CN117176831A - Controller network communication method, system, equipment and medium - Google Patents
Controller network communication method, system, equipment and medium Download PDFInfo
- Publication number
- CN117176831A CN117176831A CN202311175693.3A CN202311175693A CN117176831A CN 117176831 A CN117176831 A CN 117176831A CN 202311175693 A CN202311175693 A CN 202311175693A CN 117176831 A CN117176831 A CN 117176831A
- Authority
- CN
- China
- Prior art keywords
- controller
- protocol
- data
- receiving end
- rudp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 78
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000007246 mechanism Effects 0.000 claims abstract description 22
- 230000005540 biological transmission Effects 0.000 claims description 54
- 238000004590 computer program Methods 0.000 claims description 25
- 238000004422 calculation algorithm Methods 0.000 claims description 23
- 230000008569 process Effects 0.000 claims description 22
- 230000003993 interaction Effects 0.000 claims description 19
- 238000003860 storage Methods 0.000 claims description 13
- 230000001360 synchronised effect Effects 0.000 claims description 11
- 238000012986 modification Methods 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 238000012790 confirmation Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 230000009466 transformation Effects 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 9
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009776 industrial production Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Communication Control (AREA)
Abstract
The invention discloses a controller network communication method, a system, equipment and a medium, wherein the method comprises the following steps: modifying the UDP message protocol between the controller and the data receiving end to obtain RUDP protocol; encrypting the RUDP protocol to obtain an encrypted RUDP protocol; taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, and introducing a retransmission mechanism to perform data communication; the invention adopts RUDP protocol to carry out network communication, effectively reduces the probability of message loss, introduces retransmission mechanism and can ensure the integrity of transmitted data to a great extent; secondly, the RUDP protocol is encrypted, so that the safety of the data is ensured, the threat to a control system caused by illegal tampering of key data of the controller is effectively prevented, and the safe operation of a power plant is ensured.
Description
Technical Field
The invention belongs to the technical field of controller communication, and particularly relates to a controller network communication method, system, equipment and medium.
Background
The trusted distributed control system (Distributed Control System, DCS) is novel control equipment for carrying out centralized monitoring, operation, management and distributed control on industrial production processes by utilizing a computer technology, and is widely applied to the industrial production fields of electric power and the like; as the scale of the power system becomes larger and the structure becomes more complex, the management of the power equipment becomes more and more important.
The trusted DCS system comprises a large number of controllers, wherein the controllers are used for collecting service data in the generation process of the power system, and the service data collected by the controllers need to be interacted with an upper computer PC; at present, in the field of traditional power control systems, a plaintext format is generally adopted for data transmission, and a distributed control system is likely to be illegally invaded in an open network, so that plaintext data is monitored, grabbed and even tampered, and the safe operation of a power plant is seriously threatened; thus, to avoid the above-mentioned threat to the power decentralized control system, it is necessary to use a secure communication protocol in the course of communication.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides a controller network communication method, a system, equipment and a medium, which are used for solving the technical problems that the existing controller generally adopts a plaintext format for data transmission, so that plaintext data is easy to monitor, grasp and even tamper, and the safe operation of a power plant is seriously threatened.
In order to achieve the above purpose, the invention adopts the following technical scheme:
the invention provides a controller network communication method, which is used for a data interaction process between a controller and a data receiving end in a trusted DCS system;
the controller network communication method comprises the following steps:
modifying the UDP message protocol between the controller and the data receiving end to obtain RUDP protocol;
encrypting the RUDP protocol to obtain an encrypted RUDP protocol;
and taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, and introducing a retransmission mechanism to perform data communication.
Further, before modifying the UDP message protocol between the controller and the data receiving end to obtain the RUDP protocol, the method further includes a data transmission link construction step:
the data transmission link construction step specifically comprises the following steps:
establishing a trusted transmission link between the controller and the data receiving end by using a trusted management platform; the trusted transmission link is used as a data transmission link and used for interaction of the encrypted RUDP protocol between the controller and the data receiving end.
Further, a process of establishing a trusted transmission link between the controller and the data receiving end by using a trusted management platform is specifically as follows:
the method comprises the steps that a controller is used for sending a synchronous sequence number packet SYN to a data receiving end, and after the data receiving end receives the synchronous sequence number packet SYN, an acknowledgement number ACK is returned to the controller; and if the controller receives the acknowledgement number ACK, the controller successfully establishes a trusted transmission link with the data receiving end, otherwise, the establishment fails.
Furthermore, an error checking mode is adopted to check and modify the UDP message between the controller end and the data receiving end, and the RUDP protocol is obtained.
Further, the message format of the RUDP protocol comprises a sequence number Seq and a flag bit; wherein, the flag bit includes an acknowledgement number ACK, a synchronization sequence number SYN, and FIN.
Further, the process of encrypting the RUDP protocol to obtain the encrypted RUDP protocol is specifically as follows:
encrypting the RUDP protocol by adopting a symmetric encryption algorithm to obtain the encrypted RUDP protocol; wherein the symmetric encryption algorithm is an SM4 algorithm introducing nonlinear transformation.
Further, the retransmission mechanism is specifically as follows:
after the controller sends the data packets to the data receiving end, the controller triggers a countdown timer for each sent data packet; if the controller does not receive the confirmation message returned by the data receiving end in the preset time according to the timing result of the countdown timer, the controller retransmits the sent data packet; wherein the number of retransmissions of the same data packet by the controller is less than 3.
The invention also provides a controller network communication system which is used for the data interaction process between the controller and the data receiving end in the trusted DCS system;
wherein the controller network communication system comprises:
the protocol modification module is used for modifying the UDP message protocol between the controller and the data receiving end to obtain the RUDP protocol;
the encryption module is used for carrying out encryption processing on the RUDP protocol to obtain an encrypted RUDP protocol;
and the data transmission module is used for taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, introducing a retransmission mechanism and carrying out data communication.
The invention also provides a controller network communication device, comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the controller network communication method when executing the computer program.
The invention also provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of the controller network communication method.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a controller network communication method and a system, which adopt RUDP protocol to carry out network communication, effectively reduce the probability of message loss, introduce retransmission mechanism and ensure the integrity of transmitted data to a great extent; secondly, the RUDP protocol is encrypted, so that the safety of the data is ensured, the threat to a control system caused by illegal tampering of key data of the controller is effectively prevented, and the safe operation of a power plant is ensured.
Furthermore, RUDP messages are symmetrically encrypted through an SM4 algorithm, nonlinear transformation is introduced into the SM4 algorithm, and the safety of data is effectively ensured; when the secret key of the SM4 algorithm is stored in the trusted management platform, illegal acquisition of the secret key from the source can be prevented, and the safety of network communication of the controller in the trusted DCS system is ensured.
Drawings
Fig. 1 is a schematic diagram of a data transmission link constructed by two handshakes of an RUDP in an embodiment;
FIG. 2 is a schematic diagram of the structure of an IP message according to an embodiment;
fig. 3 is a flow chart of a retransmission mechanism in an embodiment.
Detailed Description
In order to make the technical problems, technical schemes and beneficial effects solved by the invention more clear, the following specific embodiments are used for further describing the invention in detail. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The invention provides a controller network communication method, which is used for a data interaction process between a controller and a data receiving end in a trusted DCS system; the data receiving end is an upper computer PC in the trusted DCS system, and the upper computer PC comprises a history station, an engineer station and an operator station.
In the invention, the controller network communication method comprises the following steps:
step 1, a trusted management platform is utilized to establish a trusted transmission link between the controller and the data receiving end; the trusted transmission link is used as a data transmission link and used for interaction of the encrypted RUDP protocol between the controller and the data receiving end.
The process of establishing a trusted transmission link between the controller and the data receiving end by using the trusted management platform specifically comprises the following steps:
the method comprises the steps that a controller is used for sending a synchronous sequence number packet SYN to a data receiving end, and after the data receiving end receives the synchronous sequence number packet SYN, an acknowledgement number ACK is returned to the controller; and if the controller receives the acknowledgement number ACK, the controller successfully establishes a trusted transmission link with the data receiving end, otherwise, the establishment fails.
Step 2, modifying the UDP message protocol between the controller and the data receiving end by adopting an error checking mode to obtain an RUDP protocol; the message format of the RUDP protocol comprises a sequence number Seq and a flag bit; wherein, the flag bit includes an acknowledgement number ACK, a synchronization sequence number SYN, and FIN.
Step 3, encrypting the RUDP protocol by using a symmetric encryption algorithm to obtain the encrypted RUDP protocol; wherein the symmetric encryption algorithm is an SM4 algorithm introducing nonlinear transformation.
Step 4, taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, and introducing a retransmission mechanism to perform data communication; the retransmission mechanism is specifically as follows:
after the controller sends the data packets to the data receiving end, the controller triggers a countdown timer for each sent data packet; if the controller does not receive the confirmation message returned by the data receiving end in the preset time according to the timing result of the countdown timer, the controller retransmits the sent data packet; wherein the number of retransmissions of the same data packet by the controller is less than 3.
Communication principle:
in a trusted DCS system, process data generated by a controller need to be transmitted to a designated data receiving end, and the direct communication between the controller and the background of an upper computer PC adopts Ethernet message communication; the controller network communication method modifies the original UDP protocol message to obtain the RUDP protocol, thereby greatly reducing the probability of packet loss; the RUDP message is encrypted in a symmetrical encryption mode, so that the data security is further ensured, meanwhile, the symmetrical encryption speed is higher, the efficiency is higher, and the data transmission instantaneity is further improved; by adding the retransmission mechanism, the reliability of data transmission is ensured without changing the real-time property of UDP.
In the invention, the controller and the upper PC communicate in a RUDP protocol mode, so that the reliability of data transmission is improved and the real-time performance of the data transmission is ensured; the assigned process of the controller adopts RUDP protocol, and the trusted management platform is utilized to maintain a trusted transmission link between the controller and the data receiving end, so that safe data interaction between the controller and the upper PC is ensured.
In the invention, a symmetric encryption algorithm is adopted to encrypt the RUDP protocol; due to the symmetric encryption algorithm, the symmetric encryption speed is high, the efficiency is high, the integrity and confidentiality of core data are ensured, and the instantaneity of service data is also ensured; the symmetric encryption algorithm adopts an SM4 algorithm, nonlinear transformation is added in the calculation process of the SM4 algorithm, the safety of the algorithm can be greatly improved theoretically, and a professional institution carries out password analysis to conclude that the safety is higher.
The following specifically describes a communication implementation procedure of the RUDP protocol:
the reliable data transmission facing to the connection is realized in the user space by utilizing the datagram socket, and the functions comprise: establishing a trusted transmission link connection, error detection and acknowledgement retransmission; the flow control adopts a sliding window protocol to complete the transmission of given data.
Specifically, the process of the sliding window protocol is as follows;
the sliding window protocol respectively maintains a sliding window between a data sender and a data receiver, wherein the data sender is a sending window, and the data receiver is a receiving window; it should be noted that the sizes of the sending window and the receiving window are not necessarily the same; controlling the number and number of packets that can be transmitted and received by a data transmitter and a data receiver using a sliding window protocol that can allow the transmitter to transmit a plurality of packets without waiting for acknowledgement; upon receipt of an acknowledgement, the data sender slides the send window forward.
Specifically, the retransmission mechanism is specifically implemented as follows:
the data interaction message between the controller and the data receiving end is a message with a serial number; after the controller sends the data packets, the controller triggers a countdown timer after each data packet is sent; if the confirmation message sent by the data receiver is not received within the preset time, the controller retransmits the data packet message; wherein the number of retransmissions of the same data packet by the controller is less than 3; that is, if the controller retransmits the same packet more than 3 times, it determines that the transmission link is faulty, and stops the data interaction.
Specifically, the process of establishing the trusted transmission link connection is specifically as follows:
the data transmission link between the controller and the data receiving end belongs to a trusted transmission link registered by the trusted management platform, and the trusted transmission link only realizes two handshakes; specifically, when the controller needs to perform data interaction with the data receiving end, the controller sends a synchronous sequence number packet SYN, and the receiving end replies a process of one round of acknowledgement number ACK; after the controller receives the acknowledgement number ACK of the receiving end, connection is successfully established; after the controller receives the synchronous sequence number packet SYN, connection is successfully established; if the controller retransmits the ACK (acknowledgement) which is sent by the receiving end and is not received by the receiving end over time for a plurality of times, the connection fails; it should be noted that the trusted transmission link can implement a handshake or waving function similar to TCP;
specifically, the error checking process is specifically as follows:
using the algorithm of the IP header checksum to check whether the IP message header has errors; because the IP message sets the check bit, the check bit is used for storing the header check sum of the IP message; specifically, the checksum field is set to 0; binary summing every 16 bits of the IP header; if the upper 16 bits of the sum are not 0, repeatedly adding the upper 16 bits and the lower 16 bits of the sum until the upper 16 bits of the sum are 0, thereby obtaining a 16-bit value; the 16-bit value is inverted and stored in the checksum field.
Specifically, the retransmission mechanism is specifically as follows:
in the invention, a reliable data transmission protocol rdt3.0 protocol is adopted, so that reliable data exchange between the controller and the receiving end is ensured to be well-pointed, not lost and not disordered; RUDP is a reliable UDP protocol constructed by introducing a retransmission mechanism based on the UDP protocol, UDP belongs to a transport layer protocol, rdt belongs to a data link layer protocol and is used for guaranteeing no loss and no disorder of data transmission.
The design of the message format of the RUDP protocol refers to a TCP data head format, and comprises a sequence number Seq and a flag bit; wherein, the flag bit includes an acknowledgement number ACK, a synchronization sequence number SYN, and FIN.
When a connection failure occurs in the RUDP protocol connection process, the controller is required to send transmission link error information to the trusted management platform, and the trusted management platform maintains the trusted transmission link; meanwhile, the controller uploads alarm information; the trusted management platform can dynamically maintain the trusted state of the controller and other devices, and when any one of the two parties needing to perform data interaction is in an untrusted state, the trusted management platform can send an untrusted message to the opposite end and disconnect the data transmission link, and the trusted management platform can periodically maintain the trusted information of the devices so as to monitor the transmission link.
The invention also provides a controller network communication system which is characterized by being used for the data interaction process between the controller and the data receiving end in the trusted DCS system; wherein the controller network communication system comprises: the device comprises a protocol modification module, an encryption module and a data transmission module; the protocol modification module is used for modifying the UDP message protocol between the controller and the data receiving end to obtain the RUDP protocol; the encryption module is used for carrying out encryption processing on the RUDP protocol to obtain an encrypted RUDP protocol; the data transmission module is used for taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, introducing a retransmission mechanism and carrying out data communication.
The invention also provides a controller network communication device, comprising: a memory for storing a computer program; and the processor is used for realizing the steps of the controller network communication method when executing the computer program.
The steps of the controller network communication method described above are implemented when the processor executes the computer program, for example: modifying the UDP message protocol between the controller and the data receiving end to obtain RUDP protocol; encrypting the RUDP protocol to obtain an encrypted RUDP protocol; and taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, and introducing a retransmission mechanism to perform data communication.
Alternatively, the processor may implement functions of each module in the above system when executing the computer program, for example: the protocol modification module is used for modifying the UDP message protocol between the controller and the data receiving end to obtain the RUDP protocol; the encryption module is used for carrying out encryption processing on the RUDP protocol to obtain an encrypted RUDP protocol; and the data transmission module is used for taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, introducing a retransmission mechanism and carrying out data communication.
The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present invention, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing a predetermined function, the instruction segments describing the execution of the computer program in the controller network communication device. For example, the computer program may be divided into a protocol modification module, an encryption module and a data transmission module, where each module specifically functions as follows: the protocol modification module is used for modifying the UDP message protocol between the controller and the data receiving end to obtain the RUDP protocol; the encryption module is used for carrying out encryption processing on the RUDP protocol to obtain an encrypted RUDP protocol; and the data transmission module is used for taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, introducing a retransmission mechanism and carrying out data communication.
The controller network communication equipment can be computing equipment such as a desktop computer, a notebook computer, a palm computer, a cloud server and the like. The controller network communication device may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the foregoing is an example of a controller network communication device and is not meant to be limiting, and that more components than those described above may be included, or certain components may be combined, or different components may be included, for example, the controller network communication device may also include an input-output device, a network access device, a bus, etc.
The processor may be a central processing unit (CentralProcessingUnit, CPU), other general purpose processors, digital signal processors (DigitalSignalProcessor, DSP), application specific integrated circuits (ApplicationSpecificIntegratedCircuit, ASIC), off-the-shelf programmable gate arrays (Field-ProgrammableGateArray, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is a control center of the controller network communication device, and connects various parts of the entire controller network communication device using various interfaces and lines.
The memory may be used to store the computer program and/or module, and the processor may implement various functions of the controller network communication device by running or executing the computer program and/or module stored in the memory and invoking data stored in the memory.
The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SmartMediaCard, SMC), secure digital (SecureDigital, SD) card, flash card (FlashCard), at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The invention also provides a computer readable storage medium storing a computer program which when executed by a processor implements the steps of a controller network communication method.
The modules/units integrated in the controller network communication system may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product.
Based on such understanding, the present invention may implement all or part of the above-mentioned flow in the controller network communication method, or may be implemented by instructing the relevant hardware by a computer program, where the computer program may be stored in a computer readable storage medium, and where the computer program, when executed by a processor, may implement the steps of the above-mentioned controller network communication method. The computer program comprises computer program code, and the computer program code can be in a source code form, an object code form, an executable file or a preset intermediate form and the like.
The computer readable storage medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a Read-only memory (ROM), a random access memory (RandomAccessMemory, RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, and so forth.
It should be noted that the computer readable storage medium may include content that is subject to appropriate increases and decreases as required by jurisdictions and by jurisdictions in which such computer readable storage medium does not include electrical carrier signals and telecommunications signals.
Examples
The embodiment provides a controller network communication method, which comprises the following steps:
step 1, registering a controller on a trusted platform; when the controller needs to register on the trusted management platform for the first time, the method specifically comprises the following steps:
the trusted management platform receives an identity verification request message sent by a controller; the trusted management platform generates a time stamp and a valid period according to the identity verification request message, encrypts the time stamp and the valid period by utilizing a pre-stored controller public key, and obtains and sends encrypted data of the time stamp and the valid period to the controller; the controller decrypts the encrypted data of the time stamp and the validity period by utilizing a prestored private key of the transmitting end to obtain the decrypted time stamp and the decrypted validity period; the controller judges the validity period of the decrypted time stamp, if the time stamp is within the validity period, the decrypted time stamp is encrypted by using a prestored controller private key, and time stamp return data is obtained; the trusted management platform receives and decrypts the time stamp returned data by utilizing the prestored controller public key to obtain a returned time stamp; and the trusted management platform judges the validity period of the returned time stamp, if the returned time stamp is within the validity period, the returned time stamp is compared with the time stamp, and if the returned time stamp is consistent with the time stamp, the sender registers and authenticates successfully on the trusted management platform for the first time.
Step 2, data transmission link construction
Specifically, the controller performs two-time handshake with the data receiving end to judge whether the opposite end can perform data interaction, as shown in fig. 1; the handshake process is as follows: the controller sends a synchronous sequence number packet SYN to the data receiving end, and the receiving end replies a process of one round of acknowledgement number ACK; after the controller receives the acknowledgement number ACK of the receiving end, connection is successfully established; after the controller receives the synchronous sequence number packet SYN, connection is successfully established; the controller retransmits the acknowledgement number ACK of the receiving end after timeout for a plurality of times, and the connection fails; after the data connection, the controller and the data receiving end perform data interaction.
Step 3, when the controller and the data receiving end perform service data interaction, the controller or the data receiving end inquires the trusted management platform that the trusted state of the opposite end of the data transmission link needs to be established; if both ends are trusted, the controller and the data receiving end realize two-way authentication, and the data transmission can be carried out after the authentication is completed.
Step 4, data transmission process
Specifically, the IP packet of the controller is shown in fig. 2; the controller encrypts the data packet by using the opposite public key in the symmetric encryption algorithm; transmitting data; after receiving the data, the receiving end decrypts the data by using the private key; checking whether the data is correct; sending back a confirmation message; and if the controller does not receive the receiving end data within the set time, retransmitting.
Wherein the retransmission mechanism comprises:
because of the data interaction message between the controller and the data receiving end, the transmitted message is provided with a sequence number; after the controller sends data, the controller triggers a countdown timer for each data packet sent; if the confirmation message sent by the data receiving end is not received within the set time, the controller retransmits the message; if the controller retransmits the same message more than 3 times, the transmission link is judged to be faulty, and the data interaction is stopped, as shown in fig. 3.
It should be noted that, in this embodiment, an error checking manner is adopted to modify the UDP message protocol between the controller and the data receiving end, so as to obtain the RUDP protocol; the message format of the RUDP protocol comprises a sequence number Seq and a flag bit; wherein, the flag bit comprises an acknowledgement number ACK, a synchronous sequence number SYN and a FIN; encrypting the RUDP protocol by using a symmetric encryption algorithm to obtain an encrypted RUDP protocol; wherein the symmetric encryption algorithm is an SM4 algorithm introducing nonlinear transformation.
The description of the relevant parts in the controller network communication system, the device and the computer readable storage medium provided in this embodiment may refer to the detailed description of the corresponding parts in the controller network communication method described in this embodiment, which is not repeated here.
According to the controller network communication method and system, the RUDP protocol is adopted for network communication, so that the probability of message loss is effectively reduced, and a retransmission mechanism is introduced, so that the integrity of transmitted data can be ensured to a great extent; secondly, the RUDP protocol is encrypted, so that the safety of the data is ensured, the threat to a control system caused by illegal tampering of key data of the controller is effectively prevented, and the safe operation of a power plant is ensured.
The above embodiment is only one of the implementation manners capable of implementing the technical solution of the present invention, and the scope of the claimed invention is not limited to the embodiment, but also includes any changes, substitutions and other implementation manners easily recognized by those skilled in the art within the technical scope of the present invention.
Claims (10)
1. The controller network communication method is characterized by being used for a data interaction process between a controller and a data receiving end in a trusted DCS system;
the controller network communication method comprises the following steps:
modifying the UDP message protocol between the controller and the data receiving end to obtain RUDP protocol;
encrypting the RUDP protocol to obtain an encrypted RUDP protocol;
and taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, and introducing a retransmission mechanism to perform data communication.
2. The method for controller network communication according to claim 1, further comprising the step of constructing a data transmission link before modifying the UDP message protocol between the controller and the data receiving terminal to obtain the RUDP protocol:
the data transmission link construction step specifically comprises the following steps:
establishing a trusted transmission link between the controller and the data receiving end by using a trusted management platform; the trusted transmission link is used as a data transmission link and used for interaction of the encrypted RUDP protocol between the controller and the data receiving end.
3. A method of communicating over a network of controllers according to claim 2, wherein the process of establishing a trusted transmission link between the controllers and the data receiving end using a trusted management platform is as follows:
the method comprises the steps that a controller is used for sending a synchronous sequence number packet SYN to a data receiving end, and after the data receiving end receives the synchronous sequence number packet SYN, an acknowledgement number ACK is returned to the controller; and if the controller receives the acknowledgement number ACK, the controller successfully establishes a trusted transmission link with the data receiving end, otherwise, the establishment fails.
4. The method of claim 1, wherein error checking is used to check and modify UDP messages between the controller and the data receiver, so as to obtain the RUDP protocol.
5. The method of claim 1, wherein the message format of the RUDP protocol includes a sequence number Seq and a flag bit; wherein, the flag bit includes an acknowledgement number ACK, a synchronization sequence number SYN, and FIN.
6. The method of claim 1, wherein the process of encrypting the RUDP protocol to obtain the encrypted RUDP protocol comprises the steps of:
encrypting the RUDP protocol by adopting a symmetric encryption algorithm to obtain the encrypted RUDP protocol; wherein the symmetric encryption algorithm is an SM4 algorithm introducing nonlinear transformation.
7. The method for communication of a controller network according to claim 1, wherein the retransmission mechanism is specifically as follows:
after the controller sends the data packets to the data receiving end, the controller triggers a countdown timer for each sent data packet; if the controller does not receive the confirmation message returned by the data receiving end in the preset time according to the timing result of the countdown timer, the controller retransmits the sent data packet; wherein the number of retransmissions of the same data packet by the controller is less than 3.
8. The controller network communication system according to claim 1, wherein the controller network communication system is used for a data interaction process between a controller and a data receiving end in a trusted DCS system;
wherein the controller network communication system comprises:
the protocol modification module is used for modifying the UDP message protocol between the controller and the data receiving end to obtain the RUDP protocol;
the encryption module is used for carrying out encryption processing on the RUDP protocol to obtain an encrypted RUDP protocol;
and the data transmission module is used for taking the encrypted RUDP protocol as a new communication protocol between the controller and the data receiving end, introducing a retransmission mechanism and carrying out data communication.
9. A controller network communication device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the controller network communication method according to any one of claims 1-7 when executing said computer program.
10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the controller network communication method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311175693.3A CN117176831A (en) | 2023-09-12 | 2023-09-12 | Controller network communication method, system, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311175693.3A CN117176831A (en) | 2023-09-12 | 2023-09-12 | Controller network communication method, system, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117176831A true CN117176831A (en) | 2023-12-05 |
Family
ID=88939275
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311175693.3A Pending CN117176831A (en) | 2023-09-12 | 2023-09-12 | Controller network communication method, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117176831A (en) |
-
2023
- 2023-09-12 CN CN202311175693.3A patent/CN117176831A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10547594B2 (en) | Systems and methods for implementing data communication with security tokens | |
| RU2554532C2 (en) | Method and device for secure data transmission | |
| CN111447276B (en) | Encryption continuous transmission method with key agreement function | |
| CN106357690B (en) | data transmission method, data sending device and data receiving device | |
| CN104717220A (en) | Control signaling secure transmission method based on hardware encryption | |
| CN113904809B (en) | Communication method, device, electronic equipment and storage medium | |
| US20230283479A1 (en) | Data Transmission Method and Apparatus, Device, System, and Storage Medium | |
| CN113904766A (en) | Encrypted communication method, device, equipment and medium | |
| CN114422205B (en) | Method for establishing network layer data tunnel of special CPU chip for electric power | |
| CN113221136B (en) | AIS data transmission method, AIS data transmission device, electronic equipment and storage medium | |
| CN108566379B (en) | Hidden data transmission synchronization method based on protocol field redundancy in P2P network | |
| CN111490874B (en) | Distribution network safety protection method, system, device and storage medium | |
| CN114003970A (en) | Hash chain-based low-overhead message integrity protection method | |
| CN113259096A (en) | Key online negotiation method and system suitable for communication environment of Internet of things | |
| WO2023036348A1 (en) | Encrypted communication method and apparatus, device, and storage medium | |
| CN117176831A (en) | Controller network communication method, system, equipment and medium | |
| CN113765900A (en) | Protocol interaction information output transmission method, adapter device and storage medium | |
| Groza et al. | On the use of one-way chain based authentication protocols in secure control systems | |
| Wang et al. | An OTA-oriented Protocol for Security Protection | |
| CN112953937B (en) | Communication end-to-end safety communication system of electric power trusted computing platform | |
| CN117201200B (en) | Data safety transmission method based on protocol stack | |
| CN116684203B (en) | Method and system for realizing ModbusTCP protocol security protection without code variation | |
| CN117579359A (en) | Electric power system end-to-end identity authentication method, data transmission method and system | |
| EP4354799A2 (en) | Cross-domain secure connect transmission method | |
| WO2023151427A1 (en) | Quantum key transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |