PLC Access Authentication Based On Trusted Computing And Access Control Technology

With the "Internet plus" and "China 2025" strategy,great changes are taking place in the field of industrial control,which continues to adjust the industrial structure and the transformation and upgrading in the field of integration.As an important part of industrial control field,the information security of industrial control system has a profound impact on the development of industrial control network and related industries.In the frequent exposure of industrial control system information security incident,the community concerned about the issue increased significantly.Therefore,it is very important to deeply understand the security threats of industrial control system,research the targeted security defense technology and deploy safe and reliable industrial control system.This thesis presents two methods to ensure the safe operation of industrial control system.On the one hand,a trusted computing PLC access authentication method is proposed according to the terminal security threats of industrial control system.On the other hand,the solution of access control technology based on the rule of industrial firewall is put forward according to the network security threat of industrial control system.This thesis points out that the threat of information security of industrial control system mainly comes from internal terminal security threats and external network security threats.Then,the difference between information security of industrial control system and traditional network security is analyzed,and the characteristics of information security of industrial control system are summarized.Secondly,this thesis uses the hash algorithm to measure the integrity of the boot file after the system is transplanted through the combination of hardware and software,and constructs the secure access of the trusted PLC with the trusted computing access authentication method.Based on Modbus TCP protocol packet structure and flaws,the data processing module is used to capture and analyze the industrial control data.A rule-based self-learning hash algorithm is used to statistically analyze the access control list,and a rule tree is used to optimize the rules of the firewall module.Finally,the simulation experiment environment of the industrial control system is set up to verify the integrity-measurement process of the trusted computing access technology in the process of PLC start-up,and analysis the results of the access control technology based on the rule self-learning method to enhance the performance of industrial firewall.PLC access authentication method based on trusted computing built a safe and reliable operating environment for industrial embedded devices and the PLC trusted access.At the same time,the rule-based self-learning method of access control technology reduces the packet matching time.Test results of IXIA on firewall performance show that throughput,delay and maximum number of concurrent connections meet the requirements of the evaluation program requirements,and the firewall can run in the real industrial environment.Through the combination of the two technologies,the interlocking between the internal trusted terminal and the industrial firewall is realized,and the comprehensive defense capability of the industrial control system is improved.