Research Of Lightweight Data Security Transmission For Industrial Control System

Industrial Control Systems (ICS) of which the security issues are related to the national critical infrastructure are widely used in process manufacturing industries, such as nuclear power, thermal power, water conservancy, chemical, petrochemical and pharmaceutical. Recent years, security incidents against ICSs emerge much frequently. Besides, data transmitted in the form of clear text makes it easier for attackers to destroy ICS communication. Under the prerequisite of ensuring the reliability and stability, researches on ICS security data transmission mechanisms of which the purposes are to improve the system communication security have become a new research field. In this thesis, the main contributes on data security for ICS are as follow:1. According to the overview of the communication infrastructure of ICS, the potential vulnerabilities in ICS network were analyzed from the perspective of the security sources as well as as security transmission of data. Then, in accordance with characteristics of ICS, the security communication requirements and restrictions were summarized. Furthermore, a lightweight data security transmission framework was built based on security agent with respect to the lightweight cryptographic algorithms in order to protect data integrity and confidentiality. The implementation costs and resource of the lightweight cryptographic algorithms are low.2. In the design process of ICS security data transmission schemes, the real-time performance is ignored and the computing resources in field devices are limited as well. To solve this problem, a design model of ICS lightweight data security schemes was proposed regarding devices’ security costs, system real-time performance and security benefits as constraints. Then, for each constraint the component elements were analyzed and the quantification objective functions were constructed utilizing TF-AHP (Triangle Fuzzy-Analytic Hierarchy Process) to assign weight and check consistency. Finally, a multiple attribute decision making model was established achieving balance among costs, performance and security. By using gray correlation method, the most suitable scheme for current control system was selected.3. On the basis of analyzing the necessity of key updating in ICS and its negative impacts on system performance, an ICS key updating method was established of which the objective functions minimized the system response errors and key exposure time using Non-dominated Sorting Genetic Algorithms II to solve the game problems between system performance and security during key updating.