進階搜尋


   電子論文尚未授權公開,紙本請查館藏目錄
(※如查詢不到或館藏狀況顯示「閉架不公開」,表示該本論文不在書庫,無法取用。)
系統識別號 U0026-2907201612500600
論文名稱(中文) 在監督控制與資料收集系統中增進資料傳輸的安全性
論文名稱(英文) Enhancing the Security of Data Transmission in SCADA System
校院名稱 成功大學
系所名稱(中) 資訊工程學系
系所名稱(英) Institute of Computer Science and Information Engineering
學年度 104
學期 2
出版年 105
研究生(中文) 李佳陵
研究生(英文) Jia-Ling Li
學號 P76034135
學位類別 碩士
語文別 英文
論文頁數 43頁
口試委員 指導教授-鄭憲宗
口試委員-王英宏
口試委員-周承復
口試委員-蔡垂雄
口試委員-黃宗立
中文關鍵字 SCADA  監督控制與資料收集系統  NTRU演算法  資訊安全  Modbus 
英文關鍵字 SCADA  Supervisory control and data acquisition  NTRU encryption algorithm  Information security  Modbus 
學科別分類
中文摘要 隨著監督控制與資料收集(SACDA, Supervisory Control and Data Acquisition)系統的系統架構演進與使用需求的改變,SACDA系統對於資訊安全的需求越來越高。過去的SCADA系統是設計成單獨的系統架構,在單機不對外連網的情境下,對於系統安全性並沒有多加考量。隨著時間發展,SCADA逐漸使用通用的系統架構,且對於遠端監控等需要連網的需求也越來越高,傳統SCADA系統缺乏對於系統安全性的保護可能會對使用者造成損害,而如今的工業控制系統、基礎公共建設大多採用SCADA系統,一旦因系統不安全而造成損害,在經濟、民生上的影響層不容小覷。
與公開金鑰密碼系統的RSA、McEliece、GGH比較後,NTRU加密演算法在計算上花費的時間相較於RSA、McEliece、GGH演算法少。本研究會在講求即時(real-time)的SCADA系統中,使用NTRU加密演算法來加強資料在Modbus傳輸資料時的資料安全性,此方法在本研究中以SCADA/CCM稱呼之,並會對SCADA/CCM分析其效能。
英文摘要 As the evolution of system architecture of SCADA (Supervisory Control and Data Acquisition) system and the change of users’ requests in SCADA system, the demand for information security is increasing in SCADA system. In the past, the system architecture of SCADA system was designed to monolithic, in the situation which did not need to connect to others, it toke no account of the system security. As time goes on, it uses the common system architecture gradually in SCADA system. And the demand for remote monitoring which needs connect to Internet is also increasing. Lack of the protection for system security in traditional SCADA system may cause damage to the user. Nowadays, industrial control system (ICS) and public infrastructure such as power systems adopt SCADA system. Once bringing out damage on account of system insecurity, it will have a very profound effect on the economy, people's livelihood, etc.
In [13], Comparing with other Public-Key Cryptosystem such as RSA, McEliece and GGH, NTRU encryption algorithm costs less computation time than other Public-Key Cryptosystem. In the thesis, we will use NTRU encryption algorithm to enhance the data security when transmitting data through Modbus in the SCADA system which requires real-time responses. The mode in the thesis is called as SCADA/CCM, and we will analyze the performance of SCADA/CCM.
論文目次 摘 要 i
Abstract ii
ACKNOWLEDGEMENT iii
TABLE OF CONTENTS iv
LIST OF TABLES vi
LIST OF FIGURES vii
Chapter 1. Introduction and Motivation 1
Chapter 2. Background and Related Work 5
2.1. SCADA System 5
2.1.1. Components of SCADA system 5
2.1.2. Supervisory Control 7
2.1.3. Data Acquisition 7
2.1.4. Trend of Future SCADA 8
2.2. Modbus Protocol 8
2.2.1. Variants and Features of Modbus Protocol 9
2.2.2. Format of Modbus TCP 9
2.3. NTRU Encryption Algorithm 11
Chapter 3. System Design 17
3.1. System Architecture 17
3.1.1. Original NTRU Method in CCM 18
3.1.2. Revised NTRU Method in CCM 19
3.2. Parameters Selection in SCADA/CCM 21
3.2.1. Example of NTRU Encryption Algorithm in SCADA/CCM 21
3.3. Interaction of SCADA/CCM 23
3.3.1. Interaction of Original NTRU Method 24
3.3.2. Interaction of revised NTRU Method 25
3.4. Flow Chart of SCADA/CCM 26
3.4.1. Flow Chart of Original NTRU Method 26
3.4.2. Flow Chart of Revised NTRU Method 27
3.5. Pseudo Code of SCADA/CCM 28
Chapter 4. Implementation and Experiments 31
4.1. Experimental Environment 31
4.2. Experimental Results 32
4.3. Comparison between three kinds of Communication Methods 36
4.4. Probability of Breaking Ciphertext 38
Chapter 5. Conclusions and Future Work 40
References 42
參考文獻 [1] K. A. Stouffer, J. A. Falco and K. A. Scarfone, "SP 800-82. Guide to Industrial Control Systems (ICS) Security: Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC)," National Institute of Standards & Technology, Gaithersburg, MD, United States, 2011.
[2] A. P. Premnath, J.-Y. Jo and Y. Kim, "Application of NTRU Cryptographic Algorithm for SCADA Security," in Information Technology: New Generations (ITNG), 2014 11th International Conference on, Las Vegas, NV, April 2014.
[3] R. Langner, "To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve," November 2013. [Online]. Available: http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf
[4] R. A. Perlner and D. A. Cooper, "Quantum resistant public key cryptography: a survey," in IDtrust '09 Proceedings of the 8th Symposium on Identity and Trust on the Internet, New York, NY, USA, 2009.
[5] G. Thomas, "Introduction to the Modbus Protocol," 2008. [Online]. Available: https://www.ccontrols.com/pdf/Extv9n4.pdf.
[6] IEC 61131-3:2013 Programmable controllers - Part 3: Programming languages, International Electrotechnical Commission(IEC), 2013.
[7] "BECKHOFF New Automation Technology," [Online]. Available: http://www.beckhoff.be/CX8090/.
[8] B. Drury, "Control Techniques Drives and Controls Handbook, 2nd ed," Institution of Engineering and Technology, 2009, pp. 508-.
[9] Modbus Messaging On TCP/IP Implementation Guide, Modbus Organization, 2006.
[10] C. Palmer and S. Shenoi, in Critical Infrastructure Protection III Third IFIP WG 11.10 International Conference, Hanover, New Hampshire, USA, Springer-Verlag Berlin Heidelberg, 2009, p. 87.
[11] "Security Innovation - NTRU Cryptography," [Online]. Available: https://www.securityinnovation.com/products/ntru-crypto.
[12] IEEE P1363: Standard Specifications For Public Key Cryptography, Grouper.ieee.org, 2008.
[13] J. Hoffstein, J. Pipher and J. H. Silverman, "NTRU: A ring-based public key cryptosystem," in Algorithmic Number Theory Third International Symposiun, ANTS-III , Portland, Oregon, USA, June 21–25, Springer Berlin Heidelberg, 1998, pp. 267-288.
[14] J.-R. Jiang, Homomorphism and Cryptanalysis of NTRU, Institute of Mathematical Sciences, National Taiwan University, 2010.
[15] "Proficy HMI/SCADA – iFIX," [Online]. Available: http://www.geautomation.com/products/proficy-hmiscada-ifix.
[16] Efficient Embedded Security Standard (EESS) #1, Consortium for Efficient Embedded Security, September 2015.
[17] Supervisory Control and Data Acquisition (SCADA) Systems, Chantilly, Virginia, USA: Communication Technologies, Inc, October 2004.
[18] "Cyber-Attack Against Ukrainian Critical Infrastructure," February 2016. [Online]. Available: https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01.
[19] "Inductive Automation Ignition Information Disclosure Vulnerability," August 2011. [Online]. Available: https://ics-cert.us-cert.gov/advisories/ICSA-11-231-01.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2021-08-31起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw