一種適用于工業(yè)控制系統(tǒng)的加密傳輸方案

屠袁飛; 蘇清健; 楊庚

doi:10.11999/JEIT190187

一種適用于工業(yè)控制系統(tǒng)的加密傳輸方案

doi: 10.11999/JEIT190187

屠袁飛^{1, 2, ,},
蘇清健¹,
楊庚²

1.
南京工業(yè)大學(xué)計(jì)算機(jī)與科學(xué)技術(shù)學(xué)院南京 211800
2.
南京郵電大學(xué)計(jì)算機(jī)學(xué)院南京 210003

基金項(xiàng)目: 國(guó)家自然科學(xué)基金(61572263, 61272084)，江蘇省高校自然科學(xué)研究重大項(xiàng)目(11KJA520002)

詳細(xì)信息

作者簡(jiǎn)介:
屠袁飛：男，1984年生，博士生，工程師，主要研究方向?yàn)榫W(wǎng)絡(luò)安全、云計(jì)算與訪問(wèn)控制

蘇清?。耗?，1994年生，碩士生，主要研究方向?yàn)樵朴?jì)算與訪問(wèn)控制

楊庚：男，1961年生，博士，教授，博士生導(dǎo)師，主要研究方向?yàn)榫W(wǎng)絡(luò)安全、分布式與并行計(jì)算等

通訊作者:
屠袁飛　yuanfeitu@163.com

中圖分類號(hào): TN918; TP309
計(jì)量
- 文章訪問(wèn)數(shù): 3660
- HTML全文瀏覽量: 1580
- PDF下載量: 126
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2019-03-27
- 修回日期: 2019-07-20
- 網(wǎng)絡(luò)出版日期: 2019-09-27
- 刊出日期: 2020-02-19

An Encryption Transmission Scheme for Industrial Control System

Yuanfei TU^{1, 2
, ,},
Qingjian SU¹,
Geng YANG²

1.
College of Computer Science and Technology, Nanjing University of Technology, Nanjing 211800, China
2.
College of Computer Science and Technology, Nanjing University of Post and Telecommunication, Nanjing 210003, China

Funds: The National Natural Science Foundation of China (61572263, 61272084), The Natural Science Foundation of the Jiangsu Province Higher Education Institutions (11KJA520002)

摘要

摘要:
隨著工業(yè)物聯(lián)網(wǎng)(IoT)、云計(jì)算等信息技術(shù)與工業(yè)控制系統(tǒng)(ICS)的整合，工業(yè)數(shù)據(jù)的安全正面臨著極大風(fēng)險(xiǎn)。為了能在這樣一個(gè)復(fù)雜的分布式環(huán)境中保護(hù)數(shù)據(jù)的機(jī)密性和完整性，該文采用基于屬性的加密(ABE)算法，設(shè)計(jì)一種集數(shù)據(jù)加密、訪問(wèn)控制、解密外包、數(shù)據(jù)驗(yàn)證為一體的通信方案，同時(shí)具有密文長(zhǎng)度恒定的特點(diǎn)。最后，從正確性、安全性和性能開銷3個(gè)方面對(duì)方案進(jìn)行詳細(xì)的分析，并通過(guò)仿真驗(yàn)證得出該算法具有低解密開銷的優(yōu)勢(shì)。
- 工業(yè)控制系統(tǒng) /
- 機(jī)密性 /
- 解密外包 /
- 密文定長(zhǎng) /
- 數(shù)據(jù)驗(yàn)證
Abstract:
With the integration of information technology such as industrial Internet of Things (IoT), cloud computing and Industrial Control System (ICS), the security of industrial data is at enormous risk. In order to protect the confidentiality and integrity of data in such a complex distributed environment, a communication scheme is proposed based on Attribute-Based Encryption (ABE) algorithm, which integrates data encryption, access control, decryption outsourcing and data verification. In addition, it has the characteristics of constant ciphertext length. Finally, the scheme is analyzed in detail from three aspectsie correctness, security and performance overhead. The simulation results show that the algorithm has the advantage of low decryption overhead.
- Industrial Control System (ICS) /
- Confidentiality /
- Decryption outsourcing /
- Constant ciphertext length /
- Data verification

HTML全文

圖 1 系統(tǒng)模型圖

下載: 全尺寸圖片幻燈片

圖 2 私鑰生成時(shí)間

下載: 全尺寸圖片幻燈片

圖 3 加密時(shí)間

下載: 全尺寸圖片幻燈片

圖 4 解密時(shí)間

下載: 全尺寸圖片幻燈片

圖 5 應(yīng)用場(chǎng)景

下載: 全尺寸圖片幻燈片

表 1 方案性能比較

方案	是否外包解密	是否密文定長(zhǎng)	是否可驗(yàn)證	私有云端密文長(zhǎng)度	用戶端密文長(zhǎng)度
文獻(xiàn)[16]	否	是	否	–	$4\left\| {{G_1}} \right\|$
文獻(xiàn)[18]	是	否	對(duì)稱密鑰	$\left( {n + 2} \right)\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$\left( {n + 2} \right)\left\| {{G_1}} \right\|$
文獻(xiàn)[19]	是	否	密文	$3\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|+2n\left\| {{Z_p}} \right\|$	$2\left\| {{G_T}} \right\|$
本文方案	是	是	對(duì)稱密鑰/密文	$2\left\| {{G_1}} \right\| + \left\| {{G_T}} \right\|$	$\left\| {{G_T}} \right\|$

