摘要
ModbusTCP作为一种简单高效的以太网工业控制协议被广泛应用于工业控制系统中.但是传统的ModbusTCP协议没有考虑到安全性的问题,导致不少不法分子通过ModbusTCP的漏洞对其进行攻击.针对ModbusTCP协议缺乏身份认证和完整性验证的问题,提出通过SM2签名验签算法实现双向的身份认证并验证数据完整性;针对ModbusTCP协议缺乏数据机密性的问题,提出通过SM4对称加密算法对数据明文进行加密;针对ModbusTCP缺乏防重放攻击机制,提出通过随机数的方式防重放攻击.实验表明所提方案可以有效增加ModbusTCP协议的安全性.
As a simple and efficient Ethernet industrial control protocol,ModbusTCP is widely used in industrial control systems.However,the traditional ModbusTCP protocol did not consider the problem of security,which leads to many criminals to attack ModbusTCP through its vulnerability.To address the lack of identity authentication and integrity verification in the ModbusTCP protocol,a bidirectional identity authentication and data integrity verification algorithm using SM2 signature verification is proposed.In view of the lack of data confidentiality of ModbusTCP protocol,the SM4 symmetric encryption algorithm is proposed to encrypt the plaintext data.In view of the lack of anti-replay attack mechanism of ModbusTCP,a random number method is proposed to prevent replay attack.Experiments show that the proposed scheme can effectively increase the security of ModbusTCP protocol.
作者
祁志荣
吕世民
郑乾坤
Qi Zhirong;LüShimin;Zheng Qiankun(Comprehensive Department of Zhongan United Coal Chemical Co.,Ltd.,Huainan,Anhui 232092;Engineering Service Department,Ningbo Hollysys Information Security Research Institute Co.,Ltd.,Ningbo,Zhejiang 315048)
出处
《信息安全研究》
CSCD
北大核心
2024年第1期20-24,共5页
Journal of Information Security Research