| As the “German industrial 4.0 ”,“American industrialization trend” and “made in China 2025 strategy”,Internet of things and cloud computing data such as the mass use of new technologies and applications,industrial control system gradually from closed to open,from the single to the independent,from the automation to the intelligent.Along with this trend,industrial control network has also exposed more and more potential safety problems.In recent years,industrial control security incidents have occurred frequently,and have a great impact on society.Industrial control network security has become an important problem to be solved.Because Ethernet technology has certain advantages in equipment universal communication rate,low cost and resource sharing,a large number of Ethernet network protocols and equipment have been applied to industrial control network,then the security problem of industrial control network becomes more and more serious.EPA(Ethernet for Plant Automation)is the first international standard of industrial control network with independent intellectual property rights in China.However,safety has not been taken as a key consideration in the design stage of EPA standards,and safety has become one of the major bottlenecks restricting the application and development of EPA.The research target of this article is to enhance the safety and reliability of the EPA standard,making up for the EPA security technology some weaknesses,respectively from two aspects of hardware solutions and software solutions,and puts forward the solution to EPA network safety and the safety of the equipment safety research.In this paper,through the analysis of the security vulnerabilities of the EPA,two security scheme is proposed.Firstly,by using firewall and intrusion detection linkage model,EPA security gateway can conduct in-depth security detection of packets in the internal network.The other is to improve the confidentiality of data transmission and ensure the legitimacy of network equipment through the use of security protocol,namely the two-way authentication protocol based on EPA protocol standard,through identity authentication and key distribution.This paper proposes a firewall and intrusion detection linkage model USES is within the EPA security gateway implementation of detecting state firewall and network intrusion detection system real-time linkage method.The intrusion detection module matches the characteristic values generated by the event collector with the intrusion rule base in the security database,and then determines whether the data is threatening or not.If there is a threat,the notification state detection firewall changes the state,and this security protocol is based on the challenge response mechanism,through the use of dynamic password authentication to determine the legitimacy of the device,and the use of key table for key negotiation,automatic update of encryption keys,data transmission between communication devices to prepare for encryption.Through simulation test of linkage model and performance test of security protocol,the results show that the linkage model of firewall and intrusion detection can enable the intrusion detection system to transmit the abnormal situation of field device layer network to the state firewall,and the security protocol can also realize the identity authentication and key distribution of EPA communication equipment.In addition,the two security schemes have little impact on the real-time performance of EPA control network. |
PDF Full Text Request