SIA OpenIR  > 工业控制网络与系统研究室
工业控制系统通信和节点安全技术研究
其他题名Research On Safety and Security Technology in Communication and node of Industrial Control System
宋岩1,2
导师王天然
分类号TP273
关键词功能安全 信息安全 Safe-sec Ae 投票功能块
索取号TP273/S88/2013
页数152页
学位专业机械电子工程
学位名称博士
2013-05-21
学位授予单位中国科学院沈阳自动化研究所
学位授予地点沈阳
作者部门工业控制网络与系统研究室
摘要信息安全在工业控制系统中的研究越来越受到重视,自从2010年震网病毒破坏了伊朗的核电安全控制系统导致严重后果以来,各国的研究机构都在积极地从事控制系统的信息安全问题研究。功能安全系统(Functional Safety System)也叫安全关键系统(Safety Critical System),是控制系统的一种,用于高风险的场合,具有高可靠低失效的优点。但目前功能安全系统的安全机制只能对抗自然产生的系统失效和随机失效,不能对抗人为蓄意攻击引发的失效。论文针对攻击引发失效问题,从通信和节点两方面进行研究。论文的主要研究内容和创新点如下:(1)提出了基于自同构关系的高可信安全数据校验方法。分析经典功能安全通信方法FF-SIS和PROFISafe,建立了功能安全通信的黑通道数据破坏模型、传输时延模型和节点结构模型。并针对传统数据校验方法易受攻击的问题,提出了一种基于自同构关系的高可信数据校验方法,使用非密码学手段提升了功能安全通信的抗在线攻击能力。(2)提出了基于对称密码体制的高可信Safe-Sec AE安全通信方法。论文研究传统功能安全通信的脆弱性问题,结合功能安全通信特点和信息安全需求,提出了一种基于密钥驱动代换-密钥漂白的改进DES算法,作为Safe-Sec AE可选的一种基础密码学算法。基于该对称密码学算法,提出了一种高可信Safe-Sec AE安全通信方法,该方法解决了功能安全通信中由于安全攻击引发失效的问题。(3)论文提出了基于程序足迹监控和数据异构NVP的高可信安全节点方法。论文研究了节点设备的安全问题,研究了功能安全和信息安全的生命周期特点,构建了Safe-Sec安全生命周期模型;研究了安全关键参数和安全路径问题,设计一种基于地址和参数特征的长程程序足迹监控方法,该方法能够保障关键参数和关键路径的执行正确性;研究了数据异构NVP方法,并且设计一种数据异构NVP投票功能块及其系统,分析了其性能指标。(4)论文设计一种现场总线安全仪表用以实现和验证本文的研究内容,该安全仪表运用了论文中的通信安全和节点安全研究内容,设计一种双通道交互诊断机制,给出原理框图,支持Safe-Sec AE方法和基于地址和参数特征的长程程序足迹监控方法,最后分析其安全性。论文针对工业控制系统攻击引发的失效问题,设计了基于自同构关系的高可信安全数据校验方法,解决了传统校验方法易受攻击的问题;设计了高可信Safe-Sec安全通信方法,解决了传统功能安全通信方法无法应对攻击引发失效的问题。针对功能安全节点黑通道对关键参数和路径的破坏问题,设计了基于地址和参数特征的长程程序足迹监控方法,解决了参数破坏和关键路径破坏问题。论文还研究了数据异构NVP方法,并且设计了投票功能块及其系统,解决了节点安全中数据差异化问题。论文最后设计一种现场总线安全仪表,用以验证实现论文提出的方法。
其他摘要The application and research of information security in the control system get more and more attention since the 2010 Stuxnet virus event, which lead to the destruction of Iran's nuclear safety control system. International research institutions are actively engaged in the security issues of industrial control system. Functional safety system is a control system for the occasion of the high-risk, which have the advantages of high reliability and low failure. But functional safety communication mechanisms can only against natural damage, not a deliberate man-made attack. Dissertation studies how to counter act the failure cause by man-made attack in a functional safety environment. Both communication and node issues are studied in thesis. The main research contents and innovations are as followings: (1) Study automorphism relationship based high dependability check method. Analysis of classical functional safety communication method such as FF-SIS and PROFIsafe features, propose the black channel data destruction model, transmission delay model and node structure model. And aimed to traditional data checking methods are easy to attack, we propose an automorphism relationship based high dependability check method, which not based on the cryptography mechanism to enhance the functional safety communications against online attacks. (2) A symmetric cryptography based high dependability Safe-Sec AE safe & secure communication method is proposed. Dissertation studies the vulnerabilities of traditional functional safety communication. Consider of both security and safety requirement, proposes a key driving substitution and key bleaching based advanced DES algorithm. Based on the symmetric cryptography algorithm, a high dependability Safe-Sec AE communication approach is designed, which solves some important security issues in safety communication. (3) Dissertation propose heterogeneous data NVP and program footprint monitoring method, which are high dependability and make node more safe & secure. Dissertation studies the security and safety issues of the node device. Functional safety and information security life cycle characteristics are studied, too. A Safe-Sec safety & security life cycle model is designed. An address and critical parameters' characters based long trip program footprint monitor approach is designed in thesis. This approach can ensure the critical parameter and critical program path are correct. A heterogeneous data NVP approach is designed, too. Furthermore, a voting function block and system based on heterogeneous data NVP are designed, and the performance and indexes are analyzed, too. (4) Dissertation designs a safety fieldbus instrument for the purpose of implementation and verification of the content of this study, the safety instrument make use of communication and the node research content in the paper. A dual-channel interactive diagnostic mechanism is designed and the block diagram is given, too. Both Safe-Sec AE method and footprint monitoring method are used in this design, and the safety performance is analyzed finally. Dissertation aim to the failure caused by attack can’t be covered by traditional functional safety method, designed a high dependable automorphism relationship based check method. And a high dependable Safe-Sec communication method is designed, too. Safe-Sec AE method solves some failures caused by attacking. And two methods for enhancing node device's safety and security attributes are designed. At last, a fieldbus safety instrument is designed for the purpose of applying the research content in dissertation.
语种中文
产权排序1
文献类型学位论文
条目标识符http://ir.sia.cn/handle/173321/10739
专题工业控制网络与系统研究室
作者单位1.中国科学院沈阳自动化研究所
2.中国科学院大学
推荐引用方式
GB/T 7714
宋岩. 工业控制系统通信和节点安全技术研究[D]. 沈阳. 中国科学院沈阳自动化研究所,2013.
条目包含的文件
文件名称/大小 文献类型 版本类型 开放类型 使用许可
工业控制系统通信和节点安全技术研究.pd(1975KB) 开放获取CC BY-NC-SA请求全文
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[宋岩]的文章
百度学术
百度学术中相似的文章
[宋岩]的文章
必应学术
必应学术中相似的文章
[宋岩]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。