CN218633970U - Industrial control safety protection terminal - Google Patents
Industrial control safety protection terminal Download PDFInfo
- Publication number
- CN218633970U CN218633970U CN202223169790.5U CN202223169790U CN218633970U CN 218633970 U CN218633970 U CN 218633970U CN 202223169790 U CN202223169790 U CN 202223169790U CN 218633970 U CN218633970 U CN 218633970U
- Authority
- CN
- China
- Prior art keywords
- module
- control
- communication module
- industrial
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model belongs to the technical field of industrial control safety, and particularly discloses an industrial control safety protection terminal, which comprises a control module, a serial port communication module, a credible measurement module and a network communication module; the control module comprises three input and output control ends; the serial port communication module is used for transmitting the industrial control equipment information to the credibility measuring module through the internal communication bus via the first input/output control end of the control module; the credibility measurement module is used for monitoring a credibility process of the industrial control equipment according to the industrial control equipment information output by the second input/output control end; one end of the network communication module is connected with the third input/output control end of the control module, the other end of the network communication module is used for being connected with an external server, the network communication module is used for transmitting the credibility value to the server, and the server is used for judging the current credibility of the industrial control equipment and feeding the current credibility value back to the control module so as to perform safety prevention and control.
Description
Technical Field
The utility model belongs to the technical field of industry control safety, more specifically relates to an industry control safety protection terminal.
Background
With the continuous acceleration of industrial intelligent, digital and networking processes, the threats to industrial control safety are increasing, and how to solve the industrial control safety problem becomes a serious challenge for enterprises.
In the already-occurred industrial control security events, about 60% of the industrial control security events are caused by the attack of the industrial terminal, and therefore, the terminal security of the industrial control network is an important component of the whole security protection. The real important resource in industrial production is stored in the server or the local terminal, when hacker or unknown threat (such as virus) starts attack, the industrial control terminal is often "in distress" first, thereby causing the paralysis of the whole industrial control system, and a trusted gateway system of the industrial control system is disclosed in patent CN205670253U, which solves the security problem faced by the external connection of the industrial network by carrying out intrusion detection, encryption and the like on the system data information.
As is known, an industrial control system has a certain particularity, and software processes of terminals such as an operation station and an engineer station of each control system (DCS/SCADA/PLC/SIS, etc.) cannot be effectively identified and managed only by using general antivirus software, which means that it is difficult to use a conventional security product for protection. The traditional industrial control network side focuses on industrial firewalls, IPSs and the like, and focuses more on boundary security, but the problem of security protection of a network exit gateway type is solved, and the terminal security is not really involved.
SUMMERY OF THE UTILITY MODEL
To prior art's defect, the utility model aims to provide an industrial control safety protection terminal mainly solves the problem that industrial control equipment process can't carry out comprehensive effective discernment and management.
In order to realize the purpose, the utility model provides an industrial control safety protection terminal, include: the control module comprises three input and output control ends which are respectively marked as a first input and output control end, a second input and output control end and a third input and output control end;
one end of the serial port communication module is connected with industrial control equipment to be protected, the other end of the serial port communication module is connected to a first input/output control end of the control module, and the serial port communication module is used for transmitting information of the industrial control equipment to the credibility measurement module through an internal communication bus via the control module;
the credibility measurement module is connected with a second input/output control end of the control module and used for monitoring a credibility process of the industrial control equipment according to the industrial control equipment information output by the second input/output control end, generating a credibility measurement value and encrypting the credibility measurement value;
one end of the network communication module is connected with the third input/output control end of the control module, the other end of the network communication module is used for being connected with an external server, the network communication module is used for transmitting the credibility value to the server, and the server is used for judging the current credibility of the industrial control equipment and feeding the current credibility value back to the control module so as to perform safety prevention and control.
Furthermore, the safety protection terminal further comprises a virus checking and killing module, the control module further comprises a fourth input/output control end, the virus checking and killing module is connected with the fourth input/output control end, and the virus checking and killing module performs virus checking and killing on the industrial control equipment according to the safety prevention and control signals output by the fourth input/output control end so as to realize active defense of the industrial control equipment.
