| Industrial Control System is widely used in chemical industry,nuclear power,manufacture,transportation and other key areas.ICS security issues related to the people's livelihood.The imperfect Industrial Control System communication protocol security mechanism has become the bottleneck of "Industry 4.0","Made in China 2025" and industrialization and information integration process.Therefore,it is very important to study the security of communication process of Industrial Control System.This paper focuses on the secure firm of Modbus TCP/IP protocol,which is widely used in Industrial Control System.Researching on the lack of integrity detection,authentication,authorization and confidentiality of the data packet for Modbus TCP/IP.Proposed a Modbus TCP/IP security reinforcement model.Aiming at the lack of integrity detection,this paper proposes a method to check the packet header and packet length of Modbus TCP/IP data packets,which can overcome the problem that the attacker can not verify the data packets.Aiming at the lack of authentication,this paper proposes a method to generate a one-time dynamic password by using dynamic password token technology.It realizes the packet authentication between the master and slave stations and resists the malicious attacker 's fake master station to attack the Modbus slave.In order to solve the problem of lack of confidentiality,a method of hybrid encryption using Trivium cipher algorithm and RSA cipher algorithm is proposed,which is based on the method of setting the access control rule by white list technology.To ensure high communication efficiency under the premise of data packets to complete the encryption operation.According to the proposed Modbus TCP/IP security reinforcement model,this paper designs and implements the Modbus TCP/IP security system,which includes integrity detection,authentication,authorization detection and password.The integrity detection module consists of Modbus TCP/IP data packets to analyze the Modbus TCP/IP packet port number,MBAP packet header,Modbus ADU to meet the requirements,to achieve the integrity of the packet detection function.The authentication module generates a dynamic password between the Modbus master and the slave using the SM3 hash algorithm.When the Modbus slave receives the instruction sent by the Modbus master,the command sent from the Modbus master is authenticated by the dynamic password generated by the Modbus slave to realize the authentication function between the Modbus master and slave.The authorization detection module analyzes the Modbus TCP/IP packet function code,sets the authorized access control rule according to the analysis result,filters the data message address,function code,write address and write value according to the rules,and realizes the authorization detection function.The password module uses the Trivium cipher algorithm and the RSA encryption algorithm to encrypt and transmit the Modbus data,and realizes the encrypted transmission function of Modbus TCP/IP data packets. |
PDF Full Text Request