Research On Selective And Stochastic E Ncryption Strategies For The Resource-Constrained Control Systems Security

As an important part of the national critical infrastructure,industrial control systems(ICSs)are widely used in petroleum,chemical engineering,energy,transportation,water conservancy,municipal and other industries.The security of ICS is closely related to national strategic security due to the significant role that ICS plays in infrastructure.With the development of technology and the acceleration of the integration between industrialization and informatization,ICS has evolved from the traditional "isolated island of information" system into a large-scale,open and interoperable system,which inevitably brings many security problems.However,in the early stage of development,ICS focused on improving the reliability,real-time performance,flexibility and cost-effectiveness of the system.Security was not considered as a major designing requirement.There were many vulnerabilities in the aspects of platform,network and management.Therefore,there is an urgent need to conduct the research on the security protection technology of ICS.Encryption technology is one of the most basic,ordinary and effective information security technologies.While increaseing the security of the system,encryption technology will also introduce deficiencies such as additional time delays,extra consumption of computing resource and energy.However,ICS is required being highly real-time which means ICS needs to response rapidly and timely to internal and external events and to make corresponding treatment without losing information and delays in the operation.On the other hand,the field equipment of ICS is often operated through the remote terminal units and programmable logic controllers which lack sufficient computing resource and make the complex security measures can not be run without affecting system performance.In addition,ICS has been applied in the distributed,wireless,new energy and other application areas which are mostly drived by battery-power,wind-power or solar-power.In these areas,there is energy constrained problems such as the limited amount and instability supply of the energy.In order to solve the problem of "weak computing ability,highly real-time requirement and limited energy resources" which is faced by ICS during the application of encryption protection technology,this paper has proposed selective and stochastic encryption strategies,respectively.The main work and innovation of this paper are as follows:(1)The security problems and characteristics of ICS are summarized.The research status of ICS is overviewed on three aspects of attacks,protection technology and encryption protection.The existing problems in the application of encryption protection in the resource-constrained control system are analyzed.(2)A general classification method and a modeling method of the network attacks are proposed.Based on the attacking model,the effectiveness of encryption protection against content dependent attacks is proved.By summarizing and comparing the typical encryption protection methods and encryption algorithms,an encryption protection scheme is designed based on the AES symmetric encryption algorithm in an end-to-end way.The load frequency control system is used to analyze the effects of encryption protection on timing sequence and stability of system.(3)A novel content-dependent attack agent is designed with the closed-loop feedback monitoring function,which allows attackers to avoid being revealed by the threshold-based anomaly detection system without knowing the prior knowledge of the system.Aiming at the characteristics of resource-constrained control system,this paper proposes a selective encryption protection strategy based on the optimal security,and constructs the quantified indicators of integrity and confidentiality based on the attack loss,and the quantified index of availability based on stability.The security is quantified by comprehensive integration of integrity,confidentiality and availability.Based on the methods of particle swarm optimization(PSO)and ergodicity according to stability boundary,the optimization problem of the nonlinear security is solved.(4)A stochastic encryption protection strategy is proposed to reduce the resource and energy consumption of the encryption protection in the resource-constrained control systems.The random zero-value attacks which are related to the protection strategy are proposed.By only stochastically implementing attacks on unencrypted data,the attack strategy can effectively reduce the probability of exposure and improve the stealthiness of the attack.The stochastic stability of the system suffering random zero-value attacks with and without stochastic encryption protection is analyzed,respectively.The stability condition of the system with random zero-value attacks and stochastic encryption protection is constructed and proved.The effects of the encryption delay,sampling period and measurement noise on the stochastic encryption protection are studied experimentally.The simulations prove the validity and correctness of the proposed method.(5)The ideal correlated random zero-value attack is extended to a non-ideal random zero-value attack.This paper analyzes the effect of uncorrelated random zero-value attacks on stochastic encryption protection,especially the situation that the encrypted data is compromised by non-ideal attacks is considered,and improves the stochastic encryption protection strategy.The stochastic stability analysis of the system under uncorelated random zero-value attacks and the stochastic encryption protection is carried out.A secure linear feedback compensation controller based on the stability condition is designed.The simulation results show that the designed controller can improve the system security,help the system to resist against the random zero-value attacks with large attack probability,accelerate the convergence speed and improve the system performance under attacks.