CN116663075B - Industrial control programming platform safety communication method and system based on cryptographic algorithm - Google Patents

Industrial control programming platform safety communication method and system based on cryptographic algorithm Download PDF

Info

Publication number
CN116663075B
CN116663075B CN202310903931.1A CN202310903931A CN116663075B CN 116663075 B CN116663075 B CN 116663075B CN 202310903931 A CN202310903931 A CN 202310903931A CN 116663075 B CN116663075 B CN 116663075B
Authority
CN
China
Prior art keywords
rte
ide
secure
configuration monitoring
monitoring software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310903931.1A
Other languages
Chinese (zh)
Other versions
CN116663075A (en
Inventor
陈飞
胡静
张胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xinlian Technology Nanjing Co ltd
Original Assignee
Xinlian Technology Nanjing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xinlian Technology Nanjing Co ltd filed Critical Xinlian Technology Nanjing Co ltd
Priority to CN202310903931.1A priority Critical patent/CN116663075B/en
Publication of CN116663075A publication Critical patent/CN116663075A/en
Application granted granted Critical
Publication of CN116663075B publication Critical patent/CN116663075B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Abstract

The invention relates to an industrial control programming platform safety communication method based on a national cryptographic algorithm, which designs a program safety loading method between IDE programming software and a safety RTE in a controller, and executes the downloading and updating of the control program to the safety RTE in the controller through the identity authentication of an engineer, the two-way identity authentication and the credibility verification of the control program; designing a secure data communication method between IDE configuration monitoring software and secure RTE, and executing data security protection in the communication process between the IDE configuration monitoring software and the secure RTE through bidirectional identity authentication; according to the system, the engineer station, the operator station and the controller are respectively subjected to modularized design, so that the communication efficiency among the modules is improved, the safety communication method is further executed efficiently, and the safety of monitoring the operation process of the controller is further improved; in practical application, the whole scheme can cover various links of research, development, deployment, operation, update and the like of the industrial control system, and can realize the safety communication protection of the whole life cycle of the industrial control system.

