基于电力云边协同的非侵入式Modbus TCP协议安全增强方法

doi:10.11930/j.issn.1004-9649.202401006

中国电力 ›› 2024, Vol. 57 ›› Issue (9): 53-60.DOI: 10.11930/j.issn.1004-9649.202401006

• 面向电力基础设施的跨域攻击威胁与防御 • 上一篇下一篇

基于电力云边协同的非侵入式Modbus TCP协议安全增强方法

何涂哲秋¹(), 徐子东¹, 车欣², 张镇勇¹()

1. 省部共建公共大数据国家重点实验室（贵州大学计算机科学与技术学院），贵州贵阳　550025
2. 浙江大学控制科学与工程学院，浙江杭州　310027

收稿日期:2024-01-02 接受日期:2024-06-14 出版日期:2024-09-28 发布日期:2024-09-23
作者简介:何涂哲秋（1999—），男，硕士研究生，从事控制系统协议安全分析与逆向工程研究，E-mail：auyuwhale@gmail.com
张镇勇（1991—），男，通信作者，博士，教授，从事信息物理系统安全、工控系统安全、智能电网安全、人工智能安全等科研工作，E-mail：zyzhangnew@-gmail.com
基金资助:
国家自然科学基金资助项目（面向信息物理协同攻击的负载频率控制系统安全防御研究，62303126；基于多源密态数据的隐私保护神经网络模型，62362008）；贵州省基础研究计划（自然科学）一般项目（面向智能电网状态估计的信息物理攻防建模及防御成本优化研究，ZK〔2022〕149）；贵州省教育厅高等学校科学研究项目（青年项目）（面向大数据赋能的电网稳定性评估系统脆弱性研究，黔教技〔2022〕104号）。

A Non-intrusive Method for Enhancing the Security of Modbus TCP Protocol Based on Cloud-Edge Collaboration in Distributed Resources

Zheqiu HETU¹(), Zidong XU¹, Xin CHE², Zhenyong ZHANG¹()

1. State Key Laboratory of Public Big Data (College of Computer Science and Technology, Guizhou University), Guiyang 550025, China
2. State Key Laboratory of Industrial Control Technology and College of Control Science and Engineering, Zhejiang University, Hangzhou 310027, China

Received:2024-01-02 Accepted:2024-06-14 Online:2024-09-28 Published:2024-09-23
Supported by:
This work is supported by National Natural Science Foundation of China (A Defense Framework Against the Coordinated Cyber-physical Attack on Load Frequency Control, No.62303126，A Privacy Preserving Neural Network with Multi-source Encrypted Data, No.62362008)，Guizhou Provincial Science and Technology Projects (Research on Cyber-Physical Attack and Defense of State Estimation in Smart Grid, No.ZK[2022]149), Guizhou Provincial Research Project (Youth) for Universities under grant (Research on the Vulnerability of Power Grid Stability Assessment System Empowered by Big Data, No.[2022]104)

摘要/Abstract

摘要：

分布式电源（distributed resources，DR）中智能边缘设备数据传输的安全问题为电力系统带来了安全隐患。Modbus TCP（transmission control protocol）协议作为边缘设备采用的通信手段之一，其协议安全性的不足使得系统易遭到网络空间的攻击。为保障电力设备数据传输安全，对现有安全手段进行整理，分析现有安全手段在DR应用场景下的不足，提出一种非侵入式Modbus TCP协议安全增强方法。该方法采用云边协同的架构，利用电力控制中心云平台管理访问控制原则，将实际访问控制决策模块部署在边缘设备，并通过细粒度的访问控制组合限制恶意行为。依据Modbus协议参考指南，搭建DR应用场景进行渗透测试，验证该方法能有效防御重放攻击和中间人攻击，可将安全开销控制在百微秒以内，显著优于其他安全手段，满足DR对实时性的需求。

关键词: Modbus TCP协议, 协议安全, 分布式电源, 访问控制

Abstract:

The security problem of data transmission from smart edge devices in distributed resources (DR) brings hidden risks for power system. The Modbus TCP (transmission control protocol) is a commonly used communication method for edge devices, but its flawed security design makes the system vulnerable to cyber-attacks. In this paper, based on a review of the existing security methods, we analyzed their shortcomings under DR application scenarios, and proposed a non-intrusive Modbus TCP security enhancement method. The method adopts an architecture of cloud-edge collaboration, and uses the cloud platform of the power control center to manage access control principles, and deploys the actual access control module in the edge devices to restrict malicious behaviours through fine-grained access control combinations. Finally, based on the Modbus protocol reference guide, a DR application scenario was built for penetration testing. It was proved that the proposed method can effectively defend against the replay attacks and man-in-the-middle attacks in this scenario, and the time cost is within a hundred microseconds.

Key words: Modbus TCP protocol, protocol security, distributed resources, access control

何涂哲秋, 徐子东, 车欣, 张镇勇. 基于电力云边协同的非侵入式Modbus TCP协议安全增强方法[J]. 中国电力, 2024, 57(9): 53-60.

Zheqiu HETU, Zidong XU, Xin CHE, Zhenyong ZHANG. A Non-intrusive Method for Enhancing the Security of Modbus TCP Protocol Based on Cloud-Edge Collaboration in Distributed Resources[J]. Electric Power, 2024, 57(9): 53-60.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202401006

https://www.electricpower.com.cn/CN/Y2024/V57/I9/53

图/表 9

图 1 Modbus TCP协议安全增强架构

Fig.1 The security enhancement architecture of Modbus TCP protocol

图 2 安全增强模块SEM逻辑位置

Fig.2 The logical location of the security enhancement module

表 1 访问控制要素

Table 1 The elements of access control

控制属性	属性描述	取值空间
rid	访问策略标识符	整型
fc	防护功能码	0x01~0x08 0x0 F、0x5 A
type	防护数据对象	Discretes Input Coils Input Registers Holding Registers
default	策略状态	开启/关闭
timeStart	策略生效时间	用户自定义
timeEnd	策略失效时间	用户自定义
adrStart	地址约束起点地址	用户自定义
adrEnd	地址约束终点地址	用户自定义

图 3 分布式电源场景下的测试网络拓扑结构

Fig.3 Topology for testing over a DR network

表 2 攻击模式设计

Table 2 Patterns of attacks

手段	攻击模式	拦截因子
重放攻击	恶意第三方截获数据，并在某一时刻再次发送	时间约束
中间人攻击	恶意第三方截获数据，执行恶意操作	功能码
中间人攻击	恶意第三方截获数据，访问敏感信息	访问地址

图 4 设备拒绝非法访问

Fig.4 Rejection of illegal access

图 5 功能码访问控制时间开销

Fig.5 Time consumption of function-code-based access control scheme

图 6 地址访问控制时间开销

Fig.6 Time cost of address-based access control scheme

表 3 安全方案时间开销对比

Table 3 Time consumption comparison

方案名	测试对象	平均时间开销/ms	标准差
SEM	0x01	0.045	0.012
RBAC^[15]	0x01	0.440	0.230
Modbus TLS^[12]	0x01	0.170	—

