工业控制系统安全性分析及通讯协议增强设计

doi:10.11930.2015.8.150

中国电力 ›› 2015, Vol. 48 ›› Issue (8): 150-154.DOI: 10.11930.2015.8.150

工业控制系统安全性分析及通讯协议增强设计

张波，赵婷，徐兴坤，赵晋文

中国电力科学研究院，北京 100192

收稿日期:2015-04-27 出版日期:2015-08-25 发布日期:2015-11-25
作者简介:张波（1984—），男，河南沁阳人，助理工程师，从事网络与信息安全、操作系统与数据库安全研究。E-mail: zhangbo@epri.sgcc.com.cn
基金资助:
国家高科技研究发展计划（863计划）资助项目（2012AA050804）

Safety Analysis of Industrial Control System and Improvement of Communication Protocol Design

ZHANG Bo, ZHAO Ting, XU Xingkun, ZHAO Jinwen

China Electric Power Research Institute, Beijing 100192, China

Received:2015-04-27 Online:2015-08-25 Published:2015-11-25
Supported by:
National High Technology Research and Development Program of China (863 Program) (No. 2012AA050804).

摘要/Abstract

摘要： 随着越来越多工业控制系统（ｉｎｄｕｓｔｒｉａｌｃｏｎｔｒｏｌｓｙｓｔｅｍ，ICS）安全事件的曝光，如何防护ICS的安全已经引起了广泛的关注。然而对于ICS安全防护的研究还主要停留在理论研究和防护体系层面，缺少可以快速建立的、能够降低关键风险的具体防护措施。首先抽象出ICS通信模型，梳理ICS面临的安全风险和威胁，明确了最急迫和关键的安全需求，然后在不影响功能、效率，以及能够快速部署的前提下，设计了一种通信安全增强方案，包括对关键通信报文进行单向的身份认证和完整性检验，并结合了时间戳机制和登记机制。最后通过对增强方案的安全分析，证明其能够抵御伪装、篡改和重放等常见攻击。

关键词: 工业控制系统, 安全性分析, 协议增强, 身份认证, 重放攻击

Abstract: Due to the increase of industrial control system(ICS) security accidents, cyber security in ICS has been greatly concerned in recent years. However, the research on cyber security protection still remains in the theoretical stage. A prevention measure that can be rapidly built and can reduce the key risks is urgently required. In this paper, a communication model of ICS is firstly established. Based on the model, the security risks and threats of ICS are in-vestigated, and the top urgent and critical security needs are clarified. Moreover, a corresponding security enhancing scheme is proposed with the system function and efficiency unaffected. Based on the one-way identity authentication and integrity checking of the key communication messages and combining with the timestamp checking mechanism and the registration mechanism, the proposed scheme is proved to be able to resist the camouflage, tampering, replay attacks and other common attacks, which can satisfy the system security requirements.

Key words: industrial control system, security analyses, security enhance, identity authentication, replay attack

中图分类号:

张波，赵婷，徐兴坤，赵晋文. 工业控制系统安全性分析及通讯协议增强设计[J]. 中国电力, 2015, 48(8): 150-154.

ZHANG Bo, ZHAO Ting, XU Xingkun, ZHAO Jinwen. Safety Analysis of Industrial Control System and Improvement of Communication Protocol Design[J]. journal1, 2015, 48(8): 150-154.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930.2015.8.150

https://www.electricpower.com.cn/CN/Y2015/V48/I8/150

参考文献

[1] 华镕. 工业控制系统与信息技术系统的比较[J]. 自动化博览，2014（2）：48－49．
HUA Rong. Comparison of industrial control systems and IT systems [J]. Automation Panorama 2014(2): 48-49.
[2] 余勇，林为民. 工业控制SCADA系统的信息安全防护体系研究[J]. 信息网络安全，2012，51（5）：74－77．
YU Yong, LIN Weimin. Study on industrial control SCADA system’s information security protection system[J]. Netinfo Security 2012, 51(5): 74-77.
[3] 张帅. 工业控制系统安全风险分析[J]. 信息安全与通信保密，2012（3）：22-26.
ZHANG Shuai. Industrial control systems security risk analysis[J]. Information Security and Communications Privacy, 2012(3):22-26.
[4] ENISA. Protecting industrial control systems[R]. Heraklion:Recommendations for Europe and Member States, 2012: 6-15.
[5] 李战宝，张文贵，潘卓．美国确保工业控制系统安全的做法及对我们的启示[J]．信息网络安全，2012，51（8）：51－53．
LI Zhanbao, ZHANG Wengui, PAN Zhuo． American ways of ensuring SCADA security and its revelation to our country [J]．Netinfo Security, 2012, 51(8): 51-53．
[6] 梁潇，高昆仑，徐志博，等．美国电力行业信息安全工作现状与特点分析[J]．电网技术，2011，35（12）：226－227．
LIANG Xiao, GAO Kunlun, XU Zhibo, et al． A survey on cybersecurity of U．S．electric power industry[J]． Power System Technology, 2011, 35(12): 226-227．
[7] GUO B, ZHANG D, WANG Z. Living with internet of things: the emergence of embedded intelligence[C]//Proc. of the 2011 IEEE International Conference on Cyber, Physical, and Social Computing. Dalian, China: 2011.
[8] 冯小安，祁兵．电力信息系统安全体系的构建[J]．电网技术，2008，32（Ｓ1）：77－80．
FENG Xiaoan, QI Bing． Security architecture construction for power information systems [J]． Power System Technology, 2008, 32(S1): 77-80．
[9] STOUFFER K, FALCO J, SCARFONE K. Guide to industrial control systems (ICS) security [S]. American: NIST, 2011.
[10] RALSTON P A S. Cyber security risk assessment for SCADA and DCS networks[C]//ISA Transactions 46, 2007: 583-594.
[11] JOYE M． Fast point multiplication on elliptic curves without precomputation[C]//Proc of the 2nd International Workshop on Arithmetic of Finite Fields. 2008．
[12] 赵婷，高昆仑，郑晓崑，等. 智能电网物联网技术架构及信息安全防护体系研究[J]. 中国电力，2012，45（5）： 87－90．
ZHAO Ting, GAO Kunlun, ZHENG Xiaokun, et al. Research on technical framework and cyber security protection system of IOT in smart grid [J]. Electric Power, 2012, 45(5): 87-90.
[13] 王宇飞，徐志博，王婧. 层次化电力信息网络威胁态势评估方法[J]. 中国电力，2013，46（7）：121－125．
WANG Yufei, XU Zhibo, WANG Jing. Hierarchical cyber-threat situation evaluation method for electric power information network[J]. Electric Power, 2013, 46(7): 121-125.

工业控制系统安全性分析及通讯协议增强设计

Safety Analysis of Industrial Control System and Improvement of Communication Protocol Design

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

[1]	邱帆, 陈兰兰, 林楠, 左黎明. 基于SM9的配电网Modbus报文安全性分析及改进[J]. 中国电力, 2019, 52(10): 18-25.
[2]	李佳玮，郝悍勇，李宁辉. 工业控制系统信息安全防护[J]. 中国电力, 2015, 48(10): 139-143.

模态框（Modal）标题

工业控制系统安全性分析及通讯协议增强设计

Safety Analysis of Industrial Control System and Improvement of Communication Protocol Design

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics