Research and Security Evaluation of AUTH-VRF Model for NCS Network Based on Domestic Cryptographic Algorithms

Xiaofeng XIA; Hong XIANG; Zhenyu XIAO; Ting CAI

doi:10.11999/JEIT190893

Volume 42 Issue 8

Aug. 2020

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2020 > 42(8): 1846-1852

Xiaofeng XIA, Hong XIANG, Zhenyu XIAO, Ting CAI. Research and Security Evaluation of AUTH-VRF Model for NCS Network Based on Domestic Cryptographic Algorithms[J]. Journal of Electronics & Information Technology, 2020, 42(8): 1846-1852. doi: 10.11999/JEIT190893

Citation:

Xiaofeng XIA, Hong XIANG, Zhenyu XIAO, Ting CAI. Research and Security Evaluation of AUTH-VRF Model for NCS Network Based on Domestic Cryptographic Algorithms[J]. Journal of Electronics & Information Technology, 2020, 42(8): 1846-1852. doi: 10.11999/JEIT190893

Citation:

PDF( 1625 KB)

Research and Security Evaluation of AUTH-VRF Model for NCS Network Based on Domestic Cryptographic Algorithms

doi: 10.11999/JEIT190893

1.
Key Laboratory of Dependable Service Computing in Cyber Physical Society, Ministry of Education, Chongqing 400044, China
2.
School of Bigdata and Software Engineering, Chongqing University, Chongqing 400044, China

Funds: The National Key Research and Development Project (2017YFB0802400), The National 13th Five Year Code Development Fund (MMJJ20180211), Chongqing Postgraduate Tutor Team Construction Project, Chongqing Graduate Education and Teaching Reform Research Project (yjg192003)

Received Date: 2019-11-07
Rev Recd Date: 2020-05-31

Available Online: 2020-06-23

Publish Date: 2020-08-18

Abstract

Abstract

For the security of industrial control system, a framework for Numerical Control System(NCS) network security protection technology is proposed. The SM2, SM3 and SM4 algorithms in the domestic cryptographic algorithms are used to design and establish the AUTHentication and VRFfication (AUTH-VRF) model of the Computerized Numerical Control(CNC) network, which provides security protection for both internal and external sides. The external side conducts the security authentication for communication and transmission between CNC network devices to achieve network segment isolation. The internal side verifies communication protocol integrity to ensure that the operating procedures received by the field devices are correct and valid. The external protection device designed and deployed based on the SM2, SM3 and SM4 algorithms provides identity authentication and file encryption transmission for communication between the Distributed Numerical Control(DNC) device and the CNC system. At the same time, for the proprietary industrial communication protocol data in the CNC network, the SM3 algorithm is used to verify its integrity. The network attack experiments prove that the AUTH-VRF model can provide effective security certification and integrity protection for industrial production data in CNC networks. It also provides a practical technical approach to meet the requirements of ‘secure and controllable both for domestic and foreign products’, as well as ‘applying security technique to all layers of Industrial Control Systems’ for protecting the critical infrastructure.
- Domestic cryptographic algorithm,
- Computerized Numerical Control(CNC) network,
- Security certificate,
- Integrity verification

FullText(HTML)

References(20)

References

陈清明, 朱少辉. 关于工业控制系统网络安全审查工作的思考[J]. 信息安全与通信保密, 2018(6): 59–67. doi: 10.3969/j.issn.1009-8054.2018.06.011

CHEN Qingming and ZHU Shaohui. Considerations on the network security censor of industrial control systems[J]. Information Security and Communications Privacy, 2018(6): 59–67. doi: 10.3969/j.issn.1009-8054.2018.06.011

赖英旭, 刘增辉, 蔡晓田, 等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2): 143–156. doi: 10.11959/j.issn.1000-436x.2017036

LAI Yingxu, LIU Zenghui, CAI Xiaotian, et al. Research on intrusion detection of industrial control system[J]. Journal on Communications, 2017, 38(2): 143–156. doi: 10.11959/j.issn.1000-436x.2017036

尚文利, 安攀峰, 万明, 等. 工业控制系统入侵检测技术的研究及发展综述[J]. 计算机应用研究, 2017, 34(2): 328–333, 342. doi: 10.3969/j.issn.1001-3695.2017.02.002

SHANG Wenli, AN Panfeng, WAN Ming, et al. Research and development overview of intrusion detection technology in industrial control system[J]. Application Research of Computers, 2017, 34(2): 328–333, 342. doi: 10.3969/j.issn.1001-3695.2017.02.002

YANG Dayu, USYNIN A, and HINES W. Anomaly-based Intrusion Detection for SCADA Systems[C]. The 5th International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology, Albuquerque, 2006: 797–802.

