适用于PLC的时间基一次性密码方案

doi:10.19678/j.issn.1000-3428.0059091

计算机工程 ›› 2021, Vol. 47 ›› Issue (8): 149-156. doi: 10.19678/j.issn.1000-3428.0059091

适用于PLC的时间基一次性密码方案

包致婷¹, 柯俊明², 杨铮^1,3, 龙华¹, 黄东⁴

1. 重庆理工大学计算机科学与工程学院, 重庆 400054;
2. 山东大学计算机科学与技术学院, 济南 250000;
3. 新加坡科技设计大学信息系统技术与设计系, 新加坡 138682;
4. 重庆机电职业技术大学信息工程学院, 重庆 402760

收稿日期:2020-07-29 修回日期:2020-09-01 发布日期:2020-09-04
作者简介:包致婷(1994-),女,硕士研究生,主研方向为密码学;柯俊明,硕士;杨铮,副教授;龙华(通信作者),副教授、讲师;黄东,教授。
基金资助:
国家自然科学基金（61872051）。

Time-based One-Time Password Scheme for PLC

BAO Zhiting¹, KE Junming², YANG Zheng^1,3, LONG Hua¹, HUANG Dong⁴

1. School of Information Science and Engineering, Chongqing University of Technology, Chongqing 400054, China;
2. School of Computer Science and Technology, Shandong University, Jinan 250000, China;
3. Department of Information Systems Technology and Design, Singapore University of Technology and Design, Singapore 138682;
4. Information Engineering Institute, Chongqing Vocational and Technical University of Mechatronics, Chongqing 402760, China

Received:2020-07-29 Revised:2020-09-01 Published:2020-09-04

摘要/Abstract

摘要： 针对现有时间基一次性密码方案无法高效运行于可编程逻辑控制器（PLC）的问题，借鉴T/KEY单链方案，提出一种基于分组密码的时间基一次性密码方案BC-TOTP。使用PRESENT和SPECK分组密码算法来实例化加密函数，采用该加密函数计算链上的所有节点，使得证明方可在相应的时间内向验证方证明其身份。通过基于理想密码模型和分组密码IND-CPA的安全假设验证了BC-TOTP方案的安全性，并在罗克韦尔Allen-Bradley PLC上的测试结果表明，其能大幅减少计算时间，且单链使用周期将近1年。

关键词: 时间基一次性密码, 可编程逻辑控制器, 分组密码, 身份验证, 结构化文本

Abstract: To solve the problem that existing Time-based One-Time Password(TOTP) schemes cannot run efficiently on Programmable Logic Controller(PLC), a TOTP scheme called BC-TOTP is proposed based on block cipher. The scheme employs block cipher algorithms, including PRESENT and SPECK, to instantiate the encryption function, which is used to compute each node in the chain, so the prover can authenticate to the verifier in time. The security of BC-TOTP is verified with a security assumption based on the ideal cipher model and IND-CPA of the block cipher. Then the proposed scheme is tested on a PLC of Rockwell Allen-Bradley. Test results show that the scheme can significantly reduce the computational time, and its single chain life cycle reaches almost one year.

Key words: Time-based One-Time Password(TOTP), Programmable Logic Controller(PLC), block cipher, identity authentication, Structured Text(ST)

中图分类号:

TP309

包致婷, 柯俊明, 杨铮, 龙华, 黄东. 适用于PLC的时间基一次性密码方案[J]. 计算机工程, 2021, 47(8): 149-156.

BAO Zhiting, KE Junming, YANG Zheng, LONG Hua, HUANG Dong. Time-based One-Time Password Scheme for PLC[J]. Computer Engineering, 2021, 47(8): 149-156.

http://www.ecice06.com/CN/Y2021/V47/I8/149

图/表 7

20210819200217

20210819200221

20210819200226

20210819200230

20210819200236

20210819200244

20210819200252

参考文献

[1] 王喜文.中国制造2025解读[M]. 北京:机械工业出版社, 2015. WANG X W.Demystifying made in China 2025[M]. Beijing:China Machine Press, 2015.(in Chinese)
[2] HUMAYED A, LIN J Q, LI F J, et al. Cyber-physical systems security-a survey[J]. IEEE Internet of Things Journal, 2017, 4(6): 1802-1831.
[3] ZIELINSKA E, MAZURCZYK W, SZCZYPIORSKI K.Trends in steganography[J]. Communications of the ACM, 2014, 57(3): 86-95.
[4] LIANG G Q, WELLER S R, ZHAO J H, et al. The 2015 Ukraine blackout:implications for false data injection attacks[J]. IEEE Transactions on Power Systems, 2016, 32(4): 3317-3318.
[5] DI P A, DRAGONI Y, CARCANO A.TRITON:the first ICS cyber attack on safety instrument systems[EB/OL]. [2020-06-20]. https://scadahacker.com/library/Documents/Cyber_Events/Nozomi%20-%20TRITON%20-%20The%20First%20SIS%20Cyberattack.pdf.
[6] AHMED I, OBERMEIER S, SUDHAKARAN S, et al. Programmable logic controller forensics[J]. IEEE Security & Privacy, 2017, 15(6): 18-24.
[7] 360 Internet Security Center.IT/OT integrated industrial information security situation report(2018)[EB/OL]. [2020-06-20]. https://zt.360.cn/1101061855.php?dtid=1101062514&did=610131448.
[8] PANATHUNGA D, ROUGHAN M, NGUYEN H, et al. Case studies of SCADA firewall configurations and the implications for best practices[J]. IEEE Transactions on Network and Service Management, 2016, 13(4): 871-884.
[9] DUTERTRE B.Formal modeling and analysis of the Modbus protocol[C]//Proceedings of 2007 International Conference on Critical Infrastructure Protection.Berlin, Germany:Springer, 2007:189-204.
[10] SIDDAVATAM I A, KAZI F.Security assessment framework for cyber physical systems:a case-study of DNP3 protocol[C]//Proceedings of 2016 Bombay Section Symposium.Washington D.C., USA:IEEE Press, 2016:1-10.
[11] LEITNER S H, MAHNKE W.OPC UA-service-oriented architecture for industrial applications[J]. Softwaretechnik-Trends, 2006, 26(4): 61-66.
[12] 徐成强, 李作维.改进的一次性口令认证方案[J]. 计算机工程, 2009, 35(24): 168-169. XU C Q, LI Z W.Improved scheme of one-time-password authentication[J]. Computer Engineering, 2009, 35(24): 168-169.(in Chinese)
[13] LAMPORT L.Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11): 770-772.
[14] HALLER N.The S/KEY one-time password system:RFC 1760[S]. San Diego, USA:[s.n.], 1995:151-157.
[15] M'RAIHI D, MACHANI S, PEI M, et al. TOTP:time-based one-time password algorithm[EB/OL]. [2020-06-20]. https://tools.ietf.org/html/draft-mraihi-totp-timebased-08.
[16] KOGAN D, MANOHAR N, BONEH D.T/KEY:second-factor authentication from secure hash chains[C]//Proceedings of 2017 ACM Conference on Computer and Communications Security.New York:ACM Press, 2017:983-999.
[17] DARVAS D, VINUELA E B, MAJZIK I.PLC code generation based on a formal specification language[C]//Proceedings of the 14th International Conference on Industrial Informatics.Washington D.C., USA:IEEE Press, 2016:389-396.
[18] GUO J, PEYRIN T, POSCHMANN A.The PHOTON family of lightweight hash functions[C]//Proceedings of the 31st Annual Cryptology Conference.Berlin, Germany:Springer, 2011:222-239.
[19] BOGDANOV A, KNEZEVIC M, LEANDER G, et al. SPONGENT:the design space of lightweight cryptographic hashing[J]. IEEE Transactions on Computers, 2012, 62(10): 2041-2053.
[20] BOGDANOV A, KNUDSEN L R, LEANDER G, et al. PRESENT:an ultra-lightweight block cipher[C]//Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems.Berlin, Germany:Springer, 2007:450-466.
[21] BEAULIEU R, SHORS D, SMITH J, et al. The SIMON and SPECK families of lightweight block ciphers[C]//Proceedings of the 52nd ACM/EDAC/IEEE Design Automation Conference.Washington D.C., USA:IEEE Press, 2013:404-449.
[22] HERLEY C, VAN O P.A research agenda acknowledging the persistence of passwords[J]. IEEE Security & Privacy, 2011, 10(1): 28-36.
[23] CZESKIS A, DIETZ M, KOHNO T, et al. Strengthening user authentication through opportunistic cryptographic identity assertions[C]//Proceedings of ACM Conference on Computer and Communications Security.New York, USA:ACM Press, 2012:404-414.
[24] CHEN J S, EISENBARTH S C.Two-factor authentication for type 2 immunity[J]. Immunity, 2018, 49(3): 381-383.
[25] SHIRBANIAN M, JARECKI S, SAXENA N, et al. Two-factor authentication resilient to server compromise using mix-bandwidth devices[EB/OL]. [2020-06-20]. http://dev.www.isocdev.org/sites/default/files/08_3_slides.pdf.
[26] JIN C L, YANG Z, VAN D M, et al. Proof of aliveness[C]//Proceedings of the 35th Annual Computer Security Applications Conference.New York, USA:ACM Press, 2019:1-16.
[27] SIVABALAN M, TAVARES S E, PEPPARD L E.On the design of SP networks from an information theoretic point of view[C]//Proceedings of the 19th Annual International Cryptology Conference.Berlin, Germany:Springer, 1992:260-279.
[28] CORON J S, PATARIN J, SEURIN Y.The random oracle model and the ideal cipher model are equivalent[C]//Proceedings of the 28th Annual International Cryptology Conference.Berlin, Germany:Springer, 2008:1-20.

