Research On Integrity Measurement Of Industrial Control Equipment Based On Trusted Computing 3.0

Industrial control systems are widely used in critical national infrastructure,and ensuring their safe and stable operation is essential to safeguarding people’s lives and national property.With the advent of the information age,industrial control systems have become open and interconnected,which has also brought new threats to security.On the one hand,attackers can steal user identification information for blackmail or remote anonymous login,which destroy the integrity of the static storage content of the equipment by utilizing the defects of the data protection mechanism.On the other hand,attackers can tamper with control program parameters to disrupt routine production processes,destroying the integrity of the dynamic programs running on the equipment,as well as pointing directly to the absence of the program verification mechanism.Therefore,it is necessary to realize integrity measurement of data and programs for industrial control equipment to enhance the security of industrial control systems.As one of the hot topics in the field of information security,Trusted computing 3.0has unique advantages when applied to industrial control equipment.This paper investigates the research status and related applications of trusted computing when applied to the integrity measurement of the industrial control equipment,and analyzes the progress and limitations of existing research.On this premise,two experimental platforms including industrial control host computer and PLC are developed to undertake security technology research,using the domestic hardware root of trust and the national secret algorithm as the beginning point of the trusted computing environment.Using trusted computing 3.0 technologies as a theoretical reference,we then develop the hash value benchmark database generation algorithm,key file integrity verification algorithm,and identity authentication mechanism on two platforms respectively.Therefore,the integrity of system startup files and control programs are measured.This paper stores the hash value benchmark databases on the industrial control host computer using non-volatile memory,which overcomes the problem that the platform configuration register cannot be used owing to hardware root of trust permissions.The format conversion output is utilized to realize the automatic comparison of the hash values.This work replaces the hardware root of trust on the PLC with the national secret algorithm toolbox.The encryption and identity authentication mechanisms are intended to address the issue of the benchmark database’s plaintext files being easily tampered with.Finally,the function and attack tests,the time cost tests,and the CPU consumption cost tests are performed,and the results validate the effectiveness and feasibility of the integrity measurement mechanism implemented in this paper.