摘要
随着越来越多工业控制系统(industrial control system,ICS)安全事件的曝光,如何防护ICS的安全已经引起了广泛的关注。然而对于ICS安全防护的研究还主要停留在理论研究和防护体系层面,缺少可以快速建立的、能够降低关键风险的具体防护措施。首先抽象出ICS通信模型,梳理ICS面临的安全风险和威胁,明确了最急迫和关键的安全需求,然后在不影响功能、效率,以及能够快速部署的前提下,设计了一种通信安全增强方案,包括对关键通信报文进行单向的身份认证和完整性检验,并结合了时间戳机制和登记机制。最后通过对增强方案的安全分析,证明其能够抵御伪装、篡改和重放等常见攻击。
Due to the increase of industrial control system (ICS) security accidents, cyber security in ICS has been greatly concerned in recent years. However, the research on cyber security protection still remains in the theoretical stage. A prevention measure that can be rapidly built and can reduce the key risks is urgently required. In this paper, a communication model of ICS is firstly established. Based on the model, the security risks and threats of ICS are in-vestigated, and the top urgent and critical security needs are clarified. Moreover, a corresponding security enhancing scheme is proposed with the system function and efficiency unaffected. Based on the one-way identity authentication and integrity checking of the key communication messages and combining with the timestamp checking mechanism and the registration mechanism, the proposed scheme is proved to be able to resist the camouflage, tampering, replay attacks and other common attacks, which can satisfy the system security requirements.
出处
《中国电力》
CSCD
北大核心
2015年第8期150-154,共5页
Electric Power
基金
国家高科技研究发展计划(863计划)资助项目(2012AA050804)~~
关键词
工业控制系统
安全性分析
协议增强
身份认证
重放攻击
industrial control system
security analyses
security enhance
identity authentication
replay attack