下載: 導(dǎo)出CSV

表 2 計(jì)算開銷比較

方案	加密開銷	外包解密開銷	用戶解密開銷
文獻(xiàn)[16]	$3{E_1}+{E_T}$	–	$3P + n{E_1}$
文獻(xiàn)[18]	$\left( {2n + 1} \right){E_1}$	$\left( {n + 2} \right)P + 2n{E_T}$	${E_T}$
文獻(xiàn)[19]	${E_1} + {E_T}$	$3P+2n{E_1}$	$7{E_1}$
本文方案	$2{E_1}+{E_T}$	$3P$	${E_T}$

下載: 導(dǎo)出CSV

參考文獻(xiàn)(19)

SAJID A, ABBAS H, and SALEEM K. Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges[J]. IEEE Access, 2016, 4: 1375–1384. doi: 10.1109/ACCESS.2016.2549047

TRAUTMAN L J and ORMEROD P. Industrial cyber vulnerabilities: Lessons from stuxnet and the internet of things[J]. University of Miami Law Review, 2017, 72: 761–826. doi: 10.2139/ssrn.2982629

BABU B, IJYAS T, MUNEER P, et al. Security issues in SCADA based industrial control systems[C]. The 2nd International Conference on Anti-Cyber Crimes, Abha, Saudi Arabia, 2017: 47–51. doi: 10.1109/Anti-Cybercrime.2017.7905261.

KRIAA S, PIETRE-CAMBACEDES L, BOUISSOU M, et al. A survey of approaches combining safety and security for industrial control systems[J]. Reliability Engineering & System Safety, 2015, 139: 156–178. doi: 10.1016/j.ress.2015.02.008

周小鋒, 陳秀真. 面向工業(yè)控制系統(tǒng)的灰色層次信息安全評(píng)估模型[J]. 信息網(wǎng)絡(luò)安全, 2014(1): 15–20. doi: 10.3969/j.issn.1671-1122.2014.01.004

ZHOU Xiaofeng and CHEN Xiuzhen. Gray analytical hierarchical assessment model for Industry control system security[J]. Netinfo Security, 2014(1): 15–20. doi: 10.3969/j.issn.1671-1122.2014.01.004

HALAS M, BESTAK I, ORGON M, et al. Performance measurement of encryption algorithms and their effect on real running in PLC networks[C]. The 35th International Conference on Telecommunications and Signal Processing, Prague, Czech Republic, 2012: 161–164. doi: 10.1109/TSP.2012.6256273.

LI Xing, LIU Mengxiang, ZHANG Rui, et al. Demo abstract: An industrial control system testbed for the encrypted controller[C]. The 9th ACM/IEEE International Conference on Cyber-Physical Systems, Porto, Portugal, 2018: 343–344. doi: 10.1109/ICCPS.2018.00045.

李興. 工業(yè)控制系統(tǒng)加密控制器實(shí)驗(yàn)平臺(tái)及方法研究[D]. [碩士論文], 浙江大學(xué), 2018.

LI Xing. Industrial control systems testbed and method study of the encrypted controller[D]. [Master dissertation], Zhejiang University, 2018.

CHEMINOD M, DURANTE L, and VALENZANO A. Review of security issues in industrial networks[J]. IEEE Transactions on Industrial Informatics, 2013, 9(1): 277–293. doi: 10.1109/tii.2012.2198666

SAHAI A and WATERS B. Fuzzy identity-based encryption[C]. The 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, 2005: 457–473. doi: 10.1007/11426639_27.

BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. 2007 IEEE Symposium on Security and Privacy, Berkeley, USA, 2007: 321–334.

RUJ S and NAYAK A. A decentralized security framework for data aggregation and access control in smart grids[J]. IEEE Transactions on Smart Grid, 2013, 4(1): 196–205. doi: 10.1109/TSG.2012.2224389

GUAN Zhitao, LI Jing, WU Longfei, et al. Achieving efficient and secure data acquisition for cloud-supported internet of things in smart grid[J]. IEEE Internet of Things Journal, 2017, 4(6): 1934–1944. doi: 10.1109/JIOT.2017.2690522

DAS P K, NARAYANAN S, SHARMA N K, et al. Context-sensitive policy based security in internet of things[C]. 2016 IEEE International Conference on Smart Computing, Louis, USA, 2016: 1–6. doi: 10.1109/SMARTCOMP.2016.7501684.

CHAUDHARY R, AUJLA G S, GARG S, et al. SDN-enabled multi-attribute-based secure communication for smart grid in IIoT environment[J]. IEEE Transactions on Industrial Informatics, 2018, 14(6): 2629–2640. doi: 10.1109/TII.2018.2789442

DOSHI N and JINWALA D. Constant ciphertext length in CP-ABE[EB/OL]. https: //eprint.iacr.org/2012/500.pdf, 2012.

王建華, 王光波, 徐旸, 等. 解密成本為常數(shù)的具有追蹤性的密文策略屬性加密方案[J]. 電子與信息學(xué)報(bào), 2018, 40(4): 802–810. doi: 10.11999/JEIT170198

WANG Jianhua, WANG Guangbo, XU Yang, et al. Traceable ciphertext-policy attribute-based encryption scheme with constant decryption costs[J]. Journal of Electronics &Information Technology, 2018, 40(4): 802–810. doi: 10.11999/JEIT170198

QIN Baodong, DENG R H, LIU Shengli, et al. Attribute-based encryption with efficient verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics and Security, 2015, 10(7): 1384–1393. doi: 10.1109/TIFS.2015.2410137

YANG Yang, LIU Ximeng, and DENG R H. Lightweight break-glass access control system for healthcare internet-of-things[J]. IEEE Transactions on Industrial Informatics, 2017, 14(8): 3610–3617. doi: 10.1109/TII.2017.2751640

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問(wèn)統(tǒng)計(jì)