通信学报 ›› 2017, Vol. 38 ›› Issue (Z2): 185-196.doi: 10.11959/j.issn.1000-436x.2017277
冯涛1,鲁晔2,3,4,方君丽1
出版日期:
2017-11-01
发布日期:
2018-06-07
作者简介:
冯涛(1970-),男,甘肃临洮人,博士,兰州理工大学研究员、博士生导师,主要研究方向为网络与信息安全、密码学。|鲁晔(1986-),男,陕西宝鸡人,兰州理工大学博士生,主要研究方向为工业控制网络安全与协议安全。|方君丽(1985-),女,甘肃天水人,兰州理工大学讲师,主要研究方向为网络与信息安全。
基金资助:
Tao FENG1,Ye LU2,3,4,Jun-li FANG1
Online:
2017-11-01
Published:
2018-06-07
Supported by:
摘要:
为解决工业控制系统信息安全问题,对工业以太网协议安全进行深入研究,报告了协议安全防护的研究现状。首先论述了工业控制系统和工业以太网协议的体系结构,分析了5种主要协议的脆弱性。其次从外部主动防御技术、内部被动防御技术和协议安全改进三个方面,提出完善的工业以太网协议安全防护模型,并对主要防护技术进行论述,最后指出未来工业以太网协议信息安全改进的发展方向和研究方法。
中图分类号:
冯涛,鲁晔,方君丽. 工业以太网协议脆弱性与安全防护技术综述[J]. 通信学报, 2017, 38(Z2): 185-196.
Tao FENG,Ye LU,Jun-li FANG. Research on vulnerability and security technology of industrial Ethernet protocol[J]. Journal on Communications, 2017, 38(Z2): 185-196.
表5
外部主动防护技术性能比较"
文献 | 支持协议 | 防御策略 | 防御技术 | 防御效果 | 局限性 |
文献[ | Modbus TCP | 纵深防御 | 数据匹配 | 中 | 难以防范具备专业知识的攻击 |
文献[ | ICS | 纵深防御 | 行为感知 | 中 | 仅针对单一协议数据 |
文献[ | ICS | 纵深防御 | 数据二极管 | 中 | 数据单向传输 |
文献[ | ICS | 纵深防御 | 白名单 | 中 | 需制定大量规则,维护难度大,易误操作 |
文献[ | DNP3/ Modbus | 入侵检测 | 数据匹配 | 中 | 难以防范具备专业知识的攻击 |
文献[ | Modbus TCP | 入侵检测 | 数据匹配 | 中 | 需制定大量规则,维护难度大,易误操作 |
文献[ | ICS | 蜜罐 | Conpot | 低 | |
文献[ | ICS | 蜜罐 | Honeyd | 低 | 无法实际防御,仅对攻击行为进行收集 |
文献[ | ICS | 蜜罐 | Conpot | 低 | |
文献[ | Modbus TCP | 漏洞挖掘 | Fuzzing | 低 | |
文献[ | Modbus TCP | 漏洞挖掘 | Fuzzing | 低 | 不能直接防御攻击、存在误报 |
文献[ | Modbus TCP | 漏洞挖掘 | Fuzzing | 低 |
表7
协议安全改进方法性能比较"
文献 | 支持协议 | 改进策略 | 改进技术 | 改进效率 | 局限性 |
文献[ | WLAN | 链路加密 | Hash-Chain | 低 | |
文献[ | ICS | 链路加密 | Mac | 低 | 链路负荷增加,实时性降低 |
文献[ | ICS | 链路加密 | ECC | 低 | |
文献[ | Modbus TCP | 节点加密 | BITW | 中 | |
文献[ | ICS | 节点加密 | YASIR | 中 | 每一个节点都需要绑定加解密设备,成本高,实时性低 |
文献[ | Modbus TCP | 节点加密 | BITW | 中 | |
文献[ | ICS | 端到端加密 | NTRU | 高 | |
文献[ | ICS | 端到端加密 | SSL、TLS、IPsec | 高 | 端节点需要绑定加解密设备,成本高,实时性低 |
[1] | 袁胜 . 中国制造 2025,工控安全不容忽视——工业控制系统被谁“反控”[J]. 中国信息安全, 2016(4): 44-47. |
YUAN S . Made in China 2025,industrial safety can not be ignored industrial control system who "anti-control"[J]. China Information Security, 2016(4): 44-47. | |
[2] | 罗军舟, 杨明, 凌振 ,等. 网络空间安全体系与关键技术[J]. 中国科学:信息科学, 2016,46(8):939. |
LUO J Z , YANG M , LIN Z ,et al. Cyberspace security system and key technologies[J]. Scientia Sinica Information, 2016,46(8): 9-39. | |
[3] | 屈婉莹, 魏为民, 朱苏榕 . 工业控制系统通信协议安全研究[C]\\ 全国智能电网用户端能源管理学术年会. 2015. |
QU W Y , WEI W M , ZHU S R . Research on communication protocol security of industrial control system[C]// Clients nationwide smart grid energy management Annual Conference. 2015. | |
[4] | 陶耀东, 李宁, 曾广圣 . 工业控制系统安全综述[J]. 计算机工程与应用, 2016,52(13): 8-18. |
TAO Y D , LI N , ZENG G S.Review of industrial control systems security . Computer Engineering and Applications[J]. Computer Engineering and Applications, 2016,52(13): 8-18. | |
[5] | 柴天佑 . 工业过程控制系统研究现状与发展方向[J]. 中国科学:信息科学, 2016,46(8):1003. |
CHAI T Y . Research status and development direction of industrial process control system[J]. Scientia Sinica Information, 2016,46(8):1003. | |
[6] | 夏春明, 刘涛, 王华忠 ,等. 工业控制系统信息安全现状及发展趋势[J]. 信息安全与技术, 2013,4(2): 13-18. |
XIA C M , LIU T , WANG Z H ,et al. Industrial control system security analysis[J]. Information Security and Technology, 2013,4(2): 13-18. | |
[7] | PIGGIN R S H , . Development of industrial cyber security standards:IEC 62443 for SCADA and industrial control system security[C]// Control and Automation 2013:Uniting Problems and Solutions,IET, 2013: 1-6. |
[8] | 彭勇, 江常青, 谢丰 ,等. 工业控制系统信息安全研究进展[J]. 清华大学学报自然科学版, 2012(10): 1396-1408. |
PENG Y , JIANG C Q , XIE F ,et al. Industrial control system cyber security research[J]. Tsinghua Univ (Sci&Tech), 2012(10): 1396-1408. | |
[9] | SHAHZAD A , LEE M , LEE Y K ,et al. Real time MODBUS transmissions and cryptography security designs and enhancements of protocol sensitive information[J]. Symmetry, 2015,7(3): 1176-1210. |
[10] | NARDONE R , RODRíGUEZ R J , MARRONE S . Formal security assessment of Modbus protocol[C]// Internet Technology and Secured Transactions. 2017. |
[11] | KOBAYASHI T H , JR A B B , MEDEIROS J P S ,et al. Analysis of malicious Traffic in Modbus/TCP Communications[C]// International Workshop on Critical Information Infrastructures Security. Springer Berlin Heidelberg, 2008: 200-210. |
[12] | HUITSING P , CHANDIA R , PAPA M ,et al. Attack taxonomies for the Modbus protocols[J]. International Journal of Critical Infrastructure Protection, 2008,1(1): 37-44. |
[13] | GRANDGENETT R , GANDHI R , MAHDNEY W . Exploitation of Allen Bradley's implementation of Ethernet/IP for denial of service against industrial control systems[C]\\ 9th International Conference on Cyber Warfare and Security, 2014: 58-65. |
[14] | LAUGHTER S A , WILLIAMS R D . An Ethernet/IP security review with intrusion detection applications[J]. Science, 2006,105(2731): 475-6. |
[15] | 孙溪 . CIP Safety网络协议通信层协议关键技术的分析[J]. 仪器仪表标准化与计量, 2014(4): 28-30. |
SUN X , . Analysis of the key technology for communication layer protocol in CIP [J]. safety and Metrology 2014(4): 28-30. | |
[16] | ZHANG D , WANG J , ZHANG H . Peach improvement on PROFINET-DCP for industrial control system vulnerability detection[C]// International Conference on Electrical,Computer Engineering and Electronics. 2015. |
[17] | ?KERBERG J , BJ?RKMAN M , . Exploring security in PROFINET IO[C]// Computer Software and Applications Conference,2009.COMPSAC '09.IEEE International. 2009: 406-412. |
[18] | LEHNHOFF S , ROHJANS S , USLAR M ,et al. OPC unified architecture:a service-oriented architecture for smart grids[C]// International Workshop on Software Engineering for the Smart Grid. 2012: 1-7. |
[19] | PUYS M , POTET M L , LAFOURCADE P . Formal analysis of security properties on the OPC-UA SCADA protocol[C]// International Conference on Computer Safety,Reliability,and Security. Springer International Publishing, 2016: 67-75. |
