关键词: 工业控制系统, ModbusTCP, SM2, SM4, 双向身份认证

Abstract: As a simple and efficient Ethernet industrial control protocol, ModbusTCP is widely used in industrial control systems. However, the traditional ModbusTCP protocol did not consider the problem of security, which leads to many criminals to attack ModbusTCP through its vulnerability. To address the lack of identity authentication and integrity verification in the ModbusTCP protocol, a bidirectional identity authentication and data integrity verification algorithm using SM2 signature verification is proposed. In view of the lack of data confidentiality of ModbusTCP protocol, the SM4 symmetric encryption algorithm is proposed to encrypt the plaintext data. In view of the lack of antireplay attack mechanism of ModbusTCP, a random number method is proposed to prevent replay attack. Experiments show that the proposed scheme can effectively increase the security of ModbusTCP protocol.

Key words: industrial control system, ModbusTCP, SM2, SM4, bidirectional identity authentication