摘要
针对Modbus TCP协议设计存在的安全问题,基于密码学原理提出一种安全的Modbus协议(Modbus-E协议):采用对称密钥和数字签名技术实现数据的保密性和可认证性,利用同步性原理和哈希函数的单向性原理保证数据的唯一性,通过"白名单"方法保证指令的可控性,最终在不增加通信过程的情况下实现安全通信。通过实验验证和分析,Modbus-E协议能够防止攻击者针对指令的认证类攻击、中间人攻击及重放攻击,与已有方法相比,该方法安全性更高,可以全面提高Modbus TCP通信的安全性。
Considering the security problem in the design of Modbus TCP protocol,this paper proposes a secure protocol( Modbus-E) based on the principle of cryptography. It uses symmetric key and digital signature technology to ensure the confidentiality and authentication of the data,uses the synchronization principle and the mono-direction principle of the hash function to ensure the uniqueness of the data,uses the method of "white list " to guarantee the controllability of instruction, without increasing communication process. Through experimental verification and analysis,Modbus-E protocol can prevent the authentication attack,man-in-the-middle attack and replay attack of the instruction from the attacker.Compared with existing methods,this method is more secure and can comprehensively improve the security of Modbus TCP communication.
作者
罗旋
李永忠
LUO Xuan;LI Yong-zhong(College of Computer,Jiangsu University of Science and Technology,Zhenjiang 212003,Jiangsu Province,China)
出处
《信息技术》
2019年第1期15-19,共5页
Information Technology
基金
江苏省研究生实践创新计划项目(SJCX18_0784)