[20] | HUANG R , FENG L , PAN D . Research on OPC UA security[C]// Industrial Electronics and Applications. 2010: 1439-1444. |
[21] | QIAO J X . Research on OPC security mechanism based on MTS/COM+[J]. Computer Technology & Development, 2007. |
[22] | BAGARIA S , PRABHAKAR S B , SAQUIB Z . Flexi-DNP3:flexible distributed network protocol version 3 (DNP3) for SCADA security[C]// International Conference on Recent Trends in Information Systems. 2012: 293-296. |
[23] | MAJDALAWIEH M , PARISIPRESICCE F , WIJESEKERA D . DNPSec:distributed network protocol version 3 (DNP3) security framework[M]. Advances in Computer,Information,and Systems Sciences,and Engineering. 2007: 227-234. |
[24] | CRAIN J A , BRATUS S . Bolt-on security extensions for industrial control system protocols:A case study of DNP3 SAv5[J]. IEEE Security & Privacy Magazine, 2015,13(3): 74-79. |
[25] | IAN Y X , . Real-time and interactive attacks on DNP3 critical infrastructure using Scapy[C]// Australasian Information Security Conference (ACSW-AISC). 2015. |
[26] | DARWISH I , IGBE O , SAADAWI T . Vulnerability assessment and experimentation of Smart Grid DNP3[J]. Journal of Cyber Security, 2016,5(1): 23-54. |
[27] | JIN D , NICOL D M , YAN G . An event buffer flooding attack in DNP3 controlled SCADA systems[C]// Simulation Conference. 2011: 2619-2631. |
[28] | 张盛山, 尚文利, 万明 ,等. 基于区域/边界规则的Modbus TCP通讯安全防御模型[J]. 计算机工程与设计, 2014,35(11): 3701-3707. |
ZHANG S S , SHANG W L , WAN M ,et al. Security defense module of Modbus TCP communication based on region/enclave rules[J]. Computer Engineering and Design, 2014,35(11): 3701-3707. | |
[29] | KATO W M I , KOIKE M , MATTA M . Dynamic zoning based on situational activities for ICS security[C]// The 10th Asian Control Conference(ASCC). 2015: 1-5. |
[30] | JEON B S , NA J C . A study of cyber security policy in industrial control system using data diodes[C]// The 18th International Conference on Advanced Communication Technology (ICACT). 2016: 314-317. |
[31] | ICS-CERT.Targeted cyber intrusion detection and mitigation strategies[R]. Washington:DHS, 2013-02. |
[32] | FOVINO I N , CARCANO A , MUREL T D L ,et al. Modbus/DNP3 State-Based Intrusion Detection System[C]// IEEE International Conference on Advanced Information NETWORKING and Applications. 2010: 729-736. |
[33] | 姜伟伟, 刘光杰, 戴跃伟 . 基于Snort的Modbus TCP工控协议异常数据检测规则设计[J]. 计算机科学, 2015,42(11): 212-216. |
JIANG W W , LIU G J , DAI Y W . Design of Modbus TCP industrial control network protocol abnormal data detection rules based on snort[J]. Computer Science, 2015,42(11): 212-216. | |
[34] | 赖英旭, 刘增辉, 蔡晓田 ,等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017,38(2): 143-156. |
LAI Y X , LIU Z H , CAI X T ,et al. Research on intrusion detection of industrial control system[J]. Journal on Communications, 2017,38(2): 143-156. | |
