JP2021503191A - L2 switch for network security and remote monitoring control system using it - Google Patents

Abstract

One embodiment of the present invention determines whether to encrypt or decrypt the frame based on the setting of the encryption module that encrypts or decrypts the frame and the receiving port in which the frame is received. An L2 switch for network security, including a switch fabric module that transmits an encryption or decryption frame transmitted to the encryption module and switches the encryption or decryption frame received from the encryption module to a transmission port connected to a destination, and a switch thereof. A remote monitoring and control system using the above can be provided. [Selection diagram] Fig. 1

Description

The present invention relates to an L2 switch for network security and a remote monitoring control system using the switch.

Since the introduction of the concept of factory automation (FA, Factory Automation) in the process of water treatment performed at water intakes, water purification plants, distribution reservoirs, etc., various water treatment facilities have been electronically operated from remote locations via networks. Is monitored and controlled. The network that monitors and controls not only water treatment but also infrastructure such as power generation, power transmission, and distribution guarantees connectivity so that monitoring data generated in various processes can be collected and commands to control various facilities can always be transmitted. It must be done and protected from cyber attacks such as hacking. Therefore, there is a demand for network devices that can encrypt the monitoring data generated by the infrastructure and the instructions that control various facilities to improve security, monitor the network, and block cyber attacks.

Korean Registered Patent No. 10-1418707

An object of an embodiment of the present invention is to improve the security of a network for managing core facilities such as water resource management and power grid management.
Further, an object according to an embodiment of the present invention is that a frame can be encrypted and transmitted / received based on a port setting, a cyber attack can be blocked, and a remote monitoring control device is an L2 switch constituting a network. It is an object of the present invention to provide a network security L2 switch that provides information on the L2 switch to a remote monitoring control device, and a remote monitoring control system using the L2 switch so that the state of the L2 switch can be monitored.
Further, an object according to an embodiment of the present invention is that the administrator can easily recognize whether or not the L2 switch is abnormal by observing the touch panel of the L2 switch, and the touch panel is used to encrypt the L2 switch. It is an object of the present invention to provide an L2 switch for network security capable of turning off, and a remote monitoring control system using the L2 switch.

The network security L2 switch according to the embodiment of the present invention encrypts or decrypts the frame based on the setting of the encryption module that encrypts or decrypts the frame and the receiving port in which the frame is received. It may include a switch fabric module that determines whether or not to do so and transmits it to the encryption module and switches the encryption or decryption frame received from the encryption module to a transmission port connected to the destination. it can.
Further, the network security L2 switch according to the embodiment of the present invention further includes a state management module that generates a state report frame containing information about the network security L2 switch and transmits it to the remote monitoring control device. The information regarding the network security L2 switch can include at least one of information regarding the amount of communication, information regarding a cyber attack, or information regarding the state of the network security L2 switch itself.
Further, the state management module generates the state report frame based on the mode bus (MODBUS) protocol, and uses a lookup table to input an item code given for each item of information about the network security L2 switch. It is possible to confirm and generate mode bus data including the item code and the value corresponding to the item code.
Further, the network security L2 switch according to the embodiment of the present invention is provided in the network security L2 switch itself, and is provided in the display unit for providing information to the administrator and the network security L2 switch itself. Further including an input unit for receiving the input of the administrator, the state management module displays a problem occurrence notification screen on the display unit when a problem occurs in the network security L2 switch itself; the network security. When a physical connection is detected in the L2 switch for use or when the input unit detects an input, the password input screen is displayed on the display unit, and the physical connection is performed until a predetermined password is input to the input unit. When the emergency switching selection screen for turning on / off the encryption function is displayed based on the input of the administrator and the emergency switching selection is input to the input unit. Further, the operation of controlling the switch fabric module so as not to transmit the frame to the encryption module can be performed.
Further, when the port on which the frame is received is set as the user-network interface, the switch fabric module transmits the received frame to the encryption module in order to encrypt the received frame, and the frame receives the frame. When the port is configured as a network-network interface, it propagates to the encryption module to decrypt the received frame, and the port on which the frame is received is the user-network interface or network-network. When the port is not set as an interface, the received frame can be switched to the transmission port connected to the destination of the frame.
In addition, the encryption module confirms whether or not an encryption session is set in relation to the L2 switch, which is the destination of the frame received from the port set as the user-network interface, and encrypts. When the session is not set, a control frame requesting the setting of the encrypted session is generated, transmitted to the L2 switch which is the destination, and the control frame requesting the setting of the encrypted session is received. In the case, a control frame that accepts the setting of the encryption session is generated in the reply, and the control frame requesting the setting of the encryption session is transmitted to the transmitting L2 switch to accept the setting of the encryption session. When the control frame is received, the session setting operation for setting the encrypted session can be further performed.
The remote monitoring control system using the network security L2 switch according to the embodiment of the present invention encrypts or decrypts the frame based on the setting of the receiving port where the frame is received, and transmits the frame connected to the destination. Network security L2 switch that switches to a port, control equipment that is connected to the network security L2 switch to generate and transmit monitoring data, and monitoring data that is connected to the network security L2 switch and received from the control equipment. A remote monitoring control device that generates and transmits a control command based on the above can be included.
Further, the network security L2 switch generates a status report frame containing information about the network security L2 switch based on the mode bus (MODBUS) protocol and provides the remote monitoring control device to the remote monitoring control device. Can monitor and control the status of the network security L2 switch based on the status report frame provided by the network security L2 switch.
Further, the remote monitoring control device analyzes the status report frame based on the mode bus (MODBUS) protocol, and looks up the item code and data value included in the mode bus data of the status report frame. In contrast, the item of information regarding the network security L2 switch and its contents can be recognized.

The features and advantages of the present invention will become more apparent from the following detailed description based on the accompanying drawings.
Prior to this, the terms and words used herein and within the scope of the claim shall not be construed in a normal and lexical sense, in order for the inventor to describe his invention in the best possible way. In line with the principle that the concept of terms can be properly defined, it should be interpreted in terms and concepts that are consistent with the technical ideas of the present invention.

According to one embodiment of the present invention, it is possible to encrypt or decrypt frames to be transmitted / received based on the port setting of the L2 switch, and the transmitting side and receiving side L2 switches in which the encryption session is set can be used. Since the ciphertext frame is transmitted between the two, the encryption function can be performed without replacing all the existing general L2 switches, so that the security of the network can be improved step by step.
Further, according to one embodiment of the present invention, the L2 switch can store information about the state of the L2 switch and report it to the remote monitoring and control device using the widely used MODBUS protocol. It can manage the network systematically and effectively, and can be widely applied to the network for monitoring and controlling mission-critical facilities.
Further, according to one embodiment of the present invention, the on-site manager can easily recognize whether or not there is an abnormality through the touch panel provided outside the L2 switch, and when a problem occurs in the L2 switch. By turning off the encryption function and switching to unencrypted communication via the emergency switching selection screen, it is possible to guarantee constant information transmission / reception between the remote monitoring control device and the control equipment.

It is a figure which shows the structure of the remote monitoring control system which used the L2 switch for network security which concerns on one Embodiment of this invention. It is a block diagram which shows the structure of the L2 switch for network security which concerns on one Embodiment of this invention. It is a flowchart which shows the operation which processes the frame received from the network security L2 switch which concerns on one Embodiment of this invention. It is a figure which shows the plaintext frame, the ciphertext frame and the session setting frame by one Embodiment of this invention. It is a flowchart which shows the session generation step which concerns on one Embodiment of this invention. It is a figure which shows the network for the remote monitoring control system configured by using the L2 switch for network security which concerns on one Embodiment of this invention. It is a figure which shows a part of the lookup table which the remote monitoring control device which concerns on one Embodiment of this invention is used to monitor the state of the L2 switch for network security. It is a figure which shows the display part of the L2 switch for network security which concerns on one Embodiment of this invention.

Objectives, specific advantages and novel features of one embodiment of the present invention will become more apparent from the following detailed description and preferred embodiments relating to the accompanying drawings. In the present specification, when adding reference numbers to the components of each drawing, only the same components shall have the same number as much as possible even if they are displayed on other drawings. Should be noted. In addition, terms such as "one side", "other side", "first", and "second" are used to distinguish one component from another, and the component is used. Not limited by these terms. Hereinafter, in describing one embodiment of the present invention, detailed description of related known techniques that may unnecessarily obscure the gist of one embodiment of the present invention will be omitted.

Hereinafter, an embodiment of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a diagram showing a configuration of a remote monitoring control system using a network security L2 switch 100 according to an embodiment of the present invention.
As shown in FIG. 1, the remote monitoring and control system using the network security L2 switch 100 according to the embodiment of the present invention includes the remote monitoring and control device 10, the network security L2 switch 100, and the control equipment 30. Can be done. In the present specification, the network security L2 switch 100 according to the embodiment of the present invention is simply referred to as "L2 switch 100", and the general L2 switch having no conventional encryption function is referred to as "general L2 switch 90". Further, in the present specification, the unencrypted frame is referred to as "plaintext frame NF", and the encrypted frame is referred to as "ciphertext frame EnF".

The remote monitoring control device 10 refers to a device capable of monitoring and controlling the control equipment 30 at a remote location far away from the location where the control equipment 30 is located. For example, the remote monitoring control device 10 can be a SCADA 11 (Supervision Control And Data Acquisition) system, an HMI (Human Machine Interface), or the like. The remote monitoring and control device 10 can further include a SOC 12 (Security Operations Center) that performs security and management of the network 20. The remote monitoring control device 10 is connected to the network security L2 switch 100, and automatically monitors and controls the control equipment 30 by generating and transmitting a control command based on the monitoring data received from the control equipment 30. be able to.

The control equipment 30 includes various devices that measure the current state and perform necessary operations. For example, the control equipment 30 can include a PLC 31 and a terminal 32. The terminal 32 may be a measuring device such as a water level sensor for measuring the water level of the dam or a flow rate sensor for measuring the discharge flow rate. Alternatively, the terminal 32 may be a drive facility for opening and closing the floodgate of the dam, a chlorine facility for injecting a chlorine disinfectant into water at a water purification plant, and the like. The control equipment 30 is connected to the network security L2 switch 100, and can generate and transmit monitoring data. The terminal 32 can monitor the site state, generate monitoring data and transmit it to the PLC 31, or perform a necessary operation based on a control command received from the PLC 31. The terminal 32 may be immediately connected to the L2 switch 100 without being connected to the PLC 31.

PLC31 (Programmable Logic Controller) replaces the functions of relays, timers, counters, etc. in the automatic control panel with semiconductor elements such as LSIs and transistors, and is an existing one. It is a control device configured to control a program by adding a numerical calculation function to the sequence control function. The PLC 31 is connected to the terminal 32 and can receive various monitoring data generated by the terminal 32 and transmit the monitoring data to the remote monitoring control device 10. The PLC 31 can control the terminal 32 connected to the PLC 31 based on the control command received from the remote monitoring control device 10.

