Formal Security Assessment And Improvement Of DNP3-SA Protocol Based On HCPN Model Detection

In recent years,with the rapid development of intelligent manufacturing,industrial big data and the Internet of Things,the traditional industrial control system is rapidly changing to a networked control system with interconnection and interoperability.The Industrial Ethernet protocol also tends to be open and standardized.As a key factor of the industrial network control system,the protocol greatly increases the risk of the industrial control system being attacked by the network with the convenience provided,and determines the reliability and security of industrial network control system.Although a great deal of research work has been done to improve the security of Industrial Ethernet protocols,there are some limitations in these improvements: Only focus on the implementation of the protocol's own security functions,and lack of formal modeling analysis and evaluation of protocol security;a large number of security improvement programs often need to add new encryption and decryption equipment to complete the security features,affecting the system's real-time and reliability,increasing the cost of the hardware business.Therefore,it is of great practical significance and scientific value to study the formal modeling of the Industrial Ethernet Protocol and conduct security assessment to discover the loopholes in the agreement and to effectively improve the protocol.In this paper,we take the industrial Ethernet security protocol DNP3-SA as the object,the colored Petri net theory and the Delov-Yao attack method as the guiding theory,and the CPN Tools as a model testing tool.It focuses on the formal modeling and security assessment methods of the protocol,exploits the loopholes in the protocol,proposes the targeted security improvement scheme,and verifies the security of the proposed scheme by using CPN and SPAN.The specific research contents are as follows:1)To solve the information security of industrial control system,the safety of industrial Ethernet protocol was studied deeply,the research status of protocol security protection was reported and the vulnerability of the five-major protocol was analyzed.Firstly,the architecture of industrial control system and industrial Ethernet protocol was discussed.Secondly,from the three aspects of external active defense technology,internal passive defense technology and protocol security improvement,a perfect industrial Ethernet protocol security protection model was put forward,and the main protection technology was discussed.Finally,the future development direction and research ideas of information security improvement of industrial Ethernet protocol were pointed out.2)The protocol hierarchical modeling method based on colored Petri net theory is studied.Based on the protocol message flow model,based on the CPN model detection tool,a 4-layer HCPN model of the original DNP3-SA protocol is established.Fine-grained modeling of the flow of key message function codes and working modes(active mode and request reply mode)to simulate the changing process of protocol data in detail and accurately reflect the operation details of the protocol.The functional consistency of protocol CPN model is verified based on the results of state space analysis.3)By using the advantages of CPN in visualization,dynamic model execution and state space analysis,the improved scheme based on Delov-Yao attacker model is studied to effectively reduce and avoid the excessive state space or explosion.Based on the original HCPN four-layer model,this paper introduces three improved attacker models of replay,eavesdropping and tampering,and establish the security assessment model of the protocol.Finally,the protocol authentication attributes are formally defined.Based on the CPN model analysis and the state space method,the protocol security in the full attack state is evaluated and the existing vulnerabilities of the original DNP3-SA protocol are discovered.4)According to the protocol security assessment results and protocol loopholes,the trusted platform is introduced into the DNP3-SA protocol to solve the problem of identity authentication of industrial control network devices.The program includes unicast mode and broadcast mode: the security improvement of the protocol unicast mode is mainly based on the introduction of a trusted platform in the authentication and key agreement phase,encrypting message serial numbers and introducing new random numbers In the key update and communication phases,the program of unicast mode ensures that the communication entity is not hijacked,the protocol sequence is not disturbed and the message is not tampered with;for the security improvement of protocol broadcast mode,the proposed scheme guarantees the forward security of broadcast communication through existing encryption primitives and one-way hash function(hash chain)generated and distributed only by the master station.Finally,the CPN and SPAN model detection tools are used to evaluate and verify the safety of the two improved schemes and the performance analysis of the improved scheme is given.