Further, the network communication module is a wireless communication module or a wired communication module.
Further, the wireless communication module comprises a 4G module, a 5G module or a WiFi module.
Further, the serial port communication module has a model number of MAX232.
Further, the control module is an stm32 single chip microcomputer.
Further, the network communication module is an NE16E/08E/05 router.
Further, the credibility measurement module is a Z32H330TC credible computing chip.
Through the utility model discloses above technical scheme who thinks, compare with prior art, mainly possess following advantage:
1. the utility model discloses an industrial control equipment safety protection terminal through setting up credible measurement module, can carry out credible measurement to the operation process of industrial control equipment, and generate credible calculation process measurement information list, and current credible calculation process measurement information list and the white list of prestoring are compared to external server, and then can realize the real-time credible process's of industrial control equipment initiative management control through comparing information.
2. The utility model discloses an industrial control equipment safety protection terminal still is provided with virus checking and killing module, based on the checking and killing of the module is checked and killed to measurement information cooperation virus of credible measurement module, can effectively stop unknown malicious procedure and start, provides the safe operation guarantee for industrial control equipment's network safety.
3. The utility model discloses a credible measurement module in industrial control equipment safety protection terminal is the credible chip that calculates of Z32H330TC, because the credible measurement value in the modification module can't visit to outside procedure, even consequently, industrial control equipment has infected the virus, perhaps malicious code has even had tampered with industrial control equipment's operation software, but it also can't modify credible measurement value in the platform configuration register among the credible measurement module, this risk still can be found at the safety protection terminal, the defense effect is better.
Drawings
Fig. 1 is a schematic structural view of a safety protection terminal of industrial control equipment provided by an embodiment of the present invention;
fig. 2 is a schematic connection diagram of a control module according to an embodiment of the present invention;
fig. 3 is a schematic diagram of the serial port communication module connection provided by the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly understood, the present invention will be further described in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, the schematic structural diagram of the industrial Control security protection terminal in this embodiment includes a Control Module, a virus killing Module, and a Trusted Platform Control Module (TPCM), where:
the control module comprises four input and output control ends which are respectively marked as a first input and output control end, a second input and output control end, a third input and output control end and a fourth input and output control end;
one end of the serial port communication module is connected with the industrial control equipment to be protected, the other end of the serial port communication module is connected to a first input/output control end of the control module, and the serial port communication module is used for scanning the information of the industrial control equipment and then transmitting the information of the industrial control equipment to the credibility measurement module through the control module through the internal communication bus;
the credibility measurement module is connected with a second input/output control end of the control module and used for monitoring a credibility process of the industrial control equipment according to the industrial control equipment information output by the second input/output control end, generating a credibility measurement value and encrypting the credibility measurement value; specifically, the industrial control equipment information includes, but is not limited to, information such as functions of the industrial control equipment, risk factors of the industrial control equipment, and security level requirements;
one end of the network communication module is connected with the third input/output control end of the control module, the other end of the network communication module is used for being connected with an external server, and the network communication module is used for transmitting the credibility metric value to the server; the server is used for judging the current credibility of the industrial control equipment and feeding the current credibility back to the control module so as to perform safety prevention and control.
In a preferred embodiment, the safety protection terminal further includes a virus checking and killing module, the control module further includes a fourth input/output control terminal, the virus checking and killing module is connected to the fourth input/output control terminal of the control module, and the virus checking and killing module performs virus checking and killing on the industrial control equipment according to the safety protection and control signal output by the fourth input/output control terminal, so as to realize active defense of the industrial control equipment.
In a preferred embodiment, the network communication module is a wireless communication module or a wired communication module, and can be freely selected according to actual conditions, so that the application range of the safety protection terminal is wider.
In a more preferred embodiment, the wireless communication module includes a 4G module, a 5G module, or a WiFi module, which can cope with different network environments.
In a preferred embodiment, the serial port communication module has a model number MAX232, and the connection manner between the serial port communication module and the control module is as shown in fig. 3, so that information intercommunication between the serial port communication module and the control module can be realized.
