摘要
本文基于Modbus TCP协议的安全隐患,如协议缺乏认证,协议报文明文传输,协议不具备防抵赖、防重放的能力,协议的功能码滥用等问题,提出基于国密算法与国密数字证书技术实现协议的双向安全认证与协议报文的机密性。采用基于数字证书的数字签名技术保证数据的完整性和可认证性, 使用国密SM4算法保证数据的机密性。实验验证和分析结果表明,基于安全的Modbus TCP协议可以全面弥补Modbus TCP协议的设计缺陷,也可以满足实际的工程应用需求。
Based on the security risks of the Modbus TCP protocol,such as the lack of authentication of the protocol,the transmission of protocol messages,the lack of anti-repudiation and anti-replay capabilities of the protocol,and the abuse of function codes of the protocol,this paper proposes to realize the two-way security auth en ticatio n and protocol m essage confidentiality based on national secret algorithm and national secret digital certificate technology.Digital signature technology based on digital certificate is used to ensure the integrity and authentication of data,and SM4 algorithm is used to ensure the confidentiality of data.Experimental verification and analysis results show that the safety-based Modbus TCP protocol can fully compensate for the design flaws of the Modbus TCP protocol,and can also meet actual engineering applications.
出处
《自动化博览》
2021年第1期99-103,共5页
Automation Panorama1