[35] | WILHIOT K . Who’s really attacking your ICS equipment[R]. Silicon Valley:Trend Micro Incorporated, 2013. |
[36] | 周昆 . 一种基于 Honeyd 的过程控制蜜罐系统的平台搭建研究[D]. 上海:华东理工大学, 2014. |
ZHOU K . A honeypot process control system platform based on honeyd[D]. Shanghai:East China University of Science and Technology, 2014. | |
[37] | PONOMAREV S , ATKISON T . Industrial control system network intrusion detection by telemetry analysis[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(2): 252-260. |
[38] | 于长奇 . 工控设备漏洞挖掘技术研究[D]. 北京:北京邮电大学, 2015. |
YU C Q . The Study of Industrial Control System Device Vulnerability Discovery[D]. Beijing:Beijing University of Posts and Telecommunications, 2015. | |
[39] | 王欢欢 . 工控系统漏洞扫描技术的研究[D]. 北京:北京邮电大学, 2015. |
WANG H H . Research on vulnerability scanning technology of industrial control system[D]. Beijing University of Posts and Telecommunications, 2015. | |
[40] | 伊胜伟, 张翀斌, 谢丰 ,等. 基于Peach的工业控制网络协议安全分析研究[J]. 清华大学学报自然科学版, 2017,57(1): 50-54. |
YI S W , ZHANG C B , XIE F ,et al. Security analysis of industrial control network protocols based on Peach[J]. J Tsinghua Univ (Sci &Technol), 2017,57(1): 50-54. | |
[41] | CHEUNG S , DUTERTRE B , FONG M ,et al. Using model-based intrusion detection for SCADA networks[C]// The Scada Security Scientific Symposium. 2016. |
[42] | FOVINO I N , CARCANO A , MUREL T D L ,et al. Modbus/DNP3 state-based intrusion detection system[J]. Advanced Information Networking and Applications, 2010: 729-736. |
[43] | YANG D Y , USYNIN A , HINES J W . Anomaly-based intrusion detection for SCADA systems[J]. International Atomic Energy Agency (IAEA),Technical Meeting on Cyber Security,Idaho, 2016. |
[44] | TSANG C H , KWONG S . Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction[M]. 2016. |
[45] | NSS E , FRINCKE D A , MCKINNON A D ,et al. Configurable Middleware-Level Intrusion Detection for Embedded Systems[C]// International Workshop on Security in Distributed Computing Systems. IEEE Computer Society, 2015: 144-151. |
[46] | 罗新强 . 低开销工业无线网络安全机制研究[D]. 北京:北京科技大学, 2015. |
LUO X Q . Research on Low-Cost Security Mechanism of Industrial Wireless Network[D]. Beijing:University of Science and Technology Beijing, 2015. | |
[47] | MOREIRA N , MOLINA E , LáZARO J ,et al. Cyber-security in substation automation systems[J]. Renewable & Sustainable Energy Reviews, 2016,54: 1552-1562. |
[48] | BINOD V , DIMITRIOS M , HUSSEIN T M . Authentication and Authorization Mechanisms for Substation Automation in Smart Grid Network[J]. IEEE Network, 2013(1): 5-11. |
[49] | TSANG P P , SMITH S W . YASIR:a low-latency,high-integrity security retrofit for legacy SCADA systems[C]// The 23rd International Axiomatic Security Conference. Springer US, 2008: 445-459. |
[50] | SOLOMAKHIN R , TSANG P , SMITH S . High security with low latency in legacy SCADA systems[J]. Advances in Information &Communication Technology, 2010,342: 63-79. |
[51] | WEI D , LU Y , JAFARI M ,et al. Protecting smart grid automation systems against cyberattacks[J]. IEEE Transactions on Smart Grid, 2011,2(4): 782-795. |
[52] | PREMNATH A P , JO J Y , KIM Y . Application of NTRU cryptographic algorithm for SCADA security[C]// International Conference on Information Technology. 2014: 341-346. |
[53] | PATEL S C , BHATT G D , GRAHAM J H . Improving the cyber security of SCADA communication networks[J]. Communications of the ACM, 2009,52(7): 139-142. |
[54] | SABALIAUSKAITE G , MATHUR A P . Design of intelligent checkers to enhance the security and safety of cyber physical systems[C]// The 38th Annual International Computers,Software and Applications Conference Workshops, 2014: 7-12. |
[55] | HAO J P , PIECHOCKI R J , KALESHI D ,et al. Sparse malicious false data injection attacks and defense mechanisms in smart grids[J]. IEEE Transactions on Industrial Informatics, 2015,11(5): 1198-1209. |
[56] | 辛耀中, 石俊杰, 周京阳 ,等. 智能电网调度控制系统现状与技术展望[J]. 电力系统自动化, 2015,39(1): 2-8. |
XIN Y Z , SHI J J , ZHOU J Y ,et al. Technology development trends of smart grid dispatching and control systems[J]. Automation of Electric Power Systems, 2015,39(1): 2-8. | |
[57] | 陈来军, 梅生伟, 陈颖 . 智能电网信息安全及其对电力系统生存性的影响[J]. 控制理论与应用, 2012,29(2): 240-244. |
CHEN L J , MEI S W , CHEN Y . Smart grid information security and its influence on power system survivability[J]. Control Theory & Applications, 2012,29(2): 240-244. | |
[58] | 曾鸣, 李红林, 薛松 ,等. 系统安全背景下未来智能电网建设关键技术发展方向—印度大停电事故深层次原因分析及对中国电力工业的启示[J]. 中国电机工程学报, 2012,32(25): 175-181. |
ZENG M , LI H L , XUE S ,et al. Key technologies of future smart grid construction based on power system security:a view of blackout in India and experience and enlightment to power industry in China[J]. Proceedings of the CSEE, 2012,32(25): 175-181. | |
[59] | 丁冠军, 樊邦奎, 兰海滨 ,等. 智能电网信息安全威胁及防御策略研究[J]. 电力信息与通信技术, 2014,12(5): 58-63. |
DING G J , FAN B K , LAN H B ,et al. Research on information security threats and defense strategies for smart grid[J]. Electric Power ICT, 2014,12(5): 58-63. | |
[60] | 刘雪艳, 张强, 李战明 . 智能电网信息安全研究综述[J]. 智能电网, 2014,12(4): 56-60. |
LIU X Y , ZHANG Q , LI Z M . A Survey on information security for smart grid[J]. Electric Power ICT, 2014,12(4): 56-60. | |
[61] | 张海鹏 . 智能电网信息安全威胁及防御技术研究[D]. 石家庄:河北科技大学, 2014. |
ZHANG H P . Smart grid information security threats and defense technology research[D]. Shijiazhuang:Hebei University of Science and Technology, 2014. | |
[62] | LU Z , LU X , WANG W ,et al. Review and evaluation of security threats on the communication networks in the smart grid[C]// Proceedings of IEEE Military Communications Conference,San Jose. 2010. 1830-1835. |
[63] | LI H , MAO R , LAI L ,et al. Compressed meter reading for delay-sensitive and secure load report in smart grid[C]// Proceedings of the 1st IEEE International Conference on Smart Grid Communications,Gaithersburg. 2010: 114-119. |
[64] | RIAL A , DANEZIS G . Privacy-preserving smart metering[C]// In:Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. 2011: 49-60. |
[65] | RUJ S , NAYAK A . A decentralized security framework for data aggregation and access control in smart grids[J]. IEEE Trans Ind Electron, 2013,4: 196-205 |
[66] | ROTTONDI C , VERTICALE G , CAPONE A . Privacy-preserving smart metering with multiple data consumers[J]. Computer Network, 2013,57: 1699-1713 |
[67] | BIRMAN K , JELASITY M , KLEINBERG R ,et al. Building a secure and privacy-preserving smart grid[J]. ACM Special Interest Group Operating Syst Rev, 2015,49: 131-136 |
[68] | LI H , LAI L , QIU R C . Communication capacity requirement for reliable and secure state estimation in smart grid[C]// Proceedings of the 1st IEEE International Conference on Smart Grid Communications,Gaithersburg. 2010: 191-196 |
[69] | 张彤 . 电力可信网络体系及关键技术的研究[D]. 北京:华北电力大学, 2013. |
ZHANG T . Research on theory and key technologies of trustednetwork in electric power industry control system[D]. Beijing:North China Electric Power University, 2013. | |
[70] | 詹静, 杨静 . 基于远程证明的可信 Modbus/TCP 协议研究[J]. 四川大学学报(工程科学版), 2017,49(1): 197-205. |
ZHAN J , YANG J . Research on remote attestation-based trusted Modbus/TCP protocol[J]. Advanced Engineering Sciences, 2017,49(1): 197-205. | |
[71] | 邵诚, 钟梁高 . 一种基于可信计算的工业控制系统信息安全解决方案[J]. 信息与控制, 2015,44(5): 628-633. |
SHAO C , ZHONG L G . Research of information security solutions of industrial control system based on trusted computing[J]. Information and Control, 2015,44(5): 628-633. | |
[72] | 袁勇, 王飞跃 . 区块链技术发展现状与展望[J]. 自动化学报, 2016,42(4): 481-494. |
YUAN Y , WANG F Y . Blockchain:the state of the art and future trends[J]. Acta Automatica Sinica, 2016,42(4): 481-494. |
[1] | 陈炜宇, 骆俊杉, 王方刚, 丁海洋, 王世练, 夏国江. 无线隐蔽通信容量限与实现技术综述[J]. 通信学报, 2022, 43(8): 203-218. |
[2] | 张晗,胡永进,郭渊博,陈吉成. 信息安全领域内实体共指消解技术研究[J]. 通信学报, 2020, 41(2): 165-175. |
[3] | 印曦,黄伟庆. 基于混沌理论的彩色QR编码水印技术研究[J]. 通信学报, 2018, 39(7): 50-58. |
[4] | 王秦,朱建明. 基于Gordon-Loeb模型的信息安全投资博弈研究[J]. 通信学报, 2018, 39(2): 174-182. |
[5] | 汤光明,孙艺,徐潇雨,王宇. 动态更新失真代价的自适应JPEG隐写算法[J]. 通信学报, 2017, 38(9): 1-8. |
[6] | 赖英旭,刘增辉,蔡晓田,杨凯翔. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2): 143-156. |
[7] | 刘牧洲,仇剑书,张云勇,严斌峰,张思遥,汤雅妃. 基于标识密钥技术的证书集成管理平台[J]. 通信学报, 2016, 37(Z1): 197-203. |
[8] | 温涛,张玉清,刘奇旭,杨刚. UVDA:自动化融合异构安全漏洞库框架的设计与实现[J]. 通信学报, 2015, 36(10): 235-244. |
[9] | 张玉清,武倩如,刘奇旭,董颖. 第三方追踪的安全研究[J]. 通信学报, 2014, 35(9): 1-11. |
[10] | 汪洁,何小贤. 基于种子——扩充的多态蠕虫特征自动提取方法[J]. 通信学报, 2014, 35(9): 12-19. |
[11] | 丁宇新,肖 骁,吴美晶,张逸彬,董 丽. 基于半监督学习的社交网络用户属性预测[J]. 通信学报, 2014, 35(8): 3-22. |
[12] | 李 晖,李凤华,曹 进,牛 犇,孙文海,耿 魁. 移动互联服务与隐私保护的研究进展[J]. 通信学报, 2014, 35(11): 1-8. |
[13] | 董婵,范修斌,李有文,王建荣. 应用规律下的BLP模型密级赋值方法[J]. 通信学报, 2013, 34(9): 142-149. |
[14] | 李卫卫. 平衡H布尔函数的相关免疫性研究[J]. 通信学报, 2013, 34(8): 82-87. |
[15] | 李卫卫. 平衡H布尔函数的相关免疫性研究[J]. 通信学报, 2013, 34(8): 11-87. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|