加密传输在工控系统安全中的可行性研究

梁耀; 冯冬芹; 徐珊珊; 陈思媛; 高梦州

doi:10.16383/j.aas.2018.c160399

加密传输在工控系统安全中的可行性研究

doi: 10.16383/j.aas.2018.c160399

梁耀^1,,
冯冬芹^1, ,,
徐珊珊^1,,
陈思媛^2,,
高梦州^1,

1.
浙江大学工业控制技术国家重点实验室杭州 310027 中国
2.
多伦多大学计算机与电子工程学院多伦多 M4Y1M7 加拿大

基金项目:

国家自然科学基金 61223004

详细信息

作者简介:
梁耀  浙江大学控制科学与工程学院硕士研究生.2014年获得山东大学控制科学与工程学院学士学位.主要研究方向为工控系统安全脆弱性分析与建模.E-mail:liangyaoxp@zju.edu.cn

徐珊珊  浙江大学控制科学与工程学院硕士研究生.2013年获得华东理工大学学士学位.主要研究方向为工业控制轻量级数据加密传输.E-mail:lqxssxss@163.com

陈思媛  多伦多大学计算机与电子工程学院硕士研究生.2015年获得浙江大学学士学位.主要研究方向为工控系统加密传输机制性能分析与补偿.E-mail:siyuansiyuan.chen@mail.utoronto.ca

高梦州  浙江大学控制科学与工程学院博士研究生.2012年获得哈尔滨工业大学学士学位.主要研究方向为工业控制系统网络安全.E-mail:mzgao@zju.edu.cn

通讯作者:
冯冬芹浙江大学工业控制技术国家重点实验室、浙江大学智能系统与控制研究所教授.主要研究方向为现场总线, 实时以太网, 工业无线通信技术, 工业控制系统安全, 网络控制系统的研发与标准化工作.本文通信作者.E-mail:fengdongqin@zju.edu.cn

计量
- 文章访问数: 2589
- HTML全文浏览量: 333
- PDF下载量: 843
- 被引次数: 0
出版历程
- 收稿日期: 2016-05-16
- 录用日期: 2016-12-27
- 刊出日期: 2018-03-20

Feasibility Analysis of Encrypted Transmission on Security of Industrial Control Systems

1.
State Key Laboratory of Industrial Control Technology, Zhejiang University, Hangzhou 310027, China
2.
Engineering at Electrical and Computer Engineering Department, University of Toronto M4Y1M7, Canada

Funds:

National Natural Science Foundation of China 61223004

More Information

Author Bio:
Master student at the College of Control Science and Engineering, Zhejiang University. He received his bachelor degree from Shandong University in 2014. His research interest covers vulnerability analysis and modeling of ICS security

Master student at the College of Control Science and Engineering, Zhejiang University. She received her bachelor degree from East China University of Science and Technology. Her main research interest is lightweight encrypted data transmission for ICS

Master student in the Department of Electrical and Computer Engineering, University of Toronto. She received her bachelor degree from Zhejiang University in 2015. Her research interest covers performance assessment and compensation for ICS based on cryptography

Ph. D. candidate at the Colledge of Control Science and Engineering, Zhejiang University. She received her bachelor degree from Harbin Institute of Technology in 2012. Her main research interest is network security of ICS

Corresponding author: FENG Dong-Qin Professor at the State Key Laboratory of Industrial Control Technology, Institute of Cyber-Systems and Control, Zhejiang University. His research interest covers field bus, real-time ethernet, industrial wireless communication technology, security of industrial control system, and network control system. Corresponding author of this paper