参考文献 26

1	ORTIZ N, CARDENAS A A, WOOL A. A taxonomy of industrial control protocols and networks in the power grid[J]. IEEE Communications Magazine, 2023, 61 (6): 21- 27. DOI
2	OCHIAI H, HOSSAIN M D, CHIRUPPHAPA P, et al. Modbus/RS-485 attack detection on communication signals with machine learning[J]. IEEE Communications Magazine, 2023, 61 (6): 43- 49. DOI
3	SRIDHAR S, HAHN A, GOVINDARASU M. Cyber–physical system security for the electric power grid[J]. Proceedings of the IEEE, 2012, 100 (1): 210- 224. DOI
4	SALODKAR P, NANDANWAR S, SAWARKAR S. Communication between energy meters and PLC based on modbus protocol[C]//2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT). Delhi, India. IEEE, 2023: 1–7.
5	MOHAMMED A S, SAXENA N, RANA O. Wheels on the modbus - attacking ModbusTCP communications[C]//Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks. San Antonio TX USA. ACM, 2022: 288–289.
6	杨国泰, 王宇飞, 罗剑波, 等. 电力CPS信息网络脆弱性及其评估方法[J]. 中国电力, 2018, 51 (1): 83- 89.
	YANG Guotai, WANG Yufei, LUO Jianbo, et al. Electric CPS information network vulnerability and assessment method[J]. Electric Power, 2018, 51 (1): 83- 89.
7	HUITSING P, CHANDIA R, PAPA M, et al. Attack taxonomies for the Modbus protocols[J]. International Journal of Critical Infrastructure Protection, 2008, 1, 37- 44. DOI
8	ZHANG Z Y, DENG R L, YAU D K Y, et al. Analysis of moving target defense against false data injection attacks on power grid[J]. IEEE Transactions on Information Forensics and Security, 2020, 15, 2320- 2335. DOI
9	何金栋, 王宇, 赵志超, 等. 智能变电站嵌入式终端的网络攻击类型研究及验证[J]. 中国电力, 2020, 53 (1): 81- 91.
	HE Jindong, WANG Yu, ZHAO Zhichao, et al. Type and verification of network attacks on embedded terminals of intelligent substation[J]. Electric Power, 2020, 53 (1): 81- 91.
10	ZHANG Z Y, DENG R L, YAU D K Y, et al. Zero-parameter-information data integrity attacks and countermeasures in IoT-based smart grid[J]. IEEE Internet of Things Journal, 2021, 8 (8): 6608- 6623. DOI
11	DENG R L, XIAO G X, LU R X, et al. False data injection on state estimation in power systems—attacks, impacts, and defense: a survey[J]. IEEE Transactions on Industrial Informatics, 2017, 13 (2): 411- 423. DOI
12	FOVINO I N, CARCANO A, MASERA M, et al. Design and implementation of a secure modbus protocol[M]//IFIP Advances in Information and Communication Technology. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009: 83–96.
13	YI F M, ZHANG L, YANG S M, et al. A security-enhanced modbus TCP protocol and authorized access mechanism[C]//2021 IEEE Sixth International Conference on Data Science in Cyberspace (DSC). Shenzhen, China. IEEE, 2021: 61–67.
14	FERST M K, DE FIGUEIREDO H F M, DENARDIN G, et al. Implementation of secure communication with modbus and transport layer security protocols[C]//2018 13th IEEE International Conference on Industry Applications (INDUSCON). São Paulo, Brazil. IEEE, 2018: 155–162.
15	FIGUEROA-LORENZO S, AÑORGA J, ARRIZABALAGA S. A role-based access control model in modbus SCADA systems. A centralized model approach[J]. Sensors (Basel), 2019, 19 (20): E4455. DOI
16	HUPP W, HASANDKA A, DE CARVALHO R S, et al. Module-OT: a hardware security module for operational technology[C]//2020 IEEE Texas Power and Energy Conference (TPEC). College Station, TX, USA. IEEE, 2020: 1–6.
17	LIN Y C, LIN C F, CHEN K H. Security enhancement of industrial Modbus message transmission with proxy approach[C]//2021 IEEE 3rd Eurasia Conference on IOT, Communication and Engineering (ECICE). Yunlin, Taiwan, China. IEEE, 2021: 90-95.
18	高魏轩. 基于Modbus协议的工业控制系统信息安全主动防御系统设计与实现[D]. 西安: 西安电子科技大学, 2018: 1–81.
	GAO Weixuan. Design and implementation of industrial control system information security active defense system based on Modbus protocol[D]. Xi’an: Xidian University, 2018: 1–81.
19	KATULIC F, SUMINA D, ERCEG I, et al. Enhancing modbus/TCP-based industrial automation and control systems cybersecurity using a misuse-based intrusion detection system[C]//2022 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM). Sorrento, Italy. IEEE, 2022: 964–969.
20	王林浩, 吴桂初, 戴翀, 等. 智能断路器中Modbus/TCP协议的实时性能测试[J]. 中国电力, 2015, 48 (12): 6- 11.
	WANG Linhao, WU Guichu, DAI Chong, et al. Research and testing of real-time performance of modbus/TCP protocol[J]. Electric Power, 2015, 48 (12): 6- 11.
21	席禹, 林冬, 于力, 等. 一种基于生物特征的电力系统安全认证协议[J]. 广东电力, 2022, 35 (10): 83- 90.
	XI Yu, LIN Dong, YU Li, et al. Biometric based security authentication protocol for power system[J]. Guangdong Electric Power, 2022, 35 (10): 83- 90.
22	杨晋祥, 彭勇刚, 蔡田田, 等. 面向边缘计算的电力终端轻量级认证协议[J]. 中国电力, 2023, 56 (4): 88- 94.
	YANG Jinxiang, PENG Yonggang, CAI Tiantian, et al. Power terminal lightweight authentication protocol for edge computing[J]. Electric Power, 2023, 56 (4): 88- 94.
23	程钎, 陈羽, 孙伶雁. 考虑服务配置的细粒度电力任务云边协同优化调度策略[J]. 电力系统保护与控制, 2023, 51 (7): 53- 62.
	CHENG Qian, CHEN Yu, SUN Lingyan. Cloud-edge collaborative optimization scheduling strategy for fine-grained power tasks considering service configuration[J]. Power System Protection and Control, 2023, 51 (7): 53- 62.
24	彭鹏, 薛东. 基于边缘代理的云边协同物联网框架设计及其应用研究[J]. 广东电力, 2023, 36 (5): 18- 26.
	PENG Peng, XUE Dong. Research on design of cloud side collaborative IOT framework based on edge agent and its application[J]. Guangdong Electric Power, 2023, 36 (5): 18- 26.
25	刘林彬, 苗泉强, 李俊娥. 基于模糊测试的GOOSE协议解析漏洞挖掘方法[J]. 中国电力, 2022, 55 (4): 33- 43.
	LIU Linbin, MIAO Quanqiang, LI June. A method for mining GOOSE protocol parsing vulnerabilities based on fuzzing[J]. Electric Power, 2022, 55 (4): 33- 43.
26	The Modbus Organization. Modicon modbus protocol reference guide[EB/OL]. (1996-06)[2023-10-25]. https://modbus.org/docs/PI_MBUS_300.pdf.

[1]	彭寒梅, 尹棠, 肖千皓, 谭貌, 苏永新, 李辉. 高比例分布式电源配电网中低压柔性互联协调规划[J]. 中国电力, 2024, 57(8): 117-129.
[2]	徐峰亮, 王克谦, 王文豪, 王鹏, 王焕昌, 张帅, 赵凤展. 计及运行灵活性的中压配电系统源-网-储协同扩展规划[J]. 中国电力, 2024, 57(7): 98-108.
[3]	凡鹏飞, 李宝琴, 侯江伟, 李嵘, 宋崇明, 林凯骏. 配电网分布式电源经济可承载力评估[J]. 中国电力, 2024, 57(7): 196-202.
[4]	王家武, 赵佃云, 刘长锋, 陈康, 张玉敏. 基于目标级联法的多主体主动配电网自治协同优化[J]. 中国电力, 2024, 57(7): 214-226.
[5]	罗美玲, 马英, 黄伟兵, 孟令昆, 于晓军, 郑涛. 计及电压幅值检测延时及相位跳变的IIDG故障电流解析计算[J]. 中国电力, 2024, 57(2): 72-81.
[6]	叶畅, 伊华茂, 朱炯达, 赵晶晶, 吴炼. 考虑灵活性供需平衡及响应速度的分布式电源集群划分方法[J]. 中国电力, 2023, 56(2): 150-156.
[7]	谢学渊, 刘潇潇, 李超, 胡资鹏, 刘铠, 陈涛. 考虑分布式电源和电动汽车集群调度的配电网络重构[J]. 中国电力, 2023, 56(1): 119-125.
[8]	张黎明, 李浩, 吴亚雄, 高崇, 张俊潇, 刘涌. 基于运行优化的含储能电力系统可靠性评估方法[J]. 中国电力, 2022, 55(9): 23-28.
[9]	杨作祥, 王晶晶, 吴江, 唐莎莎, 侯斌. 计及源荷不确定性的配电网综合节能潜力评估方法[J]. 中国电力, 2022, 55(8): 151-156,164.
[10]	党彬, 邹启群, 张滨, 付东, 尤梦凯, 乐健. 基于HSA-PSO的配电网源-储协同优化控制方法[J]. 中国电力, 2022, 55(4): 63-69.
[11]	赵一男, 宋斌, 钱振宇, 李顺昕. 未来配电网的分布式形态及规划方法[J]. 中国电力, 2022, 55(4): 70-77.
[12]	陈卫东, 郭敏, 吴宁, 奉斌. 基于图像匹配的微电网负荷响应分布式电源波动控制方法[J]. 中国电力, 2022, 55(3): 57-63,73.
[13]	杨亘烨, 孙荣富, 丁然, 徐海翔, 陈璨, 吴林林, 陈奇芳, 夏明超. 计及光伏多状态调节能力的配电网多时间尺度电压优化[J]. 中国电力, 2022, 55(3): 105-114.
[14]	张燕, 乔松博, 徐奇锋, 俞静. 基于纳什议价理论的分布式绿色电力交易优化分析[J]. 中国电力, 2022, 55(12): 168-178.
[15]	王巍璋, 王淳, 尹发根. 基于可达矩阵和贝叶斯定理的含分布式电源的配电网故障区段定位[J]. 中国电力, 2021, 54(7): 93-99,124.

基于电力云边协同的非侵入式Modbus TCP协议安全增强方法

A Non-intrusive Method for Enhancing the Security of Modbus TCP Protocol Based on Cloud-Edge Collaboration in Distributed Resources

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 26

相关文章 15

编辑推荐

Metrics

模态框（Modal）标题

基于电力云边协同的非侵入式Modbus TCP协议安全增强方法

A Non-intrusive Method for Enhancing the Security of Modbus TCP Protocol Based on Cloud-Edge Collaboration in Distributed Resources

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 26

相关文章 15

编辑推荐

Metrics