CN114859810A - System and method for safely downloading configuration engineering - Google Patents
System and method for safely downloading configuration engineering Download PDFInfo
- Publication number
- CN114859810A CN114859810A CN202210542684.2A CN202210542684A CN114859810A CN 114859810 A CN114859810 A CN 114859810A CN 202210542684 A CN202210542684 A CN 202210542684A CN 114859810 A CN114859810 A CN 114859810A
- Authority
- CN
- China
- Prior art keywords
- safe
- trusted
- management platform
- plc controller
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004891 communication Methods 0.000 claims abstract description 26
- 238000007781 pre-processing Methods 0.000 claims abstract description 7
- 238000012795 verification Methods 0.000 claims description 13
- 238000004519 manufacturing process Methods 0.000 claims description 9
- 238000009434 installation Methods 0.000 claims description 7
- 238000003860 storage Methods 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 2
- 238000009826 distribution Methods 0.000 claims 1
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000009545 invasion Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 239000002737 fuel gas Substances 0.000 description 1
- 239000000295 fuel oil Substances 0.000 description 1
- 238000009776 industrial production Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
- G05B19/054—Input/output
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/10—Plc systems
- G05B2219/11—Plc I-O input output
- G05B2219/1103—Special, intelligent I-O processor, also plc can only access via processor
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Programmable Controllers (AREA)
Abstract
The invention provides a configuration engineering safety downloading system and a method thereof, wherein the configuration engineering safety downloading system comprises the following steps: user identity authentication, configuration engineering safety preprocessing and configuration engineering safety downloading. The configuration engineering safety downloading purpose in the industrial automation system is realized by establishing encryption communication between the safe trusted management platform and the safe trusted engineer station and encrypting the signature between the safe trusted management platform and the target PLC controller by adopting the mode of combining identity authentication and double keys.
Description
Technical Field
The invention relates to the technical field of information security in industrial automation control, in particular to a system and a method for safely downloading configuration engineering.
Background
The industrial control system is used as an important basic strategic resource, is applied to more than 80% of key infrastructures, has the capabilities of controlling the switch-on and switch-off of a hydropower station, detecting the state of a power grid or controlling the pressure of a fuel oil and gas pipeline and the like, and plays an important role in the stage of national infrastructure.
A major industrial information security incident occurring in recent years relates to a key information infrastructure in important fields of energy, transportation, manufacturing, medical treatment, communication, and the like, and has a serious influence on industrial production and national security in many countries. Malicious codes customized for an industrial control system become one of main security threats of the industrial control system and a measurement and control terminal, the diffusion and damage processes are very hidden, a security protection system mainly based on isolation can be broken through, and the existing protection measures are difficult to effectively defend. Therefore, information security research of industrial control systems has been urgent, and the need for implementing information security in important industrial control systems such as Programmable Logic Controllers (PLCs) is becoming more and more apparent.
The safety protection situation of an industrial control network system is changed, particularly, new technologies, new applications and new business forms appear in a large amount, particularly, the rapid development of artificial intelligence, big data, the internet of things, cloud computing, a full-digital instrument control system and the like, the rapid change of safety trend and situation is difficult to deal with by a traditional industrial control safety system, a static protection mechanism and the like, and the research on an active defense technical system, a key technology and the like of the industrial control system is urgently needed. At present, configuration engineering downloading in most industrial control systems is mostly in a plaintext mode, no safety protection measures are provided, once a malicious attacker invades a network of an engineer station and a PLC, the configuration engineering can be damaged by tampering information or tampered by a man-in-the-middle attack mode, and loss which cannot be estimated is caused.
Chinese patent document CN106647675A discloses a real-time monitoring method for configuration files and configuration data of an industrial control system, which proposes to configure a data acquisition module, which runs on an upper computer and can detect the change situation of the content of the engineering configuration files of the industrial control system, and when the configuration files are changed, send out a configuration file change alarm and record the change time.
Chinese patent document CN107040545A discloses a method for protecting the whole life cycle of an engineering document, which uses heterogeneous redundancy and redundancy voting technology as the core and combines with the specific processes and technologies of the compiling link, the transmission link, the storage link and the operation link of the whole life cycle of the engineering document, so that the heterogeneous polytypes generated in the compiling link of the engineering document do not have a consistent available attack path, cannot be attacked by a man-in-the-middle in the transmission link, cannot be tampered in the storage link, cannot be effective in the operation link, and finally achieves the purpose of protecting the engineering document in the process, increases the confidentiality, integrity and availability of the logic configuration engineering document, and can effectively deal with the threat of unknown vulnerabilities.
In the existing industrial control system, in order to prevent other personnel from modifying the configuration engineering file, a lot of configuration software supports encrypting the configuration engineering file. When a configuration engineering file with a password is opened, the configuration engineering file can be checked and edited by inputting a correct password, otherwise, the configuration engineering file cannot be opened, so that the safety management of the configuration engineering file in the industrial control system is realized, but the unified management and control through a safe and trusted management platform are not involved, and the safe downloading of the configuration engineering is carried out by utilizing the safe and trusted management platform. In addition, in order to ensure safe installation of the configuration project in the prior art, the PLC controller needs to occupy a large space and consume a large number of resource components, which results in reduction of the operating efficiency of the PLC controller and increase of the cost.
Disclosure of Invention
Aiming at the defects and shortcomings in the prior art, the invention aims to solve the problems that when configuration engineering is safely downloaded, configuration engineering is easy to be attacked maliciously and invaded into an engineer station and a PLC (programmable logic controller) network, the engineer station and the PLC directly transmit configuration engineering files, the engineer station needs to correspond to each PLC, so that engineer station nodes are difficult to increase, and when data is directly transmitted, the PLC integrates too many resource components such as an encryption component, the efficiency of the PLC is reduced, and the cost is increased.
Another aspect of the present invention is to provide a system and a method for configuration engineering safety downloading, which can flexibly increase engineer station nodes and facilitate management.
Another aspect of the present invention is to provide a system and a method for configuration engineering security downloading, which can achieve confidentiality and integrity of configuration engineering security downloading.
Another aspect of the present invention is to provide a system for configuration engineering safety downloading and a method thereof, which can save resources of a PLC controller.
Another aspect of the present invention is to provide a system and a method for downloading configuration engineering safety, in which an engineer station does not need to increase public key management capability for a plurality of PLC controllers, thereby saving resource consumption and ensuring reliability.
Aspects and advantages of the invention will be set forth in part in the following description, or may be obvious from the description, or may be learned through practice of the invention.
The invention provides a configuration engineering safety downloading system, which comprises a safe and credible management platform, a safe and credible engineer station, a switch and a safe and credible PLC (programmable logic controller); wherein the content of the first and second substances,
the safe and trusted management platform is configured with a certificate management unit, a PLC public key management unit and an administration and management private key, and the PLC public key management unit is configured to enable a public key of the safe and trusted PLC controller to correspond to equipment information of the safe and trusted PLC controller;
the safe trusted engineer station is configured to generate configuration engineering, execute downloading operation, establish safe link with the safe trusted management platform and carry out safe communication;
the secure and trusted management platform signs the configuration project through an administration private key and an encryption algorithm of the secure and trusted management platform, and encrypts the signature and the configuration project by using a public key of a target PLC in the PLC public key management unit to form signature encrypted data;
the safe trusted management platform is configured to send the signature encrypted data to a target PLC controller, the target PLC controller decrypts the received signature encrypted data by using a private key of the target PLC controller, and signature verification is performed on configuration engineering signed by using an administration private key encrypted and stored in the PLC controller.
According to the invention, the configuration engineering file and the PLC equipment information are ensured not to be maliciously tampered and integrated through the private key signature of the security management, the confidentiality of the signature information is ensured through the encryption of the PLC public key, and the configuration engineering file and other confidential contents are ensured not to be acquired by a malice attacker.
Further, the certificate management unit comprises a digital certificate and a key management unit, and the key management unit is matched with the digital certificate to generate, store, distribute and update the required key.
Further, the certificate management unit is configured to issue a user certificate and a device certificate to the secure trusted management platform and the secure trusted engineer station; the user certificate can be respectively stored in the UKEY, the safe trusted management platform and the safe trusted engineer station, and the equipment certificate is stored in the safe trusted management platform and the safe trusted engineer station.
When a user logs in, the UKEY with a built-in user certificate is required, after the UKEY is inserted, a safe and trusted management platform or a safe and trusted engineer station exchanges the user certificate with the UKEY to carry out identity authentication, and after the authentication is passed, the user is proved to be a legal user, so that the possibility of illegal user login is avoided.
Further, the establishing a secure link with the secure trusted management platform is configured to: and the safe trusted engineer station exchanges the equipment certificate with the safe trusted management platform, performs key agreement to generate a symmetric key, and encrypts the configuration project and the target PLC controller information through an encryption component.
In the invention, the equipment certificate is exchanged between the safe trusted engineer station and the safe trusted management platform, thereby further avoiding the possibility of realizing information interaction between illegal equipment and the safe trusted management platform and preventing information tampering and illegal invasion.
Further, the encryption component is an openssl component or a component which is modified based on the openssl component and then implements an encryption algorithm.
Further, the secure trusted management platform signs the configuration engineering through the security management private key and the encryption algorithm, wherein the encryption algorithm is an SM3 algorithm.
Further, the safe and reliable PLC controller is configured with a safety management public key in a production preset mode. Meanwhile, in the operation of the industrial control system, the updating and upgrading of the security management public key are strictly controlled, and the disguised attack of a malicious attacker through replacing the security management public key is avoided.
In the configuration engineering safety downloading system, the safe and credible engineer station and the safe and credible management platform establish encryption communication to ensure the confidentiality and integrity of the configuration engineering, and in the industrial control system, the safe and credible management platform is relatively fixed and is uniformly managed by the safe and credible management platform, the safe and credible engineer station can relatively flexibly add nodes to facilitate management, the safe and credible PLC controller only needs to encrypt and store the security management public key, the key management is simple and reliable, and the resources of the safe and credible PLC controller are saved; moreover, the security and credibility engineer station does not need to increase the public key management capacity of a plurality of security and credibility PLC controllers, so that the resource consumption is saved, the function is relatively single, and the reliability is ensured.
The invention provides a method for safely installing a configuration project, which comprises the following steps:
and (3) user identity authentication: when a user logs in, the user certificate is exchanged with a safe and trusted management platform and/or a safe and trusted engineer station through a UKEY with a built-in user certificate to carry out user identity authentication;
safe preprocessing of configuration engineering: after the safe trusted engineer station generates a configuration project and executes downloading operation, the safe trusted engineer station establishes safe communication with the safe trusted management platform, and the safe trusted engineer station sends information of the configuration project and a target PLC controller to the safe trusted management platform in an encryption mode;
safe installation of configuration engineering: after the safe trusted management platform receives the configuration project and the target PLC controller data sent by the safe trusted engineer station, signing the configuration project through an administration private key and an encryption algorithm of the safe trusted management platform;
encrypting the signature and configuration project by using a public key of a target PLC in the safe and reliable management platform, and sending the encrypted data to the target PLC;
and after receiving the signature decryption data sent by the safe and credible management platform, the target PLC controller decrypts by using a private key of the target PLC controller, then verifies the signature by using an administration public key of the safe and credible management platform which is stored in the target PLC controller in a preset encryption manner, and if decryption and signature verification are successful, a configuration project is executed.
Further, in the safety preprocessing of the configuration engineering, the safety trusted management platform establishes safety communication with the safety trusted engineer station, establishes a safety link based on an encryption algorithm, the safety trusted engineer station exchanges the equipment certificate with the safety trusted management platform to perform key agreement, generates a symmetric key, and encrypts the information of the configuration engineering and the target PLC controller through an encryption component.
Further, the encryption algorithm in the establishment of the secure link based on the encryption algorithm is an openssl component or a component which is based on the openssl component and is modified to realize the encryption algorithm.
Further, in the configuration engineering safety downloading, the safety trusted PLC controller is provided with an installation and management public key of the safety trusted management platform in a production preset manner, and stores the installation and management public key in an encrypted manner, and the installation and management public key is set to be an updating manner that only factory return or firmware upgrade is accepted. Illegal invasion or malicious attackers are prevented from carrying out disguised attack by replacing the public key of the security management.
Further, in the configuration engineering safety downloading, the safety trusted management platform further comprises a PLC public key management unit, and after logging in the safety trusted management platform, the safety management public key of the safety trusted management platform and the target PLC controller information are entered into the PLC public key management unit, so as to ensure a corresponding relationship between the public key of each PLC controller and the information thereof.
Further, in the user identity authentication, the certificate management unit includes a digital certificate and a key management unit, and the key management unit cooperates with the digital certificate to generate, store, distribute, and update the required key. The digital certificate is a CA digital certificate.
Further, the certificate management unit is configured to issue a user certificate and a device certificate to the secure trusted management platform and the secure trusted engineer station; the user certificate can be respectively stored in the UKEY, the safe trusted management platform and the safe trusted engineer station, and the equipment certificate is stored in the safe trusted management platform and the safe trusted engineer station.
The configuration engineering safety downloading system and the method thereof establish encryption communication with the safe and credible management platform through the safe and credible engineer station, ensure the confidentiality and the integrity of the configuration engineering, and use the safe and credible management platform as a unified configuration engineering issuing management platform, one is that in the industrial control system, the safe and credible management platform is relatively fixed and is managed in a unified way through the safe and credible management platform, and the safe and credible engineer station can relatively flexibly add nodes to facilitate management, moreover, the safe and credible PLC controller only needs to encrypt and store the security management public key of the safe and credible management platform, the key management is simple and reliable, and the resources of the safe and credible PLC controller are saved; secondly, the security and credibility engineer station does not need to increase the public key management capacity of a plurality of security and credibility PLC controllers, so that the resource consumption is saved, the function is relatively single, and the reliability is ensured.
In the technical scheme of the invention, equipment such as a server or a PC (personal computer) is usually adopted by combining a safe and trusted engineer station and a safe and trusted management platform, the server or the PC has relatively strong computing capability and relatively abundant resources, and encryption communication is realized by integrating mature encryption components (such as opennsl).
In the technical scheme of the invention, the PLC belongs to embedded equipment, and resources are relatively limited, so that the PLC is only provided with technical means for managing public key signature verification, private key decryption and encrypted storage, larger space occupation and more resource consumption caused by integration of openssl and the like are avoided, the load of the PLC is reduced as much as possible, and the practical application capability of the scheme is improved.
In the technical scheme of the invention, the method also comprises a user identity authentication link, and identity authentication is carried out among the UKEY, the engineer station and the safe and credible management platform, so that the user is prevented from being an illegal user.
In the technical scheme of the invention, the safety link is established between the engineer station and the safe credible management platform through an encryption algorithm preset by both parties, and the identity authentication of both communication parties is carried out, so that the safety of the communication link is ensured.
In the technical scheme of the invention, data encryption is carried out by arranging the openssl component between the engineer station and the secure trusted management platform or modifying the openssl component to realize the encryption algorithm, so that the data security of communication is ensured.
According to the technical scheme, the safe downloading of the configuration engineering is guaranteed by establishing safety measures of signature and signature verification between the safe trusted management platform and the target PLC.
These and other features, aspects, and advantages of the present application will become better understood with reference to the following description. The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description, serve to explain the principles of the application.
Drawings
A full and enabling disclosure of the present application, including the best mode thereof, directed to one of ordinary skill in the art, is set forth in the specification, which makes reference to the appended figures, in which:
fig. 1 is a schematic diagram of a configuration engineering safety downloading system according to the present invention.
FIG. 2 is a schematic diagram of the safety pre-processing of the configuration engineering according to the present invention.
Fig. 3 is a schematic diagram of the configuration engineering safety downloading device of the present invention.
Detailed Description
Reference now will be made in detail to embodiments of the present application, one or more examples of which are illustrated in the drawings. Each example is provided by way of explanation of the application, not limitation of the application. In fact, it will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the scope or spirit of the application. For example, features illustrated or described as part of one embodiment can be used with another embodiment to yield a still further embodiment. Thus, it is intended that the present application cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. As used in this specification, the terms "first," "second," and the like may be used interchangeably to distinguish one element from another and are not intended to indicate the position or importance of each element. As used in the specification, the terms "a," "an," "the," and "said" are intended to mean that there are one or more of the elements, unless the context clearly indicates otherwise. The terms "comprising," "including," and "having" are intended to be inclusive and mean that there may be additional elements other than the listed elements. Wherein like numerals indicate like elements throughout, the invention is further explained below in conjunction with the detailed description.
As shown in fig. 1 to 3, a configuration engineering security downloading system of the present invention includes a secure trusted management platform, a secure trusted engineer station, a switch, and a secure trusted PLC controller; the safe and trusted management platform is provided with a certificate management unit, a PLC public key management unit and an administration private key. The safety management private key and the safety management public key are asymmetric keys, when the private key is used for signature, signature information is ensured, the operation of a private key holder is realized, the non-repudiation performance is realized, and the identity of a signer can be proved. When the private key is used for decryption, only one party with the private key can decrypt the private key, so that the confidentiality of the encrypted information of the public key is ensured. The certificate management unit comprises a CA digital certificate and a key management unit, and the key management unit is matched with the CA digital certificate to generate, store, distribute and update the required key. The certificate management unit signs and issues a user certificate and an equipment certificate for the safe and trusted management platform and the safe and trusted engineer station. The user certificate can be respectively stored in the UKEY, the safe trusted management platform and the safe trusted engineer station, and the equipment certificate is stored in the safe trusted management platform and the safe trusted engineer station. The user certificate and the device certificate are configured into the UKEY, the secure trusted management platform and the secure trusted engineer station in a secret or secure network transmission mode.
When a user logs in, the user must hold a UKEY with a built-in user certificate, after the UKEY is inserted, a safe and trusted management platform or a safe and trusted engineer station exchanges the user certificate with the UKEY to perform identity authentication, and after the authentication is passed, the user is proved to be a legal user, so that the possibility of illegal user login is avoided.
After a user logs in a safe and trusted engineer station, the safe and trusted engineer station generates configuration engineering and executes downloading operation, the safe and trusted engineer station exchanges equipment certificates with a safe and trusted management platform, key negotiation is carried out, symmetric keys are generated, safe communication is established with the safe and trusted engineer station, the safe and trusted engineer station encrypts the configuration engineering and target PLC information and the like by using an ip address, equipment information and the like of the configuration engineering and target PLC to be downloaded through an openssl component or based on an openssl component, and the safe and trusted engineer station sends the configuration engineering and the target PLC information to the safe and trusted management platform. The safe and trusted engineer station exchanges the equipment certificate with the safe and trusted management platform, establishes a safe connection channel, and transmits configuration engineering and target PLC controller information data in an encryption mode, thereby further avoiding the possibility of realizing information interaction between illegal equipment and the safe and trusted management platform and preventing information tampering and illegal invasion.
The PLC public key management unit is configured to enable a public key of the safe and reliable PLC controller to correspond to equipment information of the safe and reliable PLC controller, a legal user holding the UKEY logs in a safe and reliable management platform before the safe and reliable PLC controller is connected to the system, the public key of the safe and reliable PLC controller and the equipment information of the safe and reliable PLC controller are input into the PLC public key management unit of the safe and reliable management platform, and the corresponding relation between the public key and the equipment information is ensured.
The safe and reliable PLC controller is configured with an administration public key of a safe and reliable management platform in a production preset mode, the administration public key is stored in the safe and reliable PLC controller in an encrypted mode, and the administration public key can carry out signature verification on configuration engineering signed by an administration private key in the safe and reliable management platform;
after the safe trusted management platform receives the configuration project and the PLC information of the safe trusted engineer station, the safe trusted management platform signs the configuration project through the security management private key and the SM3 encryption algorithm, and the public key of the target PLC controller in the PLC public key management unit is used for encrypting the signature and the configuration project to form signature encryption data.
The safe trusted management platform sends the signature encrypted data to a target PLC controller, the target PLC controller decrypts the received signature encrypted data by using a private key of the target PLC controller, and signature verification is performed by using the preset safety management public key.
The safe and trusted management platform is configured with a safe and trusted public key and a safe and trusted private key, the safe and trusted public key is stored in each safe and trusted PLC controller in an encrypted manner in a production preset manner, and in the system operation process, if the system does not return to a factory or perform firmware upgrading and other actions, the safe and trusted PLC controllers do not accept public key updating in any other form, so that a malicious attacker is prevented from conducting disguised attack in a manner of replacing the safe and trusted public key. Each safe and reliable PLC controller is configured with an independent PLC controller public key and an independent PLC controller private key, the PLC controller public key and information of the PLC controller are stored in a PLC public key management unit of the safe and reliable management platform in a corresponding mode, so that signature encryption data formed by encrypting the signature and configuration project by using a public key of a target PLC controller in the PLC public key management unit is ensured, and the private key of the corresponding target PLC controller can be decrypted. In this specification, the secure and trusted PLC controller is at least one PLC controller, and the target PLC controller is a secure and trusted PLC controller to be installed in a configuration project.
According to the method, the encryption communication is established between the security and credibility engineer station and the security and credibility management platform, the confidentiality and the integrity of the configuration project are guaranteed, the configuration project file and the information of the PLC equipment are not maliciously tampered and integrated by the signature of the security and credibility engineer station, the confidentiality of the signature information is guaranteed by the encryption of the PLC public key, and the configuration project file and other confidential contents are guaranteed not to be obtained by a malicious attacker.
The safe and reliable management platform serves as a unified configuration engineering issuing management platform, an engineer station can flexibly add nodes, management is convenient, the safe and reliable PLC controller only needs to encrypt and store the public key of the security management, key management is simple and reliable, and resources of the safe and reliable PLC controller are saved; the engineer station does not need to increase the capacity of public key management of a plurality of PLCs, saves resource consumption, has relatively single function and ensures reliability.
The security trusted engineer station and the security trusted management platform of the invention usually adopt equipment such as a server or a PC, have relatively strong computing power and relatively rich resources, and can realize encrypted communication by integrating mature encryption components (such as opennssl and the like). The PLC belongs to embedded equipment, resources are relatively limited, the PLC is only required to be added with the capabilities of public key signature verification, private key decryption and encryption storage, and components such as opennssl and the like which occupy larger space and consume more resources are not required to be integrated for the PLC, so that the load of the PLC is reduced as much as possible.
The method ensures the safe downloading of the configuration engineering from the modes of user login, encrypted communication between devices, configuration engineering private key signature public key encryption and the like and from multiple dimensions of user identity authentication, communication both-party identity authentication, data encryption, signature verification and the like.
As shown in fig. 1, the present invention provides a method for installing configuration engineering safety, which comprises:
and (3) user identity authentication: the safe trusted management platform and the safe trusted engineer station are arranged in a user interaction mode, and have multiple functions including operation such as strategy configuration, alarm checking, configuration engineering programming, PLC online state checking, PLC log exporting and the like, and the user interaction functions can be operated after a user logs in.
In order to prevent illegal user from logging in, a legal and trusted user must have a UKEY with a built-in user certificate when logging in, after the UKEY is inserted, a safe trusted management platform or a safe trusted engineer station exchanges a user certificate with the UKEY to perform identity authentication, and after the identity authentication is passed, the user is proved to be a legal user so as to perform the next operation.
The certificate management unit comprises a CA digital certificate and a key management unit, and the key management unit is matched with the CA digital certificate to generate, store, distribute and update the required key. The certificate management unit is configured to issue a user certificate and a device certificate to the secure trusted management platform and the secure trusted engineer station; the user certificate can be respectively stored in the UKEY, the safe trusted management platform and the safe trusted engineer station, and the equipment certificate is stored in the safe trusted management platform and the safe trusted engineer station.
As shown in fig. 2, the configuration engineering safety preprocessing: after the safe trusted engineer station generates the configuration engineering and executes the downloading operation, the safe trusted engineer station establishes safe communication with the safe trusted management platform, the safe trusted management platform establishes safe communication with the safe trusted engineer station, establishes safe link for being the openssl component based on the encryption algorithm or realizing the encryption algorithm after transforming based on the openssl component, the safe trusted engineer station exchanges with the safe trusted management platform the equipment certificate carries out key agreement, generates symmetrical keys, and is right through the encryption component the configuration engineering with the target PLC controller information is encrypted. The security and credibility engineer station sends the configuration engineering and the target PLC controller information to the security and credibility management platform in an encryption mode; the target PLC controller information includes ip address information and device information.
As shown in fig. 3, the configuration engineering safety downloader: the safe credible management platform further comprises a PLC public key management unit, and after logging in the safe credible management platform, the safety management public key of the safe credible management platform and the information of the target PLC controller are input into the PLC public key management unit, so that the corresponding relation between the public key of each PLC controller and the information of the PLC controller is ensured. The safe and trusted PLC controller is internally provided with the safety management public key of the safe and trusted management platform in a production preset mode, and the safety management public key is stored in an encrypted mode and is set to be an updating mode only accepting factory return or firmware upgrading, so that a malicious attacker is prevented from conducting disguised attack in a mode of replacing the safety management public key.
After receiving the configuration project and target PLC controller data sent by a safe and trusted engineer station, the safe and trusted management platform signs the configuration project through an administration private key and an encryption algorithm of the safe and trusted management platform, then encrypts the signature and the configuration project by using a public key of the target PLC controller, sends the encrypted data to the target PLC controller, decrypts the data by using a private key of the target PLC controller after receiving the data sent by the safe and trusted management platform, then verifies the signature by using an administration public key of the safe and trusted management platform stored in the target PLC controller in a preset encryption manner, and executes the configuration project if the decryption and the signature verification are successful.
The configuration engineering safe downloading method establishes encryption communication with the safe and credible management platform through the safe and credible engineer station to ensure the confidentiality and integrity of the configuration engineering, takes the safe and credible management platform as a unified configuration engineering issuing management platform, and has the advantages that firstly, in an industrial control system, the safe and credible management platform is relatively fixed and is uniformly managed through the safe and credible management platform, the safe and credible engineer station can relatively flexibly add nodes to facilitate management, and the safe and credible PLC controller only needs to encrypt and store the safety management public key of the safe and credible management platform, so that the key management is simple and reliable, and the resources of the safe and credible PLC controller are saved; secondly, the security and credibility engineer station does not need to increase the public key management capacity of a plurality of security and credibility PLC controllers, so that the resource consumption is saved, the function is relatively single, and the reliability is ensured.
In the technical scheme of the invention, equipment such as a server or a PC (personal computer) is usually adopted by combining a safe and trusted engineer station and a safe and trusted management platform, the server or the PC has relatively strong computing capability and relatively abundant resources, and encryption communication is realized by integrating mature encryption components (such as opennsl).
In the technical scheme of the invention, the PLC belongs to embedded equipment, and resources are relatively limited, so that the PLC is only provided with technical means for managing public key signature verification, private key decryption and encrypted storage, larger space occupation and more resource consumption caused by integration of openssl and the like are avoided, the load of the PLC is reduced as much as possible, and the practical application capability of the scheme is improved.
In the technical scheme of the invention, the method also comprises a user identity authentication link, and identity authentication is carried out among the UKEY, the engineer station and the safe and credible management platform, so that the user is prevented from being an illegal user.
In the technical scheme of the invention, the safety link is established between the engineer station and the safe credible management platform through an encryption algorithm preset by both parties, and the identity authentication of both communication parties is carried out, so that the safety of the communication link is ensured.
In the technical scheme of the invention, data encryption is carried out by arranging the openssl component between the engineer station and the secure trusted management platform or modifying the openssl component to realize the encryption algorithm, so that the data security of communication is ensured.
According to the technical scheme, the safe downloading of the configuration engineering is guaranteed by establishing safety measures of signature and signature verification between the safe trusted management platform and the target PLC.
The security management public key is stored in the security credible PLC controller in an encryption mode through production presetting, and the security credible PLC controller does not accept any other forms of security management public key updating in the running process of the PLC control system, such as no factory return or firmware upgrading and other actions, so that a malicious attacker can be prevented from carrying out disguised attack in a mode of replacing the security management public key.
Before equipment is accessed into the system, the public key of the safe and reliable PLC controller is input into the PLC public key management system of the safe and reliable management platform in a mode that a user logs in the safe and reliable management platform, and equipment information and the like of the safe and reliable PLC controller need to be input, so that the public key of the PLC controller and the equipment information are ensured to have a one-to-one correspondence relationship.
The configuration engineering file and the PLC device information are ensured not to be maliciously tampered and kept in integrity through the signature of the security management private key, and the confidentiality of the signature information is ensured through the encryption of the public key of the target PLC, so that a malicious attacker is prevented from obtaining confidential contents such as the configuration engineering file.
The above description is a preferred embodiment of the present invention, and it is obvious to those skilled in the art that other variations and modifications can be made based on the technical solution and the inventive spirit disclosed in the present invention, and these variations and modifications based on the present invention are all covered by the protection scope of the present invention. This written description uses examples to disclose the application, including the best mode, and also to enable any person skilled in the art to practice the application, including making and using any devices or systems and performing any incorporated methods. The patentable scope of the application is defined by the claims, and may include other embodiments that occur to those skilled in the art. Such other embodiments are intended to be within the scope of the claims if they include structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements with insubstantial differences from the literal languages of the claims.
Claims (14)
1. A configuration engineering safety downloading system comprises a safe and credible management platform, a safe and credible engineer station, a switch and a safe and credible PLC (programmable logic controller); wherein the content of the first and second substances,
the safe and trusted management platform is configured with a certificate management unit, a PLC public key management unit and an administration and management private key, and the PLC public key management unit is configured to enable a public key of the safe and trusted PLC controller to correspond to equipment information of the safe and trusted PLC controller; the safe trusted engineer station is configured to generate a configuration project, execute downloading operation, establish a safe link with the safe trusted management platform and perform safe communication;
the secure trusted management platform signs the configuration project through an administration private key and an encryption algorithm of the secure trusted management platform, encrypts the signature and the configuration project by using a public key of a target PLC in the PLC public key management unit, and generates signature encrypted data;
the safe trusted management platform is configured to send the signature encrypted data to a target PLC controller, the target PLC controller decrypts the received signature encrypted data by using a private key of the target PLC controller, and signature verification is performed on configuration engineering signed by using an administration private key encrypted and stored in the target PLC controller.
2. The system according to claim 1, wherein the certificate management unit includes a digital certificate and a key management unit, and the key management unit performs generation, storage, distribution, and update of a required key in cooperation with the digital certificate.
3. A system under configuration engineering security according to claim 2, wherein the certificate management unit is configured to issue a user certificate and a device certificate to the secure trusted management platform and the secure trusted engineer station; the user certificate can be respectively stored in a UKEY, the safe trusted management platform and the safe trusted engineer station, and the equipment certificate is stored in the safe trusted management platform and the safe trusted engineer station.
4. The system of claim 1, wherein the establishing a secure link with the secure trusted management platform is configured to: and the safe trusted engineer station exchanges the equipment certificate with the safe trusted management platform, performs key agreement to generate a symmetric key, and encrypts the configuration project and the target PLC controller information through an encryption component.
5. The system of claim 4, wherein the encryption component is an openssl component or a component that implements an encryption algorithm after being modified based on the openssl component.
6. The system of claim 1, wherein the secure trusted management platform signs the configuration project with a private key and an encryption algorithm, and the encryption algorithm is SM3 algorithm.
7. A system of claim 1, wherein the secure trusted PLC controller is configured with the public key for security administration in a production preset manner.
8. A method for installing a configuration engineering safety device comprises the following steps:
and (3) user identity authentication: when a user logs in, the user certificate is exchanged with a safe and trusted management platform and/or a safe and trusted engineer station through a UKEY with a built-in user certificate to carry out user identity authentication;
safe preprocessing of configuration engineering: after the safe trusted engineer station generates a configuration project and executes downloading operation, the safe trusted engineer station establishes safe communication with the safe trusted management platform, and the safe trusted engineer station sends information of the configuration project and a target PLC controller to the safe trusted management platform in an encryption mode;
safe installation of configuration engineering: after the safe trusted management platform receives the configuration project and the target PLC controller data sent by the safe trusted engineer station, signing the configuration project through an administration private key and an encryption algorithm of the safe trusted management platform;
encrypting the signature and configuration project by using a public key of a target PLC in the safe and reliable management platform, and sending the encrypted data to the target PLC;
and after receiving the signature decryption data sent by the safe and credible management platform, the target PLC controller decrypts the signature by using a private key of the target PLC controller, and then performs signature verification by using a safety management public key of the safe and credible management platform which is encrypted and stored in the target PLC controller in advance.
9. The configuration engineering security downloading method of claim 8, wherein in the configuration engineering security preprocessing, the secure trusted management platform and the secure trusted engineer station establish secure communication, establish a secure link based on an encryption algorithm, exchange the device certificate with the secure trusted management platform by establishing the secure link, perform key agreement to generate a symmetric key, and encrypt the configuration engineering and the target PLC controller information through an encryption component.
10. A method according to claim 9, wherein the encryption algorithm in the establishment of the secure link based on the encryption algorithm is an openssl component or a component that is modified based on the openssl component to implement the encryption algorithm.
11. The method as claimed in claim 8, wherein in the configuration engineering safety downloading, the safe and trusted PLC controller is configured with a security management public key of the safe and trusted management platform in a production preset manner, and stores the security management public key in an encrypted manner, and the security management public key is configured to accept only factory return or firmware upgrade.
12. The method as claimed in claim 11, wherein in the configuration engineering safety downloading, the safe and trusted management platform includes a PLC public key management unit, and after logging in the safe and trusted management platform, the installation and management public key of the safe and trusted management platform and the target PLC controller information are entered into the PLC public key management unit, so as to ensure a correspondence relationship between the public key of each PLC controller and its information.
13. A method according to claim 8, wherein in the user authentication, the certificate management unit includes a digital certificate and a key management unit, and the key management unit cooperates with a CA digital certificate to generate, store, distribute, and update a required key.
14. A method according to claim 13, wherein the certificate management unit is configured to issue a user certificate and a device certificate to the secure trusted management platform and the secure trusted engineer station; the user certificate is respectively stored in a UKEY, the safe trusted management platform and the safe trusted engineer station, and the equipment certificate is stored in the safe trusted management platform and the safe trusted engineer station.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210542684.2A CN114859810A (en) | 2022-05-19 | 2022-05-19 | System and method for safely downloading configuration engineering |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210542684.2A CN114859810A (en) | 2022-05-19 | 2022-05-19 | System and method for safely downloading configuration engineering |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114859810A true CN114859810A (en) | 2022-08-05 |
Family
ID=82640019
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210542684.2A Pending CN114859810A (en) | 2022-05-19 | 2022-05-19 | System and method for safely downloading configuration engineering |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114859810A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115580491A (en) * | 2022-12-07 | 2023-01-06 | 信联科技(南京)有限公司 | Industrial control programming platform based on state cryptographic algorithm, construction method and operation method |
-
2022
- 2022-05-19 CN CN202210542684.2A patent/CN114859810A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115580491A (en) * | 2022-12-07 | 2023-01-06 | 信联科技(南京)有限公司 | Industrial control programming platform based on state cryptographic algorithm, construction method and operation method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109561047B (en) | Encrypted data storage system and method based on key remote storage | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| EP2887576B1 (en) | Software key updating method and device | |
| Biham et al. | Rogue7: Rogue engineering-station attacks on s7 simatic plcs | |
| WO2003107156A2 (en) | METHOD FOR CONFIGURING AND COMMISSIONING CSMs | |
| Ferst et al. | Implementation of secure communication with modbus and transport layer security protocols | |
| CN104506500A (en) | GOOSE message authentication method based on transformer substation | |
| CN212486798U (en) | Electric power sensing equipment based on block chain technology | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN112270020B (en) | Terminal equipment safety encryption device based on safety chip | |
| CN111988328A (en) | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station | |
| CN102546580A (en) | Method, system and device for updating user password | |
| JP2016535884A (en) | Securing communications within network endpoints | |
| KR100986758B1 (en) | Security dedicated device for securities of communication apparatus | |
| CN116663075B (en) | Industrial control programming platform safety communication method and system based on cryptographic algorithm | |
| CN114859810A (en) | System and method for safely downloading configuration engineering | |
| CN104333547A (en) | Safety protection method of two-way interaction intelligent ammeter | |
| Wanying et al. | The study of security issues for the industrial control systems communication protocols | |
| CN113360887A (en) | Authentication encryption method and module for relay protection equipment | |
| Yi et al. | A security-enhanced Modbus TCP protocol and authorized access mechanism | |
| CN111045704A (en) | Method and equipment for safely upgrading high-end AMI (advanced metering infrastructure) acquisition and analysis equipment of smart grid | |
| US20220182229A1 (en) | Protected protocol for industrial control systems that fits large organizations | |
| CN116433240A (en) | Cross-chain system based on trusted execution environment and cross-chain transaction realization method | |
| CN110460562A (en) | A kind of long-range Activiation method of POS terminal and system | |
| Wang | Smart grid, automation, and scada systems security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |