Research on Application of PKI Based on Nation Secret Algorithm in ICS

doi:10.3969/j.issn.1006-2475.2018.11.001

Abstract

Abstract: The national production of Industry Control System (ICS) is imperative, and a more secure and reliable identification method is urgently needed. PLC-centric system is a typical ICS, and the Public Key Infrastructure (PKI) can solve the authenticity of the identity of both communication parties. This paper studies PKI based on the national secret algorithm in a PLC-centric ICS, and gives the certificate authentication model of ICS and the deployment design of PKI. Then taking the open source framework OpenSSL for example, using the engine technology, the paper analyzes the combination of the national secret algorithm and PKI, and gives the pivotal structures and algorithm design of the SM2, SM3 extended to OpenSSL. Finally, the paper designs a PKI management system for ICS, then develops and implements the system. All the work of this paper provides a good basis for the application of PKI to the ICS, and provides a new idea for the security of the identity authentication of the ICS.

Key words: ICS, PKI, nation secret algorithm, OpenSSL, engine, identification

CLC Number:

TP309.7

WEI Shan-shan， HAN Qing-min， GUO Xiao-wang， ZHANG Wan， GONG Chun-yan. Research on Application of PKI Based on Nation Secret Algorithm in ICS[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2018.11.001.

References

［1］王凤娇,魏军,郑潇潇,等. 建立工业控制系统安全认证体系迫在眉睫［J］. 信息安全与通信保密, 2017(6):88-95.
［2］王柯柯. 基于PKI的认证中心的研究与实践［D］. 重庆:重庆大学, 2004.
［3］关振胜. 公钥基础设施PKI及其应用［M］. 北京:电子工业出版社, 2008.
［4］冯登国,裴定一. 密码学导引［M］. 北京:科学出版社, 1999.
［5］许峰,齐玉国,黄皓,等. 基于开放源码的企业自建CA系统的研究与实现［J］. 计算机工程, 2006,32(5):128-130.
［6］齐玉国. 一个开放源码的PKI实现与企业应用［D］. 南京:河海大学, 2004.

［7］ RAO N, SRIVASTAVA S, SREEKANTH K S. PKI deployment challenges and recommendations for ICS networks［J］. International Journal of Information Security & Privacy, 2017,11(2):38-48.
［8］许远航. USB Key身份认证产品的产生与发展［J］. 计算机安全, 2004(8):44-45.
［9］孙美青,王如龙. PKI技术及其在企业中的应用［J］. 计算机系统应用, 2009,18(7):141-145.
［10］曹喆,王以刚. 基于USBKey的身份认证机制的研究与实现［J］. 计算机应用与软件, 2011,28(2):284-286.
［11］王俊锋. USB Key认证研究与实现［D］. 武汉:华中科技大学, 2009.
［12］张永建. RSA算法和SM2算法的研究［D］. 赣州:江西理工大学, 2015.
［13］黎满贵. PKI系统支持SM2椭圆曲线公钥密码算法的研究［J］. 信息安全与通信保密, 2011(9):78-80.
［14］方魏. 基于商密SM2算法的轻型PKI系统设计与实现［D］. 西安:西安电子科技大学, 2014.
［15］蔡成杭. 支持国产密码算法的OpenSSL设计实现及应用［J］. 信息安全研究, 2018，4(2):115-132.
［16］肖骞宇,王晋明,邓健. 一种基于OpenSSL引擎机制的SM2数字证书制作方法［J］. 网络安全技术与应用, 2016(2):67-69.
［17］单淼. 基于SM2算法的数字证书系统的设计与实现［D］. 北京:北京邮电大学, 2014.
［18］华刚,邵波. 实现OpenSSL支持SM2算法的方法: CN 104852803 A［P］. 2015-08-19.
［19］吴艳霞,陈希,谢东良,等. 一种在OpenSSL中应用SM2椭圆曲线算法进行加密的方法: CN 105049206 A［P］. 2015-06-13.
［20］李义杰. 基于国密算法的小型CA系统设计与实现［D］. 西安:西安电子科技大学, 2014.
［21］汪朝晖,张振峰. SM2椭圆曲线公钥密码算法综述［J］. 信息安全研究, 2016,2(11):972-982.
［22］国家密码管理局. SM2椭圆曲线公钥密码算法推荐曲线参数［EB/OL］. (2010-12-17). http://sca.gov.cn/sca/xxgk/2010-12/17/content_1002386.shtml.
［23］国家密码管理局. SM2椭圆曲线公钥密码算法［Z］. 国家密码管理局, 2010.
［24］国家密码管理局. SM3杂凑算法［Z］. 国家密码管理局, 2010.
［25］张先红. 数字签名原理及技术［J］. 程序员, 2004(1):125.

[1]	WANG Chong-yang, ZHUANG Yi. Load Balancing Algorithm of Multi-job Cluster Based on SDN and Improved CSA Algorithm [J]. Computer and Modernization, 2023, 0(11): 28-35.
[2]	ZENG Li-li, TANG Hua-bei, NIU Yi-xiao, MENG Fan-yue. Lithofacies Identification Method Based on LSTM Stacked Residual Network [J]. Computer and Modernization, 2023, 0(08): 38-43.
[3]	QIN Zhu-yuan, WU Hao-zhong, TAN Dai-qing, HAN Ai-qing, ZANG Hao, WANG Xuan, TANG Yan. Fine-grained Identification of Maidong Based on Multi-scale ResNet Combining Attention Mechanism [J]. Computer and Modernization, 2023, 0(07): 105-111.
[4]	LI Guo-xin, QU Han-bing, ZHU Cheng-bo, WANG Xin-xuan, HU Jia-bao. Domain Adapted Person Re-identification Algorithm Based on Joint Network [J]. Computer and Modernization, 2023, 0(06): 48-55.
[5]	SU Jin-ku, GUI Zhi-ming. Prediction of Short-term Taxi Flow Based on Spatio-temporal Characteristics [J]. Computer and Modernization, 2023, 0(05): 32-38.
[6]	SHENG Jia-jie, NIU Sheng-jie, CHENG Yang, FANG Wei-qing, ZHANG Yu-jie, LI Peng, HU Su-jun. Overview of State Machine Inference Technology for Unknown Protocols [J]. Computer and Modernization, 2023, 0(05): 58-67.
[7]	PAN Feng, WANG Jie, ZHANG Yan-sha, TAN Mian, HE Xing, WANG Lin, . Person Re-identification Based on Dual-branch Feature Concatenation [J]. Computer and Modernization, 2023, 0(05): 93-99.
[8]	YIN Jian-feng, WEI Xin, GU Xiong-wei, HUANG Kai, WEI Min-jie. Digital Identification of Electric Meter Based on Image Threshold Optimization and Improved SVM [J]. Computer and Modernization, 2023, 0(05): 106-110.
[9]	JIANG Si-qing, CHEN Xiao-Jun, GAO Hao-Jun, HE Jia-jin, WU Jian, . Deep Learning Classification Algorithm for Electrocardiogram Signal Based on Adversarial Domain Adaptation [J]. Computer and Modernization, 2023, 0(01): 81-87.
[10]	FENG Zeng-xi, CHEN Hai-yue, WANG Tao, ZHAO Jin-tong, LI Shi-yan. Energy Consumption Prediction of Air-conditioning System in Underground Engineering Based on XGBoost Hyperparameter Optimization [J]. Computer and Modernization, 2023, 0(01): 108-113.
[11]	LI Si-jie, TANG Qing-shan, GAO Ying-hua. Parallax Image Stitching Algorithm Based on GMS and Improved Optimal Seam [J]. Computer and Modernization, 2022, 0(12): 95-101.
[12]	TIAN Feng, DENG Xiao-ping, ZHANG Gui-qing, WANG Bao-yi. A Non-intrusive Load Monitoring Method Based on Improved kNN Algorithm and Transient Steady State Features [J]. Computer and Modernization, 2022, 0(10): 29-35.
[13]	LIU Hui, DING Xu-dong, YANG Dong-run, ZHANG Ying, LIU Zhong-chen, SUN Mei. A Hybrid Modeling Method for Real-time Prediction of Heat Collection in Solar Heat Collection Systems [J]. Computer and Modernization, 2022, 0(10): 55-61.
[14]	QIU Jin-shui, ZHUANG Hui-fu, JIN Tao. Design of Intelligent Retrieval System for Massive Plant Images [J]. Computer and Modernization, 2022, 0(10): 62-67.
[15]	WANG Xin, WU Jun-hui, . FPGA-based Interactive Control System for Molecular Dynamics Simulation [J]. Computer and Modernization, 2022, 0(09): 25-31.