摘要

摘要: 针对需要对现场数据加密的工业控制系统（Industrial control system，ICS），基于稳定性判据设计一种加密传输机制的可行性评估模型，结合超越方程D-subdivision求解法，提出一种数据加密长度可行域求解算法.改进IAE（Integral absolute error）并提出Truncated IAE（TIAE）-based指标，用于评估可行域内不同数据长度对系统实时性能的影响.利用嵌入式平台测定的加密算法执行时间与数据长度的关系，评估了两种对称加密算法应用在他励直流电机控制系统中的可行性，验证了可行域求解算法的准确性，并获得了实时性能随数据长度的变化规律.
- 工业控制系统 /
- 加密传输 /
- 稳定性 /
- 数据加密长度可行域 /
- 实时性能 /
- TIAE-based指标
Abstract: For those industrial control systems (ICS) whose field data need to be encrypted, a model, based on stability criterion is designed to assess the feasibility of the encrypted transmition mechanism. Combined with D-subdivision solution to transcentdental equation, a method to solve the feasible region of the length of encrypted data quantitatively is proposed. Integral absolute error (IAE) is improved to introduce the truncated IAE (TIAE)-based index, which is designed for evaluating the real-time performance influenced by the length in the feasible region. In terms of the relationship between execute time of encryption algorithm and length measured on embedded platform, two symmetric encryption algorithms for the control system of separately excited DC motor are evaluated, the accuracy of solution to the feasible region is verified, and the change law between real-time performance and length is obtained.
- Industrial control system (ICS) /
- encrypted transmission /
- stability /
- feasible region of length of encrypted data /
- real-time performance /
- truncated integral absolute error (TIAE)-based index
注释:

1) 本文责任编委陈积明

HTML全文

图 1 基于加密传输机制的工控系统框架图

Fig. 1 Frame diagram of industrial control system under encrypted transmission

下载: 全尺寸图片幻灯片

图 2 基于加密传输机制的MIMO控制系统结构图

Fig. 2 Structure diagram of MIMO control system under encrypted transmission

下载: 全尺寸图片幻灯片

图 3 加密算法执行时间与数据加密长度关系曲线

Fig. 3 Relationship curve between the execute time of encryption algorithms and the length of encrypted data

下载: 全尺寸图片幻灯片

图 4 不同AES加密数据长度下实际转速变化曲线

Fig. 4 Timely varying curves of the actual speed under different length of AES encrypted data

下载: 全尺寸图片幻灯片

图 5 ${\eta _{{\rm TIAE}}}$随${t_r}$、$\sigma\% $、${t_s}$、${\rm TIAE}$变化曲线

Fig. 5 Curves of the index ${\eta _{{{\rm TIAE}}}}$ under different ${t_r}$, $\sigma\%$, ${t_s}$, ${\rm TIAE}$

下载: 全尺寸图片幻灯片

图 6 ${t_r}$、$\sigma\%$、${t_s}$、${\rm TIAE}$随数据加密长度$l$变化曲线

Fig. 6 Curves of the index ${t_r}$, $\sigma\%$, ${t_s}$, ${\rm TIAE}$ under different length of AES encrypted data

下载: 全尺寸图片幻灯片

图 7 ${\eta _{{\rm TIAE}}}$随数据加密长度$l$变化曲线

Fig. 7 Curves of the index ${\eta _{{\rm TIAE}}}$ under different length of AES encrypted data.

下载: 全尺寸图片幻灯片

表 1 加密算法执行时间与数据加密长度测试数据

Table 1 Test data between the execute time of encryption algorithms and the length of plaintext

长度(B)		16	144	272	400	528	656	784	912	1040
时间(ms)	AES加密	7.48	67.21	127.18	187.24	246.88	306.46	366.37	426.42	485.94
	AES解密	9.32	83.99	158.81	233.46	308.88	383.58	458.43	533.18	608.33
	DES加密	8.83	79.72	150.59	228.22	300.12	372.94	445.34	517.98	595.94
	DES解密	6.97	62.46	117.91	178.22	234.84	291.86	348.74	405.94	462.94

下载: 导出CSV

表 2 集合$\Theta$判定表格

Table 2 Judging form of $\Theta$

$\tau$	$\omega $	$T$	${\rm{RT}}$	${\rm{NU(}}\tau {\rm{)}}$
(0, 0.321)				0
0.321	4.775	0.201867	1
(0.321, 1.637)				2
1.637	4.775	0.201867	1
(1.637, 2.953)				4
2.953	4.775	0.201867	1
$\cdots$	$\cdots$	$\cdots$	$\cdots$	6

下载: 导出CSV

表 3 实时性指标与数据加密长度测试数据

Table 3 Test data between the real-time performance index and the length of encrypted data

$l$(B)	${t_r}$(s)	$\sigma\%$	${t_s}$ (s)	TIAE	${\eta _{{{\rm TIAE}}}}$
0	20	0	1.618	99.2545	1
70	1.301	0.2438	1.972	130.2633	0.7620
80	1.305	0.3453	2.118	161.8826	0.6131
90	1.312	0.4396	2.596	206.0987	0.4816
100	1.323	0.544	3.209	274.6412	0.3614
110	1.333	0.639	4.311	372.4369	0.2665
120	1.344	0.7434	5.676	541.5546	0.1833
130	1.354	0.8383	8.749	846.1615	0.1173
140	1.365	0.9427	17.231	1.73E+03	0.0573
150	1.375	1.0376	80.985	8.52E+03	0.0117

下载: 导出CSV

参考文献(16)

[1]	Knowles W, Prince D, Hutchison D, Disso J F P, Jones K. A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 2015, 9:52-80 doi: 10.1016/j.ijcip.2015.02.002
[2]	ICS-CERT. ICS-CERT Monitor[Online], available: https://ics-cert.us-cert.gov/monitors/ICS-MM201512, May 3, 2016.
[3]	Pang Z H, Liu G P, Zhou D H, Hou F Y, Sun D H. Two-channel false data injection attacks against output tracking control of networked systems. IEEE Transactions on Industrial Electronics, 2016, 63(5):3242-3251 doi: 10.1109/TIE.2016.2535119
[4]	Tang B X, Alvergue L D, Gu G X. Secure networked control systems against replay attacks without injecting authentication noise. In: Proceedings of the 2015 American Control Conference (ACC). Chicago, USA: IEEE, 2015. 6028-6033
[5]	Zijlstra P. Cryptography for a Networked Control System using Asynchronous Event-Triggered Control[Master dissertation], Delft University of Technology, Netherlands, 2016.
[6]	Zhang L Y, Xie L, Li W Z, Wang Z L. Security solutions for networked control systems based on des algorithm and improved grey prediction model. International Journal of Computer Network and Information Security (IJCNIS), 2013, 6(1):78-85 doi: 10.5815/ijcnis
[7]	Wei M K, Wang W Y. Safety can be dangerous: secure communications impair smart grid stability under emergencies. In: Proceedings of the 2015 IEEE Global Communications Conference (GLOBECOM). San Diego, USA: IEEE, 2015. 1-6
[8]	Sipahi R, Niculescu S I, Abdallah C T, Michiels W, Gu K Q. Stability and stabilization of systems with time delay. IEEE Control Systems, 2011, 31(1):38-65 doi: 10.1109/MCS.2010.939135
[9]	Sipahi R, Olgac N. A unique methodology for the stability robustness of multiple time delay systems. Systems & Control Letters, 2006, 55(10):819-825 http://www.sciencedirect.com/science/article/pii/S0167691106000612
[10]	Olgac N, Sipahi R. An exact method for the stability analysis of time-delayed linear time-invariant (LTI) systems. IEEE Transactions on Automatic Control, 2002, 47(5):793-797 doi: 10.1109/TAC.2002.1000275
[11]	Harris T J. Assessment of control loop performance. The Canadian Journal of Chemical Engineering, 1989, 67(5):856-861 doi: 10.1002/cjce.v67:5
[12]	Eriksson P G, Isaksson A J. Some aspects of control loop performance monitoring. In: Proceedings of the 3rd IEEE Conference on Control Applications. Scotland, UK: IEEE, 1994. 1029-1034
[13]	Gupta R A, Chow M Y. Performance assessment and compensation for secure networked control systems. In: Proceedings of the 34th Annual Conference of IEEE Industrial Electronics. Orlando, USA: IEEE, 2008. 2929-2934
[14]	Zeng W T, Chow M Y. Optimal tradeoff between performance and security in networked control systems based on coevolutionary algorithms. IEEE Transactions on Industrial Electronics, 2012, 59(7):3016-3025 doi: 10.1109/TIE.2011.2178216
[15]	Yu Z P, Wang J D, Huang B, Bi Z F. Performance assessment of PID control loops subject to setpoint changes. Journal of Process Control, 2011, 21(8):1164-1171 doi: 10.1016/j.jprocont.2011.06.012
[16]	Smith R S. Covert misappropriation of networked control systems:presenting a feedback structure. IEEE Control Systems, 2015, 35(1):82-92 doi: 10.1109/MCS.2014.2364723