The L2 switch 100 according to an embodiment of the present invention is a switch that encrypts or decrypts frames in the second layer of an OSI (Open System Interconnection) 7 layer model to transmit and receive. The L2 switch 100 can form a network 20 that connects the remote monitoring control device 10 and the control equipment 30. A part of the network 20 in which both ends are connected to the L2 switch 100 and the ciphertext frame EnF is transmitted / received can be used as an encrypted section, and a part of the network 20 in which the plaintext frame NF is transmitted / received can be used as a plaintext section. For example, as shown in FIG. 1, an encrypted section can be set between the first L2 switch 100a connected to the remote monitoring control device 10 and the second L2 switch 100b connected to the control equipment 30. The plaintext section can be between the remote monitoring control device 10 and the first L2 switch 100a, and between the control equipment 30 and the second L2 switch 100b.

The L2 switch 100 can encrypt or decrypt the frame based on the setting of the receiving port 111 (r) at which the frame is received, and switch to the transmitting port 111 (s) connected to the destination. The L2 switch 100 can be divided into a transmitting side L2 switch 100s and a receiving side L2 switch 100r, the transmitting side L2 switch 100s encrypts the frame and transmits it, and the receiving side L2 switch 100r encrypts the frame. Can be decrypted and sent. For example, the first L2 switch 100a encrypts the frame received from the remote monitoring control device 10 and transmits it to the second L2 switch 100b, and the second L2 switch 100b decodes the ciphertext frame EnF received from the first L2 switch 100a. It can be transmitted to the control equipment 30, and at this time, the first L2 switch 100a becomes the transmitting side L2 switch 100s, and the second L2 switch 100b becomes the receiving side L2 switch 100r. On the contrary, the second L2 switch 100b encrypts the frame received from the control equipment 30 and transmits it to the first L2 switch 100a, and the first L2 switch 100a decodes the ciphertext frame EnF received from the second L2 switch 100b and remotely. It can be transmitted to the monitoring control device, and at this time, the first L2 switch 100a becomes the receiving side L2 switch 100r, and the second L2 switch 100b becomes the transmitting side L2 switch 100s.

Since the conventional general L2 switch 90 transmits and receives the plaintext frame NF, there is a risk that an outsider intercepts and analyzes the frame and forges or alters the control command so that the core facility malfunctions. There was sex. However, since the L2 switch 100 of the present invention encrypts the frame and transmits / receives it, the security of the monitoring control data can be maintained even if the frame is leaked. Therefore, there is an advantage that the stability of important core facility management such as water resource management and power grid management is strengthened.

The L2 switch 100 can generate information about its own state and transmit it to the remote monitoring control device 10. Information on the status of the L2 switch 100 is necessary for the administrator to monitor and control the network 20 configured by the L2 switch 100, such as traffic, harmful traffic, information on cyber attacks, and whether or not the encryption function is operating. It can contain various information. The L2 switch 100 can generate a state report frame MBF including information about its own state, and transmit the state report frame MBF to the remote monitoring control device 10 via the network 20. The remote monitoring control device 10 can confirm the status of the L2 switch 100 constituting the network 20 based on the received status report frame MBF.

Although the conventional general L2 switch 90 can monitor and control the control equipment 30 by the remote monitoring control device 10 by performing only the function of transmitting the communication amount, the general L2 switch 90 constituting the network 20 The 90 could not be monitored and controlled. Therefore, when a problem such as a failure of the general L2 switch 90 itself, an inflow of harmful traffic, or a cyber attack occurs, it is difficult for the administrator to immediately recognize the problem that has occurred in the general L2 switch 90. Therefore, the network 20 It was difficult to ensure the soundness of. However, since the L2 switch 100 according to the embodiment of the present invention provides its own state to the remote monitoring control device 10, the administrator can easily confirm the state of the L2 switch 100 via the remote monitoring control device 10. It has the advantage of being able to take the necessary steps.

FIG. 2 is a block diagram showing a configuration of a network security L2 switch 100 according to an embodiment of the present invention.
As shown in FIG. 2, the network security L2 switch 100 according to the embodiment of the present invention includes a switch fabric module 110, a switching DB 120, an encryption module 130, a session DB 140, a state management module 150, a display unit 160, and an input unit. 170 can be included.

The switch fabric module 110 can include a plurality of physical ports 111 and switches a frame received from any port 111 to a port 111 connected to the destination of the frame. The switch fabric module 110 determines whether to encrypt or decrypt the frame based on the setting of the receiving port 111 (r) in which the frame is received, transmits the frame to the encryption module 130, and transmits the frame to the encryption module 130. The encryption or decryption frame received from 130 can be switched to the transmission port 111 (s) connected to the destination, and the frame that does not require encryption is immediately connected to the destination transmission port 111 (s). It can be switched to s). Any physical port 111 can be a receive port 111 (r) or a transmit port 111 (s).

The switching DB 120 stores the addresses of devices connected to the respective ports 111 of the switch fabric module 110. The switch fabric module 110 queries the switching DB 120 for port 111 information to which the destination address of the frame is connected, and transmits the frame to the port 111 acquired as a result.

The encryption module 130 can encrypt or decrypt the frame. The encryption module 130 can encrypt or decrypt a frame using logic such as AES128 bit, AES192 bit, AES256 bit, 3DES. The encryption module 130 can be realized by a separate processor that performs only the encryption function. The encryption module 130 can perform encryption or decryption using a symmetric key.

The session DB 140 stores information regarding session settings for transmitting or receiving ciphertext in relation to the L2 switch 100 itself and another L2 switch 100. The encryption module 130 encrypts the frame to be transmitted to the L2 switch 100 in which the encryption session is set in the session DB 140, and decrypts the frame received from the L2 switch 100 in which the decryption session is set in the session DB 140. ..

The state management module 150 can monitor and store the state of the L2 switch 100 itself in real time. The state management module 150 can detect and block various cyber attacks attempted on the L2 switch 100. For example, the state management module 150 may include ARP spoofing, IP spoofing, Host Scanning attack, Port Scanning attack, DoS, DDo, DHCP Attack, ICMP Attack, ICMP Attack, ARP Attack, ARP Attack, Cyberattack, and Cyberattack. It can store cyberattack status and records. The state management module 150 can measure and store the traffic processed by the L2 switch 100 in real time, and can block harmful traffic.

The state management module 150 can acquire and store information necessary for managing the network 20, such as the power state of the L2 switch 100, the operation status of the encryption function, and the operation status of the port 111. The state management module 150 can generate a state report frame MBF including information on the state of the L2 switch 100 and transmit it to the remote monitoring control device 10. The state management module 150 stores information about the state of the L2 switch 100 and periodically transmits the state report frame MBF to the remote monitoring control device 10, or receives a request from the remote monitoring control device 10 to transmit the state report frame MBF. Can be transmitted.

The display unit 160 is provided in the network security L2 switch 100 itself, and can provide information to the administrator. The display unit 160 can notify the administrator of the current state of the L2 switch 100, or can display information necessary for operating the L2 switch 100.

The input unit 170 is provided in the network security L2 switch 100 itself, and can receive the input of the administrator. For example, the display unit 160 may be a touch panel, and the touch panel can perform the functions of the input unit 170.

FIG. 3 is a flowchart showing an operation of processing a frame received from the network security L2 switch 100 according to the embodiment of the present invention.
In the frame receiving step (S10), the switch fabric module 110 receives a frame from the outside. Next, in the host network (Host network) determination step (S11), the switch fabric module 110 confirms the destination of the received frame, confirms whether or not the final destination is the L2 switch 100, and confirms whether or not the final destination is the L2 switch 100. When the destination of the frame is the L2 switch 100 (Y), the frame is transmitted to the state management module 150, and when the destination of the frame is not the L2 switch 100 (N), the receiving port confirmation step (S12) I do. The operation of the state management module 150 will be described later.

In the receive port confirmation step (S12), the switch fabric module 110 sets the port 111 on which the frame is received as a user-network interface (UNI, User-Network Interface) or a network-network interface (NNI, Network-Network Interface). If the receive port 111 (r) is set as a user-network interface (UNI), the frame is transmitted to the encryption module 130 for encryption, and the receive port 111 (r) is transmitted to the reception port 111 (UNI). When r) is configured as a network-network interface (NNI), the frame is propagated to the encryption module 130 for decryption and is not configured as a user-network interface or network-network interface (general). ), The switching operation (S60) is performed.

The switch fabric module 110 can configure the port 111 to which the device is connected as a user-network interface UNI or a network-network interface NNI, and determines encryption or decryption based on the settings of the receive port 111 (r). Therefore, encryption or decryption can be performed for each port 111. Further, when the receiving port 111 (r) is not set, the switch fabric module 110 can immediately perform the switching operation without encrypting or decrypting the frame, so that the conventional general L2 switch 90 and the plaintext frame NF can perform the switching operation immediately. Since transmission is possible, there is an advantage that it is not necessary to replace all the L2 switches 100 constituting the network 20 at one time.

For example, when the remote monitoring control device 10 is connected to the first port of the first L2 switch 100a, the first port can be set as the user-network interface UNI and controlled to the second port of the second L2 switch 100b. When the equipment 30 is connected, the second port can be set as the user-network interface UNI. When a general L2 switch 90 connected to another network 20 is connected to the second port of the first L2 switch 100a, the second port can be set as a network-network interface NNI, and the second L2 switch 100b can be set as the second port. When a general L2 switch 90 connected to another network 20 is connected to one port, the first port can be set as a network-network interface NNI. When a device that does not require encryption is connected to the third port of the first L2 switch 100a, the third port can be set to a general port that is not set as a user-network interface UNI or a network-network interface NNI. ..

In the switching operation (S60), the switch fabric module 110 contrasts the destination of the frame with the address of the device connected to each port 111 stored in the switching DB 120, which transmission port 111 (s) the frame is. It searches whether it must be transmitted to, and transmits the frame to the searched transmission port 111 (s).

The frame received on the receiving port 111 (r) set as the user-network interface UNI is transmitted to the encryption module 130 and encrypted. First, in the encryption session confirmation step (S21), the encryption module 130 searches the session DB 140 to confirm whether or not the encryption session is set with the L2 switch 100, which is the destination of the frame. When the destination L2 switch 100 and the encryption session are set (Y), the encryption module 130 encrypts the frame using the encryption engine to generate the ciphertext frame EnF (S30), and encrypts the frame. The sentence frame EnF is transmitted to the switch fabric module 110, and the switch fabric module 110 transmits the ciphertext frame EnF via the switching operation (S60). When the destination L2 switch 100 and the encryption session are not set (N), the encryption module 130 performs the session generation step (S50) with the destination L2 switch 100. The details of the session generation step (S50) will be described later.

When the encryption session is generated (Y), the encryption module 130 encrypts the frame (S30) and transmits (S60), and when the encryption session generation fails (N), the frame is in the plaintext state. (S60). Since the frame is encrypted and transmitted only when an encrypted session is established between the transmitting side L2 switch 100s and the receiving side L2 switch 100r, the receiving side L2 switch 100r is a general L2 switch 90 and the encrypted session is performed. If it cannot be established or if a problem occurs in the receiving side L2 switch 100r and the encrypted session cannot be established in the emergency switching state, the frame is transmitted in the plaintext state to always maintain the connection between the remote monitoring control device 10 and the control equipment 30. can do.

The frame received on the receiving port 111 (r) set as the network-network interface NNI is transmitted to the encryption module 130 and decrypted. First, in the decryption session confirmation step (S22), the encryption module 130 searches the session DB 140 to confirm whether the decryption session is set with the L2 switch 100 which is the starting point of the frame. When the departure point L2 switch 100 and the decryption session are set (Y), the encryption module 130 decrypts the frame using the decryption engine to generate the plaintext frame NF (S40), and the plaintext frame NF is generated. The NF is transmitted to the switch fabric module 110, and the switch fabric module 110 transmits the plaintext frame NF via the switching operation (S60). When the decoding session is not set with the L2 switch 100 which is the departure point (N), the received frame is transmitted to the switch fabric module 110 as it is and the switching operation (S60) is performed. Since the L2 switch 100 switches the frame transmitted from the departure point L2 switch 100 in which the decoding session has not been established as it is, the transmitting side L2 switch 100s is the general L2 switch 90, or the transmitting side L2 switch 100s. When a problem occurs and a decoding session cannot be established in the emergency switching state, the frame transmitted in plain text can be transmitted as it is, so that the connection between the remote monitoring control device 10 and the control equipment 30 is always maintained. be able to.

FIG. 4 is a diagram showing a plaintext frame NF, a ciphertext frame EnF, a session setting frame, and a status report frame MBF according to an embodiment of the present invention.
As shown in FIG. 4, the plaintext frame NF, the ciphertext frame EnF, and the session setting frame can be configured to comply with the Ethernet protocol and the Internet Protocol (IP). The encryption module 130 encrypts the data (IP Data) portion of the plain text frame NF to generate encrypted text data (EnData), and stores the information required for decryption in the encrypted data header (EnData Header) for encryption. The encryption operation (S30) for generating the sentence frame EnF is performed. Since the ciphertext frame EnF does not encrypt the destination MAC address (destMAC), the departure MAC address (srcMAC), the Ethernet type (Type), and the IP address (IP) information, it is transmitted via the general L2 switch 90. The frame can also be moved to the destination.

In the encryption text frame EnF, the encryption data header (EnData Header) and the encryption text data (EnData) are sequentially positioned next to the IP address (IP), and the encryption module 130 is included in the encryption data header (EnData Header). The decryption operation (S40) that decrypts the encrypted text data (EnData) based on the information and generates the plain text frame NF can be performed. The encrypted data header (EnDataHasher) is the Unique ID for the encrypted data classification, the protocol type of the original data before encryption, the data fragmentation indicator, the fragment sequence number (fragment sequence number), the encryption module type, and the fragment. Information such as a sequence ID (fragment sequence id), a data source length, a data hash value (hash value), a data source check sum value (chsum value), and an encryption / decryption indicator (indication vector) can be included. .. The encryption module 130 can include an encryption engine and a decryption engine. The encryption engine and decryption engine can consist of program code running within the processor.

FIG. 5 is a flowchart showing a session generation step (S50) according to an embodiment of the present invention.
The encryption session and the decryption session are formed between the transmitting side L2 switch 100s and the receiving side L2 switch 100r. One L2 switch 100 operates as the transmitting side L2 switch 100s when transmitting the ciphertext frame EnF to the network 20 side, and operates as the receiving side L2 switch 100r when receiving the ciphertext frame EnF from the network 20 side. .. FIG. 5 schematically shows a case where the first L2 switch 100a is the transmitting side and the second L2 switch 100b is the receiving side.

When the receiving port 111 (r) is set as the user-network interface UNI, the received frame is transmitted to the encryption module 130, and the encryption module 130 performs the encryption session confirmation step (S21) to perform the encryption session. If does not exist (N), the session generation step (S50) is performed. The encryption module 130 confirms whether an encryption session is set in relation to itself and the L2 switch 100, which is the destination of the frame received from the port 111 set as the user-network interface, and the encryption session is started. If it is not set, a control frame CF requesting the setting of the encryption session is generated, transmitted to the destination L2 switch 100, and a control frame CF requesting the setting of the encryption session is received. Generates a control frame CF that accepts the encryption session setting in reply, transmits the control frame CF that requests the encryption session setting to the L2 switch 100 that transmitted the control frame CF, and accepts the encryption session setting. When the control frame CF is received, the session generation operation (S50) for setting the encrypted session can be further performed.
First, the encryption module 130 of the transmitting side L2 switch 100s generates a session setting request step (S51) for generating the control frame CF shown in FIG. 4 requesting the setting of the encryption session and sending it to the receiving side L2 switch 100r. Do. Next, the encryption module 130 of the transmitting side L2 switch 100s stores in the session DB 140 that the request for session setting is transmitted to the receiving side L2 switch 100r (S52).

Referring to FIG. 4, the control frame CF is the destination MAC address (destMAC), the departure MAC address (srcMAC), the Ethernet type (Type), the IP address (IP) information, and then the encrypted control data (EnControl Data). including. The encrypted control data includes source MAC address of the host, source IP address of the host, destination IP address of the host, frame control type: (request, response), frame type control, and data. It can include encryption / decryption assistance key lens, encryption / decryption salt key, and encryption / decryption data value.

Referring to FIG. 5 again, when the encryption module 130 of the receiving side L2 switch 100r receives the control frame CF requesting the setting of the encryption session from the transmitting side L2 switch 100s (S53), it accepts the setting of the encryption session. The response transmission step (S54) of generating the control frame CF to be performed and sending it to the transmitting side L2 switch 100s is performed. Next, the encryption module 130 of the receiving side L2 switch 100r stores in the session DB 140 that a response accepting the setting of the encrypted session has been transmitted (S55).

Next, within the time set from the time when the session setting request is transmitted (S51), the encryption module 130 of the transmitting side L2 switch 100s transmits the control frame CF that accepts the encryption session setting from the receiving side L2 switch 100r. Upon reception (S56), the session DB 140 stores that the receiving side L2 switch 100r and the encrypted session have been established (S57). When the encryption module 130 of the transmitting side L2 switch 100s does not receive the control frame CF that approves the establishment of the encryption session from the receiving side L2 switch 100r within the set time from the time when the session setting request is transmitted (S51). The state in which the session setting request is transmitted to the receiving side L2 switch 100r stored in the session DB 140 is deleted. If the control frame CF that approves the establishment of the encryption session is not received within the specified time, the plaintext frame NF is automatically transmitted because the receiving side L2 switch 100r can be the general L2 switch 90.

Next, when the encryption module 130 of the transmitting side L2 switch 100s encrypts the frame (S30) and switches the encrypted frame to the receiving side L2 switch 100r (S60), the receiving side L2 switch 100r converts the encrypted frame. The plaintext frame NF is transmitted by receiving and performing the decryption operation (S40). The receiving side L2 switch 100r records in the session DB 140 that a decoding session has been established with the transmitting side L2 switch 100s (S58).

The encryption session and the decryption session stored in the session DB 140 are automatically deleted after the specified time has elapsed, and the plaintext frame NF or encryption is processed within the specified time after the session is established. Since the encryption session or the decryption session is set, the frame is immediately encrypted (S30) or decrypted (S40) without going through the session setting step (S50). When the encryption session and the decryption session recorded in the session DB 140 are deleted with the lapse of time, the session setting step (S50) is performed again after the transmitting side L2 switch 100s receives the frame.

When the first L2 switch 100a and the second L2 switch 100b are connected, the first encryption session in which the first L2 switch 100a is the transmitting side L2 switch 100s and the second L2 switch 100b is the receiving side L2 switch 100r can be set. The second encryption session in which the second L2 switch 100b is the transmission side L2 switch 100s and the first L2 switch 100a is the reception side L2 switch 100r can be set separately from the first encryption session. Even when the first encrypted session disappears after the set period has elapsed, it can be maintained as it is as long as the set period of the second encrypted session has not elapsed.

FIG. 6 is a diagram showing a network 20 for a remote monitoring and control system configured by using the network security L2 switch 100 according to the embodiment of the present invention.
As shown in FIG. 6, the network 20 for managing core facilities such as water resources and electricity supply networks needs to guarantee the collection of monitoring data and the transmission of control commands even if a part of the network 20 is interrupted. Because there is, it is composed of a duplicated structure. In FIG. 6, a ring-shaped duplicated network 20 is shown as an example, and a part of the network 20 is omitted and displayed. In order to achieve the security of the network 20 by using the L2 switch 100 for the security of the network 20 according to the embodiment of the present invention, all the general L2 switches 90 constituting the network 20 having a redundant structure are connected to the network 20. There is no need to change to the L2 switch 100 for security. As shown in FIG. 6, the first L2 switch 100a is installed on the line connecting the remote monitoring control device 10 and the duplicated network 20, and the second L2 switch is installed on the line connecting the control equipment 30 and the duplicated network 20. When 100b is installed, it is possible to set an encryption section in which both ends are connected to the L2 switch 100.

As shown in FIG. 4, since only the IP data (IP Data) area after the IP address is encrypted in the ciphertext frame EnF, the existing general L2 switch 90 constituting the duplicated network 20 uses the ciphertext frame. EnF can be transmitted in the same manner as the plaintext frame NF. For example, in the section between the first L2 switch 100a, the second L2 switch 100b, and the third L2 switch 100c, an encrypted frame can be transmitted and received, and the control equipment 30 directly connected to the general L2 switch 90 and the first L2 switch 100a or the second L2 switch. The section between 100b and 100b can be transmitted and received by the plaintext frame NF. Therefore, it is sufficient to maintain the general L2 switch 90 constituting the existing duplex network 20 as it is and install the L2 switch 100 at a position connecting each node of the duplex network 20 to the site. Therefore, the configuration of the entire network 20 is configured. It is not necessary to change it at one time, and it can be applied from the section where security is preferentially required.

FIG. 7 shows a part of a look-up table used by the remote monitoring control device 10 according to the embodiment of the present invention to monitor the state of the network security L2 switch 100.
Referring again to FIG. 1, the state management module 150 of the L2 switch 100 generates a state report frame MBF containing information about the network security L2 switch 100 and transmits it to the remote monitoring control device 10. The information regarding the network security L2 switch 100 can include at least one of information regarding the amount of communication, information regarding a cyber attack, or information regarding the state of the network security L2 switch 100 itself. The remote monitoring control device 10 can confirm the status of the L2 switch 100 based on the information contained in the status report frame MBF received from the L2 switch 100, and transmits a control command required for the L2 switch 100. be able to.

Referring to FIG. 4, the status reporting frame MBF follows the MODBUS protocol. The MODBUS protocol was developed for industrial data transmission / reception, and has the advantages of high versatility and high compatibility as compared with conventional methods such as SNMP. The MODBUS protocol was developed for industrial use and has a problem that it is difficult to store various information. However, the state report frame MBF according to the embodiment of the present invention uses a look-up table. Various types of information can be stored and transmitted in frames that follow the modbus protocol. The state management module 150 of the L2 switch 100 generates a state report frame MBF based on the MODBUS protocol, and the remote monitoring control device 10 analyzes the received state report frame MBF based on the MODBUS protocol to analyze the state of the L2 switch 100. Can recognize information about.

The status report frame MBF can be configured to include a mode bus / TCP data (MODBUS / TCP Data) after the MAC header (MAC HDR), IP header (IP HDR), and TCP header (TCP HDR). The mode bus / TCP data (MODBUS / TCP Data) can include an item code for each of the items exemplified in the lookup table of FIG. 7 and a data value corresponding to the item code. For example, when the L2 switch 100 intends to report the TX communication amount of the first port 111 to the remote monitoring control device 10, the state management module 150 is referred to as "30003" which is an item code of the TX communication amount of the first port 111. A state management frame is generated by including the "value" of the TX communication amount in the mode bus / TCP data (MODBUS / TCP Data), and transmitted to the remote monitoring control device 10. The remote monitoring control device 10 interprets the mode bus / TCP data (MODBUS / TCP Data) of the state management frame based on the same lookup table, and determines what the value of the TX communication volume of the first port 111 is. I understand. As a similar method, the state value (Enable: 1 / Diskle: 0) of the operation of the first port 111 (item code 10016) and the Dos Attack detection (65006) during a cyber attack (item code 30006) are used as a lookup table. In contrast, a status reporting frame MBF can be generated and interpreted.

FIG. 8 is a diagram showing a display unit 160 of the network security L2 switch 100 according to the embodiment of the present invention.
As shown in FIG. 8A, the network security L2 switch 100 can include a display unit 160 realized by a touch panel. The display unit 160 can further include a device such as a speaker in addition to the touch panel. The touch panel can also function as an input unit 170 that receives the input of the administrator. The touch panel may be provided on the front surface of the outer case of the L2 switch 100.

As shown in FIG. 8B, when a problem occurs in the network security L2 switch 100 itself, the problem occurrence notification screen 160a can be displayed on the display unit 160. The state management module 150 of the L2 switch 100 can visually display to the administrator whether or not the L2 switch 100 is abnormal via the touch panel. For example, the touch panel can display a phrase (for example, a problem has occurred) indicating that the L2 switch 100 has an abnormality (see (b) in FIG. 8), and alternately displays red and white. The occurrence of a problem can be displayed using a visual method. Problems that may occur in the L2 switch 100 include cyber attacks, the generation of harmful traffic, and malfunction of the internal configuration. The manager at the site where the L2 switch 100 is installed can easily recognize that there is a problem with the L2 switch 100 and start solving the problem simply by checking the touch panel.

As shown in FIG. 8C, when the state management module 150 detects a physical connection to the network security L2 switch 100 or the input unit 170 detects an input, the password input screen 160b is displayed on the display unit 160. Is displayed, and the physical connection or input can be blocked until the predetermined password is input to the input unit 170. The state management module 150 displays the password input screen 160b on the display unit 160 (touch panel) when the firmware of the L2 switch 100 must be updated or when a physical device is connected to the port 111 of the L2 switch 100. Only when the administrator enters the password can the connected device be restricted from operating. When an outsider accesses the L2 switch 100 and arbitrarily connects an electronic device, there is a risk of hacking or the like. Therefore, even if an outsider or an administrator connects the device to the L2 switch 100, the device can be restricted so that it can be used only after the password input step, and the security can be improved. The password input screen 160b can also be displayed when the administrator intends to control the L2 switch 100 via the input unit 170.

As shown in FIG. 8D, the state management module 150 of the L2 switch 100 displays an emergency switching selection screen 160c for turning on / off the encryption function based on the input of the administrator, and the input unit 170. When the emergency switching selection is input to, the operation of controlling the switch fabric module 110 so as not to transmit the frame to the encryption module 130 can be performed. The network 20 that monitors and controls core facilities such as water resource management or power grid management needs to be guaranteed to always transmit monitoring data and control commands. Therefore, a problem may occur in the L2 switch 100, or a situation may occur in which the ciphertext frame EnF cannot be transmitted / received for other reasons. In such a case, the administrator needs to switch not to use the encryption function of the L2 switch 100. The L2 switch 100 can provide an emergency switching selection screen 160c that allows the administrator to turn the encryption function on (On) or off (Off) via the touch panel. For example, when the administrator intends to turn off the encryption function of the L2 switch 100, the administrator inputs the password via the password input screen 160b and selects "switch" on the emergency switching selection screen 160c. The state management module 150 can control the switch fabric module 110 to switch immediately without transmitting all frames to the encryption module 130 regardless of the setting of the reception port 111 (r).

According to the above-described embodiment of the present invention, it is possible to encrypt or decrypt frames to be transmitted / received based on the setting of port 111 of the L2 switch 100, and the transmitting side and the receiving side in which the encryption session is set. Since the ciphertext frame EnF is transmitted between the L2 switches 100r of the above, the encryption function can be performed without replacing all the existing general L2 switches 90, so that the security of the network 20 can be gradually improved. Can be improved.

Further, according to one embodiment of the present invention, the L2 switch 100 stores information regarding the state of the L2 switch 100 and reports it to the remote monitoring control device 10 using the widely used mode bus (MODBUS) protocol. Therefore, the network 20 can be systematically and effectively managed, and can be widely applied to the network 20 for monitoring and controlling core facilities.

Further, according to one embodiment of the present invention, the on-site manager can easily recognize whether or not there is an abnormality through the touch panel provided outside the L2 switch 100, and a problem occurs in the L2 switch 100. When this happens, the encryption function can be turned off via the emergency switching selection screen 160c to switch to unencrypted communication, and constant information transmission / reception between the remote monitoring control device 10 and the control equipment 30 can be guaranteed. ..

Although the present invention has been described in detail with reference to specific embodiments, these embodiments are for the purpose of specifically explaining the present invention and are not intended to limit the present invention. It is clear that the present invention can be modified or improved within the technical idea of the present invention by a person having ordinary knowledge in the art.
Any simple modification or modification of the present invention belongs to the scope of the present invention, and the specific scope of protection of the present invention will be clarified by the appended claims.

100 L2 switch 110 for network security according to one embodiment of the present invention Switch fabric module 111 Port 120 Switching DB
130 Encryption module 140 Session DB
150 State management module 160 Display unit 160a Problem occurrence notification screen 160b Password input screen 160c Emergency switching selection screen 170 Input unit 10 Remote monitoring and control device 11 SCADA (Supervisory control and data acquisition)
12 SOC (Security Operations Center)
20 Network 30 Control equipment 31 PLC
32 Terminal NF Plaintext frame EnF Ciphertext frame MBF Status report frame CF Control frame

Claims (9)

An L2 switch that constitutes a network that connects a remote monitoring control device and control equipment.
An encryption module that encrypts or decrypts frames,
Based on the setting of the receiving port in which the frame is received, it is determined whether or not to encrypt or decrypt the frame and transmitted to the encryption module, and the encryption or decryption received from the encryption module is performed. An L2 switch for network security, including a switch fabric module that switches the frame to a transmit port connected to the destination. It further includes a state management module that generates a state report frame containing information about the network security L2 switch and transmits it to the remote monitoring and control device.
Information about the network security L2 switch is available.
The network security L2 switch according to claim 1, which includes at least one of information regarding the amount of communication, information regarding a cyber attack, or information regarding the state of the network security L2 switch itself. The state management module
The status report frame is generated based on the mode bus (MODBUS) protocol, but the item code and the item code given for each item of information about the network security L2 switch are confirmed by using a lookup table. The L2 switch for network security according to claim 2, which generates mode bus data including a value corresponding to an item code. A display unit provided in the network security L2 switch itself and providing information to the administrator.
It is provided in the network security L2 switch itself, and further includes an input unit for receiving an administrator's input.
The state management module
If a problem occurs in the network security L2 switch itself, display the problem occurrence notification screen on the display unit or display the problem occurrence notification screen.
When a physical connection is detected in the network security L2 switch or when the input unit detects an input, a password input screen is displayed on the display unit until a predetermined password is input to the input unit. Block the physical connection or the input,
Alternatively, when an emergency switching selection screen for turning on / off the encryption function is displayed based on the input of the administrator and the emergency switching selection is input to the input unit, the switch fabric module is the encryption module. The L2 switch for network security according to claim 2, further performing an operation of controlling not to transmit a frame to. The switch fabric module
When the port on which the frame is received is set as the user-network interface, it is transmitted to the encryption module to encrypt the received frame, and the port on which the frame is received is the network-network interface. When set as, the received frame is transmitted to the encryption module to be decrypted, and the port on which the frame is received is a port that is not set as a user-network interface or a network-network interface. The network security L2 switch according to claim 2, wherein in some cases, the received frame is switched to a transmission port connected to the destination of the frame. The encryption module
Check whether an encrypted session is set in relation to yourself and the L2 switch, which is the destination of the frame received from the port set as the user-network interface, and if the encrypted session is not set. Generates a control frame requesting the setting of the encryption session, transmits the control frame to the destination L2 switch, and receives a control frame requesting the setting of the encryption session. When a control frame that accepts the setting of the encryption session is generated, the control frame that requests the setting of the encryption session is transmitted to the L2 switch that transmitted the control frame, and the control frame that accepts the setting of the encryption session is received. The network security L2 switch according to claim 5, further performing a session setting operation for setting an encrypted session. A network security L2 switch that encrypts or decrypts the frame based on the settings of the receiving port on which the frame was received and switches to the transmitting port connected to the destination.
A control facility that is connected to the network security L2 switch to generate and transmit monitoring data,
A remote monitoring control system using a network security L2 switch, including a remote monitoring control device connected to the network security L2 switch and generating and transmitting a control command based on monitoring data received from the control equipment. The network security L2 switch is
A status report frame containing information about the network security L2 switch is generated based on the mode bus (MODBUS) protocol and provided to the remote monitoring control device.
The remote monitoring control device is
The remote monitoring control system using the network security L2 switch according to claim 7, wherein the state of the network security L2 switch is monitored and controlled based on the status report frame provided by the network security L2 switch. The remote monitoring control device is
The status report frame is analyzed based on the mode bus (MODBUS) protocol, and the item code and data value included in the mode bus data of the status report frame are compared with the lookup table for the network security. The remote monitoring and control system using the network security L2 switch according to claim 8, which recognizes the items of information related to the L2 switch and the contents thereof.

Images