Description

Industrial control programming platform safety communication method and system based on cryptographic algorithm
Technical Field
The invention relates to an industrial control programming platform safety communication method and system based on a national cryptographic algorithm, and belongs to the technical field of industrial control platform safety cryptographic communication control.
Background
Currently, industrial control systems are widely applied to key fields of electric power, fuel gas, heat supply, traffic, manufacturing and the like in China, which relate to national folk life. The industrial control programming platform is a core component of an industrial control system and comprises an upper computer configuration and programming environment IDE and a lower computer runtime environment RTE; the IDE comprises programming software and configuration monitoring software, the programming software is deployed at an engineer station, the configuration monitoring software is deployed at an operator station, and the RTE is deployed at industrial controllers such as a PLC, a DCS and the like.
Communication of industrial control programming platforms is divided into two categories: one type is communication between IDE programming software and the controller, where engineers write control programs using the programming software, configure operating parameters, download or update to the RTE of the controller, and the controller periodically collects the operating data of the field device through the input ports and sends the operating data to the configuration monitoring software of the operator station through the output ports according to the logic of the control programs. The other type is communication between IDE component monitoring software and a controller, an operator draws an interface which is always in sequence with the execution of the field device on the software according to the type and the connection mode of the field device through the configuration monitoring software, visually monitors the running condition of the field device in real time, and can send a control instruction to the controller according to the need to adjust the running of the field device. It can be seen that the IDE has powerful functions and high authority, and can be used for implanting malicious codes such as viruses, trojans, backdoors and the like into the controller by controlling the IDE, and can be used for arbitrarily controlling the operation of field devices and even causing destructive damage to an industrial control system. Thus, ensuring secure communication between the IDE and the RTE is critical.
The IDE and the RTE mainly adopt a client/server network communication mode based on TCP/IP protocol at the bottom layer, the IDE is a client and actively initiates a connection request to the controller RTE. The upper layer between the programming software and the controller usually adopts a private protocol customized by each manufacturer, and the configuration monitoring software and the controller adopt a standard industrial Ethernet protocol, such as Profinet, ethernet/IP, modbus and the like. Because the operation environment of the prior industrial control system is relatively closed, and the requirements on usability and real-time performance are stronger than safety, the safety communication mechanism is basically not considered when each manufacturer designs a protocol, and the following problems generally exist:
(1) The IDE programming software does not authenticate the identity of the engineer when downloading or updating the control program to the controller, and does not authenticate each other when communicating with the RTE, and an attacker can impersonate legal IDE to communicate with the RTE, randomly access the controller and implant malicious codes.
(2) The IDE component monitoring software and the controller RTE adopt clear text communication, and the transmitted data are not encrypted, integrity and other protection mechanisms, so that the data are easy to tamper and forge.
Since the communication between the IDE programming software and the controller belongs to short-connection communication (called first-class communication), the programming software is disconnected after downloading or updating the controller program, and the IDE configuration monitoring software keeps long-connection communication (called second-class communication) with the controller RTE all the time. Therefore, the existing solutions are mainly improved for the second type of communication protocol, and a simple challenge/response authentication mechanism or a secure communication mechanism based on cryptography is added, wherein the simple challenge/response authentication mechanism refers to that when a user accesses a system, the system randomly generates a message as a challenge value and sends the challenge value to the user, the user returns a calculation result as a login password to the system after performing simple operation processing on the challenge value, and if the system receives a correct response, the system passes verification. The security communication mechanism based on cryptography adopts symmetric, asymmetric, HASH and other cryptographic algorithms to realize identity authentication, data encryption, data integrity protection and the like, thereby realizing communication security.
Although the prior art improves the security of IDE and RTE communications to some extent, the following disadvantages still exist:
(1) The safety protection of the first type of communication is not carried out, the user identity and the program integrity are not checked when an engineer operates the IDE to download the program to the RTE, the current user cannot be ensured to be a legal user, and the program cannot be ensured to be implanted with malicious codes;
(2) The simple challenge/response authentication mechanism adopted by the second type of communication only performs identity authentication, has weak security strength, is extremely easy to crack, and cannot ensure that the data is not tampered or forged;
(3) The security communication mechanism based on cryptography adopted by the second type of communication mainly adopts international cryptographic algorithms such as RSA, DES, SHA, on one hand, the algorithms and the communication mechanism are complex, more calculation resources are occupied, the communication efficiency is lower, and on the other hand, potential security risks exist.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an industrial control programming platform safety communication method based on a cryptographic algorithm, which aims at the communication between IDE programming software and IDE configuration monitoring software and safety RTEs in a controller respectively, designs a brand new safety communication mechanism, and improves the safety of the whole communication while monitoring the running process of the controller.
The invention adopts the following technical scheme for solving the technical problems: the invention designs an industrial control programming platform safety communication method based on a cryptographic algorithm, which is based on an engineering application IDE programming software execution program safety loading method, realizes the downloading and updating of a control program to a safety RTE in a controller, and further applies IDE configuration monitoring software to execute a safety data communication method, thereby realizing the safety monitoring of the IDE configuration monitoring software on the running process of the controller;
the program security loading method comprises the steps of performing the downloading and updating of the control program to the security RTE in the controller based on the mutual identity authentication between the IDE programming software and the security RTE before the downloading and updating of the control program and the trusted verification of the control program when the engineer sequentially executes the application IDE programming software to initiate a network connection request to the security RTE in the controller;
the engineer applies IDE programming software to execute a program safe loading method according to the following steps a to j, and realizes the downloading and updating of a control program to a safe RTE in a controller;
step a, an engineer initiates a network connection request to a security RTE in a controller by applying IDE programming software, and the step b is entered;
Step b, the secure RTE judges whether the hardware identity module of the IDE programming software is detected in the network connection request, if yes, the step c is entered; otherwise, enter step j;
step c, the security RTE verifies whether the digital certificate of the engineer in the hardware identity module is legal, and the security RTE receives a secondary authentication password input by the engineer in the IDE programming software to be transmitted to the security RTE and then enters the step d; otherwise, enter step j;
step d, the secure RTE judges whether the secondary authentication password from the IDE programming software is correct, if yes, the step e is entered; otherwise, enter step j;
step e, signing and integrity protecting the control program by using public and private keys of IDE programming software, downloading the signature and integrity protecting data to a secure RTE, and then entering the step f;
f, the secure RTE verifies whether the digital certificate of the IDE programming software is legal, if so, signature and integrity protection are carried out aiming at the verification result, the digital certificate is returned to the IDE programming software, and then the step g is carried out; otherwise, enter step j;
step g, the IDE programming software verifies whether the digital certificate of the secure RTE is legal, if so, the IDE programming software replies a verification passing result to the secure RTE, and then the step h is entered; otherwise, enter step j;
step h, the security RTE verifies whether the integrity of the control program is consistent, if so, the step i is entered; otherwise, enter step j;
Step i, the secure RTE verifies whether the signature of the control program passes or not, if so, the secure RTE installs the control program, and then the communication between the IDE programming software and the secure RTE is ended; otherwise, directly ending the communication between the IDE programming software and the secure RTE;
step j, returning the result to the IDE programming software, and ending the network connection between the IDE programming software and the secure RTE;
the secure data communication method comprises two-way identity authentication between IDE configuration monitoring software and secure RTE in the controller and data security protection in the process of communication between the IDE configuration monitoring software and the secure RTE in the controller, wherein the two-way identity authentication between the IDE configuration monitoring software and the secure RTE in the controller adopts a two-way authentication mode based on SM2 signature digital certificates, and the data security protection is divided into two cases, one is control instructions which are issued to the secure RTE in the controller aiming at the IDE configuration monitoring software, and encryption and integrity protection based on SM3 and SM4 algorithms are adopted; the other is that the security RTE in the controller adopts the integrity protection based on SM3 to report the business data or the running state data to the IDE configuration monitoring software.
As a preferred technical scheme of the invention: based on the SM2 digital certificate and public and private key pairs, the method is preset in the security RTE of the IDE configuration monitoring software and the controller, and the hardware security module is used for security storage, the IDE configuration monitoring software is applied to execute a security data communication method according to the following steps I to VIII, and the security monitoring of the IDE configuration monitoring software on the running process of the controller is realized;
Step I, the IDE configuration monitoring software initiates a network connection request to the secure RTE of the controller, and the step II is entered;
step II. Generating random number R by IDE configuration monitoring software n And employs public key D of secure RTE c For random number R n Encrypting, then generating hash by SM3 algorithm to the communication serial number SN generated randomly and the encrypted random number, and then applying private key P of IDE configuration monitoring software e Signing the hash, sending the hash to a secure RTE (real-time transport) request for identity verification, and then entering a step III;
step III, the secure RTE verifies whether the digital certificate of the IDE configuration monitoring software is legal, if so, the secure RTE private key P is adopted c Decryption to obtain random number R n And (3) entering a step IV; otherwise, returning a verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
step IV, secure RTE obtains random number R n The result of bitwise non-operation is adopted to calculate the corresponding HASH value by adopting SM3 algorithm, and then the IDE configuration monitoring software public key D is adopted e Encryption and secure RTE private key P c Signing and returning to IDE configuration monitoring software, and entering step V;
step V, the IDE configuration monitoring software verifies whether the digital certificate of the secure RTE is legal or not, if so, a private key P is adopted e Decrypting to obtain a corresponding HASH value, and entering a step VI; otherwise, returning the verification result to the secure RTE, ending the IDE configuration monitoring software and securityNetwork connection between full RTEs;
step VI IDE configuration monitoring software is directed to random number R n Calculating HASH value by SM3 algorithm according to bit non-operation result, judging whether it is consistent with HASH value from secure RTE, if so, adding random number R n As session key, further opening communication between IDE configuration monitoring software and secure RTE, and entering step VII; otherwise, returning a verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
step VII, the secure RTE checks whether it receives the control instruction from the IDE configuration monitoring software, if yes, the secure RTE applies the session key R n Performing decryption, executing corresponding instructions, and returning to the step I; otherwise, enter step VIII;
step VIII, the controller collects the running data and the service data of the field device according to the preset periodicity, uploads the IDE configuration monitoring software together with the HASH value, and then returns to the step VII.
As a preferred technical scheme of the invention: in the step III, the secure RTE uses the public key of the third party authentication system to verify whether the certificate of the IDE configuration monitoring software is legal, and if so, further uses the public key D of the IDE configuration monitoring software e Verifying the validity of the signature, and if the signature is verified to be valid, adopting a secure RTE private key P c Decryption to obtain random number R n And (3) entering a step IV; if the verification is invalid, returning a verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
otherwise, directly returning the verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
As a preferred technical scheme of the invention: in the step V, the IDE configuration monitoring software adopts the public key of the third party authentication system to verify whether the certificate of the secure RTE is legal, if so, the public key D of the secure RTE is adopted c Verifying the validity of the signature, and if the signature is verified to be valid, adopting the private key P e Decrypting to obtain a corresponding HASH value, and entering a step VI; if the verification is invalid, returning a verification result to the secure RTE, and ending the IDE configuration monitoring softwareNetwork connection between the piece and the secure RTE;
otherwise, directly returning the verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
In view of the foregoing, the technical problem to be solved by the present invention is to provide a system for implementing a security communication method of an industrial control programming platform based on a cryptographic algorithm, where the engineered method is implemented by modular design of an engineer station, an operator station, and a controller, so as to efficiently and safely implement security monitoring of an operation process of the controller.
The invention adopts the following technical scheme for solving the technical problems: the invention designs a system for realizing an industrial control programming platform safety communication method based on a national cryptographic algorithm, which comprises an engineer station, an operator station and an industrial control authentication system which are arranged on a process monitoring layer local area network, and various controllers which are arranged on a field control layer local area network; wherein the engineer station comprises IDE programming software and a secure communication module 1 which are in communication connection with each other, and the operator station comprises IDE configuration monitoring software and a secure communication module 2 which are in communication connection with each other; the structure of each controller is the same, and each controller respectively comprises a control program running on the controller and a safe RTE deployed on an embedded real-time operating system of the controller;
based on the IDE programming software in the engineer station, the IDE programming software is respectively connected with the safety RTEs in the controllers through the safety communication module 1 by an industrial control authentication system for communication, and the two-way identity authentication between the IDE programming software and the safety RTEs before the downloading and updating of the control program and the trusted verification of the control program are performed when a network connection request is executed, the IDE programming software in the engineer station is connected with the safety RTEs in the controllers through the safety communication module 1 for communication, so that the downloading and updating of the control program to the safety RTEs in the controllers are realized;
Based on the IDE configuration monitoring software in the operator station which is respectively connected with the safety RTEs in each controller through the industrial control authentication system by the safety communication module 2 for communication, the bidirectional identity authentication between the IDE configuration monitoring software and the safety RTEs in the controllers is executed, the IDE configuration monitoring software in the operator station is connected with the safety RTEs in each controller through the safety communication module 2 for communication, the IDE configuration monitoring software in the operator station sends instructions to the network connection controllers under the data safety protection, and the IDE configuration monitoring software in the operator station receives the running data and the service data of the field devices which are acquired by the network connection controllers.
As a preferred technical scheme of the invention: the security communication module 1 comprises connection management, certificate management, protocol filtering, SM2 signature/signature verification and SM3 HASH calculation; the connection management is responsible for the establishment and maintenance of network connection and data transceiving; certificate management is responsible for carrying out safe storage and access on IDE programming software certificates, control program certificates, industrial control authentication system root certificates and various controller certificates; protocol filtering is responsible for identifying whether the current communication is sent by IDE programming software and blocking other illegal communication; the SM2 signature/verification signature signs the control program based on the SM2 algorithm, and verifies the signature on the returned result; SM3 HASH calculation calculates a HASH value of the control program based on the SM3 algorithm.
As a preferred technical scheme of the invention: the security communication module 2 comprises connection management, certificate management, protocol filtering, SM2 signature/verification, SM3 HASH calculation, SM4 encryption and decryption and random number generation; the connection management is responsible for the establishment and maintenance of network connection and data transceiving; certificate management is responsible for carrying out safe storage and access on IDE configuration monitoring software certificates, control program certificates, industrial control authentication system root certificates and various controller certificates; the protocol filtering is responsible for identifying whether the current communication is legal or not and blocking other illegal communication; the SM2 signature/signature verification is used for signing a control instruction issued by the IDE configuration monitoring software based on an SM2 algorithm, and verifying the signature of various data received from the controller; the SM3 HASH calculation calculates a HASH value of the data transmitted or uploaded by the controller based on an SM3 algorithm; SM4 encryption and decryption encrypt the control instruction based on the session key; the random number generation is responsible for generating a random number as a session key.
As a preferred technical scheme of the invention: the security RTEs in the controllers have the same structure, and each security RTE comprises connection management, certificate management, SM2 signature/verification, SM3 HASH calculation, SM4 encryption and decryption, type 1 security communication, type 2 security communication and runtime support;
The connection management is responsible for establishing and maintaining network connection and receiving and transmitting data between the connection management and the IDE programming software and the IDE configuration monitoring software respectively; the certificate management is responsible for carrying out safe storage and access on IDE programming software, IDE configuration monitoring software certificates, industrial control authentication system root certificates and controllers own certificates; the SM2 signature/verification signature signs the data sent by the controller based on an SM2 algorithm, and verifies the signature of the received control program or control instruction; SM3 HASH calculation calculates a HASH value of the uploaded or received data based on the SM3 algorithm; SM4 encryption and decryption are used for decrypting control instructions from IDE configuration monitoring software based on a session key; the 1-type security communication is responsible for realizing the security communication between IDE programming software and security RTE, and is mainly realized based on SM2 signature/signature verification and SM3 HASH calculation; the 2-type security communication is responsible for realizing the security communication between IDE configuration monitoring software and a controller, and is mainly realized based on SM2 signature/signature verification, SM3 HASH calculation and SM4 encryption and decryption; the runtime support is responsible for providing the bottom support for the normal running of the control program and managing the runtime variables.
Compared with the prior art, the industrial control programming platform safety communication method and system based on the cryptographic algorithm have the following technical effects:
(1) The invention designs an industrial control programming platform safety communication method based on a cryptographic algorithm, which is used for designing a program safety loading method aiming at communication between IDE programming software and a safety RTE in a controller, sequentially executing engineer identity authentication, bidirectional identity authentication and control program credibility verification, and further executing downloading and updating of the control program to the safety RTE in the controller; aiming at the communication between IDE configuration monitoring software and secure RTE, a secure data communication method is designed, and data security protection in the communication process is executed through bidirectional identity authentication; the safety of monitoring the running process of the controller is improved; the system for realizing the safe communication method is further designed, and the communication efficiency among the modules is improved by respectively carrying out modularized design on an engineer station, an operator station and a controller, so that the safe communication method is executed efficiently, and the safety of monitoring the running process of the controller is further improved; in practical application, the whole scheme can cover various links of research, development, deployment, operation, update and the like of the industrial control system, and can realize the safety communication protection of the whole life cycle of the industrial control system;
(2) In the industrial control programming platform safety communication method and system based on the cryptographic algorithm, the safety downloading or updating of the control program is realized by adopting a triple strong authentication mechanism with respect to a program safety loading method between IDE programming software and a safety RTE in a controller; the method for safety data communication designed between IDE configuration monitoring software and safety RTE adopts a differentiated data safety protection mechanism to encrypt and integrity protect small and important control instructions, and only integrity protect large and real-time service data and running state data with high requirements, thus realizing safety, guaranteeing real-time performance and balancing safety and efficiency to a certain extent.
Drawings
FIG. 1 is a flow chart of a program security loading method in the design of the present invention;
FIG. 2 is a flow chart of a method of secure data communication in accordance with the present invention;
FIG. 3 is a schematic diagram of a system architecture in accordance with the present invention;
fig. 4 is a schematic diagram of a secure communication module 1 in accordance with the present invention;
fig. 5 is a schematic block diagram of the secure communication module 2 in the design of the present invention;
FIG. 6 is a schematic diagram of a secure RTE in accordance with the present invention.
Detailed Description
The following describes the embodiments of the present invention in further detail with reference to the drawings.
The invention designs an industrial control programming platform safety communication method based on a cryptographic algorithm, which is used for realizing the downloading and updating of a control program to a safety RTE in a controller based on an engineering application IDE programming software execution program safety loading method in practical application, further realizing the safety monitoring of the IDE configuration monitoring software to the running process of the controller by applying an IDE configuration monitoring software execution safety data communication method.
The program security loading method comprises the steps of performing the downloading and updating of the control program to the security RTE in the controller based on the authentication of the engineer identity when the engineer applies the IDE programming software to initiate a network connection request to the security RTE in the controller, the bidirectional authentication between the IDE programming software and the security RTE before the downloading and updating of the control program, and the trusted verification of the control program.
In the application, the engineer identity authentication adopts a strong authentication mode based on a hardware identity module, an SM2 digital certificate and a secondary password, and because the connection controller and the downloading program belong to key operations, the engineer identity of the currently operated IDE programming software is required to be ensured to be trusted, the identity authentication between the secure RTE and the IDE programming software in the controller adopts a bidirectional authentication mode based on an SM2 signature digital certificate, and the control program is ensured to be from the trusted programming software and installed on a legal controller. The control program is trusted by adopting the integrity authentication based on an SM3 algorithm and the signature authentication based on an SM2 digital certificate, so that the control program is ensured not to be tampered.
In practical implementation, as shown in fig. 1, the engineer applies IDE programming software to execute the program secure loading method according to the following steps a to j, so as to realize the downloading and updating of the control program to the secure RTE in the controller.
Step a, the engineer initiates a network connection request to the secure RTE in the controller by using IDE programming software, and the step b is entered.
Step b, the secure RTE judges whether the hardware identity module of the IDE programming software is detected in the network connection request, if yes, the step c is entered; otherwise, step j is entered.
Step c, the security RTE verifies whether the digital certificate of the engineer in the hardware identity module is legal, and the security RTE receives a secondary authentication password input by the engineer in the IDE programming software to be transmitted to the security RTE and then enters the step d; otherwise, step j is entered.
Step d, the secure RTE judges whether the secondary authentication password from the IDE programming software is correct, if yes, the step e is entered; otherwise, step j is entered.
And e, signing and integrity protecting the control program by using the public and private keys of the IDE programming software, downloading the signature and integrity protecting program to the secure RTE, and then entering the step f.
F, the secure RTE verifies whether the digital certificate of the IDE programming software is legal, if so, signature and integrity protection are carried out aiming at the verification result, the digital certificate is returned to the IDE programming software, and then the step g is carried out; otherwise, step j is entered.
Step g, the IDE programming software verifies whether the digital certificate of the secure RTE is legal, if so, the IDE programming software replies a verification passing result to the secure RTE, and then the step h is entered; otherwise, step j is entered.
Step h, the security RTE verifies whether the integrity of the control program is consistent, if so, the step i is entered; otherwise, step j is entered.
Step i, the secure RTE verifies whether the signature of the control program passes or not, if so, the secure RTE installs the control program, and then the communication between the IDE programming software and the secure RTE is ended; otherwise, directly ending the communication between the IDE programming software and the secure RTE.
And j, returning the result to the IDE programming software, and ending the network connection between the IDE programming software and the secure RTE.
The design of the method comprises two-way identity authentication between the IDE configuration monitoring software and the secure RTE in the controller and data security protection in the process of communication between the IDE configuration monitoring software and the secure RTE in the controller, wherein the two-way identity authentication between the IDE configuration monitoring software and the secure RTE in the controller adopts a two-way authentication mode based on SM2 signature digital certificates, so that the identity of both communication parties is ensured to be credible; the data security protection is divided into two cases, one is a control instruction which is issued to a security RTE in a controller aiming at IDE configuration monitoring software, encryption and integrity protection based on SM3 and SM4 algorithms are adopted, and because the control data is a key operation instruction, the importance is high and the data volume is smaller; the other is that the security RTE in the controller reports the service data or running state data to the IDE configuration monitoring software, and the security RTE adopts the integrity protection based on SM3 to prevent the security RTE from being destroyed or tampered, because the real-time performance of the data is high in requirement and large in quantity.
In practical implementation, based on the SM2 digital certificate and the public-private key pair, the method is preset in the secure RTE of the IDE configuration monitoring software and the controller, and the hardware security module is securely stored, as shown in fig. 2, the IDE configuration monitoring software is applied to execute the secure data communication method according to the following steps I to VIII, so as to implement the security monitoring of the IDE configuration monitoring software on the running process of the controller.
And I, initiating a network connection request to a secure RTE of the controller by the IDE configuration monitoring software, and entering the step II.
Step II. Generating random number R by IDE configuration monitoring software n (n=1, 2 … to distinguish between different sessions) and employs the public key D of the secure RTE c For random number R n Encrypting, then generating hash by SM3 algorithm to the communication serial number SN generated randomly and the encrypted random number, and then applying private key P of IDE configuration monitoring software e The hash is signed and sent to the secure RTE for authentication, and then step III is entered. Wherein the communication sequence number SN is randomly generated in order to prevent replay attacks.
Step III, the secure RTE verifies whether the digital certificate of the IDE configuration monitoring software is legal, if so, the secure RTE private key P is adopted c Decryption to obtain random number R n And (3) entering a step IV; otherwise, returning the verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
In a further implementation, in the step III, the secure RTE verifies whether the certificate of the IDE configuration monitoring software is legal by using the public key of the third party authentication system, and if so, further uses the public key D of the IDE configuration monitoring software e Verifying the validity of the signature, and if the signature is verified to be valid, adopting a secure RTE private key P c Decryption to obtain random number R n And (3) entering a step IV; if the verification is invalid, returning a verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE; otherwise, directly returning the verification result to the IDE configuration monitoring software, ending the network between the IDE configuration monitoring software and the secure RTEAnd (5) connecting the channels.
Step IV, secure RTE obtains random number R n The result of bitwise non-operation is adopted to calculate the corresponding HASH value by adopting SM3 algorithm, and then the IDE configuration monitoring software public key D is adopted e Encryption and secure RTE private key P c And (5) signing, returning to IDE configuration monitoring software, and entering step V.
Step V, the IDE configuration monitoring software verifies whether the digital certificate of the secure RTE is legal or not, if so, a private key P is adopted e Decrypting to obtain a corresponding HASH value, and entering a step VI; otherwise, returning the verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
In a further implementation, in the step V, the IDE configuration monitoring software verifies whether the certificate of the secure RTE is legal by using the public key of the third party authentication system, and if so, the public key D of the secure RTE c Verifying the validity of the signature, and if the signature is verified to be valid, adopting the private key P e Decrypting to obtain a corresponding HASH value, and entering a step VI; if the verification is invalid, returning a verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE; otherwise, directly returning the verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
Step VI IDE configuration monitoring software is directed to random number R n Calculating HASH value by SM3 algorithm according to bit non-operation result, judging whether it is consistent with HASH value from secure RTE, if so, adding random number R n As session key, further opening communication between IDE configuration monitoring software and secure RTE, and entering step VII; otherwise, returning the verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
Step VII, the secure RTE checks whether it receives the control instruction from the IDE configuration monitoring software, if yes, the secure RTE applies the session key R n Performing decryption, executing corresponding instructions, and returning to the step I; otherwise, step VIII is entered.
Step VIII, the controller collects the running data and the service data of the field device according to the preset periodicity, uploads the IDE configuration monitoring software together with the HASH value, and then returns to the step VII.
Based on the specifically designed industrial control programming platform safety communication method based on the cryptographic algorithm, the system for further realizing the safety communication method of the invention, as shown in fig. 3, specifically comprises an engineer station, an operator station and an industrial control authentication system which are arranged on a process monitoring layer local area network, and various controllers which are arranged on a field control layer local area network; wherein the engineer station comprises IDE programming software and a secure communication module 1 which are in communication connection with each other, and the operator station comprises IDE configuration monitoring software and a secure communication module 2 which are in communication connection with each other; the controllers have the same structure, and each controller respectively comprises a control program running on the controller and a safe RTE deployed on an embedded real-time operating system of the controller.
Based on the IDE programming software in the engineer station which is respectively connected with the safety RTEs in the controllers through the safety communication module 1 by an industrial control authentication system for communication, the identity authentication of the engineer when a network connection request is executed, the bidirectional identity authentication between the IDE programming software and the safety RTEs before the downloading and updating of the control program, and the credibility authentication of the control program, the IDE programming software in the engineer station is connected with the safety RTEs in the controllers through the safety communication module 1 for communication, so that the downloading and updating of the control program to the safety RTEs in the controllers are realized.
Based on the IDE configuration monitoring software in the operator station which is respectively connected with the safety RTEs in each controller through the industrial control authentication system by the safety communication module 2 for communication, the bidirectional identity authentication between the IDE configuration monitoring software and the safety RTEs in the controllers is executed, the IDE configuration monitoring software in the operator station is connected with the safety RTEs in each controller through the safety communication module 2 for communication, the IDE configuration monitoring software in the operator station sends instructions to the network connection controllers under the data safety protection, and the IDE configuration monitoring software in the operator station receives the running data and the service data of the field devices which are acquired by the network connection controllers.
Further in practical implementation, as shown in fig. 4, the specific design of the secure communication module 1 includes connection management, certificate management, protocol filtering, SM2 signature/verification, SM3 HASH calculation; the connection management is responsible for the establishment and maintenance of network connection and data transceiving; certificate management is responsible for carrying out safe storage and access on IDE programming software certificates, control program certificates, industrial control authentication system root certificates and various controller certificates; protocol filtering is responsible for identifying whether the current communication is sent by IDE programming software and blocking other illegal communication; the SM2 signature/verification signature signs the control program based on the SM2 algorithm, and verifies the signature on the returned result; SM3 HASH calculation calculates a HASH value of the control program based on the SM3 algorithm.
As shown in fig. 5, the specific design of the secure communication module 2 includes connection management, certificate management, protocol filtering, SM2 signature/verification, SM3 HASH calculation, SM4 encryption and decryption, and random number generation; the connection management is responsible for the establishment and maintenance of network connection and data transceiving; certificate management is responsible for carrying out safe storage and access on IDE configuration monitoring software certificates, control program certificates, industrial control authentication system root certificates and various controller certificates; the protocol filtering is responsible for identifying whether the current communication is legal or not and blocking other illegal communication; the SM2 signature/signature verification is used for signing a control instruction issued by the IDE configuration monitoring software based on an SM2 algorithm, and verifying the signature of various data received from the controller; the SM3 HASH calculation calculates a HASH value of the data transmitted or uploaded by the controller based on an SM3 algorithm; SM4 encryption and decryption encrypt the control instruction based on the session key; the random number generation is responsible for generating a random number as a session key.
The structures of the security RTEs in the controllers are the same as each other, as shown in fig. 6, and the specific designs of the security RTEs respectively comprise connection management, certificate management, SM2 signature/verification, SM3 HASH calculation, SM4 encryption and decryption, class 1 security communication, class 2 security communication and runtime support; the connection management is responsible for establishing and maintaining network connection and receiving and transmitting data between the connection management and the IDE programming software and the IDE configuration monitoring software respectively; the certificate management is responsible for carrying out safe storage and access on IDE programming software, IDE configuration monitoring software certificates, industrial control authentication system root certificates and controllers own certificates; the SM2 signature/verification signature signs the data sent by the controller based on an SM2 algorithm, and verifies the signature of the received control program or control instruction; SM3 HASH calculation calculates a HASH value of the uploaded or received data based on the SM3 algorithm; SM4 encryption and decryption are used for decrypting control instructions from IDE configuration monitoring software based on a session key; the 1-type security communication is responsible for realizing the security communication between IDE programming software and security RTE, and is mainly realized based on SM2 signature/signature verification and SM3 HASH calculation; the 2-type security communication is responsible for realizing the security communication between IDE configuration monitoring software and a controller, and is mainly realized based on SM2 signature/signature verification, SM3 HASH calculation and SM4 encryption and decryption; the runtime support is responsible for providing the bottom support for the normal running of the control program and managing the runtime variables.
The industrial control authentication system is used for receiving applications of SM2 digital certificates from IDE programming software, IDE configuration monitoring software and secure RTE in the controller, auditing the applications, issuing the digital certificates, verifying timeliness and legitimacy of the digital certificates, and uniformly managing public and private key pairs of all communication entities.
The industrial control programming platform safety communication method and system based on the national cryptographic algorithm designed by the technical scheme are related to a program safety loading method between IDE programming software and a safety RTE in a controller, and realize the safety downloading or updating of a control program by adopting a triple strong authentication mechanism; the method for safety data communication designed between IDE configuration monitoring software and safety RTE adopts a differentiated data safety protection mechanism to encrypt and integrity protect small and important control instructions, and only integrity protect large and real-time service data and running state data with high requirements, thus realizing safety, guaranteeing real-time performance and balancing safety and efficiency to a certain extent.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the spirit of the present invention.

Claims (8)

1. An industrial control programming platform safety communication method based on a national cryptographic algorithm is characterized in that: based on an engineering application IDE programming software execution program safe loading method, the downloading and updating of a control program to a safe RTE in a controller are realized, and further, an IDE configuration monitoring software execution safe data communication method is applied, so that the safety monitoring of the IDE configuration monitoring software on the running process of the controller is realized;
the program security loading method comprises the steps of performing the downloading and updating of the control program to the security RTE in the controller based on the mutual identity authentication between the IDE programming software and the security RTE before the downloading and updating of the control program and the trusted verification of the control program when the engineer sequentially executes the application IDE programming software to initiate a network connection request to the security RTE in the controller;
the engineer applies IDE programming software to execute a program safe loading method according to the following steps a to j, and realizes the downloading and updating of a control program to a safe RTE in a controller;
step a, an engineer initiates a network connection request to a security RTE in a controller by applying IDE programming software, and the step b is entered; step b, the secure RTE judges whether the hardware identity module of the IDE programming software is detected in the network connection request, if yes, the step c is entered; otherwise, enter step j;
Step c, the security RTE verifies whether the digital certificate of the engineer in the hardware identity module is legal, and the security RTE receives a secondary authentication password input by the engineer in the IDE programming software to be transmitted to the security RTE and then enters the step d; otherwise, enter step j;
step d, the secure RTE judges whether the secondary authentication password from the IDE programming software is correct, if yes, the step e is entered; otherwise, enter step j;
step e, signing and integrity protecting the control program by using public and private keys of IDE programming software, downloading the signature and integrity protecting data to a secure RTE, and then entering the step f;
f, the secure RTE verifies whether the digital certificate of the IDE programming software is legal, if so, signature and integrity protection are carried out aiming at the verification result, the digital certificate is returned to the IDE programming software, and then the step g is carried out; otherwise, enter step j;
step g, the IDE programming software verifies whether the digital certificate of the secure RTE is legal, if so, the IDE programming software replies a verification passing result to the secure RTE, and then the step h is entered; otherwise, enter step j;
step h, the security RTE verifies whether the integrity of the control program is consistent, if so, the step i is entered; otherwise, enter step j;
step i, the secure RTE verifies whether the signature of the control program passes or not, if so, the secure RTE installs the control program, and then the communication between the IDE programming software and the secure RTE is ended; otherwise, directly ending the communication between the IDE programming software and the secure RTE; step j, returning the result to the IDE programming software, and ending the network connection between the IDE programming software and the secure RTE;
The secure data communication method comprises two-way identity authentication between IDE configuration monitoring software and secure RTE in the controller and data security protection in the process of communication between the IDE configuration monitoring software and the secure RTE in the controller, wherein the two-way identity authentication between the IDE configuration monitoring software and the secure RTE in the controller adopts a two-way authentication mode based on SM2 signature digital certificates, and the data security protection is divided into two cases, one is control instructions which are issued to the secure RTE in the controller aiming at the IDE configuration monitoring software, and encryption and integrity protection based on SM3 and SM4 algorithms are adopted; the other is that the security RTE in the controller adopts the integrity protection based on SM3 to report the business data or the running state data to the IDE configuration monitoring software.
2. The industrial control programming platform safety communication method based on the cryptographic algorithm as claimed in claim 1, wherein the industrial control programming platform safety communication method is characterized in that: based on the SM2 digital certificate and public and private key pairs, the method is preset in the security RTE of the IDE configuration monitoring software and the controller, and the hardware security module is used for security storage, the IDE configuration monitoring software is applied to execute a security data communication method according to the following steps I to VIII, and the security monitoring of the IDE configuration monitoring software on the running process of the controller is realized;
step I, the IDE configuration monitoring software initiates a network connection request to the secure RTE of the controller, and the step II is entered;
Step II. Generating random number R by IDE configuration monitoring software n And employs public key D of secure RTE c For random number R n Encrypting, then encrypting the randomly generated communication serial number SN and the encrypted random number,generating a hash using SM3 algorithm, then applying the private key P of IDE configuration monitoring software e Signing the hash, sending the hash to a secure RTE (real-time transport) request for identity verification, and then entering a step III;
step III, the secure RTE verifies whether the digital certificate of the IDE configuration monitoring software is legal, if so, the secure RTE private key P is adopted c Decryption to obtain random number R n And (3) entering a step IV; otherwise, returning a verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
step IV, secure RTE obtains random number R n The result of bitwise non-operation is adopted to calculate the corresponding HASH value by adopting SM3 algorithm, and then the IDE configuration monitoring software public key D is adopted e Encryption and secure RTE private key P c Signing and returning to IDE configuration monitoring software, and entering step V;
step V, the IDE configuration monitoring software verifies whether the digital certificate of the secure RTE is legal or not, if so, a private key P is adopted e Decrypting to obtain a corresponding HASH value, and entering a step VI; otherwise, returning a verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
Step VI IDE configuration monitoring software is directed to random number R n Calculating HASH value by SM3 algorithm according to bit non-operation result, judging whether it is consistent with HASH value from secure RTE, if so, adding random number R n As session key, further opening communication between IDE configuration monitoring software and secure RTE, and entering step VII; otherwise, returning a verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
step VII, the secure RTE checks whether it receives the control instruction from the IDE configuration monitoring software, if yes, the secure RTE applies the session key R n Performing decryption, executing corresponding instructions, and returning to the step I; otherwise, enter step VIII;
step VIII, the controller collects the running data and the service data of the field device according to the preset periodicity, uploads the IDE configuration monitoring software together with the HASH value, and then returns to the step VII.
3. The industrial control programming platform safety communication method based on the cryptographic algorithm as claimed in claim 2, wherein the industrial control programming platform safety communication method is characterized in that: in the step III, the secure RTE uses the public key of the third party authentication system to verify whether the certificate of the IDE configuration monitoring software is legal, and if so, further uses the public key D of the IDE configuration monitoring software e Verifying the validity of the signature, and if the signature is verified to be valid, adopting a secure RTE private key P c Decryption to obtain random number R n And (3) entering a step IV; if the verification is invalid, returning a verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
otherwise, directly returning the verification result to the IDE configuration monitoring software, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
4. The industrial control programming platform safety communication method based on the cryptographic algorithm as claimed in claim 2, wherein the industrial control programming platform safety communication method is characterized in that: in the step V, the IDE configuration monitoring software adopts the public key of the third party authentication system to verify whether the certificate of the secure RTE is legal, if so, the public key D of the secure RTE is adopted c Verifying the validity of the signature, and if the signature is verified to be valid, adopting the private key P e Decrypting to obtain a corresponding HASH value, and entering a step VI; if the verification is invalid, returning a verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE;
otherwise, directly returning the verification result to the secure RTE, and ending the network connection between the IDE configuration monitoring software and the secure RTE.
5. A system for implementing a security communication method of an industrial control programming platform based on a cryptographic algorithm as in any one of claims 1 to 4, characterized in that: the system comprises an engineer station, an operator station and an industrial control authentication system which are arranged on a process monitoring layer local area network, and each controller which is arranged on a field control layer local area network; wherein the engineer station comprises IDE programming software and a secure communication module 1 which are in communication connection with each other, and the operator station comprises IDE configuration monitoring software and a secure communication module 2 which are in communication connection with each other; the structure of each controller is the same, and each controller respectively comprises a control program running on the controller and a safe RTE deployed on an embedded real-time operating system of the controller;
Based on the IDE programming software in the engineer station, the IDE programming software is respectively connected with the safety RTEs in the controllers through the safety communication module 1 by an industrial control authentication system for communication, and the two-way identity authentication between the IDE programming software and the safety RTEs before the downloading and updating of the control program and the trusted verification of the control program are performed when a network connection request is executed, the IDE programming software in the engineer station is connected with the safety RTEs in the controllers through the safety communication module 1 for communication, so that the downloading and updating of the control program to the safety RTEs in the controllers are realized;
based on the IDE configuration monitoring software in the operator station which is respectively connected with the safety RTEs in each controller through the industrial control authentication system by the safety communication module 2 for communication, the bidirectional identity authentication between the IDE configuration monitoring software and the safety RTEs in the controllers is executed, the IDE configuration monitoring software in the operator station is connected with the safety RTEs in each controller through the safety communication module 2 for communication, the IDE configuration monitoring software in the operator station sends instructions to the network connection controllers under the data safety protection, and the IDE configuration monitoring software in the operator station receives the running data and the service data of the field devices which are acquired by the network connection controllers.
6. The system of the industrial control programming platform safety communication method based on the cryptographic algorithm of claim 5, wherein the system comprises the following components: the security communication module 1 comprises connection management, certificate management, protocol filtering, SM2 signature/signature verification and SM3 HASH calculation; the connection management is responsible for the establishment and maintenance of network connection and data transceiving; certificate management is responsible for carrying out safe storage and access on IDE programming software certificates, control program certificates, industrial control authentication system root certificates and various controller certificates; protocol filtering is responsible for identifying whether the current communication is sent by IDE programming software and blocking other illegal communication; the SM2 signature/verification signature signs the control program based on the SM2 algorithm, and verifies the signature on the returned result; SM3 HASH calculation calculates a HASH value of the control program based on the SM3 algorithm.
7. The system of the industrial control programming platform safety communication method based on the cryptographic algorithm of claim 5, wherein the system comprises the following components: the security communication module 2 comprises connection management, certificate management, protocol filtering, SM2 signature/verification, SM3 HASH calculation, SM4 encryption and decryption and random number generation; the connection management is responsible for the establishment and maintenance of network connection and data transceiving; certificate management is responsible for carrying out safe storage and access on IDE configuration monitoring software certificates, control program certificates, industrial control authentication system root certificates and various controller certificates; the protocol filtering is responsible for identifying whether the current communication is legal or not and blocking other illegal communication; the SM2 signature/signature verification is used for signing a control instruction issued by the IDE configuration monitoring software based on an SM2 algorithm, and verifying the signature of various data received from the controller; the SM3 HASH calculation calculates a HASH value of the data transmitted or uploaded by the controller based on an SM3 algorithm; SM4 encryption and decryption encrypt the control instruction based on the session key; the random number generation is responsible for generating a random number as a session key.
8. The system of the industrial control programming platform safety communication method based on the cryptographic algorithm of claim 5, wherein the system comprises the following components: the security RTEs in the controllers have the same structure, and each security RTE comprises connection management, certificate management, SM2 signature/verification, SM3 HASH calculation, SM4 encryption and decryption, type 1 security communication, type 2 security communication and runtime support;
the connection management is responsible for establishing and maintaining network connection and receiving and transmitting data between the connection management and the IDE programming software and the IDE configuration monitoring software respectively; the certificate management is responsible for carrying out safe storage and access on IDE programming software, IDE configuration monitoring software certificates, industrial control authentication system root certificates and controllers own certificates; the SM2 signature/verification signature signs the data sent by the controller based on an SM2 algorithm, and verifies the signature of the received control program or control instruction; SM3 HASH calculation calculates a HASH value of the uploaded or received data based on the SM3 algorithm; SM4 encryption and decryption are used for decrypting control instructions from IDE configuration monitoring software based on a session key; the 1-type security communication is responsible for realizing the security communication between IDE programming software and security RTE, and is mainly realized based on SM2 signature/signature verification and SM3 HASH calculation; the 2-type security communication is responsible for realizing the security communication between IDE configuration monitoring software and a controller, and is mainly realized based on SM2 signature/signature verification, SM3 HASH calculation and SM4 encryption and decryption; the runtime support is responsible for providing the bottom support for the normal running of the control program and managing the runtime variables.
CN202310903931.1A 2023-07-24 2023-07-24 Industrial control programming platform safety communication method and system based on cryptographic algorithm Active CN116663075B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310903931.1A CN116663075B (en) 2023-07-24 2023-07-24 Industrial control programming platform safety communication method and system based on cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310903931.1A CN116663075B (en) 2023-07-24 2023-07-24 Industrial control programming platform safety communication method and system based on cryptographic algorithm

Publications (2)

Publication Number Publication Date
CN116663075A CN116663075A (en) 2023-08-29
CN116663075B true CN116663075B (en) 2023-12-15

Family

ID=87715537

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310903931.1A Active CN116663075B (en) 2023-07-24 2023-07-24 Industrial control programming platform safety communication method and system based on cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN116663075B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
CN105137800A (en) * 2015-09-11 2015-12-09 浙江中烟工业有限责任公司 PLC cooperative control device based on SOPC technology
CN107765629A (en) * 2016-08-22 2018-03-06 王小义 A kind of DELTA2 robot control systems based on Soft- PLC and EtherCAT buses
WO2019100691A1 (en) * 2017-11-27 2019-05-31 中国科学院沈阳自动化研究所 Industrial embedded system-oriented network information security protection unit and protection method
CN110891063A (en) * 2019-11-30 2020-03-17 信联科技(南京)有限公司 Safe industrial control system based on safe intelligent control ware
WO2020205514A1 (en) * 2019-04-01 2020-10-08 Intel Corporation Privacy protected autonomous attestation
CN113051548A (en) * 2021-04-23 2021-06-29 北京计算机技术及应用研究所 Industrial safety control system of light-weight undisturbed formula
CN115344000A (en) * 2021-05-14 2022-11-15 中国电子信息产业集团有限公司第六研究所 PLC control logic safety protection method based on information coding technology
CN115580491A (en) * 2022-12-07 2023-01-06 信联科技(南京)有限公司 Industrial control programming platform based on state cryptographic algorithm, construction method and operation method
CN115834149A (en) * 2022-11-04 2023-03-21 北京科技大学 Numerical control system safety protection method and device based on state cryptographic algorithm

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104573516A (en) * 2014-12-25 2015-04-29 中国科学院软件研究所 Industrial control system trusted environment control method and platform based on safety chip
CN105137800A (en) * 2015-09-11 2015-12-09 浙江中烟工业有限责任公司 PLC cooperative control device based on SOPC technology
CN107765629A (en) * 2016-08-22 2018-03-06 王小义 A kind of DELTA2 robot control systems based on Soft- PLC and EtherCAT buses
WO2019100691A1 (en) * 2017-11-27 2019-05-31 中国科学院沈阳自动化研究所 Industrial embedded system-oriented network information security protection unit and protection method
CN109842585A (en) * 2017-11-27 2019-06-04 中国科学院沈阳自动化研究所 Network information security protective unit and means of defence towards industrial embedded system
WO2020205514A1 (en) * 2019-04-01 2020-10-08 Intel Corporation Privacy protected autonomous attestation
CN110891063A (en) * 2019-11-30 2020-03-17 信联科技(南京)有限公司 Safe industrial control system based on safe intelligent control ware
CN113051548A (en) * 2021-04-23 2021-06-29 北京计算机技术及应用研究所 Industrial safety control system of light-weight undisturbed formula
CN115344000A (en) * 2021-05-14 2022-11-15 中国电子信息产业集团有限公司第六研究所 PLC control logic safety protection method based on information coding technology
CN115834149A (en) * 2022-11-04 2023-03-21 北京科技大学 Numerical control system safety protection method and device based on state cryptographic algorithm
CN115580491A (en) * 2022-12-07 2023-01-06 信联科技(南京)有限公司 Industrial control programming platform based on state cryptographic algorithm, construction method and operation method

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
Deterministic Intrusion Detection Rules for MODBUS Protocols;Thomas H. Morris 等;2013 46th Hawaii International Conference on System Sciences;第1773-1781页 *
基于3DES和SM4的Modbus 安全通信算法;石珊 等;自动化博览;第38卷(第01期);第67-71页 *
基于国产密码算法的数控网络的认证与验证模型研究及安全评估;夏晓峰;向宏;肖震宇;蔡挺;;电子与信息学报(第08期);第39-45页 *
基于隐蔽信道的工控系统数据完整性校验方法;凌捷 等;计算机工程与应用(第09期);第131-136页 *
核电工控系统信息安全的密码应用研究;赵爽;马陟;;电脑知识与技术(第04期);第41-42页 *

Also Published As

Publication number Publication date
CN116663075A (en) 2023-08-29

Similar Documents

Publication Publication Date Title
US11714622B2 (en) Secure cloud-based system, and security application distribution method to be automatically executed therein
CN110784491B (en) Internet of things safety management system
Breiling et al. Secure communication for the robot operating system
CN109088870B (en) Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform
CN101409619B (en) Flash memory card and method for implementing virtual special network key exchange
JP2012050066A (en) Secure field-programmable gate array (fpga) architecture
WO2003107153A2 (en) Method for configuring and commissioning csss
CN111918284B (en) Safe communication method and system based on safe communication module
CN100579009C (en) Method for upgrading function of creditable calculation modules
Gilchrist Secure authentication for DNP3
CN105471901A (en) Industrial information security authentication system
Fuchs et al. HIP: HSM-based identities for plug-and-charge
Saleem et al. Certification procedures for data and communications security of distributed energy resources
Esiner et al. Message authentication and provenance verification for industrial control systems
Xia et al. Design of secure FTP system
Sani et al. CyRA: A real-time risk-based security assessment framework for cyber attacks prevention in industrial control systems
CN116663075B (en) Industrial control programming platform safety communication method and system based on cryptographic algorithm
US20220182229A1 (en) Protected protocol for industrial control systems that fits large organizations
CN112906032B (en) File secure transmission method, system and medium based on CP-ABE and block chain
CN114859810A (en) System and method for safely downloading configuration engineering
Yi et al. A security-enhanced Modbus TCP protocol and authorized access mechanism
CN113347004A (en) Encryption method for power industry
Fuloria et al. Towards a security architecture for substations
Biham et al. K7: A Protected Protocol for Industrial Control Systems that Fits Large Organizations
CN114666079B (en) Industrial control system access control method based on attribute certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant