面向时间敏感网络的安全感知调度方法

Security-Aware Scheduling Method for Time-Sensitive Networking

时间敏感网络(TSN)中信息的真实性是系统的关键安全要素,然而直接引入传统安全认证机制会导致系统可调度性和实时性大幅降低。现有的方法仍存在适用场景少、资源消耗高等问题。针对这些问题,文中提出了一种面向TSN的安全感知调度方法。首先基于TSN流量特性设计了一种时间有效的一次性签名安全机制,为消息提供高效的组播源认证;然后提出相应的安全模型对该机制进行评估,描述安全机制对任务和流量的影响;最后对提出的安全感知调度方法进行数学建模,在传统调度约束的基础上,增加了安全机制相关的约束,同时以最小化应用端到端时延为优化目标,使用约束规划进行求解。仿真实验结果表明:改进的一次性签名机制的引入可以有效保护TSN中关键信息的真实性,且对调度的影响有限;在多个基于真实工业场景生成的不同规模测试用例中,产生的应用端到端时延平均仅增加13.3%,带宽消耗平均仅增加5.8%;与其他同类型方法相比,文中方法的带宽消耗更低,更加适用于有严格带宽限制的TSN。

The authenticity of information is the key security factor of system in time-sensitive networking(TSN).However,the direct introduction of traditional security authentication mechanism will lead to a significant reduction in schedulability of the system.The existing methods still have the problems of few application scenarios and high resource consumption.To address this problem,a security-aware scheduling method for TSN was proposed.Firstly,based on the traffic characteristics of TSN,a time-efficient one-time signature security mechanism was designed to provide efficient multicast source authentication for messages.Secondly,the corresponding security model was proposed to evaluate the mechanism and describe the impact of the security mechanism on tasks and traffic.Finally,the proposed security-aware scheduling method was modeled mathematically.On the basis of traditional scheduling constraints,some constraints related to security mechanisms were added.At the same time,the optimization objective was to minimize the end-to-end delay of applications,and constraint programming was used to solve the problem.Simulation results show that the introduction of the improved one-time signature mechanism can effectively protect the authenticity of key information in TSN,and has limited impact on scheduling.In multiple test cases of different sizes generated based on real industrial scenarios,the average end-to-end delay and bandwidth consumption of the generated applications only increased by 13.3%and 5.8%respectively.Compared with other similar methods,this method consumes less bandwidth,thus more suitable for TSN networks with strict bandwidth restrictions.