| The importance of electricity as a power source to ensure the normal operation of human production activities is self-evident.The use of electricity involves operations such as power generation,power substation,power transmission,power distribution,and dispatching control.Each link needs to be processed by the power industrial control system,and the staff performs data transmission and instruction issuance to the power industrial control system,all need to use the specific communication protocols of the power industrial control system as the information transmission specification to ensure the correct execution of the operations.At present,the communication protocols that have been widely used in the power industrial control system include IEC61850-MMS,IEC60870-5-104 and so on.Although the power industrial control system has greatly improved work efficiency through dedicated communication protocols,the hidden dangers caused by these dedicated protocols for power industrial control systems due to their own design defects may lead to safety problems.The paralysis of the power industrial control system caused by malicious attacks may have serious negative impact on people’s production activities.Based on the deep analysis of the specific communication protocols used by the power industrial control system,this paper combines the fuzzing test technology to carry out the research work on the safety hazard investigation,so as to discover the potential security risks of power industrial control protocols.The specific research contents are as follows:(1)Research on vulnerability mining technology.This paper proposes a vulnerability mining method based on the Peach fuzzing tool.Based on the fuzzing technology,I construct and send abnormal data packets to check the potential security risks of the power industrial control communication protocols.In addition,I have revised and improved some links,such as monitor the test target status,exception capture and logging,etc.Besides,the steps such as service activation verification and abnormal verification confirmation are added to improve the reliability of the hidden danger investigation results.(2)Based on the known protocols such as IEC60870-5-104,IEC61850-MMS and other power industrial control communication protocols to conduct research on potential safety hazards.According to the protocol specification document,I have deeply analyzed the protocol format and the specific business involved,and enumerate the possible vulnerabilities in the protocol format or business.Based on the specific protocols,fuzzing test cases are written in a targeted manner to reduce the construction of useless fuzzing test cases.And I use the improved fuzzing method before to detect targets,which is useful for improving the detection efficiency of fuzzing.(3)Research on the analysis method of private protocol format.Aiming at the private power industrial control protocols with unknown content,this paper proposes a protocol format parsing method based on prior knowledge and an improved frequent item mining algorithm,and constructs fuzzing test cases according to the analysis results,so as to realize the investigation of potential security risks for devices which use these private protocols. |
