Considering the security defects of Modbus/TCP protocol,this paper proposed a secure protocol called Sec_Modbus based on the technology of cryptography.The protocol employed technologies of symmetric encryption and digital signature to make messages confidential and authentic.It also used the synchronization principle and hash function to achieve anti replay.It dynamically generated the specified communication key by using random function.And as a result,it made no increase in the communication process.The experimentation shows that the Sec_Modbus protocol can protect the communication from various kinds of attacks against commands such as unauthorized command execution,man-in-the-middle attacks and replay attacks.Comparing it with the existing methods,the proposed protocol is of higher security and less time consumption,which can better meet the requirements of industrial control system (ICS) for safety and real-time.%针对Modbus/TCP协议的安全缺陷,基于密码学技术提出一种安全的Modbus协议(Sec_Modbus协议).采用对称加密和数字签名技术实现保密性要求及认证,利用同步性原理和哈希函数的单向性设计基于哈希链的防重放方法,通过随机函数产生索引号动态指定通信密钥,最终在不增加通信过程的情况下实现安全通信.实验结果表明,Sec_Modbus协议能够防止攻击者针对指令的认证类攻击、中间人攻击及重放攻击,与已有方法相比,该方法不仅安全性更高,且具有更好的时间性能,能更好地满足工业控制系统对安全性和实时性的要求.
展开▼
