摘要
工业监控协议面临的安全威胁主要有完整性、新鲜性和机密性等方面的攻击,而现有工业监控协议在设计时通常将传输数据的可用性放在首位,对协议的安全性研究主要集中于对协议机密性的改进,对协议完整性认证考虑不足。针对上述问题,文章采用消息认证码技术增强监控消息完整性,采用随机数与Diffie-Hellman密钥交换算法原理相结合的技术生成会话对称密钥,避免Diffie-Hellman密钥交换过程的中间人攻击。针对一些特殊工业控制系统资源受限等工作环境特点,文章在确保完整性的前提下对设计的协议进行优化,以提高监控协议运行效率。通过安全性与性能分析可知,整套协议方案可以有效地解决监控消息完整性认证、抵抗重放攻击等安全问题。
The security threats to industrial monitoring and controlling protocols mainly include integrity,freshness and confidentiality.In contrast, existing industrial monitoring and controlling protocols usually place the first priority on the availability of transmitted data. The study on the security of protocols mainly focuses on the improvement of the confidentiality of the protocols but lack consideration for integrity. Aimingat issues above,the paper uses message authentication code technology to enhance the integrity of monitoring messages and uses a combination of random numbers and the Diffie-Hellman key exchange algorithm to generate the session symmetric key, to avoid the man-in-the-middleattack in the process of Diffie-Hellman k e y exchange. For the characteristics of the operating environment of special industrial control systems such as limited resources, the paper optimizes the designed protocol on the premise of ensuring the integrity, in order to improve the runtime efficiency of the protocol. Through the analysis of security and performance,the protocol scheme can effectively solve security problems such as source and target authentication,monitoring message integrity authentication, and resistance to reply attacks, etc.
作者
陈瑞滢
陈泽茂
王浩
CHEN Ruiying;CHEN Zemao;WANG Hao(Information Security Department, Naval University of Engineering, Wuhan Hubei 430033, China;91910 Troops ofPLA, Dalian Liaoning 116001, China)
出处
《信息网络安全》
CSCD
北大核心
2019年第2期60-69,共10页
Netinfo Security
基金
国家自然科学基金[61672531]
关键词
工业控制系统
监控协议
完整性认证
消息认证码
密钥协商
industrial control system
monitoring and controlling protocol
integrity authentication
message authentication code
key agreement
