摘要
工业控制系统的全国产化势在必行,迫切地需要一种更为自主安全可靠的身份鉴别方式。工控系统中比较典型的是以PLC为中心的系统,且PKI能够解决通信双方身份的真实性问题。本文研究PKI在以PLC为中心的工控系统中的应用,给出工控系统的证书认证模型及PKI的部署设计。分析国密算法和PKI体系的结合现状,并从开源框架Open SSL入手,采用引擎机制给出国密算法SM2、SM3扩展到Open SSL中的关键结构体和算法设计。最后针对工控系统设计一款PKI管理系统并开发实现了该系统,为PKI应用到工控系统做了良好铺垫,为工控系统增强身份鉴别的安全性提供了新思路。
The national production of Industry Control System (ICS) is imperative, and a more secure and reliable identification method is urgently needed. PLC-centric system is a typical ICS, and the Public Key Infrastructure (PKI) can solve the authenticity of the identity of both communication parties. This paper studies PKI based on the national secret algorithm in a PLC-centric ICS, and gives the certificate authentication model of ICS and the deployment design of PKI. Then taking the open source framework OpenSSL for example, using the engine technology, the paper analyzes the combination of the national secret algorithm and PKI, and gives the pivotal structures and algorithm design of the SM2, SM3 extended to OpenSSL. Finally, the paper designs a PKI management system for ICS, then develops and implements the system. All the work of this paper provides a good basis for the application of PKI to the ICS, and provides a new idea for the security of the identity authentication of the ICS.
作者
魏珊珊
韩庆敏
郭肖旺
张湾
贡春燕
WEI Shan-shan;HAN Qing-min;GUO Xiao-wang;ZHANG Wan;GONG Chun-yan(National Computer System Engineering Research Institute of China,Beijing 100083,China)
出处
《计算机与现代化》
2018年第11期1-6,共6页
Computer and Modernization
基金
核高基重大专项(2017ZX01030202)
