Abstract: With the development of modern industrial networks, more and more security problems appear. The Modbus protocol application is widely used in the industrial control network. However, the Modbus protocol is not secure, thus, it is vulnerable to malicious attacks. As far as is known there is no effective solution till now. In order to solve these security problems, this paper presents a dual authentication model, algorithm and configuration scheme for master and slave devices of Modbus based industrial network. The algorithm utilizes some features of Hash chain and symmetric encryption, and it is a lightweight authentication algorithm designed for the limited computing and storage capacity of Modbus based remote control system. The security analysis shows that the authentication algorithm can effectively resist the security problems of the common Modbus based industrial control network, and the algorithm configuration scheme can effectively reduce the interference of the authentication algorithm to the master and slave devices.

Key words: Modbus industrial control network, secure communication, authentication algorithm, Hash chain, symmetric encryption, security analysis

摘要： 随着现代化工业网络的不断发展，越来越多的工控网络安全问题层出不穷。在工控网络中Modbus协议应用最为普遍。然而Modbus工控网络却没有安全通信的机制，极易受到恶意攻击。根据文献追踪来看，目前还没有效的解决方案。为解决这些安全问题，提出了针对Modbus工控网络主从设备的认证模型、双重认证算法以及算法的配置方案。该算法利用了哈希链以及对称加密的一些特点，是针对Modbus工控网络主从设备有限的计算和存储能力而设计的轻量型认证算法。通过安全性分析可知，该认证算法能有效抵御常见Modbus工控网络的安全问题，并且算法的配置方案能有效减小认证算法对主从设备通信的干扰。

关键词: Modbus工控网络, 安全通信, 认证算法, 哈希链, 对称加密, 安全性分析