黄海, 冯新新, 刘红雨, 等. 基于随机加法链的高级加密标准抗侧信道攻击对策[J]. 电子与信息学报, 2019, 41(2): 348–354. doi: 10.11999/JEIT171211

HUANG Hai, FENG Xinxin, LIU Hongyu, et al. Random addition-chain based countermeasure against side-channel attack for advanced encryption standard[J]. Journal of Electronics &Information Technology, 2019, 41(2): 348–354. doi: 10.11999/JEIT171211

屠袁飞, 苏清健, 杨庚. 一种适用于工业控制系统的加密传输方案[J]. 电子与信息学报, 2020, 42(2): 348–354. doi: 10.11999/JEIT190187

TU Yuanfei, SU Qingjian, and YANG Geng. An encryption transmission scheme for industrial control system[J]. Journal of Electronics &Information Technology, 2020, 42(2): 348–354. doi: 10.11999/JEIT190187

冯登国. 国内外密码学研究现状及发展趋势[J]. 通信学报, 2002, 23(5): 18–26. doi: 10.3321/j.issn:1000-436X.2002.05.005

FENG Dengguo. Status quo and trend of cryptography[J]. Journal of China Institute of Communications, 2002, 23(5): 18–26. doi: 10.3321/j.issn:1000-436X.2002.05.005

国家密码管理局. GM/T 0003.1-2012 SM2椭圆曲线公钥密码算法第1部分: 总则[S]. 北京: 中国标准出版社, 2012.

State Password Administration. GM/T 0003.1-2012 Public key cryptographic algorithm SM2 based on elliptic curves-Part 1: General[S]. Beijing: China Standard Press, 2012.

国家密码管理局. GM/T 0003.2-2012 SM2椭圆曲线公钥密码算法第2部分: 数字签名算法[S]. 北京: 中国标准出版社, 2012.

State Password Administration. GM/T 0003.2-2012 Public key cryptographic algorithm SM2 based on elliptic curves-Part 2: Digital signature algorithm[S]. Beijing: China Standard Press, 2012.

国家密码管理局. GM/T 0003.3-2012 SM2椭圆曲线公钥密码算法第3部分: 密钥交换协议[S]. 北京: 中国标准出版社, 2012.

State Password Administration. GM/T 0003.3-2012 Public key cryptographic algorithm SM2 based on elliptic curves-Part 3: Key exchange protocol[S]. Beijing: China Standard Press, 2012.

国家密码管理局. GM/T 0003.4-2012 SM2椭圆曲线公钥密码算法第4部分: 公钥加密算法[S]. 北京: 中国标准出版社, 2012.

State Password Administration. GM/T 0003.4-2012 Public key cryptographic algorithm SM2 based on elliptic curves-Part 4: Public key encryption algorithm[S]. Beijing: China Standard Press, 2012.

国家密码管理局. GM/T 0003.5-2012 SM2椭圆曲线公钥密码算法第5部分: 参数定义[S]. 北京: 中国标准出版社, 2012.

State Password Administration. GM/T 0003.5-2012 Public key cryptographic algorithm SM2 based on elliptic curves-Part 5: Parameter definition[S]. Beijing: China Standard Press, 2012.

STINSON D R, 冯登国, 译. 密码学原理与实践[M]. 2版. 北京: 电子工业出版社, 2003: 131–142.

STINSON D R, FENG D G, translation. Cryptography Theory and Practice[M]. 2nd ed. Beijing: Publishing House of Electronics Industry, 2003: 131–142.

赵军, 曾学文, 郭志川. 支持国产密码算法的高速PCIe密码卡的设计与实现[J]. 电子与信息学报, 2019, 41(10): 2402–2408. doi: 10.11999/JEIT190003

ZHAO Jun, ZENG Xuewen, and GUO Zhichuan. Design and implementation of high speed PCIe cipher card supporting GM algorithms[J]. Journal of Electronics &Information Technology, 2019, 41(10): 2402–2408. doi: 10.11999/JEIT190003

国家密码管理局. GM/T 0004-2012 SM3密码杂凑算法[S]. 北京: 中国标准出版社, 2012.

State Password Administration. GM/T 0004-2012 SM3 cryptographic hash algorithm[S]. Beijing: China Standard Press, 2012.

国家密码管理局. GM/T 0002-2012 SM4分组密码算法[S]. 北京: 中国标准出版社, 2012.

State Password Administration. GM/T 0002-2012 SM4 block cipher algorithm[S]. Beijing: China Standard Press, 2012.

ZIMMERMANN P R. The Official PGP User’s Guide[M]. Cambridge: MIT Press, 1995: 152–188.

KURNIAWAN Y, ALBONE A, and RAHYUWIBOWO H. The design of mini PGP security[C]. 2011 International Conference on Electrical Engineering and Informatics, Bandung, Indonesia, 2011: 6021726.

李强, 冯登国, 张立武, 等. 标准模型下增强的基于属性的认证密钥协商协议[J]. 计算机学报, 2013, 36(10): 2156–2167.

LI Qiang, FENG Dengguo, ZHANG Liwu, et al. Enhanced attribute-based authenticated key agreement protocol in the standard model[J]. Chinese Journal of Computers, 2013, 36(10): 2156–2167.

LI Yong, SHA Xuejun, and WANG Kun. Hybrid carrier communication with partial FFT demodulation over underwater acoustic channels[J]. IEEE Communications Letters, 2013, 17(12): 2260–2263. doi: 10.1109/LCOMM.2013.102613.131651

Relative Articles

Supplements(0)

Cited By

Proportional views