引用本文: |
-
吴毅,冯涛,王龙鑫,马蓉,石建明.Modbus/TCP协议安全性评估方法的对比与分析[J].信息安全学报,已采用 [点击复制]
- WU YI,FENG TAO,WANG LONG XIN,MA RONG,SHI JIAN MING.Comparison and analysis of Modbus/TCP protocol security evaluation methods[J].Journal of Cyber Security,Accept [点击复制]
|
|
摘要: |
工业控制协议的设计作为确保工业互联网平稳运行的首要条件,逐渐成为工业控制技术的研究热点。然而工业互联网传输的数据中通常包括系统的运行情况以及设备采集信息,一旦协议存在安全漏洞,不但会导致工业隐私数据的泄露,也会成为黑客入侵工业控制网络的途径,危及整个工业互联网系统安全。研究人员使用不同方法分析工业控制协议安全性,其中大部分方法依赖于固定攻击框架或仅基于协议数据包对协议进行安全性分析。然而使用此类方法进行工业控制协议安全性评估时,评估结果难以全面揭示协议中潜在的攻击路径以及协议实际运行状态。本研究以Modbus/TCP协议为研究对象,采用有色Petri网(CPN)形式化分析方法和Smod渗透测试方法对协议安全性进行系统性评估。研究结果表明,CPN形式化分析方法能够全面解析协议的状态空间和交互过程,而Smod渗透测试方法受限于其预设的攻击框架和测试用例,难以实现对Modbus/TCP协议运行状态的完整覆盖。此外,基于Dolev-Yao攻击者模型,本研究利用状态空间分析工具对协议进行深入分析,成功识别出Modbus/TCP协议中存在的三种新型中间人攻击漏洞。与现有评估方法相比,CPN形式化分析方法不仅能够通过协议运行过程检测通信数据包的异常,还能揭示多种潜在的攻击路径,为工业控制协议的安全性评估提供了更为系统和全面的分析框架。 |
关键词: 工业互联网 工业控制协议 Modbus/TCP协议 有色Petri网形式化分析方法 Smod渗透测试分析方法 |
DOI: |
投稿时间:2024-09-20修订日期:2025-03-04 |
基金项目:国家自然科学基金资助项目(No.61762060, No.62162039);甘肃省科技厅重点研发项目(No.23YFGA0060);甘肃省优秀博士生项目(No. 23JRRA837)资助。 |
|
Comparison and analysis of Modbus/TCP protocol security evaluation methods |
WU YI, FENG TAO, WANG LONG XIN, MA RONG, SHI JIAN MING
|
(Lanzhou University of Technology) |
Abstract: |
The design of industrial control protocols, as a primary condition for ensuring the stable operation of the industrial internet, has gradually become a research hotspot in industrial control technology. However, the data transmitted in the industrial internet often includes system operation status and equipment-collected information. Once security vulner-abilities exist in the protocol, it may not only lead to the leakage of industrial private data but also serve as a way for hackers to invade industrial control networks, jeopardizing the security of the entire industrial internet system. Re-searchers have employed various methods to analyze the security of industrial control protocols, most of which rely on fixed attack frameworks or are solely based on protocol packet analysis. However, when using such methods to evaluate the security of industrial control protocols, the results often fail to comprehensively reveal potential attack paths or the actual operational state of the protocol. This study takes the Modbus/TCP protocol as the research object and system-atically evaluates its security using the Colored Petri Net (CPN) formal analysis method and the Smod penetration testing method. The results demonstrate that the CPN formal analysis method can comprehensively analyze the state space and interaction processes of the protocol, while the Smod penetration testing method, constrained by its prede-fined attack framework and test cases, struggles to achieve complete coverage of the operational state of Modbus/TCP protocol. Furthermore, based on the Dolev-Yao attacker model, this study utilizes state space analysis tools to conduct an in-depth analysis of the protocol, successfully identifying three new types of man-in-the-middle attack vulnerabili-ties in the Modbus/TCP protocol. Compared to existing evaluation methods, the CPN formal analysis method not only detects anomalies in communication packets through the operational process of protocol but also uncovers multiple potential adversarial attack paths, providing a more systematic and comprehensive analytical framework for the secu-rity assessment of industrial control protocols. |
Key words: Industrial internet, Industrial control protocol, Modbus/TCP protocol, Colored Petri Net formal analysis method, Smod penetration testing method |