CN1960247A - Method for encrypting and decrypting industrial control data - Google Patents
Method for encrypting and decrypting industrial control data Download PDFInfo
- Publication number
- CN1960247A CN1960247A CN 200610160618 CN200610160618A CN1960247A CN 1960247 A CN1960247 A CN 1960247A CN 200610160618 CN200610160618 CN 200610160618 CN 200610160618 A CN200610160618 A CN 200610160618A CN 1960247 A CN1960247 A CN 1960247A
- Authority
- CN
- China
- Prior art keywords
- network equipment
- pseudo
- key
- key management
- random key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The method includes steps: (1) the security key (SK) management server generates a false random SK which length is at least one byte and sends it to the net device; (2) the source net device encrypts the sent data public code according to this false random SK and sends the secure data unit including the encrypted data to the destination net device; (3) the destination net device deciphers the encrypted data of the received secure data unit according to the false random SK. This encrypting/ deciphering method avoids destroying industry control data from the net destroyer and ensures effectively the safety of the industry Ether net. This method possesses a short calculation time and a little attached data. When applied in the industry control system net, it occupies few time for running program. The invnertion enhances the real-time feature of whole net transfer data greatly and raises the running efficiency of whole control system.
Description
Technical field
The present invention relates to the industrial automation field, relate to a kind of encrypting and decrypting method of industrial control data specifically.
Background technology
Industrial Ethernet is to be the standard ethernet of commercial Application Environment Design specially, it technically with commercial Ethernet compatibility.The three-layer network system that Industrial Ethernet is traditional with enterprise, be information management system, PMS and field apparatus integrator, make the transmission rate of data faster, real-time is higher, and it is seamless integrated with the internet, realize sharing of data with this, improved the overall operation efficient of factory.This shows that Industrial Ethernet will reach the demand of industry spot, just need to improve the performances such as adaptability, reliability and fail safe of Industrial Ethernet.
In the control system of applicable industry Ethernet, use Ethernet to connect between the field apparatus, field apparatus is connected to external network by Ethernet simultaneously, and the terminal use can visit field apparatus by Industrial Ethernet.But, the existence of this access mode also can cause the people of malicious sabotage system to use ripe ethernet technology that network is destroyed, make field apparatus and The whole control system in the control system face huge security risk and threat, be difficult to guarantee the security performance of Industrial Ethernet.Mainly there is following problem in Industrial Ethernet Control System on security performance:
In Industrial Ethernet field control network, if the saboteur inserts a rogue device, he can use the data of this equipment interception transmitter so, sampled data in the system or control data are distorted, and the data after will distorting send in the middle of the actuator, when actuator responds this malicious data, will cause the Industrial Ethernet system to produce danger; In the Industrial Ethernet monitor network, if the saboteur inserts a mobile computer or manual operator, be used for disguising oneself as engineer station or operator station in the control system, and the configuration info of malicious modification field control equipment will cause The whole control system to be in chaotic state; Because the equipment and the auxiliary equipment of industrial control system are reasonable inadequately in design, simultaneously since industry spot to the influences such as interference of these equipment, problems such as industrial data is faced with also in communication process that data corruption, data re-transmitting, loss of data, data are out of order, data time-delay, addressing error and unwarranted visit.
Based on the safety problem of above existence, Industrial Ethernet Control System can adopt paired domination number to improve the security performance of whole system according to the method for carrying out encrypting and decrypting; But, encrypting and decrypting method commonly used in the existing Ethernet is long computing time, additional data length is big, existing encrypting and decrypting method is applied in industrial control system when in service, because the data majority in the field control network is real-time control data, therefore real-time requires very high, and because the control appliance of field control network layer is subjected to intrinsic safety, anti-riot, the influence of factors such as hardware arithmetic speed, the encrypting and decrypting algorithm of requirement field control network layer can not be too complicated, otherwise can take very long program runtime, therefore in existing Industrial Ethernet Control System, use the operational efficiency that existing encrypting and decrypting method will reduce The whole control system.
Summary of the invention
The object of the present invention is to provide a kind of encrypting and decrypting method of industrial control data, be subjected to the problem of malicious sabotage easily with the data that solve network equipment transmission in the existing Industrial Ethernet, also solve simultaneously the existing method of application the data in the network have been carried out the real-time that encrypting and decrypting has influenced network data, and reduced the problem of The whole control system operational efficiency.
For solving the problems of the technologies described above, the invention provides following technical scheme:
A kind of encrypting and decrypting method of industrial control data comprises step:
A, Key Management server send to the network equipment with the pseudo-random key that the length that generates is at least a byte;
B, source network device are expressly encrypted sending data according to described pseudo-random key, and transmission comprises the secure data unit of enciphered data to the purpose network equipment;
C, the purpose network equipment are decrypted the enciphered data in the secure data unit that receives according to described pseudo-random key.
Described steps A comprises:
The length that A1, Key Management server are preserved described generation is at least the pseudo-random key of a byte and described pseudo-random key is sent to the network equipment;
A2, the network equipment are preserved the described pseudo-random key that receives and the version number of this pseudo-random key are set;
A3, the network equipment return the pseudo-random key assignment response to Key Management server, comprise the pseudo-random key that receives in the described assignment response;
A4, Key Management server inquire the network equipment and have returned assignment response in the response time, and the pseudo-random key in this assignment response and the pseudo-random key of described generation are inconsistent, and then Key Management server resends pseudo-random key to the described network equipment;
A5, repeating step A1, the pseudo-random key in assignment response is consistent with the pseudo-random key that described Key Management server generates.
In the described steps A 4 when Key Management server resends pseudo-random key and surpasses set point to the number of times of the network equipment,
Described Key Management server stops to send pseudo-random key, and sends network equipment error message to the engineer station.
Described step B comprises:
B1, source network device generate source complete safety data cell, and described source complete safety data cell comprises the transmission data expressly, the version number of pseudo-random key and pseudo-random key;
B2, source network device carry out verification to described source complete safety data cell and generate check code, and according to the pseudo-random key of preserving described transmission data are expressly encrypted generation transmission data ciphertext;
B3, source network device send the secure data unit that generates and arrive the purpose network equipment, and described secure data unit comprises version number and the check code that sends data ciphertext, pseudo-random key.
Described step C comprises:
C1, the purpose network equipment read the version number and the check code of pseudo-random key from the secure data unit that receives;
C2, when the version number of the described pseudo-random key that reads is consistent with the version number of current pseudo-random key in the purpose network equipment, this purpose network equipment generate to receive data expressly according to described pseudo-random key after to the transmission data decrypt ciphertext in the secure data unit;
C3, the described purpose network equipment generate purpose complete safety data cell, and described purpose complete safety data cell comprises the version number that receives data plaintext, pseudo-random key and pseudo-random key;
C4, the purpose network equipment carry out verification to described purpose complete safety data cell and generate check code, and judge when the check code that generates is consistent with the described check code that reads, and preserve described purpose complete safety data cell, otherwise,
This purpose network equipment abandons described purpose complete safety data cell.
Described step C2 also comprises:
When the version number of the described pseudo-random key that reads less than the purpose network equipment in the version number of current pseudo-random key and difference when consistent with set point, the described purpose network equipment generates after to the transmission data decrypt ciphertext in the secure data unit according to the pseudo-random key in the last cycle of preserving and receives data expressly;
When the version number of the described pseudo-random key that reads less than the purpose network equipment in the version number of current pseudo-random key and difference and set point when inconsistent, the described purpose network equipment abandons the secure data unit that receives.
Described step C2 also comprises:
When the version number of the described pseudo-random key that reads greater than the purpose network equipment in during the version number of current pseudo-random key, the secure data unit that described purpose network equipment buffer memory receives receives new pseudo-random key up to this purpose network equipment;
This purpose network equipment generates after to the transmission data decrypt ciphertext in the secure data unit of described buffer memory according to the new pseudo-random key that receives and receives data expressly.
Also comprise sequence number in the source complete safety data cell of described generation, secure data unit and the purpose complete safety data cell.
The described purpose network equipment judges that the sequence number of source network device in the secure data unit that receives is consistent with the sequence number of the purpose network equipment in the purpose complete safety data cell, and the described purpose network equipment is submitted purpose complete safety data cell to.
When receiving service in the network for the confirmation service,
The described purpose network equipment judges that the sequence number of the purpose network equipment in the sequence number of source network device in the secure data unit that receives and the purpose complete safety data cell is inconsistent, this purpose network equipment abandons purpose complete safety data cell, and the information of returning sequence numbers is to source network device.
When the service that receives in the network is served for non-confirmation,
The described purpose network equipment is judged the sequence number of the sequence number of source network device in the secure data unit that receives greater than the purpose network equipment in the purpose complete safety data cell, and this purpose network equipment abandons described purpose complete safety data cell.
When the service that receives in the network is served for non-confirmation,
The described purpose network equipment is judged the sequence number of the sequence number of source network device in the secure data unit that receives less than the purpose network equipment in the purpose complete safety data cell, and difference is greater than preset value, this purpose network equipment abandons described purpose complete safety data cell, otherwise
The described purpose network equipment is submitted purpose complete safety data cell to.
Also comprise between described steps A and the B:
Key Management server periodically sends the key management order to the network equipment, upgrades the pseudo-random key in the described network equipment.
Described Key Management server periodically sends the key management order to the network equipment, and the pseudo-random key of upgrading in the described network equipment comprises:
S1, Key Management server send the key management order that periodically generates at random and arrive the network equipment;
S2, when the key management command version of preserving in key management command version that the network equipment receives number and this network equipment is number inconsistent, the described network equipment is preserved the pseudo-random key in last cycle, upgrade pseudo-random key, the version number of pseudo-random key and the version number of key management order, and return response message to Key Management server;
S3, Key Management server inquire the network equipment and do not return response message in the response time, Key Management server resends the key management order to the described network equipment;
S4, repeating step S2 inquire the network equipment up to described Key Management server and have returned response message in the response time.
Described renewal pseudo-random key be specially according to the key management order that receives to described pseudo-random key carry out that key rotation moves to left, key rotation moves to right, key moves to left, key moves to right, in removing at least one of secret key bits setting or secret key bits;
The version number that the version number of described renewal pseudo-random key is specially this pseudo-random key adds up;
Described renewal key management command version number is specially preserves the key management command version that receives number.
Described step S2 also comprises:
When the key management command version of preserving in key management command version that the network equipment receives number and this network equipment was number consistent, the described network equipment returned response message to Key Management server.
Described step S3 also comprises: when Key Management server resends the key management order and surpasses set point to the number of times of the described network equipment,
Described Key Management server stops to send the key management order, and sends network equipment error message.
Described Key Management server is connected to monitor network, comprises the Key Management server and the Status of Backups Key Management server of operating state; When the Key Management server of described operating state can't operate as normal, the Key Management server of Status of Backups switched to the Key Management server of operating state.
By above technical scheme provided by the invention as seen, the present invention has following characteristics and advantage:
Use encrypting and decrypting method of the present invention, no matter make still is in the Industrial Ethernet monitor network in Industrial Ethernet field control network, the Web Grafiti person can't distort the data of encrypting, and the data of using after distorting are controlled the network equipment, effectively guaranteed the network security of Industrial Ethernet, made the The whole control system can stable operation;
Encrypting and decrypting method of the present invention is short computing time, additional data is little, when being applied in the network of industrial control system, takies few program runtime, strengthen the real-time of whole transmitted data on network greatly, improved the operational efficiency of The whole control system.
Description of drawings
Fig. 1 is the control system structure chart based on Industrial Ethernet;
Fig. 2 is the flow chart of the preferred embodiment of the present invention;
Fig. 3 sends the flow chart of pseudo-random key to the network equipment for Key Management server of the present invention;
Fig. 4 sends the flow chart of key management order to the network equipment for Key Management server of the present invention;
Fig. 5 is the structure chart of key management order of the present invention;
Fig. 6 sends the flow chart of security protocol data cell for source network device of the present invention;
Fig. 7 is the structure chart of source of the present invention complete safety data cell;
Fig. 8 is the structure chart of secure data of the present invention unit;
Fig. 9 receives the flow chart of secure data unit for the object of the invention network equipment;
Figure 10 is the decision flow chart of sequence numbers match in the object of the invention network equipment.
Embodiment
Core of the present invention provides a kind of encrypting and decrypting method of industrial control data, after the pseudo-random key that Key Management server is at least a byte with the length that generates sends to the network equipment, source network device is expressly encrypted sending data according to pseudo-random key, and send comprise enciphered data the secure data unit to the purpose network equipment, the purpose network equipment is decrypted the enciphered data in the secure data unit that receives according to pseudo-random key.
In order to make those skilled in the art person understand the present invention program better, the present invention is described in further detail below in conjunction with drawings and embodiments.
The control system structure that the present invention is based on Industrial Ethernet is as shown in Figure 1:
In Fig. 1, the bridge 107 of the Key Management server 102 of operating state, the Key Management server 103 of Status of Backups, monitoring station 104, operator station 105, engineer station 106 and connection field control network 108 is connected respectively in the monitor network 101, and the field apparatus 109 of Industrial Ethernet Control System is connected respectively on the field control network 108.
Wherein, Key Management server is a redundant configuration, and they adopt hard wired mode to carry out data communication and data monitoring; The Key Management server of operating state is responsible for distributing and the renewal pseudo-random key to the network equipment, when netinit, this server is distributed pseudo-random key unitedly to the network equipment, periodically updates the pseudo-random key of the network equipment in the Industrial Ethernet Control System running; When the Key Management server of operating state can't operate as normal, the Key Management server of Status of Backups at first interrupts the work of the Key Management server of this operating state, simultaneously self is switched to operating state, continue to carry out the work of Key Management server.Monitoring station is monitored the abnormal conditions in the Industrial Ethernet Control System, and operator station operates and is provided with the network equipment as required.
Be connected to the pseudo-random key that sends according to the Key Management server that receives between each field apparatus of field control network, communication data is carried out encryption and decryption, improved in the Industrial Ethernet network safety of data transmission and real-time between each network equipment.When the transfer of data communication between the network equipment was broken down, the network equipment sent the error message of transfer of data to the engineer station.
The flow process of the preferred embodiment of the present invention is as shown in Figure 2:
Step 201: Key Management server sends pseudo-random key to the network equipment.
Key Management server is preserved the length that generates and is at least the pseudo-random key of a byte and this pseudo-random key is sent to the network equipment, the network equipment is preserved pseudo-random key that receives and the version number that this pseudo-random key is set, and the network equipment returns the assignment response that comprises pseudo-random key and arrives Key Management server; Key Management server inquires the network equipment and has returned assignment response in the response time, then Key Management server judges whether the pseudo-random key in the assignment response is consistent with the pseudo-random key of generation, if the inconsistent pseudo-random key that then resends is in the network equipment, the pseudo-random key in assignment response is consistent with the pseudo-random key that described Key Management server generates.
Step 202: Key Management server periodically sends the key management order to the network equipment.
Key Management server sends the key management order that periodically generates at random and arrives the network equipment; When the key management command version of preserving in the version number of the key management order that the network equipment receives and this network equipment is number inconsistent, this network equipment is preserved the pseudo-random key in last cycle, and renewal pseudo-random key, the version number of the version number of pseudo-random key and key management order returns response message to Key Management server simultaneously; Key Management server inquires the network equipment and does not return response message in the response time, then Key Management server resends the key management order to this network equipment, inquires this network equipment up to Key Management server in the response time and has returned response message.
Step 203: source network device will comprise the data cell of encrypting ciphertext and sequence number and send to the purpose network equipment.
Source network device generates source complete safety data cell, source network device carries out verification to this source complete safety data cell and generates check code, and according to the pseudo-random key of preserving the transmission data that comprise in the complete safety data cell of source are expressly encrypted to generate and send the data ciphertext, source network device sends the secure data unit that comprises this transmissions data ciphertext and arrives the purpose network equipment.
Step 204: the purpose network equipment is decrypted the ciphertext in the data cell that receives and generates data expressly.
The purpose network equipment reads version number, check code and the sequence number of pseudo-random key from the secure data unit that receives; The purpose network equipment judges that when the version number of the pseudo-random key that reads is consistent with the version number of current pseudo-random key in this equipment this purpose network equipment generates the transmission data decrypt ciphertext in the secure data unit according to pseudo-random key and receives data expressly.
After the purpose network equipment generates purpose complete safety data cell, this purpose complete safety data cell is carried out verification generate check code, the mode of verification can for very/even parity check, CRC (cyclic redundancy) verification and verification, digital signature etc., in same Industrial Ethernet Control System, the essential use with a kind of method of calibration; This purpose network equipment was judged when this check code is consistent with the check code that reads after check code generated, the purpose complete safety data cell that preservation generates, otherwise this purpose complete safety data cell is abandoned.
The flow process that Key Management server of the present invention sends pseudo-random key to the network equipment is as shown in Figure 3:
Step 301: Key Management server generates length and is the pseudo-random key of four bytes and preserves this pseudo-random key.
Step 302: Key Management server sends to the network equipment with the pseudo-random key that generates.
These network equipments comprise engineer station, operator station, the monitoring station that is connected on the monitor network and are connected to all field apparatuss on the field control network.
Step 303: the network equipment is preserved the pseudo-random key of reception and is returned assignment response to Key Management server, comprises the pseudo-random key that receives in this assignment response.
Step 304: whether the network equipment returns assignment response in 1 second response time of Key Management server inquiry, and if not, then execution in step 305; If then execution in step 308.
Step 305: whether the number of times that the Key Management server inquiry resends pseudo-random key surpasses set point 3 times, if then execution in step 306; Otherwise, execution in step 307.
Step 306: Key Management server stops to send pseudo-random key and returns network equipment error message, process ends to the engineer station.
Step 307: Key Management server resends pseudo-random key to corresponding network device, and execution in step 303 then.
Step 308: Key Management server judges whether the pseudo-random key in the assignment response is consistent with the pseudo-random key of self preserving, and if not, then returns step 305; Otherwise, process ends.
The flow process that Key Management server of the present invention sends the key management order to the network equipment is as shown in Figure 4:
Step 401: the Key Management server cycle sends the key management order that generates at random and arrives all-network equipment.
The key management imperative structures that Key Management server sends as shown in Figure 5, the key management order is made up of cipher key management operation instruction 501 and key management command version numbers 502.Cipher key management operation instruction comprises that key rotation moves to left, key rotation moves to right, key moves to left, key moves to right, secret key bits setting and secret key bits are removed.
Step 402: the network equipment receives the key management order, and preserves this key management order.
Step 403: the network equipment judges whether the key management command version of the key management command version receive number and self preservation is number consistent, if then execution in step 404; Otherwise, execution in step 408.
Step 404: the network equipment returns response message to Key Management server.
Step 405: whether Key Management server requester network equipment in 1 second response time returns response message, and if not, then execution in step 406, otherwise, process ends.
Step 406: whether the Key Management server judgement surpasses set point 3 times to the number of times of network equipment transmission key management order again, if then execution in step 407; Otherwise, execution in step 409.
Step 407: Key Management server stops to send the key management order to the network equipment, and returns error message to the engineer station, then process ends.
Step 408: the network equipment upgrades pseudo-random key, and the version number of pseudo-random key, and the version number of key management order return step 404 then.
Wherein, upgrading pseudo-random key is that the pseudo-random key of last one-period is carried out corresponding operating according to the operational order in the key management order, comprises that key rotation moves to left, key rotation moves to right, key moves to left, key moves to right, cipher key location setting and secret key bits remove; The version number that upgrades pseudo-random key version number and be original pseudo-random key adds up; The version number that upgrades the key management order is the version number that preserves the key management order that receives.
Step 409: Key Management server resends the key management order to corresponding network device, returns step 402 then.
The flow process that source network device of the present invention sends the security protocol data cell is as shown in Figure 6:
Step 601: source network device generates source complete safety data cell.
The structure of the source complete safety data cell that source network device generates as shown in Figure 7, the source complete safety data cell among Fig. 7 is by sending data expressly 701, pseudo-random key 702, the version number 703 of pseudo-random key, and sequence number 704 (can be default) is formed.
Step 602: source network device carries out CRC (cyclic redundancy) verification to source complete safety data cell and generates check code.
Step 603: source network device carries out encryption according to the pseudo-random key of preserving to the plaintext that sends data and generates transmission data ciphertext.
Step 604: source network device generates the secure data unit.
The structure of the secure data unit that source network device generates as shown in Figure 8, the secure data unit among Fig. 8 is by sending data ciphertext 801, cyclic redundancy check (CRC) code 802, the version number 703 of pseudo-random key, and sequence number 704 (can be default) is formed.
Step 605: source network device sends the secure data unit to the purpose network equipment.
The flow process that the object of the invention network equipment receives the secure data unit is as shown in Figure 9:
Step 901: the purpose network equipment reads the version number and the CRC check sign indicating number of pseudo-random key from the secure data unit that receives.
Step 902: the purpose network equipment compares the version number of the pseudo-random key in the secure data unit and the version number of the pseudo-random key in this equipment, if the version number of the pseudo-random key that reads is less than the version number of the pseudo-random key in this equipment, execution in step 903; If the version number of the pseudo-random key that reads equals the version number of the pseudo-random key in this equipment, execution in step 905; If the version number of the pseudo-random key that reads is greater than the version number of the pseudo-random key in this equipment, execution in step 906.
Step 903: the purpose network equipment judges whether the version number of the pseudo-random key that reads and version number's difference of the pseudo-random key in this equipment are 1, if then execution in step 904; Otherwise, execution in step 911.
Step 904: the purpose network equipment is according to the pseudo-random key data decryption ciphertext of last one-period, and execution in step 908 then.
Step 905: the purpose network equipment is according to the pseudo-random key data decryption ciphertext of preserving, and execution in step 908 then.
Step 906: purpose network equipment buffer memory secure data unit, the version number of the pseudo-random key in the version number that receives new pseudo-random key and this equipment is consistent.
Step 907: the purpose network equipment is according to new pseudo-random key data decryption ciphertext.
Step 908: the purpose network equipment generates purpose complete safety data cell.
Wherein, the structural similarity of the structure of purpose complete safety data cell and source complete safety data cell is by receiving data expressly, pseudo-random key, the version number of pseudo-random key, and sequence number (can be default) composition.
Step 909: the purpose network equipment carries out CRC check to purpose complete safety data cell, generates the CRC check sign indicating number.
Step 910: the purpose network equipment judges whether the CRC check sign indicating number of verification generation is consistent with the CRC check sign indicating number that this equipment reads, and if not, then execution in step 911; Otherwise, process ends.
Step 911: the purpose network equipment abandons the complete safety data cell.
The judgement flow process of sequence numbers match is as shown in figure 10 in the object of the invention network equipment:
Step 1001: the purpose network equipment judges whether the sequence number of expection existence in the sequence number read and this equipment is consistent, and if not, then execution in step 1002; Otherwise, execution in step 1006.
Carrying out sequence numbers match after the verification of secure data unit judges, the expected sequence number that sequence number by will receiving data and security protocol data cell receive compares, and is used for judging whether the security protocol data cell in transmission course loss of data, data re-transmitting takes place, data are out of order with fault such as postpone to communicate by letter.
Step 1002: the purpose network equipment judges that the service of reception is to confirm that service also is non-confirmation service, if non-confirmation service, then execution in step 1003; If confirm service, execution in step 1005.
Step 1003: whether the purpose network equipment judges the sequence number that reads greater than expecting the sequence number that exists in this equipment, and if not, then execution in step 1004; Otherwise, execution in step 1005.
Step 1004: whether the sequence number difference that expection exists in the sequence number that the judgement of the purpose network equipment is read and this equipment is greater than set point 2, if then execution in step 1005; Otherwise, execution in step 1006.
Step 1005: the purpose network equipment abandons purpose complete safety data cell and returns error message to serving the initiator.
Step 1006: the purpose network equipment is submitted purpose complete safety data cell to.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (18)
1, a kind of encrypting and decrypting method of industrial control data is characterized in that, comprises step:
A, Key Management server send to the network equipment with the pseudo-random key that the length that generates is at least a byte;
B, source network device are expressly encrypted sending data according to described pseudo-random key, and transmission comprises the secure data unit of enciphered data to the purpose network equipment;
C, the purpose network equipment are decrypted the enciphered data in the secure data unit that receives according to described pseudo-random key.
2, method according to claim 1 is characterized in that, described steps A comprises:
The length that A1, Key Management server are preserved described generation is at least the pseudo-random key of a byte and described pseudo-random key is sent to the network equipment;
A2, the network equipment are preserved the described pseudo-random key that receives and the version number of this pseudo-random key are set;
A3, the network equipment return the pseudo-random key assignment response to Key Management server, comprise the pseudo-random key that receives in the described assignment response;
A4, Key Management server inquire the network equipment and have returned assignment response in the response time, and the pseudo-random key in this assignment response and the pseudo-random key of described generation are inconsistent, and then Key Management server resends pseudo-random key to the described network equipment;
A5, repeating step A1, the pseudo-random key in assignment response is consistent with the pseudo-random key that described Key Management server generates.
3, method according to claim 2 is characterized in that, in the described steps A 4 when Key Management server resends pseudo-random key and surpasses set point to the number of times of the network equipment,
Described Key Management server stops to send pseudo-random key, and sends network equipment error message to the engineer station.
4, method according to claim 1 is characterized in that, described step B comprises:
B1, source network device generate source complete safety data cell, and described source complete safety data cell comprises the transmission data expressly, the version number of pseudo-random key and pseudo-random key;
B2, source network device carry out verification to described source complete safety data cell and generate check code, and according to the pseudo-random key of preserving described transmission data are expressly encrypted generation transmission data ciphertext;
B3, source network device send the secure data unit that generates and arrive the purpose network equipment, and described secure data unit comprises version number and the check code that sends data ciphertext, pseudo-random key.
5, method according to claim 1 is characterized in that, described step C comprises:
C1, the purpose network equipment read the version number and the check code of pseudo-random key from the secure data unit that receives;
C2, when the version number of the described pseudo-random key that reads is consistent with the version number of current pseudo-random key in the purpose network equipment, this purpose network equipment generate to receive data expressly according to described pseudo-random key after to the transmission data decrypt ciphertext in the secure data unit;
C3, the described purpose network equipment generate purpose complete safety data cell, and described purpose complete safety data cell comprises the version number that receives data plaintext, pseudo-random key and pseudo-random key;
C4, the purpose network equipment carry out verification to described purpose complete safety data cell and generate check code, and judge when the check code that generates is consistent with the described check code that reads, and preserve described purpose complete safety data cell, otherwise,
This purpose network equipment abandons described purpose complete safety data cell.
6, method according to claim 5 is characterized in that, described step C2 also comprises:
When the version number of the described pseudo-random key that reads less than the purpose network equipment in the version number of current pseudo-random key and difference when consistent with set point, the described purpose network equipment generates after to the transmission data decrypt ciphertext in the secure data unit according to the pseudo-random key in the last cycle of preserving and receives data expressly;
When the version number of the described pseudo-random key that reads less than the purpose network equipment in the version number of current pseudo-random key and difference and set point when inconsistent, the described purpose network equipment abandons the secure data unit that receives.
7, method according to claim 5 is characterized in that, described step C2 also comprises:
When the version number of the described pseudo-random key that reads greater than the purpose network equipment in during the version number of current pseudo-random key, the secure data unit that described purpose network equipment buffer memory receives receives new pseudo-random key up to this purpose network equipment;
This purpose network equipment generates after to the transmission data decrypt ciphertext in the secure data unit of described buffer memory according to the new pseudo-random key that receives and receives data expressly.
8, according to claim 4 or 5 described methods, it is characterized in that, also comprise sequence number in the source complete safety data cell of described generation, secure data unit and the purpose complete safety data cell.
9, method according to claim 8, it is characterized in that, the described purpose network equipment judges that the sequence number of source network device in the secure data unit that receives is consistent with the sequence number of the purpose network equipment in the purpose complete safety data cell, and the described purpose network equipment is submitted purpose complete safety data cell to.
10, method according to claim 9 is characterized in that, when receiving service in the network for the confirmation service,
The described purpose network equipment judges that the sequence number of the purpose network equipment in the sequence number of source network device in the secure data unit that receives and the purpose complete safety data cell is inconsistent, this purpose network equipment abandons purpose complete safety data cell, and the information of returning sequence numbers is to source network device.
11, method according to claim 9 is characterized in that, when the service that receives in the network is served for non-confirmation,
The described purpose network equipment is judged the sequence number of the sequence number of source network device in the secure data unit that receives greater than the purpose network equipment in the purpose complete safety data cell, and this purpose network equipment abandons described purpose complete safety data cell.
12, method according to claim 9 is characterized in that, when the service that receives in the network is served for non-confirmation,
The described purpose network equipment is judged the sequence number of the sequence number of source network device in the secure data unit that receives less than the purpose network equipment in the purpose complete safety data cell, and difference is greater than preset value, this purpose network equipment abandons described purpose complete safety data cell, otherwise
The described purpose network equipment is submitted purpose complete safety data cell to.
13, method according to claim 1 is characterized in that, also comprises between described steps A and the B:
Key Management server periodically sends the key management order to the network equipment, upgrades the pseudo-random key in the described network equipment.
14, method according to claim 13 is characterized in that, described Key Management server periodically sends the key management order to the network equipment, and the pseudo-random key of upgrading in the described network equipment comprises:
S1, Key Management server send the key management order that periodically generates at random and arrive the network equipment;
S2, when the key management command version of preserving in key management command version that the network equipment receives number and this network equipment is number inconsistent, the described network equipment is preserved the pseudo-random key in last cycle, upgrade pseudo-random key, the version number of pseudo-random key and the version number of key management order, and return response message to Key Management server;
S3, Key Management server inquire the network equipment and do not return response message in the response time, Key Management server resends the key management order to the described network equipment;
S4, repeating step S2 inquire the network equipment up to described Key Management server and have returned response message in the response time.
15, method according to claim 14, it is characterized in that, described renewal pseudo-random key be specially according to the key management order that receives to described pseudo-random key carry out that key rotation moves to left, key rotation moves to right, key moves to left, key moves to right, in removing at least one of secret key bits setting or secret key bits;
The version number that the version number of described renewal pseudo-random key is specially this pseudo-random key adds up;
Described renewal key management command version number is specially preserves the key management command version that receives number.
16, method according to claim 13 is characterized in that, described step S2 also comprises:
When the key management command version of preserving in key management command version that the network equipment receives number and this network equipment was number consistent, the described network equipment returned response message to Key Management server.
17, method according to claim 13 is characterized in that, described step S3 also comprises: when Key Management server resends the key management order and surpasses set point to the number of times of the described network equipment,
Described Key Management server stops to send the key management order, and sends network equipment error message.
18, method according to claim 1 is characterized in that, described Key Management server is connected to monitor network, comprises the Key Management server and the Status of Backups Key Management server of operating state; When the Key Management server of described operating state can't operate as normal, the Key Management server of Status of Backups switched to the Key Management server of operating state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610160618A CN100596350C (en) | 2006-11-29 | 2006-11-29 | Method for encrypting and decrypting industrial control data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610160618A CN100596350C (en) | 2006-11-29 | 2006-11-29 | Method for encrypting and decrypting industrial control data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1960247A true CN1960247A (en) | 2007-05-09 |
| CN100596350C CN100596350C (en) | 2010-03-31 |
Family
ID=38071753
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610160618A Expired - Fee Related CN100596350C (en) | 2006-11-29 | 2006-11-29 | Method for encrypting and decrypting industrial control data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100596350C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105117302A (en) * | 2015-07-24 | 2015-12-02 | 厦门宇高信息科技有限公司 | Verification method for data destruction of storage medium |
| CN111722831A (en) * | 2020-05-07 | 2020-09-29 | 中山大学 | Encryption system and implementation method thereof |
| CN112637176A (en) * | 2020-12-17 | 2021-04-09 | 山东云天安全技术有限公司 | Industrial network data isolation method, device and storage medium |
| CN113169865A (en) * | 2019-02-15 | 2021-07-23 | 三菱动力株式会社 | Control device, industrial control system, and encryption key life prolonging method |
-
2006
- 2006-11-29 CN CN200610160618A patent/CN100596350C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105117302A (en) * | 2015-07-24 | 2015-12-02 | 厦门宇高信息科技有限公司 | Verification method for data destruction of storage medium |
| CN105117302B (en) * | 2015-07-24 | 2017-12-29 | 厦门宇高信息科技有限公司 | A kind of method of calibration for storage medium data destroying |
| CN113169865A (en) * | 2019-02-15 | 2021-07-23 | 三菱动力株式会社 | Control device, industrial control system, and encryption key life prolonging method |
| CN113169865B (en) * | 2019-02-15 | 2024-01-09 | 三菱重工业株式会社 | Control device, industrial control system, and encryption key lifetime extension method |
| CN111722831A (en) * | 2020-05-07 | 2020-09-29 | 中山大学 | Encryption system and implementation method thereof |
| CN111722831B (en) * | 2020-05-07 | 2024-03-19 | 中山大学 | Encryption system and implementation method thereof |
| CN112637176A (en) * | 2020-12-17 | 2021-04-09 | 山东云天安全技术有限公司 | Industrial network data isolation method, device and storage medium |
| CN112637176B (en) * | 2020-12-17 | 2021-08-20 | 山东云天安全技术有限公司 | Industrial network data isolation method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100596350C (en) | 2010-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2885739B1 (en) | System and method for providing a secure computational environment | |
| CN101056171A (en) | An encryption communication method and device | |
| CN1949765A (en) | Method and system for obtaining SSH host computer public key of device being managed | |
| CN101068207A (en) | Communication structure, packet exchange, network node and data packet transmission method | |
| CN1553349A (en) | Safety chip and information safety processor and processing method | |
| CN1857024A (en) | Enhanced security design for cryptography in mobile communication systems | |
| CN1946019A (en) | Network device, network system and method for updating a key | |
| CN1992585A (en) | Method and apparatus for secure communication between user facility and internal network | |
| CN1879435A (en) | Method and apparatus to inline encryption and decryption for a wireless station | |
| CN1866870A (en) | Software validity checking system and method based on device management protocol | |
| CN1901512A (en) | Information communication system, information communication apparatus and method, and computer program | |
| CN1885836A (en) | Information filtering and secret-keeping method and apparatus in instantaneous communication | |
| CN101047978A (en) | Method for updating key in user's set | |
| CN101060454A (en) | Proxy access method, control network equipment and proxy access system | |
| CN1689268A (en) | Encrypted data reception device and decryption key updating method | |
| CN1642082A (en) | Content transmission apparatus, content reception apparatus and content transmission method | |
| CN1941695A (en) | Method and system for generating and distributing key during initial access network process | |
| CN1960247A (en) | Method for encrypting and decrypting industrial control data | |
| CN101047505A (en) | Method and system for setting safety connection in network application PUSH service | |
| CN1627682A (en) | Method for creating dynamic cipher at time of building connection in network transmission | |
| CN101060404A (en) | A method and system protecting the wireless network against the replay attack | |
| CN1864386A (en) | Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains | |
| CN1897520A (en) | Method and system for verifying telecommunication safety | |
| CN1901478A (en) | Network managing method based on SNMP | |
| CN1929373A (en) | Industrial safety control system and control method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100331 Termination date: 20181129 |