CN1312880C - TCP/IP based method and system for realizing safety strategy for industrial control networks - Google Patents
TCP/IP based method and system for realizing safety strategy for industrial control networks Download PDFInfo
- Publication number
- CN1312880C CN1312880C CNB2004100216727A CN200410021672A CN1312880C CN 1312880 C CN1312880 C CN 1312880C CN B2004100216727 A CNB2004100216727 A CN B2004100216727A CN 200410021672 A CN200410021672 A CN 200410021672A CN 1312880 C CN1312880 C CN 1312880C
- Authority
- CN
- China
- Prior art keywords
- icn
- security
- message
- network
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a TCP/IP industrial control network security policy implementation method and a system which realizes the TCP/IP industrial control network safety. The present invention comprises: an ICN Header is added in IP layers to define a frame format of ICN; creative structure of the ICN Header is provided; a processing method of the ICN Header is introduced. The present invention provides a concept of a security function block for the first time, defines the structure of the security function block and realizes a principle, the present invention provides one or more security service processes for an application program by the configuration of the security function block, and realizes communication security between two devices. The present invention adopts a hierarchical security policy of a TCP/IP industrial control network, and the hierarchical security policy comprises a security policy of field device layer networks, a safety measure of process monitoring layer networks, and a security policy of management layer networks.
Description
Technical field
The present invention relates to the communication technology, computer technology and automatic control technology, specifically is a kind of security strategy implementation method of the industrial control network based on ICP/IP protocol and the system that adopts this method thereof.
Background technology
With fieldbus in the past is that dedicated network is different, Ethernet, WLAN (wireless local area network), bluetooth etc. have all obtained or have obtained extensive and successful application based on the network technology of ICP/IP protocol in the business computer field, and directly apply to communication between industrial field device gradually, formation is based on the industrial control network (abbreviate the ICN network here as, ICN is Industrial Control Network) of TCP/IP.Like this, thing followed industrial control network safety problem also becomes the problem that vast industry control expert and user are concerned about very much.
Based on the Ethernet of TCP/IP have open good, software and hardware resources enriches, be widely used and lower-price characteristic, after communication between factory's field apparatus and control realize based on ethernet technology, industrial control network based on Ethernet is connected with computer network again, causes appearance new, a series of safety problems.Because in such architecture, automation cell is as the IP expansion of the Intranet of whole factory or enterprise, each be connected to the automation cell network instrument device can both with other any instrument or the compunication in the network, this will make the visit that can initiate instrument and meter for automation Network Based anywhere.
As an open system, its potential security risk is inevitable.Therefore, ICN device fabrication producer must take necessary security measure and instrument, to guarantee operating system, resource and the normal production order that protection is inner safely in this open environment.The ICN system safety mainly solves the safety issue of Industrial Ethernet internal resource and data communication, moves normally with safeguards system, or can promptly find when under attack and take corresponding safety measure, makes the security loss of system reduce to minimum.And after under attack, can promptly recover.
As shown in Figure 1, the message identification define method of ETHERNET POWERLINK Standardization Group and 65C/314/RVN is by revising its TYPE or LENGTH field in the frame format of link layer, to be different from existing type definition field, as its type of message sign.Suppose the sign that we are used as ICN by TYPE in the frame format of revising link layer or LENGTH field, then because the particularity of link layer in the network, promptly under different medium and different link layer protocols, its frame format encapsulation has nothing in common with each other.As in Ethernet II, being type field, be used to refer to the contained upper-layer protocol of Ethernet intraframe data; And be length field in IEEE802.3, the minimum value of this field is 46, maximum is 1500.Therefore, we all need a pilot process (perhaps other treatment measures) each physical medium, different frame formats are converted into form shown in Figure 1, to guarantee the consistency of whole architecture.This must bring the time overhead and the space expense of processing procedure.Frame format after the conversion must need for corresponding special numerical value of LEGHT/TYPE Field Definition, is an ICN protocol data frame that is based upon on certain physical medium to identify this.But the big numerical quantity of the LENGTH/TYPE field of having used up in the ethernet frame, simultaneously some other procotol also at this field used up some numeric ratios such as Internetwork Packet Exchange etc., so just the problem that this field value is used up may occur.In addition,, just need again the assignment definition, bring the problem of autgmentability whenever a kind of physical network of compatibility.Network technologies such as wireless, bluetooth must be carried out mutual communication according to its underlying protocol, if made the form of Fig. 1 into, the communication frame that is equal to data link layer between their inside also must be made amendment according to the communication format of ICN protocol frame, and this can be described as and can not realize.Therefore, if revise herein, at first be to have increased complexity, and may have compatibility issue (promptly to utilize the protocol violation of this field with other) as bluetooth, 802.11 etc.; Secondly, will pay attention to, and the form of expression of the non-general format of frame format has also limited the versatility that is revised as after ICN identifies here at different link-layer frame forms; Moreover, also need consider different types of application of ICN sign and to problems such as quoting of upper-layer protocol.
The content of invention
For industrial control network system based on TCP/IP, different according to networking plan and application level, generally can be divided into scene equipment level, supervisory layers and management level, should be according to based on the security risk of the industrial control network systems face of TCP/IP and the level of appearance thereof, with the attack classification that may be subjected to, different security strategy and measure are implemented in classification.Take all factors into consideration the real-time of industrial control network communication, the finiteness and the safety management problem of field apparatus resource, the present invention is from three network layers such as scene equipment level, process monitoring layer and management level, considers based on the layered security strategy implementation method of the industrial control network of TCP/IP and adopts the system of this method.We utilize the frame format that adds ICNHeader definition ICN at the IP layer, by Promethean ICNHeader structure, application safety functional block technology can solve industrial control network safety problem based on TCP/IP effectively in conjunction with other existing network and information security method.
At first, set up the ICN traffic model, get its physical layer, data link layer, network layer, transport layer, application layer, and on application layer, increase client layer, and, constitute the traffic model of six layers of structure altogether at network layer and transport layer increase ICN real time communication management interface.And, promptly add ICNHeader and define the ICN frame format at the IP layer by IP message extension mechanism definition ICN frame format standard, extendible.Original ip datagram is formatted as the IP datagram that adds the ICN prefix, increases header ICNHeader, change the IP agreement position of IP stem into ICN sign position.ICNHeader makes related definition to header, defines the ICN frame format at an IP layer ICNHeader that joins message, and has proposed Promethean ICNHeader structure.
Secondly, adopted the safety function piece, provide one or more security service processes for an application program,, realized the secure communication between two equipment safety function piece configuration by definition safety function piece.Security service mapping based on the security service functional block comprises incident input (event input), incident output (event output), data inputs (datainput) and data outputs (data output).
To the layered security strategy based on the industrial control network of TCP/IP, emphasis is the security strategy of field apparatus layer network and the safety measure of process monitoring layer network.
The security strategy of field apparatus layer network comprises:
1) increase access code in ICN equipment link object properties, this password need be placed in the ICN message, with the represented link communication relation of protection linked object.This password is specified by the user when system configuration, does not allow online modification,
2) increase ICNHeader, realize by heading:
A) by packet filtering (checking this heading), identification ICN message and the visit of non-ICN message,
B) timestamp control and other safety measure are selected by the user;
The security strategy of process monitoring layer network comprises:
1) in ICN bridge equipment linked object attribute, increase access code,
2) increase ICNHeader, realize by heading:
A) by packet filtering (checking this heading), identification ICN message and the visit of non-ICN message,
B) select time stabs controlling mechanism,
C) other safety measure is selected by the user;
3) definition ICN safety function piece, the safety function piece is the functional block of standard, it only carries out safe handling to ICN application layer message;
The security strategy of management level network comprises: the management level network relates to the across a network visit of ICN network and non-ICN network; realize jointly by ICN agency and fire compartment wall, according to the character of ICN system, select for use various existing communication security technology to guarantee the safety of whole network according to the regulation of " State Standard of the People's Republic of China---computer information system class of security protection criteria for classifying ".
The beneficial effect that the present invention obtains:
At first, agreement is simple, realizes that easily overhead is little, and real-time is good.
Secondly, extensibility is good, can arbitrarily expand with the development of network layer protocol, and can the compatible easily following network layer protocol.
The 3rd, directly envelope will become the IP agreement, and promptly except that 8 bit protocol fields in the IP protocol header increased the ICN sign, other did not make an amendment, and can equally with other IP datagram transmit.Therefore so long as the underlying protocol of standard I P compatibility (comprise different physical mediums, as 802.3/802.11/802.15 etc.), can both proper communication, do not need to change.
The 4th, particularly solved the safety problem of ICN agreement.It needn't concentrate higher level to realize a large amount of security protocols, and network layer provides security service to improve safety guarantee for it and upper strata host-host protocol (comprising TCP and UDP etc.) " seamless ".Simultaneously, compatible good, the network layer support realizes VPN and Intranet easily based on the safety of subnet.
Description of drawings
Fig. 1 represents the structural representation that identifies the ICN message by TYPE in the frame format of revising link layer or LENGTH field
Fig. 2 represents the layered security policy construction schematic diagram based on the industrial control network of TCP/IP
Fig. 3 represents the ICN traffic model
Fig. 4 represents the structure of ICNHeader
Fig. 5 represents safety function block models schematic diagram
Fig. 6 represents ICN system safety communications framework schematic diagram
Fig. 7 represents security service execution control table ECC
Fig. 8 represents that the safety function block algorithm calls the state machine diagram of carrying out control table
Embodiment
For industrial control network system based on TCP/IP, different according to networking plan and application level, generally, scene equipment level, supervisory layers and management level can be divided into, different technical safety measuress should be taked different application levels from the topological structure of system.
As shown in Figure 2, generally can be divided into field level networks based on the industrial control network system of TCP/IP (is made of field apparatus, to realize that field control is the main purpose network), three levels of monitoring level network (realizing the interconnected of equipment such as field level networks, active station, engineer station, ICN agency) and management level network (on the monitoring level network, with management and be scheduling to the main purpose network).
1. the safety measure of field apparatus layer network
Safety protecting mechanism between the field apparatus on the same ICN network segment generally can guarantee the safety of network segment inside by the ICN bridge, and simultaneously, equipment room also can adopt following safety protecting mechanism.
1) increase access code (two bytes) in ICN equipment link object properties, this password need be placed in the ICN message, with the represented link communication relation of protection linked object.This password is specified by the user when system configuration, does not allow online modification.
2) increase ICN heading (ICNHeader), realize by heading:
A), thereby give different operational processes authorities by packet filtering (checking this heading) identification ICN message and the visit of non-ICN message.
B) whether adopt timestamp control and other safety measure to determine by the user.
2. the safety measure of process monitoring layer network
The supervisory layers network generally need be striden the ICN network segment and be communicated, and at this moment advises realizing the ICN network security protection jointly by ICN bridge and ICN agency, and safety protecting mechanism comprises.
1) in ICN bridge equipment linked object attribute, increases access code (two bytes).
2) increase ICN heading (ICNHeader), realize by heading:
A) by packet filtering (checking this heading), identification ICN message and the visit of non-ICN message, thus give different operational processes authorities.
B) timestamp controlling mechanism
C) whether adopt other safety measure to select by the user.
3) definition ICN safety function piece is by guaranteeing the information security of industrial control network to ICN functional block configuration.
3. the safety measure of management level network
The management level network relates to the across a network visit of ICN network and non-ICN network; suggestion realizes jointly by ICN agency and fire compartment wall, can be according to the character of ICN system, select for use various existing communication security technology to guarantee the safety of whole network according to " State Standard of the People's Republic of China---computer information system class of security protection criteria for classifying " regulation (GB17859-1999).
The setting of access code is provided with access code and is mainly used in the identification connecting object, to increase the communications security in the ICN field apparatus running.
Employing increases the secure ID field of one 4 byte in linked object, the value of this field generates a pair of cipher mark during by system configuration at random, is placed on respectively in communication initiator and recipient's the linked object.In system's running, if two functional block generation correspondences will judge earlier then whether this password mates, if coupling then prove legitimate correspondence otherwise is an illegal communication, other processes.
The linked object definition format is as follows:
| Sequence number | Attribute-name | The reading and writing attribute | Data type | Explanation |
| 1 | Link Object ID | Read-only | Unsigned 16 | The linked object identification number |
| 2 | LocalIPAddress | Reading and writing | Unsigned 16 | The local ip address of equipment; Be in an ICN equipment together as local and objective function piece instance objects, be that ServiceOperation is 0, then this attribute can be ignored |
| 3 | LocalPort | Reading and writing | Unsigned 16 | The port numbers of equipment; Be in an ICN equipment together as local and objective function piece instance objects, be that ServiceOperation is 0, then this attribute can be ignored |
| 4 | LocalAppID | Reading and writing | Unsigned 16 | Local function piece instance identification ID |
| 5 | LocalObjectID | Reading and writing | Unsigned 16 | Local element object sign ID |
| 6 | RemoteIPAddress | Reading and writing | Unsigned 16 | The IP address of remote equipment; Be in an ICN equipment together as local and objective function piece instance objects, then this attribute can be ignored; Use the broadcast or multicast mode as ICN service operations ServiceOperation, this attribute should be the broadcast or multicast group address |
| 7 | RemotePort | Reading and writing | Unsigned 16 | The port numbers of remote equipment; Be in an ICN equipment together as local and objective function piece instance objects, be that ServiceOperation is 0, then this attribute can be ignored |
| 8 | RemoteAppID | Reading and writing | Unsigned 16 | Remote functionality piece instance identification ID |
| 9 | RemoteObjectID | Reading and writing | Unsigned 16 | Long-range element object identity ID |
| 10 | ServiceOperation | Reading and writing | Unsigned 8 | The applied ICN service identifiers of linked object: 0---local links need not to call |
| The ICN service; Other---ICN application layer services sign ID | ||||
| 11 | ServiceRole | Reading and writing | Unsigned 8 | The role of native object in communication process: 0---sender (being used for the transmission of output parameter); 1---recipient's (being used for the reception of input parameter) |
| 12 | SaftyStr | Read | Unsigned 32 | Safe ciphertext |
The production method of safe ciphertext sign indicating number is recommended: combine with pseudo random number generating technique and internal clocking value, generate safe ciphertext sign indicating number.
We promptly adopt a kind of standard, extendible IP message extension mechanism in the identified problems of IP layer consideration ICN in the present invention, add ICNHeader and identify in the IP message.In addition, the ICN safety function piece of this definition provides flexible, configurable safety control strategy to the ICN network.ICN safety function piece can be different according to different security leveldefinitions security strategy, for user configuration, during user configuration ICN safety function piece as optional components for user configuration.
Figure 3 shows that the ICN traffic model, with reference to ISO/OSI communication reference model, get its physical layer, data link layer, network layer, transport layer, application layer, and on application layer, increase client layer (adopt IEC61499/61804 standard), and, constitute the traffic model of six layers of structure altogether at network layer and transport layer increase ICN real time communication management interface.And, promptly add ICNHeader and define the ICN frame format at the IP layer by IP message extension mechanism definition ICN frame format standard, extendible.Be illustrated in figure 4 as the structure of ICNHeader, original ip datagram is formatted as the IP datagram that adds the ICN prefix, increase header ICNHeader, change the IP agreement position of IP stem into ICN sign position.ICNHeader makes related definition to header, the explanation of ICNHeader structure:
Version number (VER): this 4 bit field has defined the version of ICN prefix, and version identification is provided.Current version is 1.
The safe mark position: be used to discern ICN message classification, it is defined as: 0000: the ICN message that does not add processing; 1000: adopt the ICN message of timestamp safe handling, 4 son joints of back expansion, as the timestamp field: 1001: based on the completeness check of timestamp, expansion 4 son joints in back are as the timestamp field; 1111: adopt the ipsec security scheme fully, extended field expands to the ipsec security prefix.
IP agreement position: 8 bit protocol fields of the IP stem of ICN prefix encapsulation are used in this 8 bit field definition, and are corresponding with the agreement position in the standard I P agreement.
Verification and: front 16 bits of ICNHeader part with radix-minus-one complement arithmetical operation addition, are obtained the result of one 16 bit, with this and negate sign indicating number, put into this field again.
Extended field: message is added timestamp when control or during with the ipsec security scheme, expands 4 bytes in the protocol type back of ICNHeader.These 4 bytes are during as the timestamp field, when this timestamp field is selected the safety function block algorithm at ICN, can discern that it is ageing, thereby guarantee safety.Certainly, this timestamp field must be passed through suitable encryption, the security algorithm of the different stage that defines in the optional safety function piece of its cryptographic algorithm.These 4 bytes during as ipsec security scheme field extended field expand to the ipsec security prefix.
By the ICN additional header, can discern ICN and non-ICN message, thus filtering packets.On the basis of ICN message, by the safe mark position, contact safety function piece through unpacking and the package process, reaches the enhancing purpose of safety.
Separate packet procedures:
ICN analyzes IP datagram in network layer, whether detect this datagram according to IP prefix protocol fields is the ICN message, not that the ICN message just handles according to normal IP datagram literary composition if detect, promptly give the upper-layer protocol shown in the 8 bit protocol fields in the IP stem and handle.If the ICN message is just transferred to the ICNHeader handling procedure with this message it is handled accordingly, then available thereafter and normal IP datagram literary composition processing mode is handled.
The package process:
The ICN application layer data passes to network layer, after the ICNHeader handling procedure copies the protocol type information in the IP head get off, add ICN version information, verification and, thereby form ICNHeader, and change protocol type in the IP head into certain value (for example 70).Then ICNHeader is added to the back of IP head, form new IP message.
The security service functional block can provide one or more security service processes for an application program, shines upon based on the security service of security service functional block to comprise incident input (event input), incident output (event output), data inputs (data input) and data outputs (data output).Provide one or more security service processes by definition safety function piece for an application program, thereby can realize two secure communications between the equipment by configuration.Safety function block structure model as shown in Figure 5.The resource of ICN is a logical device, and functional block itself just belongs to the part of resource, and the safety function piece is the functional block of standard, and it only carries out safe handling to ICN application layer message.The security service functional block utilizes one to carry out the execution that control table (ECC) comes the controlled function block algorithm.The external interface of security service functional block meets the basic function block type requirement of IEC 61499 standards, and the input and output of security service functional block have special semantic rules, and interface definition is identical with the service interface functional block.
Utilize the security service functional block to realize industrial control network safety basic ideas as shown in Figure 6.Promptly on needing between two equipment of secure communication safety function piece configuration to two equipment.When not needing secure communication, then need not the safety function piece is carried out configuration.ICN security service functional block is only handled as a kind of common functional block in the ICN system, meets the IEC61499 standard, as shown in Figure 6, has just encapsulated the safety control strategy algorithm therein.
ICN safety function piece provides flexible, configurable safety control strategy to the ICN network.ICN safety function piece can be different according to different security leveldefinitions security strategy, for user configuration.Select for use when ICN safety function piece supplies user configuration as optional components during user configuration.
The statement of security service event interface divides incident input (event input), incident output (event output).See Table 1 and table 2 respectively
The input of table 1 security service functional block incident
| Incident input (event input) |
| This incident input of INIT is the request primitive that the initialized security service of needs that is provided by security service functional block example is provided, and changes the request initialization such as the security strategy rank. |
| This incident input of REQ is the request primitive that the security service that is provided by security service functional block example is provided |
| This incident input of RSP is the response primitive that the security service that is provided by security service functional block example is provided |
The output of table 2 security service functional block incident
| Incident output (event output) |
| This incident output of INITO is to be mapped to the affirmation primitive that a security service initialize process indication is finished. |
| This incident output of CNF is that the request primitive that is provided by security service functional block example is provided |
| This incident output of IND is that the indication that is provided by security service functional block example is provided |
Security service data-interface statement divided data input (data input) and data outputs (data output).See Table 3 and table 4 respectively.
The input of table 3 security service functional block data
| Data inputs (data input) |
| This data input of QI:BOOL is the service primitive that is mapped to the incident input, changing request initialization event input INIT input such as the security strategy rank is TRUE, this request service initialization so, if FALSE, this asks out-of-service. |
| This dataware input of PARAMS:ANY comprises one or more and the related parameter of security service.If input is arranged, the safety function block type is described provide dtd and default initial value. |
| SD_1 ..., this data input of SD_m:ANY comprises and request and the related data of response primitive.Security service functional block type specification should provide the dtd of input and the default value of input. |
The output of table 4 security service functional block data
| Data outputs (data output) |
| This data input of QO:BOOL is the service primitive that is mapped to incident output, change the request initialization event such as the security strategy rank and confirm that INITO output is TRUE value representation security service success initialization, FALSE value indication security service initialization failure. |
| STATUS:ANY |
| The data type that the security service configuration that this data output is the output of generation incident is expressed. |
| RD_1 ..., this data output of RD_n:ANY comprises and the related data of indication.Security service functional block type specification should provide the dtd of output and the default value of output. |
Attention: default value can be set according to actual level of security needs.
The statement of security service algorithm:
The security service algorithm can be to satisfy the simple authentication algorithm that the Control Network real-time requires, and also can be the encrypt/decrypt scheduling algorithm based on PKI, private key structure that satisfies the public network transmission.Can adopt following algorithm:
1, completeness check algorithm
The completeness check algorithm must can detect by the algorithm of selecting for use unauthorized modification of ICN message and processing.Even the ICN message information arrives in correct mode, secure data still may be destroyed.Therefore data integrity is to meet the requirements of other basic part of the integrated level of safety.Adopt suitable method, such as parity check, frame check, Cyclic Redundancy Check and similar message redundant form can utilize.All these methods provide a cover to realize the bit error rate low method of residual error rate than supposition.A kind of Hamming that Quality Ensuring Mechanism is exactly this information (HD) distance that detects.Hamming distance has provided a message minimum number bits that this message must be damaged before breaking-up is detected.
Can select different algorithms to come the data integrity of bus system is estimated.These result of calculations may cause hardware and software design in the more effort that provide aspect the integrality, perhaps more effort of the reliability of The whole control system and evidence aspect.
2, communication security algorithm
ICN message by public network (Intranet of Internet or inter-network section etc.) transmission must pass through certain cryptographic algorithm, could guarantee that the ICN message is not monitored, and intercepts and captures etc.
1) simple identity identification during configuration
During the ICN network configuration, can select the security of operation functional block to carry out simple identification.For ICN equipment, its physics ID's is unique in whole system.Obtain device id by the safety function piece, examine the legitimacy of this ID in watch-dog, refusing anything but, the equipment in legitimate device ID database carries out configuration.Thereby reach the protection purpose.Certainly, can consider equipment physical I D is simply encrypted herein, such as regularly carrying out XOR with different isometric passwords, identification on this basis then, security reliability improves like this.
2) selection of cryptographic algorithm
In the use of current cryptographic algorithm, symmetrical block encryption algorithm is widely used.For triple des, IDEA, Blowfish, RC5, CAST and RC2 scheduling algorithm also can consider, adopt the soft encryption algorithm, and its computing requires than higher, can consider the safety function piece according to different situations.
3, the security strategy algorithm is carried out the control statement
The algorithm invokes sequence of security service functional block can be stated in functional block type standard.If security service functional block type algorithm meets communication security algorithm as mentioned above, the algorithm invokes sequence of security service functional block is to carry out the form of control table ECC, wherein ECC is by carrying out state of a control (EC state), and execution control is shifted (EC transition) and carried out control action (EC action) and form.The execution control table ECC of security service as shown in Figure 7.Security service functional block type is carried out an initialization algorithm when a dependent event takes place, such as the INIT algorithm.
4, the dispatching algorithm of security service algorithm
The plan function that relevant execution is requested the resource of calling with security service functional block example is planned the execution of algorithm operating.The functional apparatus that the algorithm invokes of the example of security service functional block type is handled by its execution control table (ECC) is finished.Carry out control table (ECC) operation and follow following rule:
1) resource must keep for each incident input (EI variable additional storage element) always.See as shown in Figure 8 incident input state machine 1 and its instruction card 1.
2) the ECC operation will be showed all state machine 2 and 2 li defined attributes of instruction card as shown in Figure 8.
3) the next jump condition of EC is finished EC state course own up to algorithm and just can be come into force.
| State | Condition | State | Condition | ||
| s0 | Waiting event | s0 | Idle | ||
| s1 | Wait for that ECC finishes | s1 | The plan algorithm |
| s2 | The wait algorithm is finished | ||||
| Shift | Condition | Operation | Shift | Condition | Operation |
| t0 | The output mapping | Do not have | t1 | Call ECC | The EI variable is set confirms that the input mapping status shifts |
| t1 | Incident arrives | The ECC call request | t2 | Do not have to shift and remove | Send incident |
| t2 | Incident arrives | Realization-independence | t3 | Shift and remove | The plan algorithm |
| t3 | The output mapping | Do not have | t4 | Algorithm is finished | Remove the EI variable EO variable state transitions is set |
Incident input state machine state and transfer ECC state machine state and transfer
5, the security service algorithm is carried out
The safety control strategy algorithm can be to satisfy the simple authentication algorithm that the Control Network real-time requires, and also can be the encrypt/decrypt scheduling algorithm based on PKI, private key structure that satisfies the public network transmission.The algorithm of security service functional block is carried out by the execution of the limited operation sequence of this algorithmic language and is formed.Wherein write algorithm and be the resource of execution and territory employing realization-independence (Implementation-dependent) principle of application.Terminating as of algorithm executes last operation in the sequence.If an algorithm is carried out a state machine, repeating of algorithm need recognize and can executing state change.
We promptly adopt a kind of standard, extendible IP message extension mechanism in the identified problems of IP layer consideration ICN in the present invention, add ICNHeader and identify in the IP message.In addition, the ICN safety function piece of this definition provides flexible, configurable safety control strategy to the ICN network.ICN safety function piece can be different according to different security leveldefinitions security strategy, for user configuration.ICN safety function piece supplies user configuration as optional components during user configuration.
More than just the preferred embodiments of the present invention explanation, protection scope of the present invention limits in conjunction with claim based on those skilled in the art's understanding.
Claims (10)
1, a kind of method that realizes based on the industrial control network safety of TCP/IP, set up the ICN traffic model, different according to networking plan and application level, be divided into scene equipment level, supervisory layers and management level, according to based on the security risk of the industrial control network systems face of TCP/IP and the level of appearance thereof, with the attack classification that may be subjected to, different security strategy and measure are implemented in classification, it is characterized in that: adopt the layered security strategy; In network layer IP datagram is analyzed, if the ICN message just this message is added ICN version information, verification and, thereby form ICNHeader, and change protocol type in the IP head into certain value, then ICNHeader is added to the back of IP head, form new IP message; The structure of definition safety function piece by providing one or more security service processes to safety function piece configuration for an application program, realizes the communication security between two equipment.
2, the method for claim 1 is characterized in that: described layered security strategy comprises: the security strategy of field apparatus layer network, the security strategy of process monitoring layer network, and the security strategy of management level network.
3, method as claimed in claim 2, wherein the security strategy of field apparatus layer network comprises:
1) increase access code in ICN equipment link object properties, this password need be placed in the ICN message, and with the represented link communication relation of protection linked object, this password is specified by the user when system configuration, does not allow online modification;
2) increase heading ICNHeader, realize by heading:
A) by packet filtering, identification ICN message and the visit of non-ICN message;
B) timestamp control and other safety measure are selected by the user;
The security strategy of described process monitoring layer network comprises:
1) in ICN bridge equipment linked object attribute, increase access code,
2) increase heading ICNHeader, realize by heading:
A) by packet filtering, identification ICN message and the visit of non-ICN message,
B) select time stabs controlling mechanism,
C) other safety measure is selected by the user,
3) definition ICN safety function piece, the safety function piece is the functional block of standard, it only carries out safe handling to ICN application layer message;
The security strategy of described management level network comprises: according to the character of ICN system, select for use various existing communication security technology to guarantee the safety of whole network according to the regulation of " State Standard of the People's Republic of China---computer information system class of security protection criteria for classifying ".
4, method as claimed in claim 1 or 2 is characterized in that: the structure of wherein said heading ICNHeader comprises: version number: version identification is provided; Safe mark position: identification ICN message classification is provided; IP agreement position: corresponding with the agreement position in the standard I P agreement; Verification and: be used for ICNHeader is carried out verification,, can discern ICN and non-ICN message by the ICN additional header, thus filtering packets.
5, method as claimed in claim 1 or 2, it is characterized in that: wherein said safety function piece is defined as: the security service functional block can provide one or more security service processes for an application program, security service mapping based on the security service functional block comprises incident input, incident output, data input and data output, and it only carries out safe handling to ICN application layer message.
6, method as claimed in claim 5, the security service functional block utilizes one to carry out the execution that control table comes the controlled function block algorithm, the external interface of security service functional block meets the basic function block type requirement of IEC 61499 standards, and the input and output of security service functional block have special semantic rules, and interface definition is identical with the service interface functional block.
7, a kind of system that realizes based on the industrial control network safety of TCP/IP, in system, set up the ICN traffic model, comprise physical layer, data link layer, network layer, transport layer, application layer, it is characterized in that: on application layer, increase client layer, increase ICN real time communication management interface in network layer and transport layer, adopt the layered security strategy, in network layer IP datagram is analyzed, if the ICN message just adds the ICN version information with this message, verification and, thereby form ICNHeader, and change protocol type in the IP head into certain value, then ICNHeader is added to the back of IP head, form new IP message, thus definition ICN frame format, by safety function piece configuration being realized the secure communication between two equipment, for an application program provides one or more security service processes.
8, system as claimed in claim 7 is characterized in that: described layered security strategy comprises: the security strategy of field apparatus layer network, the security strategy of process monitoring layer network, and the security strategy of management level network.
9, as claim 7 or 8 described systems, it is characterized in that: the structure of wherein said heading ICNHeader comprises: version number: version identification is provided; Safe mark position: identification ICN is provided the classification of message; IP agreement position: corresponding with the agreement position in the standard I P agreement; Verification and: be used for ICNHeader is carried out verification, by the ICN additional header, identification ICN and non-ICN message, thereby filtering packets.
10, as claim 7 or 8 described systems, it is characterized in that: wherein said safety function piece is defined as: the security service functional block can provide one or more security service processes for an application program, security service mapping based on the security service functional block comprises incident input, incident output, data input and data output, and it only carries out safe handling to ICN application layer message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100216727A CN1312880C (en) | 2004-01-13 | 2004-01-13 | TCP/IP based method and system for realizing safety strategy for industrial control networks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100216727A CN1312880C (en) | 2004-01-13 | 2004-01-13 | TCP/IP based method and system for realizing safety strategy for industrial control networks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1558608A CN1558608A (en) | 2004-12-29 |
| CN1312880C true CN1312880C (en) | 2007-04-25 |
Family
ID=34351980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100216727A Expired - Fee Related CN1312880C (en) | 2004-01-13 | 2004-01-13 | TCP/IP based method and system for realizing safety strategy for industrial control networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1312880C (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100364305C (en) * | 2005-06-03 | 2008-01-23 | 重庆邮电学院 | Information security method of industrial control network and security function block |
| CN101267393B (en) * | 2008-05-13 | 2010-09-01 | 腾讯科技(深圳)有限公司 | Method and system for reducing called waiting time in instant communication system |
| DE102008044018B4 (en) | 2008-11-24 | 2010-08-19 | Beckhoff Automation Gmbh | Method for determining a security level and security manager |
| CN101572702B (en) * | 2009-05-27 | 2012-07-25 | 大连理工计算机控制工程有限公司 | Method for scheduling high-speed bus master and slave network communication |
| CN102137095A (en) * | 2010-12-29 | 2011-07-27 | 中国电力科学研究院 | Industrial control system data exchange safety protection method and system and device thereof |
| CN102156465A (en) * | 2011-03-28 | 2011-08-17 | 上海交通大学 | Motor-driven cylinder array control system based on grouping and field bus technique |
| CN102377604B (en) * | 2011-10-31 | 2014-05-14 | 浪潮(北京)电子信息产业有限公司 | Management method and management system for processes in network system |
| CN104079444A (en) * | 2013-03-27 | 2014-10-01 | 西门子公司 | Method and device for detecting depth of industrial Ethernet data frame |
| CN105847236B (en) * | 2016-03-15 | 2019-03-12 | 北京网御星云信息技术有限公司 | A kind of firewall security policy configuration method and device and firewall |
| CN107682323B (en) * | 2017-09-20 | 2020-05-12 | 东北大学 | Industrial control system network access security early warning system and method |
| WO2020142908A1 (en) * | 2019-01-08 | 2020-07-16 | 西门子股份公司 | Method and apparatus for mapping functional block to device, system, storage medium, and program |
| CN114666170B (en) * | 2022-05-25 | 2022-10-28 | 深圳市永达电子信息股份有限公司 | Hierarchical security distributed management and control method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030051203A1 (en) * | 2001-09-12 | 2003-03-13 | Vasko David A. | Network independent safety protocol for industrial controller using data manipulation techniques |
| CN1404267A (en) * | 2002-10-01 | 2003-03-19 | 华中科技大学 | Safe network transmission method and system |
-
2004
- 2004-01-13 CN CNB2004100216727A patent/CN1312880C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030051203A1 (en) * | 2001-09-12 | 2003-03-13 | Vasko David A. | Network independent safety protocol for industrial controller using data manipulation techniques |
| CN1404267A (en) * | 2002-10-01 | 2003-03-19 | 华中科技大学 | Safe network transmission method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1558608A (en) | 2004-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bello et al. | A perspective on IEEE time-sensitive networking for industrial communication and automation systems | |
| CN1312880C (en) | TCP/IP based method and system for realizing safety strategy for industrial control networks | |
| CN111770092B (en) | Numerical control system network security architecture and secure communication method and system | |
| CN101843033B (en) | Real-time communication security for automation networks | |
| CN116055254B (en) | Safe and trusted gateway system, control method, medium, equipment and terminal | |
| CN111355684B (en) | Internet of things data transmission method, device and system, electronic equipment and medium | |
| CN111556136A (en) | Data interaction method between internal containers of power edge Internet of things agent | |
| CN103685467A (en) | Interconnection and internetworking platform of Internet of things, and communication method thereof | |
| CN110572460A (en) | data transmission method and device based on block chain system and computer equipment | |
| US20200220846A1 (en) | Automation and/or Communications Appliance and Method for Checking Datagrams Transmitted in An Industrial Automation System | |
| CN103746815B (en) | Safety communicating method and device | |
| CN108429820A (en) | A kind of communication means of internet of things application layer, system and terminal device | |
| CN107707557A (en) | Anonymous access method, apparatus, the network equipment and readable storage medium storing program for executing | |
| Niemann | IT security extensions for PROFINET | |
| Levshun et al. | A technique for design of secure data transfer environment: Application for I2C protocol | |
| CN100349448C (en) | EPA network safety management entity ad safety processing method | |
| CN113014385B (en) | Double-network-port hardware network data encryption system | |
| Sun et al. | Research on distributed feeder automation communication based on XMPP and GOOSE | |
| Cao et al. | A security‐driven network architecture for routing in industrial Internet of Things | |
| CN100364305C (en) | Information security method of industrial control network and security function block | |
| CN205354119U (en) | Intellectual property transaction platform | |
| WO2023197529A1 (en) | Online monitoring system, method and apparatus for power transmission line, and master station | |
| Abrar et al. | On IoT and its integration with cloud computing: Challenges and open issues | |
| Watson et al. | MAC-layer Security for Time-Sensitive Switched Ethernet Networks | |
| CN113395258A (en) | Industrial internet authentication gateway test development system and authentication process thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070425 Termination date: 20100222 |