计算机工程与应用 ›› 2020, Vol. 56 ›› Issue (9): 125-130.DOI: 10.3778/j.issn.1002-8331.1901-0386

• 网络、通信与安全 • 上一篇    下一篇

基于隐蔽信道的工控系统数据完整性校验方法

朱智燊,凌捷,林鹏   

  1. 广东工业大学 计算机学院,广州 510006
  • 出版日期:2020-05-01 发布日期:2020-04-29

Data Integrity Checking Technology of Industrial Control System Based on Covert Channel

ZHU Zhishen,LING Jie,LIN Peng   

  1. School of Computer Science and Technology, Guangdong University of Technology, Guangzhou 510006, China
  • Online:2020-05-01 Published:2020-04-29

摘要:

随着物联网技术的快速发展和应用,越来越多的工业控制系统需要与其他信息系统互联互通。工业控制系统的安全保护主要依靠物理隔离方式阻断与其他网络连接,所用的通信协议安全性较差,在与外部网络连接时容易遭受攻击。提出一种基于Modbus-TCP协议的工控数据完整性校验方法,利用TCP存储型隐蔽信道,对Modbus数据进行哈希校验,保障数据传输的安全。仿真实验结果和安全性分析表明,该方法可有效抵御拒绝服务攻击、中间人攻击、重放攻击等网络攻击,为工业控制系统的数据传输提供完整性校验,提高工业控制系统的安全防范能力。

关键词: 工业控制系统, Modbus-TCP协议, 隐蔽信道, 数据完整性

Abstract:

With the rapid advancement of information technology, Internet of Things have?been applied in many?fields, which bring new chances for connecting industrial control system to the Internet. However, since these systems are originally designed for using in physically isolated environments, the protocols used by industrial control system have almost no security features and are vulnerable to a variety of attacks. This paper proposes a Modbus-TCP integrity check based on covert channel, simulation results and security analysis show that using this technology as a secure communication method can resist many network attacks, improve the data security capability of industrial control system.

Key words: Industrial Control System(ICS), Modbus-TCP protocol, covert channel, data integrity