Digital certificate issuing management method for industrial control system and encryption communication method for industrial control system

Abstract

The invention provides a digital certificate issuing management method for an industrial control system, which realizes digital certificate issuing and management of an engineer station, a controllerand an operator station in the industrial control system on the basis of a certificate management system of public key infrastructure (PKI) in combination with network environment characteristics of the industrial control system. The invention also provides an encryption communication method for the industrial control system and the method comprises the steps: carrying out identity authenticationand dynamic secret key negotiation between first client equipment and second client equipment based on the digital certificates of the two communication sides, a root certificate of a CA server and acryptographic algorithm when each communication between first client equipment and second client equipment starts; and if identity authentication is passed, performing encrypted communication betweenthe first client equipment and the second client equipment according to the session key obtained after the national cryptographic algorithm and the key negotiation. The communication security of the whole industrial control system is improved, and the risk that the communication is hijacked or maliciously tampered is effectively reduced.

Description

technical field [0001] The invention relates to the technical field of industrial control system security, in particular to a method for issuing and managing digital certificates of an industrial control system and an encrypted communication method. Background technique [0002] As the core of industrial production, the industrial control system has a complex network environment. Traditional industrial communication protocols did not consider security at the beginning of design. There are many security risks such as clear text transmission and identity verification between devices. [0003] With the continuous advancement of Industry 4.0 and digital factories, the network security protection of industrial control systems cannot be ignored more and more. Existing industrial control systems widely use password technology to verify device identities for communication. However, the security strength of passwords is relatively limited, the division of responsibilities and authori...

AI Technical Summary

Problems solved by technology

Existing industrial control systems widely use password technology to verify device identities for communication. However, the security strength of passwords is relatively limited, the division of responsibilities and authorities is not clear enough, and there is a lack of unified management and one-to-one pairing of devices and systems, which is prone to management loopholes. easily cracked

When the existing industrial control system conducts business communication, the business data is usually transmitted in plain text, fixed transmission, common protocol, etc., which cannot effectively verify the identity of the communicating party. Larger security risks; or the existing industrial control system has long used 3DES, SHA-1, RSA and other international general encryption algorithm systems and related standards for encrypted transmission. However, with the introduction of computer computing power, various high-quality algorithms, quantum computers With the emergence of emerging technologies, foreign mainstream algorithms are no longer unbreakable. For example, quantum computers based on Shor’s algorithm can quickly decompose common divisors by using the parallelism of quantum computing, which breaks the security foundation of RSA algorithm in principle.

Images