随着物联网设备的高度普及,智能工厂、智能工业控制系统等工业物联网平台的兴起已成为数字化车间发展的新趋势。尽管制造商广泛关注物联网平台的不同功能要求,但很少考虑安全问题,特别是在数据安全性方面,存在大量隐私泄露的案例。已有一些为工业物联网平台提供安全可靠的通信解决方案,然而,由于在不同的场景中采用了不同的通信协议和交互模型,使得这些解决方案往往是孤立的、碎片化的。因此,为工业物联网平台构建通用的跨平台安全通信技术已成为迫在眉睫的挑战。本文分析不同工业物联网场景的逻辑和要求,并将其抽象为通用模型。针对不同工业物联网平台的可能攻击,设计一种通用的数据安全方案,以条件代理重加密技术为基础来抵御这些攻击。本文提出数据安全技术可确保未经授权的用户无法访问数据。本文还评估了该技术的安全性和性能,实验结果表明,本文的技术方案可以以较低的开销实现高效和安全性要求。
With the wide depolyment of IoT devices, the rise of industrial IoT platforms such as smart factories and smart industrial control systems has become a new trend in the development of digital workshops. Although various manufacturers focus on the different functional requirements of IoT platforms, they rarely consider the security issues. Especially in terms of data security, there are a large number of cases of privacy leakage. Through, there has been some work provide reliable communication solutions for industrial IoT platforms, these solutions are often isolated and fragmented due to different communication protocols and interaction models in different scenarios. Therefore, building a universal cross-platform secure communication technology for the industrial Internet of Things platform has become an urgent challenge. In this work, we first analyzes the logic and requirements of different industrial IoT scenarios, and abstracts them into general models. Aiming at the possible attacks of different industrial IoT platforms, a general data security scheme is designed to resist these attacks based on conditional proxy re-encryption technology. We proposes data security technology to prevent unauthorized users from accessing data. We also evaluate the security and performance, and the experimental results show that the proposed solution can achieve high efficiency and safety requirements with lower overhead.
2021,43(3): 165-170 收稿日期:2020-10-21
DOI:10.3404/j.issn.1672-7649.2021.03.032
分类号:TN929.5
基金项目:中国船舶集团公司科技创新与研发项目
作者简介:陈琳(1983-),女,硕士,高级工程师,研究方向为网络安全
参考文献:
[1] Y. LIAO, LOURES E. D. F. R., DESCHAMPS F. Industrial internet of things: A systematic literature review and insights[J]. IEEE Internet of Things Journal, 2018, 5(6): 4515–4525
[2] K. K. ZAME, BREHM C. A., NITICA A. T., et al. Smart grid and energy storage: Policy recommendations[J]. Renewable and Sustainable Energy Reviews, 2018, 82: 1646–1654
[3] G CHENG, L LIU, X QIANG, et al, Industry 4.0 development and application of intelligent manufacturing[C]//2016 international conference on information system and artificial intelligence (ISAI), IEEE, 2016: 407–410.
[4] Z. H. SUN, X TIAN. Scada in oilfields[J]. Measurement and Control, 2010, 43(6): 176–178
[5] PISCHING M. A., JUNQUEIRA F., SANTOS FILHO D. J., et al. Service composition in the cloud-based manufacturing focused on the industry 4.0[C]//Doctoral Conference on Computing, Electrical and Industrial Systems, pp. 65–72, Springer, 2015.
[6] D. DZUNG, NAEDELE M., VON HOFF T. P., et al. Security for industrial communication systems[J]. Proceedings of the IEEE, 2005, 93(6): 1152–1177
[7] H REN, H LI, Y DAI, et al. Querying in internet of things with privacy preserving: Challenges, solutions and opportunities[J]. IEEE Network, 2018, 32(6): 144–151
[8] MORRIS T., VAUGHN R., DANDASS Y.. A retrofit network intrusion detection system for modbus rtu and ascii industrial control systems[C]//2012 45th Hawaii International Conference on System Sciences, pp. 2338–2345, IEEE, 2012.
[9] ZOLANVARI M., TEIXEIRA M. A., GUPTA L., et al. Machine learning-based network vulnerability analysis of industrial internet of things[J]. IEEE Internet of Things Journal, 2019, 6(4): 6822–6834
[10] H LI, Y YANG, Y DAI, et al. Achieving secure and efficient dynamic searchable symmetric encryption over medical cloud data[J]. IEEE Transactions on Cloud Computing, 2017, PP(99): 1–1
[11] Q HUANG, Y HE, W YUE, et al. Adaptive secure cross-cloud data collaboration with identity-based cryptography and conditional proxy re-encryption[J]. Security and Communication Networks, 2018, 2018
[12] POLLET J., CUMMINS J. Electricity for free? the dirty underbelly of scada and smart meters[J]. Proceedings of Black Hat USA, 2010, 2010
[13] SANDARUWAN G., RANAWEERA P., OLESHCHUK V. A.. Plc security and critical infrastructure protection[C]//2013 IEEE 8th International Conference on Industrial and Information Systems, IEEE, 2013: 81–85.
[14] Y SUN, X GUAN, T LIU, et al. A cyber-physical monitoring system for attack detection in smart grid[C]//2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), IEEE, 2013: 33–34.
[15] CELIK Z. B., BABUN L., SIKDER A. K., et al. Sensitive information tracking in commodity iot[C]//27th {USENIX} Security Symposium ({USENIX} Security 18), 2018: 1687–1704.
[16] MAHMOOD K., CHAUDHRY S. A., NAQVI H., et al. A lightweight message authentication scheme for smart grid communications in power sector[J]. Computers & Electrical Engineering, 2016, 52: 114–124
[17] C. LIN, D. HE, X. HUANG, et al. Bsein: A blockchain-based secure mutual authentication with fine-grained access control system for industry 4.0[J]. Journal of Network and Computer Applications, 2018, 116: 42–52
[18] SAXENA N., CHOI B. J., R. LU. Authentication and authorization scheme for various user roles and devices in smart grid[J]. IEEE transactions on Information forensics and security, 2015, 11(5): 907–921
[19] HELBLE S. C., GARTNER A. J., MCKNEELY J. A.. Increasing the security of weak passwords: the spartan interface[C]// arXiv preprint arXiv: 2019: 1905.
[20] SARKAR S., SARKAR K., GHOSH S.. Cyber security password policy for industrial control networks[C]//2015 1st International Conference on Next Generation Computing Technologies (NGCT), IEEE, 2015: 408–413.
