基于Modbus/TCP的发电厂DCS网关网络信息安全存储系统设计  被引量：12

作　　者：许建峰[1,2] 许俊渊 方洪波 XU Jianfeng;XU Junyuan;FANG Hongbo(Zhejiang University,Hangzhou 310058,China;Zhejiang Zheneng Tiangong Information Technology Co.,Ltd.,Hangzhou 325608,China;Zhejiang Anke Network Technology Co.,Ltd.,Hangzhou 310012,China)

机构地区：[1]浙江大学,浙江杭州310058 [2]浙江浙能天工信息科技有限公司,浙江杭州325608 [3]浙江安科网络技术有限公司,浙江杭州310012

出　　处：《现代电子技术》2022年第2期115-119,共5页Modern Electronics Technique

基　　金：国家自然科学基金资助项目(51007080);中国博士后科学基金资助项目(20090461352);河北社科基金项目(HB20YS004)。

摘　　要：利用传统网络信息安全存储系统进行网络信息安全检测时,对通信协议解析程度不够,导致隔离协议开启后带宽较高。为此,文中提出基于Modbus/TCP的发电厂DCS网关网络信息安全存储系统设计。硬件设计方面,优化基于Modbus/TCP的发电厂DCS网关,实现安全级DCS与非安全级DCS的Modbus/TCP协议转换,设计CMMB-LDPC存储器,通过SPI串行外围设备接口,定义网络信息输入输出接口。软件设计方面,计算网络信息可信度,协议隔离非安全信息数据,校验Modbus/TCP协议完整性,对安全信息进行加密传输和口令认证,实现信息安全存储。以发电厂用户端向中心端进行数据申报为例,进行对比实验。结果表明,在保证信息安全存储效率的基础上,设计系统相比传统系统,降低了安全检测的读带宽和写带宽,使系统能够同时执行更多的安全存储任务。When the traditional network information security storage system performs the network information security,it does not analyze the communication protocol sufficient,resulting in high bandwidth after the isolation protocol is turned on.Therefore,a design of Modbus/TCP-based power plant DCS gateway network information security storage system is proposed.In term of the hardware design,the power plant DCS gateway based on Modbus/TCP is optimized to realize the Modbus/TCP protocol conversion between safety level DCS and non-safety level DCS,CMMB-LDPC memory is designed,and network information input/output interface is defined through SPI serial peripheral unit interface.In the aspect of software design,the reliability of network information is calculated,the non-secure information data is isolated by means of the protocol,the integrity of Modbus/TCP protocol is verified,and the encrypting transmission and password authentication of the secure information are conducted to realize the secure storage of information.The comparison experiment is carried out by taking the data declaration from the user end of the power plant to the central end as an example.The results show that in comparison with the traditional system,the designed system can reduce the read bandwidth and write bandwidth of security detection on the basis of ensuring the efficiency of information security storage,which can make the system performmany more secure storage tasks at the same time.

关 键 词：DCS网关 MODBUS/TCP 网络信息安全存储 系统设计 协议隔离 数据加密 可信度计算 

分 类 号：TN915-34[电子电信—通信与信息系统] TP29[电子电信—信息与通信工程]