In a preferred embodiment, the network communication module is an NE16E/08E/05 router, which can provide a strong processing capability in networking, and can be used as a core router for construction of a core network and a broadband metropolitan area network; in addition, the NE16E/08E/05 router provides various interface types and rich access services, has the characteristics of high bandwidth and high access density, can be used in a network convergence layer and provides various access services.
In a preferred embodiment, the control module is an stm32 single chip microcomputer, as shown in fig. 2, the control module is connected with the trusted measurement module through an SPI bus, and the single chip microcomputer is provided with a plurality of peripheral interfaces and also provides standard interfaces the same as those of other stm32 single chip microcomputers, so that the peripheral universality improves the application sensitivity of the whole product.
In a preferred embodiment, the trusted measurement module is a Z32H330TC trusted computing chip, which can perform trusted measurement on an industrial control software process in the industrial control device, perform encryption operation and storage on measurement information, and configure a trusted computing process measurement information list, that is, on the one hand, store a measurement value, and on the other hand, provide a security report to an upper layer; the credibility measurement module encrypts the calculated credibility measurement information and feeds the information back to the control module, and the control module transmits the information to an external server based on the network communication module.
As shown in fig. 3, the control module and the network communication module are in communication connection through an RX signal line and a TX signal line, so that the industrial control device can perform active security control based on the current credibility.
The utility model discloses the credible measurement module that sets up has improved industrial control equipment security configuration with virus checking and killing module, and the safety base line of unified industrial control equipment has strengthened industrial control equipment's safety protection ability, solves the problem that leads to the virus to get into industrial control network environment and propagate because of the USB flash disk abuse among the data exchange process, has improved industrial control equipment's initiative defense ability and network security.
After the industrial control safety protection terminal is connected with the industrial control equipment, the utility model can carry out credible measurement on the industrial control software process by using a credible measurement module and carry out encryption operation and storage on measurement information; in the trusted measurement module, a TPCM module entity is a trusted root of the trusted measurement module, and the trusted measurement module entity internally comprises a trusted measurement Root (RTM), a trusted storage Root (RTS) and a trusted report root (RTR), wherein the RTS and the RTR are positioned in a trusted platform crypto module (TCM) built in the TPCM module and are simultaneously physically protected by the TPCM module; meanwhile, a control interface exists between the trusted measurement root of the TPCM and the control module, and the TPCM can be provided with an extended measurement module to realize the integrity measurement of the execution component and ensure the trusted transmission.
In addition, the storage of the trusted measurement module is consistent with the normal trusted storage, namely, a region is specially opened up in a TPM memory in the trusted measurement module to be used as a Platform Configuration Register (PCR) for storing the trusted measurement value, and an external program of data in the region cannot access and modify the trusted measurement value, so that even if the industrial control equipment is infected by virus, malicious codes cannot modify the running software of the industrial control equipment, but cannot modify the trusted measurement value in the PCR.
After industrial control equipment infects the virus, will the utility model discloses an industrial control safety protection terminal inserts infected industrial control equipment, and credible measurement value that credible measurement module can the automatic generation industrial control equipment file, and control module sends the virus killing instruction according to credible measurement value, and virus checking and killing module carries out the virus killing based on control instruction, avoids malicious code process to start, operating system kernel leak, potential safety hazards such as USB misuse abuse, realizes the initiative defense, provides the safe operation guarantee for industrial control network security.
The above description is only exemplary of the present invention and should not be construed as limiting the present invention, and any modifications, equivalents and improvements made within the spirit and principles of the present invention are intended to be included within the scope of the present invention.
Claims (8)
1. The utility model provides an industrial control safety protection terminal which characterized in that includes: the device comprises a control module, a serial port communication module, a credibility measurement module and a network communication module;
the control module comprises three input and output control ends which are respectively marked as a first input and output control end, a second input and output control end and a third input and output control end;
one end of the serial port communication module is connected with industrial control equipment to be protected, the other end of the serial port communication module is connected to a first input/output control end of the control module, and the serial port communication module is used for transmitting information of the industrial control equipment to the credibility measurement module through an internal communication bus via the control module;
the credibility measurement module is connected with a second input/output control end of the control module and used for monitoring a credibility process of the industrial control equipment according to the industrial control equipment information output by the second input/output control end, generating a credibility measurement value and encrypting the credibility measurement value;
one end of the network communication module is connected with the third input/output control end of the control module, the other end of the network communication module is used for being connected with an external server, the network communication module is used for transmitting the credibility value to the server, and the server is used for judging the current credibility of the industrial control equipment and feeding the current credibility value back to the control module so as to perform safety prevention and control.
2. The industrial control safety protection terminal as claimed in claim 1, wherein the safety protection terminal further includes a virus checking and killing module, the control module further includes a fourth i/o control terminal, the virus checking and killing module is connected to the fourth i/o control terminal, and the virus checking and killing module is configured to check and kill viruses for the industrial control device according to the safety protection and control signal output by the fourth i/o control terminal, so as to implement active defense of the industrial control device.
3. The industrial safety protection terminal according to claim 1, wherein the network communication module is a wireless communication module or a wired communication module.
4. The industrial safety protection terminal according to claim 3, wherein the wireless communication module is a 4G module, a 5G module or a WiFi module.
5. The industrial safety protection terminal according to claim 1, wherein the serial port communication module is MAX232 in model number.
6. The industrial safety protection terminal according to claim 1, wherein the control module is an stm32 single chip microcomputer.
7. The industrial safety protection terminal according to claim 1, wherein the network communication module is a NE16E/08E/05 router.
8. The industrial control security protection terminal as claimed in claim 1, wherein said trusted metrics module is a Z32H330TC trusted computing chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202223169790.5U CN218633970U (en) | 2022-11-28 | 2022-11-28 | Industrial control safety protection terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202223169790.5U CN218633970U (en) | 2022-11-28 | 2022-11-28 | Industrial control safety protection terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN218633970U true CN218633970U (en) | 2023-03-14 |
Family
ID=85453001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202223169790.5U Active CN218633970U (en) | 2022-11-28 | 2022-11-28 | Industrial control safety protection terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN218633970U (en) |
-
2022
- 2022-11-28 CN CN202223169790.5U patent/CN218633970U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| HaddadPajouh et al. | A survey on internet of things security: Requirements, challenges, and solutions | |
| EP3314852B1 (en) | Peer-to-peer group vigilance | |
| Yang et al. | Intrusion detection system for IEC 60870-5-104 based SCADA networks | |
| Wang et al. | Security issues and challenges for cyber physical system | |
| Srivastava et al. | Future IoT‐enabled threats and vulnerabilities: State of the art, challenges, and future prospects | |
| WO2017084535A1 (en) | Method for trusted protocol conversion and system | |
| CN103905450B (en) | Intelligent grid embedded device network check and evaluation system and check and evaluation method | |
| TWI520000B (en) | Network security method and network security serving system | |
| US20170061131A1 (en) | Side-Channel Integrity Validation of Devices | |
| WO2019181258A1 (en) | Network probe and method of processing message | |
| CN105847251B (en) | Using the industrial control system safety protecting method and system of S7 agreements | |
| CN115150208A (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| CN111709023A (en) | Application isolation method and system based on trusted operating system | |
| Katulić et al. | Protecting modbus/TCP-based industrial automation and control systems using message authentication codes | |
| Essa et al. | Cyber physical sensors system security: threats, vulnerabilities, and solutions | |
| CN110730170A (en) | Internal and external network isolation method and system | |
| Wanying et al. | The study of security issues for the industrial control systems communication protocols | |
| CN117879942A (en) | Cross-network data exchange device and method | |
| CN218633970U (en) | Industrial control safety protection terminal | |
| CN112769709A (en) | Thing networking terminal equipment safety protection system | |
| Stancu et al. | Trusted industrial Modbus firewall for critical infrastructure systems | |
| Pawar et al. | A novel approach for enhancement of security through evaluation of quality of service parameters in industrial internet of things | |
| Yi et al. | A security-enhanced Modbus TCP protocol and authorized access mechanism | |
| Laghari et al. | Cyberattacks and vociferous implications on SECS/GEM communications in industry 4.0 ecosystem | |
| CN114095227B (en) | Data communication gateway trusted authentication method, system and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |