CN113726746A - Industrial control safety management platform and control method thereof - Google Patents
Industrial control safety management platform and control method thereof Download PDFInfo
- Publication number
- CN113726746A CN113726746A CN202110914801.9A CN202110914801A CN113726746A CN 113726746 A CN113726746 A CN 113726746A CN 202110914801 A CN202110914801 A CN 202110914801A CN 113726746 A CN113726746 A CN 113726746A
- Authority
- CN
- China
- Prior art keywords
- data
- data transmission
- node
- transmission
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 14
- 230000005540 biological transmission Effects 0.000 claims abstract description 126
- 238000012544 monitoring process Methods 0.000 claims abstract description 51
- 238000004891 communication Methods 0.000 claims abstract description 30
- 238000012795 verification Methods 0.000 claims description 13
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 238000012216 screening Methods 0.000 claims description 3
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 239000000203 mixture Substances 0.000 claims 1
- 239000002994 raw material Substances 0.000 claims 1
- 230000007547 defect Effects 0.000 abstract description 2
- 238000012546 transfer Methods 0.000 description 9
- 238000007726 management method Methods 0.000 description 8
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an industrial control safety management platform, which comprises a data encryption module, a data transmission module and a data transmission module, wherein the data encryption module is used for encrypting data to be transmitted; the data transmission strategy control module is used for controlling strategy execution in the encrypted data transmission process; each data transmission node is in communication connection with at least two other different data transmission nodes to form a communication network for sending encrypted data; the transmission monitoring nodes are connected in series, and meanwhile, temporary communication connection is established between the transmission monitoring nodes and the data transmission nodes; and the data decryption module is used for decrypting the received data. The invention can improve the defects of the prior art, change the monitoring mode and simplify the monitoring process.
Description
Technical Field
The invention relates to the technical field of industrial control system safety management, in particular to an industrial control safety management platform and a control method thereof.
Background
With the development of industrial automation technology, industrial control systems are widely applied in various industrial production fields. However, there is a risk of security of data information in industrial control systems. In order to reduce the data security risk of the industrial control system, various data management monitoring methods are disclosed in the prior art. However, the existing methods all use data as objects, the calculation amount is large, and the monitoring result is not given in time.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an industrial control safety management platform and a control method thereof, which can overcome the defects of the prior art, change the monitoring mode and simplify the monitoring process.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows.
An industrial control safety management platform comprises a platform body,
the data encryption module is used for encrypting data to be sent;
the data transmission strategy control module is used for controlling strategy execution in the encrypted data transmission process;
each data transmission node is in communication connection with at least two other different data transmission nodes to form a communication network for sending encrypted data;
the transmission monitoring nodes are connected in series, and meanwhile, temporary communication connection is established between the transmission monitoring nodes and the data transmission nodes;
and the data decryption module is used for decrypting the received data.
A control method of the industrial control safety management platform comprises the following steps:
A. the data encryption module encrypts data to be sent;
B. the data transmission strategy control module determines a data transmission node for receiving encrypted data according to the real-time state of the data transmission node, then the data encryption module transmits the encrypted data to the data transmission node, and simultaneously the data encryption module transmits a corresponding key to the data decryption module through the transmission monitoring node;
C. the transmission monitoring node in an idle state monitors the data transmission node, and the data sending strategy control module adjusts the transmission path of the encrypted data in the data transmission node according to the monitoring result;
D. and the data decryption module verifies the received encrypted data according to the monitoring record of the transmission monitoring node, performs decryption processing if the verification is passed, and deletes the encrypted data and retransmits the encrypted data if the verification is failed.
Preferably, in the step B, the data transmission policy control module decides the data transfer node to receive the encrypted data according to the real-time status of the data transfer node includes the steps of,
b1, establishing the dynamic sequencing of the communication link security between the data transmission nodes, and taking the data transmission nodes in the idle state as the alternative nodes;
b2, screening out the alternative nodes with two-stage communication connection, and then selecting the alternative node with the maximum comprehensive security of the two-stage communication connection as a data transmission node for receiving encrypted data; the comprehensive safety calculation method is a weighted average value of two-stage communication links, and the weighted weight is in direct proportion to the historical utilization rate of the corresponding communication link.
Preferably, in step B, the transmission monitoring node generates a timestamp for each transmitted key, and the transmission monitoring nodes connected in series transmit the keys in a time division multiplexing manner.
Preferably, in step C, the monitoring of the data transfer node by the transfer monitoring node in the idle state includes the steps of,
c1, the transmission monitoring node establishes temporary communication connection with the data transmission node which is carrying out encrypted data transmission;
c2, the transmission monitoring node extracts an encrypted data address list in the data transmission node, compares the extracted address list with an address list before the encrypted data, judges that the data transmission node on the transmission path is abnormal if the address list is tampered, determines the abnormal data transmission node through reverse search, and judges that the current data transmission node is the abnormal data transmission node if the latest target transmission address is different from the address provided by the data sending strategy control module;
and C3, deleting the encrypted data passing through the abnormal data transmission node, and retransmitting the deleted encrypted data.
Preferably, in step D, the data decryption module compares the address list corresponding to the encrypted data in the transmission monitoring node with the key timestamp in a time sequence, if the comparison is correct, the verification is passed, otherwise, the verification fails.
Adopt the beneficial effect that above-mentioned technical scheme brought to lie in: the invention abandons the mode of directly verifying and operating the transmission data, realizes the real-time adjustment of the data transmission path by establishing a brand-new data transmission structure and monitoring the data transmission process in real time, improves the data security, and simultaneously verifies the data security by combining the uncertainty of the data transmission path and the key timestamp. The longer the transmission path of the data is, the higher the verification accuracy of the data is, and no extra calculation amount is added, so that the method is very suitable for being used in a large-scale industrial control system.
Drawings
FIG. 1 is a system schematic of one embodiment of the present invention.
Detailed Description
An industrial control safety management platform comprises a platform body,
the data encryption module 1 is used for encrypting data to be sent;
the data transmission strategy control module 2 is used for controlling strategy execution of the encrypted data transmission process;
each data transmission node 3 is in communication connection with at least two other different data transmission nodes 3 to form a communication network for sending encrypted data;
the transmission monitoring nodes 4 are connected in series, and meanwhile, temporary communication connection is established between the transmission monitoring nodes 4 and the data transmission nodes 3;
and the data decryption module 5 is used for decrypting the received data.
A control method of the industrial control safety management platform comprises the following steps:
A. the data encryption module 1 encrypts data to be sent;
B. the data transmission strategy control module 2 determines a data transmission node 3 for receiving encrypted data according to the real-time state of the data transmission node 3, then the data encryption module 1 transmits the encrypted data to the data transmission node 3, and simultaneously the data encryption module 1 transmits a corresponding key to the data decryption module 5 through the transmission monitoring node 4;
C. the transmission monitoring node 4 in an idle state monitors the data transmission node 3, and the data sending strategy control module 2 adjusts the transmission path of the encrypted data in the data transmission node 3 according to the monitoring result;
D. the data decryption module 5 verifies the received encrypted data according to the monitoring record of the transmission monitoring node 4, performs decryption processing if the verification is passed, and deletes the encrypted data and retransmits the encrypted data if the verification fails.
In step B, the data transmission policy control module 2 determines the data transfer node 3 that receives the encrypted data according to the real-time status of the data transfer node 3, including the steps of,
b1, establishing the dynamic sequencing of the communication link security between the data transmission nodes 3, and taking the data transmission nodes 3 in the idle state as alternative nodes;
b2, screening out the alternative nodes with two-stage communication connection, and then selecting the alternative node with the maximum comprehensive security of the two-stage communication connection as the data transmission node 3 for receiving the encrypted data; the comprehensive safety calculation method is a weighted average value of two-stage communication links, and the weighted weight is in direct proportion to the historical utilization rate of the corresponding communication link.
In step B, the transmission monitoring node 4 generates a timestamp for each transmitted key, and the transmission monitoring nodes 4 connected in series transmit the keys in a time division multiplexing manner.
In step C, the monitoring of the data transfer node 3 by the transfer monitoring node 4 in the idle state includes the following steps,
c1, the transmission monitoring node 4 establishes a temporary communication connection with the data transmission node 3 which is carrying out encrypted data transmission;
c2, the transmission monitoring node 4 extracts an encrypted data address list in the data transmission node 3, compares the extracted address list with an address list before the encrypted data, if the address list is tampered, judges that the data transmission node 3 on the transmission path is abnormal, determines the abnormal data transmission node 3 through reverse search, and if the latest target transmission address is different from the address provided by the data sending strategy control module 2, judges that the current data transmission node 3 is the abnormal data transmission node 3;
c3, deleting the encrypted data passing through the abnormal data transfer node 3, and retransmitting the deleted encrypted data.
In the step D, the data decryption module 5 compares the address list of the corresponding encrypted data in the transmission monitoring node 4 with the key timestamp, and if the comparison is correct, the verification is passed, otherwise, the verification fails.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (6)
1. The utility model provides an industrial control safety management platform which characterized in that: comprises the steps of (a) preparing a mixture of a plurality of raw materials,
the data encryption module (1) is used for encrypting data to be sent;
the data transmission strategy control module (2) is used for controlling strategy execution of the encrypted data transmission process;
each data transmission node (3) is in communication connection with at least two other different data transmission nodes (3) to form a communication network for sending encrypted data;
the transmission monitoring nodes (4) are connected in series, and meanwhile, temporary communication connection is established between the transmission monitoring nodes (4) and the data transmission nodes (3);
and the data decryption module (5) is used for decrypting the received data.
2. The control method of the industrial control safety management platform according to claim 1, characterized by comprising the following steps:
A. the data encryption module (1) encrypts data to be sent;
B. the data transmission strategy control module (2) determines a data transmission node (3) for receiving encrypted data according to the real-time state of the data transmission node (3), then the data encryption module (1) transmits the encrypted data to the data transmission node (3), and simultaneously the data encryption module (1) transmits a corresponding key to the data decryption module (5) through the transmission monitoring node (4);
C. the transmission monitoring node (4) in an idle state monitors the data transmission node (3), and the data sending strategy control module (2) adjusts the transmission path of the encrypted data in the data transmission node (3) according to the monitoring result;
D. and the data decryption module (5) verifies the received encrypted data according to the monitoring record of the transmission monitoring node (4), performs decryption processing if the verification is passed, and deletes the encrypted data and retransmits the encrypted data if the verification is failed.
3. The control method of the industrial control safety management platform according to claim 2, characterized in that: in step B, the data transmission strategy control module (2) determines the data transmission node (3) for receiving the encrypted data according to the real-time state of the data transmission node (3) comprises the following steps,
b1, establishing the dynamic sequencing of the communication link security between the data transmission nodes (3), and taking the data transmission node (3) in the idle state as an alternative node;
b2, screening out the alternative nodes with two-level communication connection, and then selecting the alternative node with the maximum comprehensive security of the two-level communication connection as a data transmission node (3) for receiving encrypted data; the comprehensive safety calculation method is a weighted average value of two-stage communication links, and the weighted weight is in direct proportion to the historical utilization rate of the corresponding communication link.
4. The control method of the industrial control safety management platform according to claim 3, characterized in that: in the step B, the transmission monitoring nodes (4) generate time stamps for each sent key, and the transmission monitoring nodes (4) connected in series transmit the keys in a time division multiplexing mode.
5. The control method of the industrial control safety management platform according to claim 4, characterized in that: in step C, the monitoring of the data transmission node (3) by the transmission monitoring node (4) in an idle state comprises the following steps,
c1, the transmission monitoring node (4) establishes a temporary communication connection with the data transmission node (3) which is carrying out encrypted data transmission;
c2, the transmission monitoring node (4) extracts an encrypted data address list in the data transmission node (3), compares the extracted address list with an address list before the encrypted data, judges that the data transmission node (3) on a transmission path is abnormal if the address list is tampered, determines the abnormal data transmission node (3) through reverse search, and judges that the current data transmission node (3) is the abnormal data transmission node (3) if the latest target transmission address is different from the address provided by the data sending strategy control module (2);
and C3, deleting the encrypted data passing through the abnormal data transmission node (3) and retransmitting the deleted encrypted data.
6. The control method of the industrial control safety management platform according to claim 5, characterized in that: in the step D, the data decryption module (5) compares the address list corresponding to the encrypted data in the transmission monitoring node (4) with the key time stamp in a time sequence, if the comparison is correct, the verification is passed, otherwise, the verification fails.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110914801.9A CN113726746A (en) | 2021-08-10 | 2021-08-10 | Industrial control safety management platform and control method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110914801.9A CN113726746A (en) | 2021-08-10 | 2021-08-10 | Industrial control safety management platform and control method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113726746A true CN113726746A (en) | 2021-11-30 |
Family
ID=78675369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110914801.9A Pending CN113726746A (en) | 2021-08-10 | 2021-08-10 | Industrial control safety management platform and control method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113726746A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
| CN104852961A (en) * | 2015-04-09 | 2015-08-19 | 黎建军 | Internet of Things data transmission method |
| US20160119294A1 (en) * | 2014-05-21 | 2016-04-28 | Yahoo! Inc. | Methods and systems for data traffic control and encryption |
| CN105721498A (en) * | 2016-04-07 | 2016-06-29 | 周文奇 | Industrial control network security early-warning system |
| US9800560B1 (en) * | 2015-04-23 | 2017-10-24 | Symantec Corporation | Systems and methods for monitoring encrypted data transmission |
| CN109639438A (en) * | 2019-02-26 | 2019-04-16 | 燕山大学 | A kind of SCADA network industries information ciphering method based on digital signature |
| CN110324351A (en) * | 2019-07-10 | 2019-10-11 | 厦门嵘拓物联科技有限公司 | The system and method for information interconnection in a kind of network collaborative design |
| CN113114703A (en) * | 2021-05-14 | 2021-07-13 | 恒隆通信技术有限公司 | Data encryption method and system for networking communication |
| CN113221146A (en) * | 2021-05-26 | 2021-08-06 | 中国人民银行数字货币研究所 | Method and device for data transmission between block chain nodes |
-
2021
- 2021-08-10 CN CN202110914801.9A patent/CN113726746A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103209202A (en) * | 2012-01-16 | 2013-07-17 | 联想(北京)有限公司 | Method and device for transmitting data |
| US20160119294A1 (en) * | 2014-05-21 | 2016-04-28 | Yahoo! Inc. | Methods and systems for data traffic control and encryption |
| CN104852961A (en) * | 2015-04-09 | 2015-08-19 | 黎建军 | Internet of Things data transmission method |
| US9800560B1 (en) * | 2015-04-23 | 2017-10-24 | Symantec Corporation | Systems and methods for monitoring encrypted data transmission |
| CN105721498A (en) * | 2016-04-07 | 2016-06-29 | 周文奇 | Industrial control network security early-warning system |
| CN109639438A (en) * | 2019-02-26 | 2019-04-16 | 燕山大学 | A kind of SCADA network industries information ciphering method based on digital signature |
| CN110324351A (en) * | 2019-07-10 | 2019-10-11 | 厦门嵘拓物联科技有限公司 | The system and method for information interconnection in a kind of network collaborative design |
| CN113114703A (en) * | 2021-05-14 | 2021-07-13 | 恒隆通信技术有限公司 | Data encryption method and system for networking communication |
| CN113221146A (en) * | 2021-05-26 | 2021-08-06 | 中国人民银行数字货币研究所 | Method and device for data transmission between block chain nodes |
Non-Patent Citations (3)
| Title |
|---|
| ARUN NAGARAJA;NIMMALA MANGATHAYARU;N RAJASHEKAR;T SATISH KUMAR: "A survey on routing techniques for transmission of packets in networks", 《2016 INTERNATIONAL CONFERENCE ON ENGINEERING & MIS (ICEMIS)》 * |
| 宫天何: "基于IPv6无线传感器网络的路由策略及数据安全技术", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 王健: "数据加密技术在计算机网络通信安全中的应用研究", 《电子元器件与信息技术》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108632293B (en) | Building equipment Internet of things system and method based on block chain technology | |
| CN112150284B (en) | Blockchain heterogeneous chain cross-chain transaction method | |
| Danzi et al. | Communication aspects of the integration of wireless IoT devices with distributed ledger technology | |
| CN111752246B (en) | Unmanned aerial vehicle bee colony cooperative work platform based on block chain and artificial intelligence drive | |
| CN106850188A (en) | A kind of data transmission system based on multichannel isomery one-way transmission path | |
| CN110377002A (en) | A kind of adaptive interior CAN bus method of controlling security and system | |
| CN110830251B (en) | Method for safely transmitting electricity consumption information in ubiquitous power Internet of things environment | |
| CN104038957A (en) | 4G base station operation maintenance information analysis process method based on integration structure | |
| CN104113395A (en) | Safe transmission method for data of Internet of Things under wireless poor network environment | |
| CN113094743A (en) | Power grid data storage method based on improved Byzantine consensus algorithm | |
| CN114928835B (en) | Dynamic wireless sensor network construction method based on blockchain and key management | |
| CN110691358B (en) | Access control system based on attribute cryptosystem in wireless sensor network | |
| CN116366673A (en) | Data analysis and sharing method oriented to management of power grid information machine room | |
| CN114760135A (en) | Optimization method of block chain fault-tolerant consensus scheme | |
| CN1312880C (en) | TCP/IP based method and system for realizing safety strategy for industrial control networks | |
| CN107231628B (en) | Safety data fusion method suitable for multiple application scenes | |
| CN106341256B (en) | V2G system based on software defined network and safety communication method thereof | |
| CN113726746A (en) | Industrial control safety management platform and control method thereof | |
| CN115118526B (en) | VR device data migration method | |
| CN114117515B (en) | Disaster-tolerant traceable intelligent ammeter data security aggregation method | |
| CN114422227B (en) | Data acquisition and analysis system based on network security | |
| CN116319365A (en) | Equipment monitoring information cross-safety-zone transmission and automatic modeling system | |
| CN111065091B (en) | Wireless data acquisition system and data transmission method based on lora | |
| CN113993075A (en) | Information monitoring system and method based on distribution network encryption | |
| CN113988882A (en) | Vehicle power storage battery traceability system and method based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20211130 |