authorization intelligent contract to verify whether the user is legal, if the user is legal, completing role authorization of the access requester, and broadcasting an authorization result; if the verification is not passed, the access requester has no authority to access the industrial field device.
The fourth step: and after the access requester obtains the access right, sending an access operation to the industrial field equipment, responding the access operation by the equipment, and returning an access result to the access requester.
The access control method has the advantages that the access authority of the industrial field equipment is compiled into the access authentication intelligent contract, the access authorization intelligent contract is compiled at the same time and is stored in the block chain network, the access authority of the industrial field equipment and the user is subjected to double access verification, the access control authority is distributed and stored on a plurality of hosts, and the access control authority is difficult to tamper. Therefore, compared with the prior art, the invention has outstanding substantive features and remarkable progress.
The above-mentioned embodiment is only one of the preferred embodiments of the present invention, and should not be used to limit the scope of the present invention, but all the insubstantial modifications or changes made within the spirit and scope of the main design of the present invention, which still solve the technical problems consistent with the present invention, should be included in the scope of the present invention.

Claims (3)

1. An industrial control network access control method based on a block chain is characterized by comprising the following steps:
(S1) writing access rights of the industrial field device into an access authentication intelligent contract, writing an access authorization intelligent contract for accessing identity authentication of the requester;
(S2) encrypting the access authentication intelligent contract and the access authorization intelligent contract, the common identification node in the blockchain receives the encrypted authentication intelligent contract and the encrypted access authorization intelligent contract, verifying the contract, if the contract passes the verification, performing uplink storage on the contract, broadcasting the transaction ID and the storage address of the contract to other nodes, and if the verification fails, broadcasting a transaction failure message by the common identification node;
(S3) when the access requester accesses the resources in the industrial control network, calling an access authorization intelligent contract to verify whether the user is legal, if the user is legal, completing role authorization of the access requester, and broadcasting an authorization result; if the verification fails, the access requester has no authority to access the industrial field device;
(S4) when the access requester obtains the access right, the access requester sends the access operation to the industrial field device, and the device responds to the access operation and returns the access result to the access requester.
2. The industrial network access control method based on the blockchain as claimed in claim 1, wherein in the step (S2), an elliptic curve cryptography algorithm is adopted for the encryption of the access authentication intelligent contract and the access authorization intelligent contract.
3. The industrial control network access control method based on the block chain as claimed in claim 2, wherein the encryption process of the elliptic curve encryption algorithm is as follows:
(1) setting the private key as K, and setting G as a point on an elliptic curve, and then setting a public key K as K x G;
(2) randomly generating an integer r, and calculating rG ═ x, y;
(3) calculating s ═ h + kx)/r according to the random number r, the hash value of the intelligent contract message M and the private key k, and then { rG, s } is a signature of the private key;
(4) sending the message M and the signature to each node of the block chain network;
(5) and after receiving the message M and the signature, solving a hash value h according to the message M, calculating hG/s + xK/s by using the public key K of the sender, comparing the hG/s + xK/s with rG, and finishing verification if the hG/s + xK/s and the rG are equal.
CN202011378886.5A 2020-11-30 2020-11-30 Industrial control network access control method based on block chain Active CN112468504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011378886.5A CN112468504B (en) 2020-11-30 2020-11-30 Industrial control network access control method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011378886.5A CN112468504B (en) 2020-11-30 2020-11-30 Industrial control network access control method based on block chain

Publications (2)

Publication Number Publication Date
CN112468504A true CN112468504A (en) 2021-03-09
CN112468504B CN112468504B (en) 2023-06-20

Family

ID=74805836

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011378886.5A Active CN112468504B (en) 2020-11-30 2020-11-30 Industrial control network access control method based on block chain

Country Status (1)

