Industrial control network security protection method and device with software and hardware full stack autonomy

By using domestically produced chips and components, a trusted module is connected to the CPU, cryptographic operations are performed based on FPGA and security chips, a customized industrial control security operating system and network protocol stack are developed, and national cryptographic algorithms are integrated. This solves the problems of hardware dependence on imports and insufficient software autonomy in industrial control systems, and achieves full-stack independent and controllable security protection.

CN122339769APending Publication Date: 2026-07-03NARI INFORMATION & COMM TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NARI INFORMATION & COMM TECH
Filing Date
2026-04-10
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing technologies in industrial control systems suffer from problems such as reliance on imported hardware components, insufficient self-reliance in software, and independent hardware and software security mechanisms, making it difficult to achieve full-stack, autonomous, and controllable defense in depth.

Method used

Using domestically produced chips and components, a trusted module is built to connect with the CPU. Cryptographic operations are implemented based on FPGA and security chips. A customized industrial control security operating system and network protocol stack are developed. National cryptographic algorithms are integrated to perform full-stack independent and trusted measurement and encryption of hardware and software, and a dual-stack communication system is constructed.

Benefits of technology

It achieves full-stack independent control of hardware and software, provides comprehensive security protection, and enhances the supply chain security and communication security of industrial control systems.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122339769A_ABST
    Figure CN122339769A_ABST
Patent Text Reader

Abstract

The application discloses a kind of hardware and software full stack autonomous industrial control network security protection method and device, method includes hardware construction and software construction: hardware construction uses domestic chip and component, based on CPU and trusted module constructs trusted start engine, and system boot program signature is verified by trusted module GPIO control CPU reset;Based on FPGA and security chip constructs cryptographic algorithm hardware acceleration engine, and cryptographic algorithm unit is dispatched by two-dimensional state table;Software construction includes custom security Bootloader firmware for trusted boot, custom integration national secret trusted software stack and national secret algorithm engine software stack industrial control security operating system, custom endogenous security compiler for obfuscated compilation, and custom industrial control security network protocol stack realizes safe communication and constructs double stack system.The application realizes from hardware to software full stack autonomous controllable.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the fields of industrial control and network security, and in particular to a fully autonomous industrial control network security protection method and device with a complete software and hardware stack. Background Technology

[0002] With the escalating cyber warfare, cybersecurity has become a crucial component of national security. Industrial control systems, as core supports for critical infrastructure such as energy, transportation, and water conservancy, face severe challenges in cybersecurity protection.

[0003] In terms of supply chain security, industrial control systems have long relied on foreign software and hardware technologies, which poses two risks: first, the risk of being dependent on foreign suppliers for core components; and second, the risk that foreign products may contain backdoors or security vulnerabilities, which threaten the safe and stable operation of industrial control systems.

[0004] To address the aforementioned issues, the industry has undertaken security and reliability engineering initiatives, achieving phased progress in domestic substitution for core components such as CPUs, operating systems, and databases. However, existing solutions still suffer from the following shortcomings: 1. Existing solutions primarily focus on domestic substitution for core components like CPUs and operating systems, but hardware components such as memory, storage, FPGAs, and trusted modules still largely rely on imported products, failing to achieve complete self-sufficiency and control over hardware chips; 2. Insufficient full-stack self-reliance at the software level; the system bootloader lacks a trusted measurement mechanism based on domestic cryptography; the operating system does not deeply integrate national cryptographic algorithm engines and trusted software stacks; business software compilation tools lack native security protection and have insufficient resistance to reverse engineering; industrial control network communication uses a general network protocol stack without considering communication security; 3. Existing solutions often focus on single-layer security hardening, with hardware-layer security mechanisms and software-layer security mechanisms operating independently, failing to build a full-stack trust transfer system from the underlying hardware to the upper-layer applications, making it difficult to form an effective defense-in-depth capability. Summary of the Invention

[0005] Purpose of the invention: The purpose of this invention is to provide a fully autonomous industrial control network security protection method and device for critical infrastructure of industrial control systems such as energy, transportation, and water conservancy, achieving full-stack autonomous control from hardware to software.

[0006] Technical solution: The software and hardware-based autonomous industrial control network security protection method of the present invention includes the following steps:

[0007] (1) Hardware construction: Using domestic chips and components, the GPIO pins of the trusted module are connected to the RST reset pin of the CPU, and the trusted module is connected to the memory chip of the device through the address bus and data bus;

[0008] When the system is powered on, the trusted module resets the CPU, reads the digitally signed system boot program from the device's storage chip and verifies the signature. After successful verification, the trusted module stops outputting the RESET pulse signal and hands over control to the CPU.

[0009] A cryptographic computing hardware board is constructed based on FPGA and security chips; the FPGA is connected to multiple security chips, and each security chip has multiple cryptographic algorithm units; the FPGA establishes a two-dimensional state table, and idle cryptographic algorithm units are scheduled to complete cryptographic operations based on the state table.

[0010] (2) Software construction: trim and strengthen the Bootloader firmware, set password protection, and add trusted measurement and decryption functions;

[0011] It adopts a domestic industrial control security operating system, removes unnecessary services and interfaces, and enables the hardening configuration of the security operating system; it adds an obfuscation compilation plugin based on LLVM to build an endogenous security compiler, controls the compilation process of business programs, selects the obfuscated compilation branch to compile the business program code, and obtains an executable business program;

[0012] Customized industrial control security network protocol stack: The network layer of the protocol stack includes key index ID and certificate information. During the session establishment process, the two communicating parties negotiate the session key to obtain the data encryption key. After the session is established, the upper application layer data is encrypted and transmitted according to the encryption key. A dual-stack system is constructed, and the industrial control security network protocol stack is used for communication in a priority manner.

[0013] Furthermore, in step (1), the CPU has an RST reset pin signal; when the system is powered on, the trusted module resets the CPU to exclusively control the system, and uses the digital certificate built into the trusted module to verify the signature of the system boot program. The digital certificate is written into the trusted module through a one-time programming and cannot be changed.

[0014] Furthermore, in step (2), the industrial control security operating system integrates the national cryptographic trusted software stack and the national cryptographic algorithm engine software stack.

[0015] Furthermore, in step (2), the obfuscated compilation plugin includes obfuscated branches: function call stack frame reconstruction, control flow obfuscation, and instruction replacement obfuscation.

[0016] Furthermore, in step (2), the dual-stack system includes an industrial control security network protocol stack and a traditional TCP / IP network protocol stack.

[0017] Furthermore, the industrial control security network protocol stack includes a physical layer, a data link layer, a network layer, and an application layer.

[0018] Furthermore, the national cryptographic trusted software stack includes static trusted measurement and dynamic trusted measurement functions; the national cryptographic algorithm engine software stack encapsulates the interface of the PCIe hardware national cryptographic card, providing kernel layer and user layer interfaces.

[0019] Furthermore, the static trust metric is determined by comparing with a trust list, which includes program / dynamic library paths and hash values.

[0020] Furthermore, the dynamic trust metric performs runtime measurements on the code segments of the executable program and its dependent dynamic libraries, without immediately terminating program execution.

[0021] A fully autonomous industrial control network security protection device with complete software and hardware stack, comprising:

[0022] The entire stack of domestically produced hardware, including domestic CPUs, domestic FPGAs, domestic storage components, domestic trusted modules, domestic cryptographic cards, as well as network ports, power supplies, etc., is used to provide physical operation support and realize the access, collection, encryption and decryption, and hardware forwarding of industrial control network traffic;

[0023] The full-stack proprietary software, deployed on full-stack proprietary hardware, includes a bootloader, an industrial control security operating system, business software, and an industrial control security network protocol stack. It is used to realize identity authentication between devices, network communication access control, secure transmission of network data, and network attack alarm reporting. The software and hardware work together to achieve security protection for the industrial control network.

[0024] Beneficial effects: Compared with existing technologies, this invention has the following significant advantages: 1. The hardware chip components are 100% domestically produced, and at the same time, it fully integrates domestic trusted computing and domestic commercial cryptographic algorithms, providing hardware support for the trusted execution environment and cryptographic operation services of upper-layer software, achieving full-stack autonomy at the hardware level; 2. On the software side, from the underlying boot program and operating system to the upper-layer business applications and network communication, all are independently controllable, achieving full-stack autonomy at the software level; 3. By combining full-stack hardware autonomy and full-stack software autonomy, a fully autonomous industrial control network security protection device with both hardware and software is realized. Attached Figure Description

[0025] Figure 1 This is a general framework diagram of the present invention;

[0026] Figure 2 This is a schematic diagram of the hardware construction method of the present invention;

[0027] Figure 3 This is a schematic diagram of the software construction method of the present invention. Detailed Implementation

[0028] The technical solution of the present invention will be further described below with reference to the accompanying drawings.

[0029] like Figure 1 As shown, the software and hardware-based autonomous industrial control network security protection method of the present invention includes the following steps:

[0030] Step 1: Hardware construction, such as Figure 2 As shown;

[0031] Step S1: Select domestically produced components and chips, including major components such as CPU, memory, storage, FPGA, trusted module, and security chip, as well as all other components. The CPU should be selected from Loongson or Phytium processors, which have an RST reset pin signal and support hardware trusted boot. The trusted module and security chip should support domestically produced cryptographic algorithms.

[0032] Step S2: Construct a trusted boot engine based on the CPU and trusted modules;

[0033] In terms of hardware connection, one of the GPIO pins of the trusted module is connected to the RST reset pin of the CPU. At the same time, the trusted module is connected to the device's memory chip through the address bus and data bus.

[0034] When the system powers on, both the trusted module and the CPU start up. The trusted module continuously outputs a RESET pulse signal via GPIO to reset the CPU, putting the CPU into a waiting state. The trusted module directly controls the CPU during system startup, without the need for other modules or components such as the BMC.

[0035] The trusted module has a built-in small system that, upon power-on, reads the digitally signed system boot program from a fixed location in the device's storage chip.

[0036] The trusted module verifies the signature of the system bootloader using a built-in digital certificate. Once the verification is successful, the trusted module stops outputting RESET pulse signals and hands over control to the CPU.

[0037] The system bootloader requires signing with the private key corresponding to the digital certificate built into the trusted module. The signature and the system bootloader are then combined to form a digitally signed system bootloader. The private key is the vendor's private key, securely stored by the vendor. The public key is programmed into the trusted module once at the factory in the form of a digital certificate, and its immutability is guaranteed by the trusted module's internal security mechanisms.

[0038] Step S3: Construct a hardware acceleration engine for cryptographic algorithms based on FPGA and security chips;

[0039] The FPGA serves as the main control chip and connects to multiple security chips. Each security chip contains multiple cryptographic algorithm units, and each cryptographic algorithm unit has cryptographic operation functions such as commercial cryptography SM1, SM2, SM3, and SM4.

[0040] Hardware logic programming is performed on the FPGA to establish a two-dimensional state table of <crypto algorithm unit ID and status>. The status includes two types: idle and in use. For any cryptographic operation request, the FPGA finds the first idle cryptographic operation unit based on the state table, marks its status as in use, calls the idle cryptographic operation unit to complete the cryptographic operation service, and when the cryptographic operation unit completes the cryptographic operation service and returns, the FPGA marks the corresponding cryptographic operation unit's status as idle.

[0041] The hardware board is connected to the device motherboard via PCIe. The hardware board builds a virtual multi-channel through the device driver and transmits data based on multi-channel DMA. Each channel can provide independent cryptographic operation function calls.

[0042] Step Two: Software Construction, such as Figure 3 As shown:

[0043] The internal operating environment is built autonomously and comprehensively across the entire stack: from the bottom layer to the top layer, a fully autonomous internal operating environment including bootloader, operating system, and business software is built.

[0044] Full-stack autonomous and comprehensive construction of external network communication: Construct a full-stack autonomous industrial control security network protocol stack to achieve full-stack autonomy in external network communication of software.

[0045] By building a fully autonomous and comprehensive internal operating environment and a fully autonomous and comprehensive external network communication system, the software for industrial control network security protection devices can achieve full-stack autonomy.

[0046] Specifically, it includes:

[0047] Step S1: Regarding the bootloader, a customized secure bootloader firmware is used for trusted system booting;

[0048] The process of the customized secure bootloader firmware performing trusted system boot is as follows:

[0049] S11: Trim and strengthen the Bootloader.

[0050] Remove all unnecessary external command interfaces from the Bootloader during runtime, exposing only the factory reset command interface;

[0051] Configure and enable Bootloader password protection; a password is required to access the Bootloader.

[0052] S12: Add a trusted metrics feature to the Bootloader.

[0053] Read the operating system kernel and the corresponding files of the Ramdisk file system, and use the national cryptographic digital certificate to perform a trust measurement on the operating system kernel and Ramdisk file system. The trust measurement adopts the digital signature verification method. The digital certificate is obtained from the trusted module. If the measurement is successful, the startup continues; if the measurement fails, the startup stops.

[0054] The operating system kernel and Ramdisk file system need to be digitally signed using the private key corresponding to the vendor's digital certificate, and the digital signature should be appended to the end of the kernel and Ramdisk file system.

[0055] S13: Add decryption functionality to the Bootloader.

[0056] When the system kernel and Ramdisk file system files are detected as encrypted, the operating system kernel and Ramdisk file system files are decrypted into memory;

[0057] S14: Start the operating system kernel and hand over system control to the operating system.

[0058] Step S2: In terms of the operating system, a customized industrial control security operating system integrating the national cryptographic trusted software stack and the national cryptographic algorithm engine software stack provides a secure execution environment;

[0059] S21: Adopts a domestic industrial control security operating system, cuts out all unnecessary services and interfaces, and enables all necessary hardening configurations of the security operating system;

[0060] S22: Integrates the national cryptographic trusted software stack into the operating system kernel, including static trusted measurement and dynamic trusted measurement functions.

[0061] When an executable program starts, the national cryptographic trusted software stack calls the trusted module to force a static trust measurement on the executable program and its dependent dynamic libraries. Startup is only allowed if the measurement passes. The static trust measurement is determined by comparing the trusted list, which includes information such as the program / dynamic library path and hash value. The trusted list is secured by digital signatures. When the operating system starts, it first calls the trusted module to verify the digital signature of the trusted list. If verification fails, the operating system exits the startup process.

[0062] When the executable program runs, the national cryptographic trusted software stack calls the trusted module to perform dynamic trust measurement on the executable program and the code segments of the dynamic libraries it depends on. If the measurement fails, the program will terminate immediately.

[0063] S23: Integrates the Chinese cryptographic algorithm engine software stack into the operating system, providing domestic cryptographic algorithm services.

[0064] The domestic cryptographic algorithms are provided by domestically produced PCIe hardware cryptographic cards, supporting domestic commercial cryptographic algorithms such as SM1, SM3, SM4, etc. The domestic cryptographic algorithm engine software stack encapsulates the interface of the domestically produced PCIe hardware cryptographic cards, supports the operating system kernel layer interface for use by the industrial control security network protocol stack, and supports the user layer interface for use by business applications.

[0065] Step S3: In terms of business software, a custom-designed intrinsic security compiler is used to obfuscate and compile the business program;

[0066] S31: Create an obfuscation compilation plugin;

[0067] Create obfuscation compilation plugins that cover obfuscation compilation branches such as function call stack frame reconstruction, control flow obfuscation, and instruction substitution obfuscation;

[0068] The function call stack frame reconstruction involves changing the existing function parameter pushing order and parameter register selection order, and adopting a custom order for parameter pushing and parameter register selection to resist reverse analysis by reverse engineering tools.

[0069] The control flow obfuscation involves flattening the control flow of sequential, branching, and looping statements in the program, adding random redundant control flow, etc., to increase the difficulty of reverse analysis by reverse engineering tools.

[0070] The instruction replacement obfuscation involves replacing addition, XOR, and other instructions in the program with a functionally equivalent but logically difficult-to-understand instruction sequence, and randomly inserting some invalid and redundant instructions into the sequence for reverse analysis interference.

[0071] S32: Build the obfuscation compiler;

[0072] An intrinsically secure compiler is built by adding an obfuscation compilation plugin based on LLVM, which controls the compilation process of business programs;

[0073] S33: Perform obfuscation compilation;

[0074] The built-in secure compiler is used to randomly select one or more obfuscated compilation branches to compile the business program code, resulting in an executable business program.

[0075] Step S4: In terms of network communication, a customized industrial control security network protocol stack is used for secure communication.

[0076] S41: Customized industrial control security network protocol stack.

[0077] The industrial control security network protocol stack includes a four-layer structure: physical layer, link layer, network layer, and application layer. The physical layer, link layer, and application layer are consistent with the traditional TCP / IP network protocol stack.

[0078] The network layer of the industrial control security network protocol stack includes information such as IP address, port, and flow ID. During the session establishment phase, nodes and applications are located based on IP address and port, and a unique flow ID is generated. After the session is established, nodes and applications are located based on the flow ID, and IP address and port information are no longer transmitted.

[0079] The network layer of the industrial control security network protocol stack includes information such as key index ID and certificates. During the session establishment process, the two communicating parties can directly negotiate the session key based on the national cryptographic digital certificate to negotiate the data encryption key. After the session is established, the upper application layer data is encrypted and transmitted based on the data encryption key of the key index ID.

[0080] S42: Construct a dual-stack system consisting of an industrial control security network protocol stack and a traditional TCP / IP network protocol stack.

[0081] In the dual-stack system, the traditional TCP / IP network protocol stack is retained to ensure compatibility with existing communication scenarios. For communication nodes that support both the industrial control security network protocol stack and the traditional TCP / IP network protocol stack, the industrial control security network protocol stack is preferred for communication.

[0082] The industrial control network security protection device with full-stack independent hardware and software of the present invention includes: full-stack independent hardware and full-stack independent software;

[0083] All chips and components of the fully self-developed hardware are domestically produced, including domestic CPUs, FPGAs, storage components, trusted modules, cryptographic cards, as well as other domestic components such as network ports and power supplies, which provide physical operation support and enable access, collection, encryption and decryption, and hardware forwarding of industrial control network traffic.

[0084] All software in the full-stack proprietary software is independently controllable and deployed on full-stack proprietary hardware. It includes bootloader, industrial control security operating system, business software, and industrial control security network protocol stack. It is used to realize identity authentication between devices, network communication access control, secure transmission of network data, network attack alarm reporting, and software and hardware working together to achieve security protection of industrial control networks.

[0085] The hardware architecture of this invention provides a fully autonomous hardware environment for software operation. The software architecture, based on the fully autonomous hardware environment, further realizes the full-stack autonomy of the software environment. The fully autonomous hardware and the fully autonomous software together constitute a fully autonomous industrial control network security protection device, realizing full-stack autonomy and controllability from hardware to software, and improving the security assurance capability of the supply chain.

Claims

1. A hardware and software full-stack autonomous industrial control network security protection method, characterized in that, Includes the following steps: (1) Hardware construction: Using domestic chips and components, the GPIO pins of the trusted module are connected to the RST reset pin of the CPU, and the trusted module is connected to the memory chip of the device through the address bus and data bus; When the system is powered on, the trusted module resets the CPU, reads the digitally signed system boot program from the device's storage chip and verifies the signature. After successful verification, the trusted module stops outputting the RESET pulse signal and hands over control to the CPU. A cryptographic computing hardware board is constructed based on FPGA and security chips; the FPGA is connected to multiple security chips, and each security chip has multiple cryptographic algorithm units; the FPGA establishes a two-dimensional state table, and idle cryptographic algorithm units are scheduled to complete cryptographic operations based on the state table. (2) Software construction: trim and strengthen the Bootloader firmware, set password protection, and add trusted measurement and decryption functions; It adopts a domestically developed industrial control security operating system, removes unnecessary services and interfaces, and enables the hardening configuration of the security operating system; An obfuscation compilation plugin is added based on LLVM to build an intrinsically secure compiler, which controls the compilation process of business programs, selects the obfuscated compilation branch to compile the business program code, and obtains an executable business program. Customized industrial control security network protocol stack: The network layer of the protocol stack includes key index ID and certificate information. During the session establishment process, the two communicating parties negotiate the session key to obtain the data encryption key. After the session is established, the upper application layer data is encrypted and transmitted according to the encryption key. A dual-stack system is constructed, and the industrial control security network protocol stack is used for communication in a priority manner.

2. The method of claim 1, wherein, In step (1), the CPU has an RST reset pin signal; when the system is powered on, the trusted module resets the CPU to exclusively control the system and uses the built-in digital certificate of the trusted module to verify the signature of the system boot program. The digital certificate is written into the trusted module through a one-time programming and cannot be changed.

3. The method of claim 1, wherein the method further comprises: In step (2), the industrial control security operating system integrates the national cryptographic trusted software stack and the national cryptographic algorithm engine software stack.

4. The method of claim 1, wherein, In step (2), the obfuscated compilation plugin includes obfuscated branches: function call stack frame reconstruction, control flow obfuscation, and instruction replacement obfuscation.

5. The method of claim 1, wherein, In step (2), the dual-stack system includes an industrial control security network protocol stack and a traditional TCP / IP network protocol stack.

6. The method of claim 5, wherein, The industrial control security network protocol stack includes a physical layer, a data link layer, a network layer, and an application layer.

7. The method of claim 3, wherein the security protection of the industrial control network is performed by a security gateway. The national cryptographic trusted software stack includes static trusted measurement and dynamic trusted measurement functions; the national cryptographic algorithm engine software stack encapsulates the interface of the PCIe hardware national cryptographic card, providing kernel layer and user layer interfaces.

8. The method of claim 7, wherein the security protection of the industrial control network is performed by a security gateway. The static trust metric is determined by comparing with a trust list, which includes program / dynamic library paths and hash values.

9. The method of claim 7, wherein the security protection of the industrial control network is performed by a security gateway. The dynamic trust metric performs runtime measurements on the code segments of the executable program and its dependent dynamic libraries. If the measurement fails, the program will be terminated immediately.

10. A soft and hardware full-stack autonomous industrial control network security protection device, characterized in that, include: The entire stack of domestically produced hardware, including domestic CPUs, domestic FPGAs, domestic storage components, domestic trusted modules, domestic cryptographic cards, as well as network ports, power supplies, etc., is used to provide physical operation support and realize the access, collection, encryption and decryption, and hardware forwarding of industrial control network traffic; The full-stack proprietary software, deployed on full-stack proprietary hardware, includes a bootloader, an industrial control security operating system, business software, and an industrial control security network protocol stack. It is used to realize identity authentication between devices, network communication access control, secure transmission of network data, and network attack alarm reporting. The software and hardware work together to achieve security protection for the industrial control network.