Research And Implementation Of Time-sensitive Network Security Communication Based On National Secret Algorithm

With the continuous application of the TSN protocol in the industrial environment,time-sensitive networks have a large number of security problems in terms of information leakage,malicious flow injection,and man-in-the-middle attacks.Deployment and security research in industrial sites are becoming more and more important.It is suitable for the security mechanism and cryptographic algorithm of time-sensitive network to realize the security in the process of industrial field data communication.By analyzing the security threats and security requirements of time-sensitive network,this paper aims to meet the security communication of time-sensitive network data flow,and designs a public key encryption algorithm SM2,a hash algorithm SM3 and a symmetric encryption algorithm SM4 based on the national secret.A secure communication scheme for time-sensitive network based on national secret algorithm.The main research work of this paper is as follows:1.This paper firstly studies the time-sensitive network-related standards and centralized network models,analyzes the time-sensitive network-related interface protocols LLDP and SNMP,and designs a A set of security frameworks suitable for time-sensitive networks lays the foundation for the design of subsequent security solutions.2.Design a time-sensitive network identity authentication and key agreement scheme based on the national secret public key encryption algorithm SM2 and the national secret hash algorithm SM3.After the time-sensitive network is successfully deployed,the TSN CNC is used as the network management,and the TSN switch is used as the network management.The network agent exchanges data through the SNMPv3 protocol,and uses the national secret algorithm SM3 and the national secret algorithm SM2 for identity authentication to ensure the legitimacy of the device identity of its access network.The session key is distributed to the successfully authenticated devices,and the corresponding digest value and confirmation information are generated by using the national secret algorithm SM3 and the national secret algorithm SM2,and the key negotiation from the TSN CNC to the field device is realized.3.On the basis of key negotiation,based on the National Secret Hash Algorithm SM3 and the National Secret Symmetric Encryption Algorithm SM4,a time-sensitive network data stream secure communication scheme is designed.The encrypted symmetric encryption algorithm SM4 encrypts and decrypts the message,and uses the national secret hash algorithm SM3 to generate the message authentication code to ensure the integrity and confidentiality of the entire time-sensitive network data communication process.4.The security scheme proposed in this paper is implemented in the TSN switch independently developed by the laboratory,and a time-sensitive network test and verification platform is built to test and verify the scheme proposed in this paper.The test results show that this scheme can not only realize the functions of identity authentication,key negotiation and secure communication proposed in this paper,but also ensure the confidentiality and integrity of time-sensitive network data communication.Compared with MACsec,this security scheme reduces the average shortest delay by 12.66% in terms of the impact on time-sensitive network gating scheduling;in terms of communication overhead: after adding this security scheme,only 3.7% more communication is added than before.Overhead;in terms of storage overhead: SM2/SM3 algorithm reduces storage overhead by 3.91% compared to RSA/SHA-1 algorithm,which greatly meets the security requirements of time-sensitive networks in industrial environments.