首页 | 本学科首页   官方微博 | 高级检索  
     

基于国密算法的PKI在工控系统中的应用研究
引用本文:魏珊珊,韩庆敏,郭肖旺,张 湾,贡春燕. 基于国密算法的PKI在工控系统中的应用研究[J]. 计算机与现代化, 2018, 0(11): 1. DOI: 10.3969/j.issn.1006-2475.2018.11.001
作者姓名:魏珊珊  韩庆敏  郭肖旺  张 湾  贡春燕
基金项目:核高基重大专项(2017ZX01030202)
摘    要:工业控制系统的全国产化势在必行,迫切地需要一种更为自主安全可靠的身份鉴别方式。工控系统中比较典型的是以PLC为中心的系统,且PKI能够解决通信双方身份的真实性问题。本文研究PKI在以PLC为中心的工控系统中的应用,给出工控系统的证书认证模型及PKI的部署设计。分析国密算法和PKI体系的结合现状,并从开源框架OpenSSL入手,采用引擎机制给出国密算法SM2、SM3扩展到OpenSSL中的关键结构体和算法设计。最后针对工控系统设计一款PKI管理系统并开发实现了该系统,为PKI应用到工控系统做了良好铺垫,为工控系统增强身份鉴别的安全性提供了新思路。

关 键 词:工业控制系统   PKI   国密算法   OpenSSL   引擎机制   身份鉴别  
收稿时间:2018-11-23

Research on Application of PKI Based on Nation Secret Algorithm in ICS
WEI Shan-shan,HAN Qing-min,GUO Xiao-wang,ZHANG Wan,GONG Chun-yan. Research on Application of PKI Based on Nation Secret Algorithm in ICS[J]. Computer and Modernization, 2018, 0(11): 1. DOI: 10.3969/j.issn.1006-2475.2018.11.001
Authors:WEI Shan-shan  HAN Qing-min  GUO Xiao-wang  ZHANG Wan  GONG Chun-yan
Abstract:The national production of Industry Control System (ICS) is imperative, and a more secure and reliable identification method is urgently needed. PLC-centric system is a typical ICS, and the Public Key Infrastructure (PKI) can solve the authenticity of the identity of both communication parties. This paper studies PKI based on the national secret algorithm in a PLC-centric ICS, and gives the certificate authentication model of ICS and the deployment design of PKI. Then taking the open source framework OpenSSL for example, using the engine technology, the paper analyzes the combination of the national secret algorithm and PKI, and gives the pivotal structures and algorithm design of the SM2, SM3 extended to OpenSSL. Finally, the paper designs a PKI management system for ICS, then develops and implements the system. All the work of this paper provides a good basis for the application of PKI to the ICS, and provides a new idea for the security of the identity authentication of the ICS.
Keywords:ICS   PKI   nation secret algorithm   OpenSSL   engine   identification  
点击此处可从《计算机与现代化》浏览原始摘要信息
点击此处可从《计算机与现代化》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号