选择文件类型/文献管理软件名称

选择包含的内容

适用于PLC的时间基一次性密码方案

Time-based One-Time Password Scheme for PLC

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	刘金硕, 刘宁. 面向招标文件的半结构化文本自动生成[J]. 计算机工程, 2023, 49(3): 67-72.
[2]	纪文桃, 李媛媛, 秦宝东. 基于决策树的SM4分组密码工作模式识别[J]. 计算机工程, 2021, 47(8): 157-161,169.
[3]	信文倩, 孙兵, 李超. LiCi算法的基于比特积分攻击[J]. 计算机工程, 2020, 46(7): 136-142.
[4]	朱文锋, 王琴, 郭筝, 刘军荣. 针对分组密码的攻击方法研究[J]. 计算机工程, 2020, 46(1): 102-107,113.
[5]	石淑英, 何骏. GRANULE算法的不可能差分分析[J]. 计算机工程, 2019, 45(10): 134-138.
[6]	张佩,张文英. QARMA算法的相关密钥不可能差分攻击[J]. 计算机工程, 2019, 45(1): 91-95.
[7]	李梦竹,张文英,陈万朴. ZORRO迭代差分特征密钥恢复的代数分析[J]. 计算机工程, 2017, 43(2): 189-193.
[8]	朱嘉良,韦永壮. 针对LBlock 算法的踪迹驱动Cache 攻击[J]. 计算机工程, 2015, 41(5): 153-158.
[9]	莫钊，韦永壮. 简化轮LBlock的密钥中比特检测及分析[J]. 计算机工程, 2014, 40(3): 28-32,45.
[10]	王晨光, 乔树山, 黑勇. 分组密码算法SM4的低复杂度实现[J]. 计算机工程, 2013, 39(7): 177-180.
[11]	罗芳, 欧庆于, 付伟. 一种基于分组密码的自同步序列密码模型[J]. 计算机工程, 2013, 39(6): 170-173.
[12]	郭磊，郑浩然，刘明伟. 一类具有最大分支数的16阶0-1矩阵构造[J]. 计算机工程, 2013, 39(12): 118-121.
[13]	彭昌勇, 祝跃飞, 顾纯祥, 米顺强. 1~5轮LBlock的多项式表示及完全性分析[J]. 计算机工程, 2012, 38(9): 155-157,179.
[14]	韦永壮, 苏崇茂, 马春波. Rijndael-256算法的中间相遇攻击[J]. 计算机工程, 2012, 38(7): 107-109.
[15]	崔杰, 仲红. 基于Feistel网络的十进制加密算法[J]. 计算机工程, 2012, 38(3): 22-24,33.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

适用于PLC的时间基一次性密码方案

Time-based One-Time Password Scheme for PLC

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献

相关文章 15

编辑推荐

Metrics

本文评价