| The full deployment of IPv6 in the industrial Internet environment will cause the industrial Internet to be affected by both the traditional Internet security risks and the security risks of industrial control systems.At present,the research focuses on the research of security mechanisms,and security testing is an effective means to verify whether the security mechanism is consistent with the expected results.Therefore,it is of great significance to study a security testing system that can effectively verify the correct implementation of IPv6 industrial Internet security policy.This thesis analyzes the security policy of IPv6 industrial Internet and develops a security testing strategy for IPv6 industrial Internet security mechanisms Set as test content.On this basis,the design scheme of IPv6 industrial Internet security testing system is proposed,and the executable and compliance test of security functions is completed.The main research work of the thesis is as follows:1.The IPv6 industrial Internet security testing system is designed to realize the security function testing.The system takes security policies such as device authentication,key management and IPSec as test contents,and adopts XML test case import technology to complete security testing and output test reports.The test verification results show that the data integrity,data confidentiality,equipment authentication and other security mechanisms implemented in IPv6 industrial Internet meet the requirements of the “General Requirements for Industrial Internet Security”,IPSec security association mechanism complies with the requirements of RFC 4301 “Security Architecture for the Internet Protocol”,and IPSec unicast security mechanism meets the requirements of RFC 4304 “IP Encapsulating Security Payload”,and the key management mechanism complies with the requirements of GB/T 30269.601-2016 "Information Technology Sensor Network Part 601: Information Security: General Technical Specifications".2.A regression test method based on test case reduction is proposed to verify the correctness of the security function.Compared with G algorithm,the scheme proposed in this thesis has the same degree of test case reduction in the IPv6 industrial Internet security level third-level security function test,but the operating cost is reduced by 3.7%,thereby improving the test efficiency.3.Develop the security test server,and build the industrial Internet security test system based on IPv6 with 6LowPAN gateway,6LowPAN nodes,field devices and Modbus gateway to implement and test the proposed scheme.The test results show that the deployed security mechanisms such as device authentication,key management and IPSec are all implemented correctly and meet the corresponding standards.In the third level security function test,the proposed regression test scheme can reduce two test cases and complete the regression test while covering the test requirements. |
PDF Full Text Request