Modbus TCP协议安全风险分析及对策研究  

作　　者：马如坡 王群[1] 尹强 高谷刚[1] MA Rupo;WANG Qun;YIN Qiang;GAO Gugang(Department of Computer Information and Cyber Security,Jiangsu Police Institute,Nanjing 210031,China)

机构地区：[1]江苏警官学院计算机信息与网络安全系,南京210031

出　　处：《信息网络安全》2024年第11期1710-1720,共11页Netinfo Security

基　　金：“十四五”江苏省重点学科“网络空间安全”建设项目;江苏本科高校卓越工程师教育培养计划2.0专业项目(安全防范工程专业)。

摘　　要：工业互联网作为新一代信息技术与工业系统深度融合的产物,正推动着工业生产方式的变革。然而,工控网络协议在设计之初因注重效率提升和功能实现忽视了一些安全性问题,加之应用中的安全漏洞和异常行为,导致其存在严峻的安全隐患。文章介绍了工业互联网的发展背景、趋势和工控网络协议特点,分析了当前应用最广泛的典型工控网络协议Modbus TCP的安全风险,研究了数据加密、数据完整性检测、身份认证及异常入侵检测等安全对策,提出一套Modbus TCP协议安全方案。该方案包含采用AES算法和RSA算法的数据加密和解密模块、采用SM3算法的数据完整性检测模块、采用动态口令认证技术的身份认证模块和基于数据特征的异常入侵检测系统,同时引入PKI进一步加强工控系统的安全性,为其他工控网络协议的安全防范提供借鉴和参考。As the product of the deep integration of new generation information technology and industrial system,industrial internet is promoting the transformation of industrial production mode.However,in the initial design of industrial control network protocols,some security issues are overlooked due to the emphasis on efficiency improvement and functional implementation.In addition,security vulnerabilities and abnormal behaviors in applications have led to serious security risks.This paper introduced the development background and trend of industrial Internet and the characteristics of industrial control network protocol,analyzed the security risks of the typical industrial control network protocol Modbus TCP,which was widely used at present,studied the security countermeasures such as data encryption,data integrity detection,identity authentication and anomaly intrusion detection,and finally proposed a set of security scheme of Modbus TCP protocol.This scheme included data encryption and decryption modules using AES and RSA algorithms,data integrity detection module using SM3 algorithm,identity authentication module using dynamic password authentication technology,and anomaly intrusion detection system based on data features.At the same time,the scheme adopted PKI,which could further enhance the security of the industrial control system.

关 键 词：工业互联网 工控网络协议 MODBUS TCP 安全风险分析 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]