Network safety verification method of distributed system

Abstract

The invention discloses a network safety verification method of a distributed system. The method comprises the following steps: 1, when a server in the distributed network has a behavior, performing identity authentication on the server; respectively integrating a key distribution center KDC and a service ticket permission service component KDC-TGS to each HBase server to form each network safetyauthentication server, and respectively integrating a Kerberos client to each HBase client to form each network safety authentication client; the network safety authentication client performing request interaction with any network safety authentication server by utilizing the ssk, and the requested network safety authentication server verifies the network safety authentication client according tothe ssk stored in the data center; the digital certificate and the secret key of the server being bound with the server information, so that one server can only correspond to one fixed digital certificate and secret key, and the effectiveness and the integrity of server identity authentication are further ensured.

Description

technical field [0001] The invention belongs to the technical field of distributed systems, in particular to a distributed system network security verification method and system. Background technique [0002] With the rapid development of industrial automation control, more and more industrial enterprises use their internal (or private) network to interconnect their production process special equipment or industrial intelligent equipment (Intelligent Electric Device-IED) to form a production control system network . This kind of internal (or private) network used by industrial enterprises is called the Industrial Internet. [0003] Large-scale enterprises, such as electric power companies, oil and gas transmission companies, and large-scale mining groups that focus on mineral resource exploration and development, often have their holding companies distributed all over the country or even around the world, and their information exchange needs cannot be met by using only inte...

AI Technical Summary

Problems solved by technology

[0008] However, the server as the service provider does not have identifiable identity authentication, nor does it have any digital certificates and keys, so it is impossible to ensure that the services provided by such servers are legal, and it is impossible to identify whether the obtained data is valid.

Although the background server group is in a relatively isolated internal LAN, the security threat is small, but internal leaks, internal hackers and other internal behaviors cannot be completely ruled out

The mutual communication between servers cannot guarantee the security requirements of data, that is, the confidentiality, integrity and non-repudiation of data. It is not enough for the Industrial Internet. Once illegal acts occur, the consequences will be more serious

Images