Country Link
CN (1) CN112468504B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113179311A (en) * 2021-04-23 2021-07-27 上海和数软件有限公司 Block chain authority multiple control method and system
CN113177234A (en) * 2021-04-29 2021-07-27 中国工商银行股份有限公司 Gray scale switch switching method and device
JP7357096B1 (en) 2022-03-24 2023-10-05 株式会社日立製作所 Data delivery system, data delivery method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936569A (en) * 2019-02-21 2019-06-25 领信智链(北京)科技有限公司 A kind of decentralization digital identity login management system based on ether mill block chain
WO2019150176A1 (en) * 2018-02-05 2019-08-08 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for managing service access authorization using smart contracts
US20190294817A1 (en) * 2018-03-26 2019-09-26 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and system for managing access to personal data by means of a smart contract
CN111046352A (en) * 2019-12-13 2020-04-21 浙江师范大学 Identity information security authorization system and method based on block chain
CN111629057A (en) * 2020-05-27 2020-09-04 广西师范大学 Block chain based Internet of things access control method with privacy protection function

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019150176A1 (en) * 2018-02-05 2019-08-08 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for managing service access authorization using smart contracts
US20190294817A1 (en) * 2018-03-26 2019-09-26 Commissariat A L'energie Atomique Et Aux Energies Alternatives Method and system for managing access to personal data by means of a smart contract
CN109936569A (en) * 2019-02-21 2019-06-25 领信智链(北京)科技有限公司 A kind of decentralization digital identity login management system based on ether mill block chain
CN111046352A (en) * 2019-12-13 2020-04-21 浙江师范大学 Identity information security authorization system and method based on block chain
CN111629057A (en) * 2020-05-27 2020-09-04 广西师范大学 Block chain based Internet of things access control method with privacy protection function

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
LI_MAX: "椭圆曲线加密算法", 《HTTPS://WWW.JIANSHU.COM/P/E41BC1EB1D81 》 *
LI_MAX: "椭圆曲线加密算法", 《HTTPS://WWW.JIANSHU.COM/P/E41BC1EB1D81 》, 14 August 2018 (2018-08-14), pages 6 *
金剑;: "广电数字媒体版权区块链管理平台的设计建设", 《广播与电视技术》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113179311A (en) * 2021-04-23 2021-07-27 上海和数软件有限公司 Block chain authority multiple control method and system
CN113177234A (en) * 2021-04-29 2021-07-27 中国工商银行股份有限公司 Gray scale switch switching method and device
JP7357096B1 (en) 2022-03-24 2023-10-05 株式会社日立製作所 Data delivery system, data delivery method

Also Published As

Publication number Publication date
CN112468504B (en) 2023-06-20

Similar Documents

Publication Publication Date Title
Li et al. A blockchain-based authentication and security mechanism for IoT
CN112468504B (en) Industrial control network access control method based on block chain
CN106878318B (en) Block chain real-time polling cloud system
CN108616504B (en) Sensor node identity authentication system and method based on Internet of things
CN102035838B (en) Trust service connecting method and trust service system based on platform identity
CN111970299A (en) Block chain-based distributed Internet of things equipment identity authentication device and method
CN114553540B (en) Zero trust-based Internet of things system, data access method, device and medium
KR102078913B1 (en) AUTHENTICATION METHOD AND SYSTEM OF IoT(Internet of Things) DEVICE BASED ON PUBLIC KEY INFRASTRUCTURE
CN109598104B (en) Software authorization protection system and method based on timestamp and secret authentication file
CN113032814A (en) Internet of things data management method and system
CN112131309A (en) Data evidence storing method and system based on block chain technology
CN114139203A (en) Block chain-based heterogeneous identity alliance risk assessment system and method and terminal
CN106027237B (en) Cipher key matrix safety certifying method based on group in a kind of RFID system
CN117155716B (en) Access verification method and device, storage medium and electronic equipment
CN112015111A (en) Industrial control equipment safety protection system and method based on active immunity mechanism
CN112685721A (en) Electric energy meter authority authentication method and device, computer equipment and storage medium
CN112261103A (en) Node access method and related equipment
CN109302442B (en) Data storage proving method and related equipment
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN113872986B (en) Power distribution terminal authentication method and device and computer equipment
CN116032643A (en) Application layer implicit unidirectional isolation device penetration method for national network chain service call
CN111753308B (en) Information verification method and electronic equipment
CN114978677A (en) Asset access control method, device, electronic equipment and computer readable medium
CN114024682A (en) Cross-domain single sign-on method, service equipment and authentication equipment
CN108449753B (en) Method for reading data in trusted computing environment by mobile phone device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant