CN115277017B - Active defense method of intelligent manufacturing system equipment group based on remote certification - Google Patents
Active defense method of intelligent manufacturing system equipment group based on remote certification Download PDFInfo
- Publication number
- CN115277017B CN115277017B CN202210886783.2A CN202210886783A CN115277017B CN 115277017 B CN115277017 B CN 115277017B CN 202210886783 A CN202210886783 A CN 202210886783A CN 115277017 B CN115277017 B CN 115277017B
- Authority
- CN
- China
- Prior art keywords
- gateway
- proving
- challenge
- response
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses an active defense method of an intelligent manufacturing system equipment group based on remote certification, which comprises the following steps: s1, dividing a safe storage space for a gateway, wherein the safe storage space is used for storing a certification related protocol and temporary challenges and responses; s2, initializing and setting equipment; s3, connecting each device with a corresponding gateway in a network manner; s4, the security party generates a random number with a corresponding number according to the number of the devices in the device group, packages the random number into a challenge set, sends the challenge set to the gateway, and takes the challenge set sending time as an authentication starting time Tstart; the gateway stores the received challenge set temporarily; s5, periodically triggering a challenge program by each device; after the gateway passes the verification of the equipment, the random number is sent to the corresponding equipment; s6, each device generates a proving response and forwards the proving response to the safety party through the gateway; s7, carrying out multi-aspect verification on the secure Fang Duizheng bright response. The invention adapts to the personalized requirements of the intelligent manufacturing system, ensures the challenge uniqueness of equipment, improves the safety of the scheme, and does not influence the performance of the remote proving scheme.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an active defense method of an intelligent manufacturing system equipment group based on remote certification.
Background
The vast number of heterogeneous clusters in intelligent manufacturing systems often exhibit an ad hoc, large-scale, dynamic architecture. However, the reality scene often cannot ensure that all devices meet basic security requirements, so that leakage risks are brought to enterprise sensitive information, and great security threats are brought to the production process. At present, the conventional blocking type passive defense system is not effective, and in this context, remote verification of the security state of a target device group (prover) through a trusted security party (verifiers) becomes one of the optimal active defense options. Remote attestation is typically implemented based on a specific challenge-response protocol, specifically, the verifiers first send a challenge message (challenge) to the protectors to trigger the protectors themselves to preset an attestation program, the attestation program generates an evidence (commonly called an attestation response) according to the current device state of the protectors, and returns the response to the verifiers, and finally the verifiers can judge the state of the current device group by comparing the returned attestation response with the expected security state information, so as to screen out the devices subject to external attack, and repair, reset or remove the devices.
However, existing remote attestation schemes have some drawbacks for the real environment of the intelligent manufacturing equipment group: 1) The network structure is not matched with the real intelligent manufacturing equipment group network. In the existing remote proving network, the devices commonly realize information transmission by a plurality of transmission among the devices, and the real intelligent manufacturing device group network generally realizes information distribution and transfer by taking a gateway as a central node, so that the existing remote proving scheme is difficult to directly apply to an intelligent manufacturing system scene. 2) The security problem caused by the unified challenge. In the existing remote proof scheme, all devices are triggered by the same challenge to prove a program, so that an attacker can intercept the information of the round of challenge in advance from other devices, and then a correct response is created in a pseudo-way of interception, proxy, forwarding and the like; however, if a separate challenge is created for each device, a significant communication overhead is incurred.
Therefore, how to provide an active defense method capable of adapting to the personalized needs of the intelligent manufacturing system and guaranteeing the uniqueness of the device challenge is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the invention provides an active defense method of an intelligent manufacturing system equipment group based on remote certification, which is adapted to the personalized requirements of an intelligent manufacturing system, ensures the uniqueness of equipment challenges, improves the safety of a scheme, and does not influence the performance of the scheme of remote certification.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
an active defense method of an intelligent manufacturing system equipment group based on remote certification comprises the following steps:
s1, dividing a safe storage space for a gateway, wherein the safe storage space is used for storing a certification related protocol and temporary challenges and responses;
s2, initializing and setting each device in the device group;
s3, connecting each device with a corresponding gateway in a network manner;
s4, the security party generates a random number with a corresponding number according to the number of the devices in the device group, packages the random number into a challenge set, sends the challenge set to the gateway, and takes the challenge set sending time as an authentication starting time Tstart;
the gateway stores the received challenge set temporarily until a new challenge set is obtained, and then the challenge set of the previous round is deleted;
s5, each device triggers a challenge program, generates a unique proving challenge and a unique message authentication code, and sends the unique proving challenge and the unique message authentication code to the gateway;
the gateway verifies the integrity of the message according to the message authentication code, verifies whether the received proving inquiry comes from the corresponding device, searches random numbers corresponding to all devices in the round of challenge set after all the verification passes, and sends the random numbers to the corresponding devices;
s6, each device starts a certification program, generates a certification response according to the received random number, and forwards the certification response to the security party through the gateway;
s7, the security party takes the time for receiving the proving response as authentication ending time Tend, sequentially verifies whether the proving time of the device exceeds the maximum proving time, the integrity of the message and the proving response result, and if all the verification passes, the current device is considered to be in a security state;
s8, presetting a proving period at each interval, and repeatedly executing S4-S7.
Further, in S1, the proving related protocol includes: a proving communication protocol, a challenge set storage protocol and a challenge response protocol; the proving communication protocol is used for realizing the reliable communication between the gateway and the safety party or the equipment; the challenge set storage protocol is used for realizing the storage and deletion of the challenge set; the challenge response protocol is used to implement verification of device attestation challenges and querying of response challenges.
Further, in S1, the gateway uses its security mechanism to guarantee the read-write authority of the control challenge set, the challenge set storage protocol is used to execute the "write" authority on the challenge set, and the challenge response protocol is used to execute the "read" authority on the challenge set.
Further, in S2, before each device is connected to the gateway, the security party performs initialization setting on the device, and generates and saves a device identity idi, a session key ki, a trusted software checksum hi, and a maximum authentication time Ti; after initialization, the security party holds information as follows: { idi, ki, hi, ti }, device hold information is: { idi, ki }.
Further, in S3, when each device is connected to the gateway, the device identity idi and the session key ki are synchronously transmitted to the gateway connected to the device identity idi and the session key ki.
Further, in S5, each device generates a proof challenge qi using its own device identity idi, generates a hash-based message authentication code qi 'of the proof challenge qi using the session key ki, and sends (qi, qi') to the gateway;
the gateway calculates a corresponding message authentication code by utilizing the received qi according to the session key ki, and then compares the newly calculated HMAC with the received message authentication code qi' to verify the integrity of the message.
Further, S6 includes:
after the equipment receives the random number, starting a proving program, generating a software checksum ri of the current equipment, and generating a message authentication code ri' ≡HMAC (ki; ri||nonce) by using a session key ki and the random number nonce of the current round, wherein ki is used for a security party to judge whether the message is sourced from the corresponding equipment, and nonce is used for guaranteeing the freshness of the current response and resisting replay attack;
the device sends the attestation response (ri, ri') to the gateway, which is forwarded by the gateway to the security party.
Further, the verification process in S7 is:
judging whether the proving time of the equipment exceeds the maximum proving time, if so, judging that the current proving fails and proving the result ari= -1;
if the message is not overtime, a corresponding message authentication code is calculated again by utilizing a random number noncei and a received ri, the calculated message authentication code is compared with a received message authentication code ri', the integrity of the message is judged, if the message is incomplete, the current proof failure is judged, and a proof result ari= -1 is judged;
if the message is complete, comparing whether the software checksum ri generated by the equipment in the proving program is consistent with the software checksum hi generated by the initialization, if so, judging that the current proving is successful, the equipment is in a safe state, and proving the result ari=1; if not, the proof fails, proving the result ari= -1.
Furthermore, the security party and each device have a loose synchronous secure read-only clock, so that asynchronous remote attestation protocol communication is realized, and the interval period of the secure read-only clock is delta T.
Further, a security party communicates with a plurality of gateways, each of which communicates with a plurality of devices.
Compared with the prior art, the invention discloses an active defense method of an intelligent manufacturing system equipment group based on remote certification, which has the following beneficial effects:
1. the gateway is used as the transfer equipment of the challenges, the temporary storage and the forwarding of the challenge list and the response are realized by using the gateway based on the challenge-inquiry protocol, the communication and the calculation expense of the challenge list are transferred to the gateway with rich resources, the expense of the intelligent manufacturing equipment with limited resources is greatly saved, and the network architecture is adapted to the real intelligent manufacturing system scene.
2. The invention generates independent proving challenges for each intelligent manufacturing device, realizes point-to-point communication through the gateway and the devices, greatly increases the difficulties of eavesdropping, proxy, forwarding and falsifying response of an attacker, and reduces the possibility of evading proving by damaged devices.
3. The invention uses the gateway as an independent entity of remote attestation protocol interaction through function expansion of the gateway in the intelligent manufacturing system, and uses the gateway as an intermediate node to complete asynchronous communication between the verifier and the intelligent manufacturing equipment so as to realize the adaptation of the network structure of the intelligent manufacturing system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a diagram of a security party, a gateway and a device group according to the present invention;
FIG. 2 is a flow chart of an active defense method for a remote attestation-based intelligent manufacturing system equipment group provided by the invention;
fig. 3 is a schematic diagram of protocol interaction provided by the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The embodiment of the invention discloses an active defense method of an intelligent manufacturing system equipment group based on remote certification, which comprises three types of entities as shown in fig. 1: verifier/security party (Vrf), gateway (GWn) and intelligent manufacturing device (Di, also called prover). The security party Vrf is completely trusted, has rich storage and computing resources, initiates challenges to the intelligent manufacturing equipment group and verifies the security of the intelligent manufacturing equipment group through the returned response; the gateway GWn is also trusted, and by expanding the functions of the existing intelligent manufacturing system gateway, the gateway is used as an intermediate node connected between a verifier Vrf and equipment, can directly communicate with a security party Vrf and form a star network structure with the equipment Di, has higher security and reliability, has rich storage and calculation resources, and bears the functions of storing, forwarding challenges and responding; the device Di is limited in computing and storage resources and has limited ability to defend itself against external attacks, possibly from external attackers, and the security party Vrf detects their security through a periodic remote attestation protocol. Wherein a security party communicates with a plurality of gateways, each gateway communicating with a plurality of devices, i.e. a gateway corresponds to a group of devices.
In the embodiment of the invention, the security party Vrf and the device Di both hold a loose synchronous security read-only clock for realizing asynchronous remote attestation protocol communication.
As shown in fig. 2, the active defense method of the present invention includes the following steps:
s1, dividing a safe storage space for a gateway, storing a certification related protocol and temporary challenges and responses, and determining control rights of the challenges and the responses;
s2, initializing and setting each device in the device group;
s3, connecting each device with a corresponding gateway in a network manner;
s4, the security party generates a random number with a corresponding number according to the number of the devices in the device group, packages the random number into a challenge set, sends the challenge set to the gateway, and takes the challenge set sending time as an authentication starting time Tstart;
the gateway stores the received challenge set temporarily until a new challenge set is obtained, and then the challenge set of the previous round is deleted;
s5, each device triggers a challenge program, generates a unique proving challenge and a unique message authentication code, and sends the unique proving challenge and the unique message authentication code to the gateway;
the gateway verifies the integrity of the message according to the message authentication code, verifies whether the received proving inquiry comes from the corresponding device, searches random numbers corresponding to all devices in the round of challenge set after all the verification passes, and sends the random numbers to the corresponding devices;
s6, each device starts a certification program, generates a certification response according to the received random number, and forwards the certification response to the security party through the gateway;
s7, the security party takes the time for receiving the proving response as authentication ending time Tend, sequentially verifies whether the proving time of the device exceeds the maximum proving time, the integrity of the message and the proving response result, and if all the verification passes, the current device is considered to be in a security state;
s8, presetting a proving period delta T at each interval, and repeatedly executing S4-S7.
The steps are further described below.
S1, gateway expansion:
by expanding the gateway function, a secure storage interval is divided for storing a protocol related to certification and temporary challenges and responses, and the protocol related to certification comprises: a proving communication protocol, a challenge set storage protocol and a challenge response protocol, the proving communication protocol being used for enabling reliable communication between the gateway (GWn) and the security party (Vrf) or the device (Di); the challenge set storage protocol is used for realizing the storage and deletion of the challenge set; the challenge response protocol is used to implement verification of device attestation challenges and querying of response challenges. Meanwhile, the gateway GWn can guarantee the read-write permission of the control challenge set by utilizing the security mechanism, namely, only the challenge set storage protocol is used for the 'write' permission of the challenge set, and only the challenge response protocol is used for the 'read' permission of the challenge set.
S2, initializing equipment:
each device Di needs to be initialized by the security party Vrf before joining the network, and some relevant information is generated and stored, including: device identity idi, session key ki, trusted software checksum hi and maximum authentication time Ti. After initialization, the security party Vrf holds all information { idi, ki, hi, ti }, and the device Di holds only two information { idi, ki }.
S3, equipment connection:
when each device Di joins the network, it needs to send the identity idi and the session key ki synchronously to its connected gateway GWn for later challenge verification.
S4, challenge:
as shown in fig. 3, the interactive protocol flows of three entities of the security party Vrf, the gateway GWn and the device Di in the periodic proving process are shown. Firstly, the security party Vrf generates a corresponding number of random numbers noncei≡random (), packages the random numbers noncei fact with corresponding number of devices in the device group S to generate a challenge set challllist fact { noncei }, sends the challenge set challllist fact { noncei }, and meanwhile executes a RecordTime () function to record the current time Tstart as the start time of the certification.
After receiving the challenge set challllist, the gateway GWn deletes the currently existing challenge set challllistold (which is proved in the previous round), stores the challenge set Store (challList) which is proved in the current round, and waits for the device to challenge.
S5, device inquiry:
the loosely synchronized secure read-only Clock program Clock () at the device side periodically triggers a challenge program (every attestation period Δt time), the challenge program AttestationQuery () generates an attestation challenge qi Σ AttestationQuery (idi) by using the idi of the current device, then generates a Hash-based message authentication code (Hash-based Message Authentication Code, HMAC) qi 'of qi by using the session key ki, finally sends (qi, qi') to the gateway GWn.
After receiving (qi, qi '), gateway GWn firstly calculates a corresponding HMAC by using the received qi based on session key ki, then compares the calculated HMAC with the received message authentication code qi ' to verify the integrity VerMac (ki; qi, qi ') of the message, if the newly calculated HMAC is inconsistent with qi ', considers that the message is incomplete VerMac (ki; qi, qi ') = -1, i.e. the HMAC verification fails, discards the message; if the newly calculated HMAC coincides with qi ', the message is considered complete, verification passes VerMac (ki; qi, qi') =1, then find the corresponding challenge nonce i≡security list (challllist, idi) in the challenge set challllist with the idi of the received device Di, and send the challenge (random number) nonce to the device Di.
S6, equipment proving:
after the device Di receives the challenge (random number) nonce, a certification program Attestation () is started, a software checksum ri≡attestation () of the current intelligent manufacturing device Di is generated, and then a corresponding message authentication code HMAC ri '≡hmac (ki; ri||noncei), i.e., performing a logical or operation on the software checksum ri and the random number noncei, and then calculating HMAC ri' based on the session key ki, wherein ki is used for the security party to determine whether the message originates from the device Di, noncei is used for guaranteeing freshness of the current response, resisting replay attack, i.e., the attacker resends the previous Attestation response. Finally, the device Di sends the attestation response (ri, ri') to the gateway GWn, which is forwarded by the gateway to the security party Vrf.
S7, verifying the corresponding:
after receiving the proving response, the security party Vrf firstly records the current time as the authentication ending time Tend, then judges whether the equipment proving time exceeds the maximum proving time, namely Tstart-Tend > Ti, if so, directly judges that the current proving fails, and the proving result ari= -1, because this indicates that the current proving response is possibly forged by an attacker;
if not, based on session key ki, a corresponding HMAC is calculated again by using random number nonce i and received ri, and the calculated HMAC is compared with received message authentication code HMAC ri', so as to judge the integrity of the message, and the process is expressed as: verMac (ki; ri|noncei, ri '), if the message is incomplete, i.e., the newly calculated HMAC is not consistent with ri ' of the received message authentication code, then the HMAC verification fails VerMac (ki; ri|noncei, ri ') = -1, the security party directly judges that the current proof failed, proof result ARi = -1;
if HMAC authentication succeeds VerMac (ki; ri|noncei, ri')=1, the authentication result is continued to be verified, that is, whether the software checksum ri returned by the device Di in the authentication response matches the trusted software checksum hi generated in the device initialization stage in S2 (hi, ri), where hi is the trusted software checksum generated by Vrf with the authentication program in a secure state, and ri represents the current software checksum of the device, so if hi+.ri, it is indicated that the device software has undergone unauthorized modification, that is, the device has suffered an illegal intrusion. Thus, if hi=ri, then the device is considered to be in a secure state, proving the result Verification (hi, ri) →ari=1; otherwise, the Verification program judges that the device fails to prove, and the Verification result (hi, ri) →ari= -1.
If a device is judged to fail ari= -1, vrf can guarantee the security of the device group by repairing (patching or upgrading the device to be invaded), resetting (resetting the software configuration of the device to the prior security state), or removing (directly rejecting the device to be invaded from the device group).
S1-S3 usually need to be executed only once, and need to be executed again when the device is updated or the connected gateway is changed, and steps S4-S7 are executed periodically every proof period Δt time, so that the security party Vrf can periodically detect the security of the current smart manufacturing device group.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (9)
1. An active defense method of an intelligent manufacturing system equipment group based on remote certification is characterized by comprising the following steps:
s1, dividing a safe storage space for a gateway, wherein the safe storage space is used for storing a certification related protocol and temporary challenges and responses;
s2, initializing and setting each device in the device group;
s3, connecting each device with a corresponding gateway in a network manner;
s4, the security party generates a random number with a corresponding number according to the number of the devices in the device group, packages the random number into a challenge set, sends the challenge set to the gateway, and takes the challenge set sending time as an authentication starting time Tstart;
the gateway stores the received challenge set temporarily until a new challenge set is obtained, and then the challenge set of the previous round is deleted;
s5, each device triggers a challenge program, generates a unique proving challenge and a unique message authentication code, and sends the unique proving challenge and the unique message authentication code to the gateway;
the gateway verifies the integrity of the message according to the message authentication code, verifies whether the received proving inquiry comes from the corresponding device, searches random numbers corresponding to all devices in the round of challenge set after all the verification passes, and sends the random numbers to the corresponding devices;
s6, each device starts a certification program, generates a certification response according to the received random number, and forwards the certification response to the security party through the gateway;
s7, the security party takes the time for receiving the proving response as authentication ending time Tend, sequentially verifies whether the proving time of the device exceeds the maximum proving time, the integrity of the message and the proving response result, and if all the verification passes, the current device is considered to be in a security state;
s8, presetting a proving period delta T at each interval, and repeatedly executing S4-S7;
in S5, each device generates a proof challenge qi using its own device identity idi, generates a hash-based message authentication code qi 'of the proof challenge qi using the session key ki, and sends (qi, qi') to the gateway;
the gateway calculates a corresponding message authentication code by utilizing the received qi according to the session key ki, and then compares the newly calculated HMAC with the received message authentication code qi' to verify the integrity of the message.
2. The method of claim 1, wherein in S1, the proving related protocol comprises: a proving communication protocol, a challenge set storage protocol and a challenge response protocol; the proving communication protocol is used for realizing the reliable communication between the gateway and the safety party or the equipment; the challenge set storage protocol is used for realizing the storage and deletion of the challenge set; the challenge response protocol is used to implement verification of device attestation challenges and querying of response challenges.
3. The method according to claim 2, wherein in S1, the gateway uses its security mechanism to guarantee the read-write rights of the control challenge set, the challenge set storage protocol is used to perform "write" rights on the challenge set, and the challenge response protocol is used to perform "read" rights on the challenge set.
4. The method according to claim 1, wherein in S2, before each device is connected to the gateway, the security party performs initialization setting to generate and store a device identity idi, a session key ki, a trusted software checksum hi, and a maximum authentication time Ti; after initialization, the security party holds information as follows: { idi, ki, hi, ti }, device hold information is: { idi, ki }.
5. The method according to claim 1, wherein in S3, when each device is connected to the gateway, the device identity idi and the session key ki are synchronously transmitted to the gateway connected to the device identity idi and the session key ki.
6. The method of claim 1, wherein S6 comprises:
after the equipment receives the random number, starting a proving program, generating a software checksum ri of the current equipment, and generating a message authentication code ri' ≡HMAC (ki; ri||nonce) by using a session key ki and the random number nonce of the current round, wherein ki is used for a security party to judge whether the message is sourced from the corresponding equipment, and nonce is used for guaranteeing the freshness of the current response and resisting replay attack;
the device sends the attestation response (ri, ri') to the gateway, which is forwarded by the gateway to the security party.
7. The method for active defense of intelligent manufacturing system equipment group based on remote attestation of claim 6, wherein the verification process in S7 is:
judging whether the proving time of the equipment exceeds the maximum proving time, if so, judging that the current proving fails and proving the result ari= -1;
if the message is not overtime, a corresponding message authentication code is calculated again by utilizing a random number noncei and a received ri, the calculated message authentication code is compared with a received message authentication code ri', the integrity of the message is judged, if the message is incomplete, the current proof failure is judged, and a proof result ari= -1 is judged;
if the message is complete, comparing whether the software checksum ri generated by the equipment in the proving program is consistent with the software checksum hi generated by the initialization, if so, judging that the current proving is successful, the equipment is in a safe state, and proving the result ari=1; if not, the proof fails, proving the result ari= -1.
8. The method for actively defending a group of intelligent manufacturing system devices based on remote attestation of claim 1, wherein the security party and each device have a loosely synchronized secure read-only clock with an interval period of Δt for asynchronous remote attestation protocol communication.
9. The method of claim 1, wherein a security party communicates with a plurality of gateways, each gateway communicating with a plurality of devices.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210886783.2A CN115277017B (en) | 2022-07-26 | 2022-07-26 | Active defense method of intelligent manufacturing system equipment group based on remote certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210886783.2A CN115277017B (en) | 2022-07-26 | 2022-07-26 | Active defense method of intelligent manufacturing system equipment group based on remote certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277017A CN115277017A (en) | 2022-11-01 |
| CN115277017B true CN115277017B (en) | 2023-07-28 |
Family
ID=83768499
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210886783.2A Active CN115277017B (en) | 2022-07-26 | 2022-07-26 | Active defense method of intelligent manufacturing system equipment group based on remote certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277017B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9087191B2 (en) * | 2012-08-24 | 2015-07-21 | Vmware, Inc. | Method and system for facilitating isolated workspace for applications |
| US20150326402A1 (en) * | 2013-01-24 | 2015-11-12 | St-Ericsson Sa | Authentication Systems |
| CN103731819B (en) * | 2013-12-11 | 2016-10-26 | 中国电子科技集团公司第三十研究所 | A kind of authentication method of wireless sensor network node |
| CN111865570B (en) * | 2020-05-25 | 2022-06-24 | 南京理工大学 | Automatic remote certification method adaptive to heterogeneous equipment group in Internet of things |
-
2022
- 2022-07-26 CN CN202210886783.2A patent/CN115277017B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277017A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Li et al. | A blockchain-based authentication and security mechanism for IoT | |
| Fakroon et al. | Secure remote anonymous user authentication scheme for smart home environment | |
| Vanhoef et al. | Release the Kraken: new KRACKs in the 802.11 Standard | |
| WO2020220627A1 (en) | Method and device for strong cross-domain logic isolation and secure access control in internet of things scenario | |
| Yang et al. | Faster authenticated key agreement with perfect forward secrecy for industrial internet-of-things | |
| CN112436940B (en) | Internet of things equipment trusted boot management method based on zero-knowledge proof | |
| WO2014026518A1 (en) | Software key updating method and device | |
| CN112118106B (en) | Lightweight end-to-end secure communication authentication method based on identification password | |
| Bilal et al. | Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol | |
| CN112989426B (en) | Authorization authentication method and device, and resource access token acquisition method | |
| Szilagyi et al. | Flexible multicast authentication for time-triggered embedded control network applications | |
| CN113676452B (en) | Replay attack resisting method and system based on one-time key | |
| CN113824705A (en) | Safety reinforcement method for Modbus TCP (transmission control protocol) | |
| CN111831974A (en) | Interface protection method and device, electronic equipment and storage medium | |
| CN110943840A (en) | Signature verification method and system | |
| WO2022042198A1 (en) | Identity authentication method and apparatus, computer device, and storage medium | |
| Szilagy et al. | A flexible approach to embedded network multicast authentication | |
| CN101399603A (en) | Resynchronization method, authentication method and device | |
| CN112015111A (en) | Industrial control equipment safety protection system and method based on active immunity mechanism | |
| CN115277017B (en) | Active defense method of intelligent manufacturing system equipment group based on remote certification | |
| Siddavatam et al. | Security assessment framework for cyber physical systems: A case-study of DNP3 protocol | |
| CN112702736A (en) | Industrial equipment authorization service system and method based on block chain gateway | |
| CN116456346A (en) | RFID group tag authentication method for dynamic grouping | |
| CN116527261A (en) | Key recovery method, electronic device and storage medium | |
| CN115767539A (en) | 5G authentication method based on terminal identifier update |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |