首页 关于本刊 编 委 会 期刊动态 作者中心 审者中心 读者中心 下载中心 联系我们 English
 自动化学报  2018, Vol. 44 Issue (3): 434-442 PDF

1. 浙江大学工业控制技术国家重点实验室 杭州 310027 中国;
2. 多伦多大学计算机与电子工程学院 多伦多 M4Y1M7 加拿大

Feasibility Analysis of Encrypted Transmission on Security of Industrial Control Systems
LIANG Yao1, FENG Dong-Qin1, XU Shan-Shan1, CHEN Si-Yuan2, GAO Meng-Zhou1
1. State Key Laboratory of Industrial Control Technology, Zhejiang University, Hangzhou 310027, China;
2. Engineering at Electrical and Computer Engineering Department, University of Toronto M4Y1M7, Canada
Manuscript received : May 16, 2016, accepted: December 27, 2016.
Foundation Item: Supported by National Natural Science Foundation of China (61223004)
Corresponding author. FENG Dong-Qin  Professor at the State Key Laboratory of Industrial Control Technology, Institute of Cyber-Systems and Control, Zhejiang University. His research interest covers field bus, real-time ethernet, industrial wireless communication technology, security of industrial control system, and network control system. Corresponding author of this paper
Recommended by Associate Editor CHEN Ji-Ming
Abstract: For those industrial control systems (ICS) whose field data need to be encrypted, a model, based on stability criterion is designed to assess the feasibility of the encrypted transmition mechanism. Combined with D-subdivision solution to transcentdental equation, a method to solve the feasible region of the length of encrypted data quantitatively is proposed. Integral absolute error (IAE) is improved to introduce the truncated IAE (TIAE)-based index, which is designed for evaluating the real-time performance influenced by the length in the feasible region. In terms of the relationship between execute time of encryption algorithm and length measured on embedded platform, two symmetric encryption algorithms for the control system of separately excited DC motor are evaluated, the accuracy of solution to the feasible region is verified, and the change law between real-time performance and length is obtained.
Key words: Industrial control system (ICS)     encrypted transmission     stability     feasible region of length of encrypted data     real-time performance     truncated integral absolute error (TIAE)-based index

1 问题描述 1.1 工业控制系统加密传输框架

 图 1 基于加密传输机制的工控系统框架图 Figure 1 Frame diagram of industrial control system under encrypted transmission
1.2 加密算法执行时间分析

 $$$\left\{ \begin{array}{l} {\tau _{enc}} = {a_1} \cdot {l_1} + {b_1}\\ {\tau _{dec}} = {a_2} \cdot {l_2} + {b_2} \end{array} \right.$$$ (1)

 \begin{aligned} \Lambda_1(s) = {\rm diag} \{{{\rm e}^{-\tau _{1}^{ca}s}}, {{\rm e}^{-\tau _{2}^{ca}s}}, \cdot \cdot \cdot, {{\rm e}^{-\tau _{n}^{ca}s}}\} \\ \Lambda_2(s) ={\rm diag} \{{{\rm e}^{-\tau _{1}^{sc}s}}, {{\rm e}^{-\tau _{2}^{sc}s}}, \cdot \cdot \cdot, {{\rm e}^{-\tau _{n}^{sc}s}}\} \end{aligned} \nonumber

 \begin{align} &CE(s;\tau _j^{sc}, \tau _j^{ca})=\nonumber\\ &\qquad \det \left( I + G(s) \Lambda_1(s) C(s) P \Lambda_2(s) \right) = 0 \end{align} (5)

 $$$\begin{array}{l} CE(s; \tau ) = {c_n}(s){{\rm e}^{ - n\tau s}} + {c_{n - 1}}(s){{\rm e}^{ - (n - 1)\tau s}} + \cdots +\\ \qquad {c_0}(s) = \sum\limits_{k = 0}^n {{c_k}(s){{\rm e}^{ - k\tau s}}} = 0 \end{array}$$$ (7)

 \begin{align} &CE(s;{\tau ^{sc}}, {\tau ^{ca}}) =\nonumber\\ &\qquad \det [I + G(s)\Lambda_1(s)C(s)P\Lambda_2(s)]=\nonumber\\ &\qquad \det [I + {{\rm e}^{-({\tau ^{sc}} + {\tau ^{ca}})s}}G(s)C(s)P]=\nonumber\\ &\qquad \det [I + {{\rm e}^{-\tau s}}K(s)] = 0 \end{align} (8)

 \begin{aligned} \Theta = & \{ \tau \in [2{\tau _{\min }}, 2{\tau _{\max }}]| \\ & {{\mathop{\rm Re}\nolimits} [{s^*}(\tau )] < 0;\forall {s^*}, CE({s^*};\tau ) = 0 }\} \end{aligned} \nonumber

1) 变量代换:直接求超越方程(7)的纯虚根存在困难, 利用变量代换${{\rm e}^{ - \tau s}} = {{(1 - Ts)}}/{{(1 + Ts)}}$, $T \in {\bf R}$, 将式(7)转化为有理多项式方程,

 $$$CE(s{\rm{ }};\tau ) = \sum\limits_{k = 0}^n {{c_k}(s){{\left( {\frac{{1 - Ts}}{{1 + Ts}}} \right)}^k}} = 0$$$ (9)
 \begin{align} \Leftrightarrow & \sum\limits_{k = 0}^n {{c_k}(s){{(1 - Ts)}^k}{{(1 + Ts)}^{n - k}}}=\nonumber\\ & \qquad\sum\limits_{p = 0}^\mu {{b_p}(T){s^p}} = 0 \end{align} (10)

2) 求解虚根:式(7)和式(10)的纯虚根完全相同, 而式(10)的纯虚根可以利用劳斯表中的辅助多项式求解, 定义纯虚根的有限集合为$S$,

 $S = \{ {s^*}|{s^*} = \mp {\omega _c}i{\rm{, }}~{\omega _c} = {\omega _{c1}}, {\omega _{c2}}, \cdots, {\omega _{cm}}\}$

 $\Psi = \{ T \in {\bf R}|T = {T_{c1}}, {T_{c2}}, \cdots, {T_{cm}}\}$

 \begin{aligned} \Omega_k(\tau ;{\omega _{ck}})= & \Bigg \{ \tau |\tau = \frac{{2\tan ({\omega _{ck}}{T_{ck}}) + 2p\pi }}{{{\omega _{ck}}}}, \\ & p = 1, \cdots, \infty \Bigg\} \end{aligned} \nonumber

 $\Omega = \left\{ {\bigcup\limits_{k = 1}^m \Omega_k(\tau ;{\omega _{ck}})} \right\} \cap [2{\tau _{\min }}, 2{\tau _{\max }}]$

3) 求解集合$\Theta$:当参数$\tau$等于集合$\Omega$中的某一元素${\tau _{k, l}}$时, 式(7)的系统存在一对虚根${s^*} = \mp {\omega _{ck}}i$, 并且随着\tau [{\tau _{k, l}}, {\tau _{k, l}} + \varepsilon ]内变化, 该对虚根穿越虚轴的移动趋势为  \begin{aligned} \qquad {\rm{RT}} & \left| {_{s = {\omega _{ck}}i, \tau = {\tau _{k, l}}}} \right. =\\ &{\mathop{\rm sgn}} \left[{{\mathop{\rm Re}\nolimits} \left( {\frac{{{\rm d}s(\tau )}}{{{\rm d}\tau }}\left| {_{r = {\omega _{ck}}i, \tau = {\tau _{k, l}}}} \right.} \right)} \right] \end{aligned} \nonumber 将式(7)对参数\tau 进行求导, 即可求出移动趋势的值,  \begin{align} & {\rm{RT}} \left| {_{s = {\omega _{ck}}i, \tau = {\tau _{k, l}}}} \right. =\nonumber\\ &\qquad {\mathop{\rm sgn}} \left[{{\mathop{\rm Im}\nolimits} \left( {\frac{{\sum\limits_{j = 0}^n {\frac{{{\rm d}{a_j}}}{{{\rm d}s}} {{\rm e}^{-{\rm j}\tau s}}} }}{{\sum\limits_{j = 0}^n {j{a_j}{{\rm e}^{- {\rm j}\tau s}}} }}\left| {_{s = {\omega _{ck}}i, \tau = {\tau _{k, l}}}} \right.} \right)} \right] =\nonumber\\ &\qquad {\mathop{\rm sgn}} \left[{{\mathop{\rm Im}\nolimits} \left( {\frac{{\sum\limits_{j = 0}^n {\frac{{{\rm d}{a_j}}}{{{\rm d}s}}{{\left( {\frac{{1-Ts}}{{1 + Ts}}} \right)}^j}} }}{{\sum\limits_{j = 0}^n {j{a_j}{{\left( {\frac{{1-Ts}}{{1 + Ts}}} \right)}^j}} }}\left| {_{s = {\omega _{ck}}i, T { = }{T_{ck}}}} \right.} \right)} \right] \end{align} (11) 该趋势只取决于{\omega _{ck}}{T_{ck}}, 即虚根在$\Omega _k(\tau {\rm{ }};{\omega _{ck}})$中所有元素处的移动趋势相同.趋势值为正表示系统增加两个不稳定极点, 反之表示减少两个不稳定极点.令${\rm{NU}}(\tau )$表示不稳定极点个数, 则集合$\Theta$可以按如下定义求解,

 $\Theta = \{ \tau \in \Omega |{\rm{NU}}(\tau ) = 0\}$

4) 求解数据加密长度可行域$\Phi$:确定前向和反馈通道采用的加密算法, 通过实验法测定式(1)的参数, 利用定理2的映射关系求取使系统稳定性的数据加密长度可行域$\Phi$.

3 系统实时性能分析

3.1 实时性指标建立

 \begin{align} {\rm IAE}&= \int\limits_0^\infty {\left| {r(t) - y(t)} \right|{\rm d}t} = \int\limits_0^\infty {\left| {e(t)} \right|{\rm d}t} =\nonumber\\ & {T_s}\sum\limits_{i = 0}^\infty {\left| {e({t_i})} \right|} \end{align} (12)

 \begin{align} {\rm TIAE}&= \int\limits_0^{{t_s}} {\left| {r(t) - y(t)} \right|{\rm d}t} = \int\limits_0^{{t_s}} {\left| {e(t)} \right|{\rm d}t} =\nonumber\\ & {T_s}\sum\limits_{i = 0}^m {\left| {e({t_i})} \right|} \end{align} (13)

 $$${\eta _{{\rm{TIAE}}}} = \frac{{{\rm{TIA}}{{\rm{E}}_0}}}{{{\rm{TIA}}{{\rm{E}}_{enc}}}}$$$ (14)

${\eta _{{\rm{TIAE}}}} = 1$, 表明引入加密传输机制之后系统实时性能与原系统相同, 可以达到满意的性能要求.当$0 < {\eta _{{\rm{TIAE}}}} < 1$, 表明引入加密传输机制之后系统实时性能比原系统差, 且${\eta _{{\rm{TIAE}}}} \to 0$表明实时性能已经极度恶化, 不适合引入加密传输机制.假设可行域内的边界点${l_{cri}}$正好使系统震荡不稳定, 此时${\rm{TIA}}{{\rm{E}}_{enc}}({l_{cri}}) \to + \infty$, 令${\eta _{{\rm{TIAE}}}}({l_{cri}}) = 0$, 保证${\eta _{{\rm{TIAE}}}}$值域的连续性.

3.2 ${ \eta _{{\rm{TIAE}}}}$合理性说明

 $$$\left\{ \begin{array}{l} {\mathop{\rm sgn}} \left\{ {\dfrac{{\partial \left[{{\eta _{{\rm{TIAE}}}}{\rm{(}}l{\rm{)}}} \right]}}{{\partial \left[{{t_r}(l)} \right]}}} \right\} = 1\\[4mm] {\mathop{\rm sgn}} \left\{ {\dfrac{{\partial \left[{{\eta _{{\rm{TIAE}}}}{\rm{(}}l{\rm{)}}} \right]}}{{\partial \left[{\sigma \% (l)} \right]}}} \right\} = - 1\\[4mm] {\mathop{\rm sgn}} \left\{ {\dfrac{{\partial \left[{{\eta _{{\rm{TIAE}}}}{\rm{(}}l{\rm{)}}} \right]}}{{\partial \left[ {{t_s}(l)} \right]}}} \right\} = - 1 \end{array} \right. \nonumber$$$

${\eta _{{\rm{TIAE}}}} \sim \sigma \%$${\eta _{{\rm{TIAE}}}} \sim {t_s}的单调性可以看出, 如果{\eta _{{\rm{TIAE}}}}({\sigma _1}\% ) > {\eta _{{\rm{TIAE}}}}({\sigma _2}\% ), 则{\sigma _1}\% < {\sigma _2}\% , 实时性能在{\sigma _1}\% 更优, 即{\eta _{{\rm{TIAE}}}}越大则实时性能越优.在{\eta _{{\rm{TIAE}}}} \sim {t_r}关系曲线中必存在两点{t_{r, 3}}$${t_{r, 4}}$(${t_{r, 3}} < {t_{r, 4}}$), 使得${\eta _{{\rm{TIAE}}}}({t_{r, 3}}) < {\eta _{{\rm{TIAE}}}}({t_{r, 4}})$, 说明实时性能在${t_{r, 4}}$更优, 显然违背了越小越优常识.定理3得证.

4 实验结果及仿真

4.1 对称加密算法执行时间测试

 \left\{ \begin{aligned} & {{\tau }_{enc}}{\rm{(AES)}}=0.4673\cdot l+0.0492 \\ & {{\tau }_{dec}}{\rm{(AES)}}=0.5850\cdot l-\rm{0}\rm{.2272} \\ \end{aligned} \right. (15)
 \left\{ \begin{aligned} &{{\tau }_{enc}}{\rm{(DES)}}=0.5726\cdot l-2.3579 \\ &{{\tau }_{dec}}{\rm{(DES)}}=0.4466\cdot l-1.3557 \\ \end{aligned} \right. (16)

 图 3 加密算法执行时间与数据加密长度关系曲线 Figure 3 Relationship curve between the execute time of encryption algorithms and the length of encrypted data
4.2 系统性能研究

 $$$\left\{ \begin{array}{l} \dfrac{{{\rm d}{I_a}}}{{{\rm d}t}} = - 120{I_a} - 120\omega + 100{U_a}\\[2mm] \dfrac{{{\rm d}\omega }}{{{\rm d}t}} = - 0.055\omega + 0.06{I_a} - 5{T_L}\\ n = \dfrac{{30}}{\pi }\omega \end{array} \right. \nonumber$$$

 $$${G}(s) = \frac{6}{{{s^2} + 120s + 13.8}} \cdot \frac{{30}}{\pi } \nonumber$$$

4.2.1 稳定性分析

 $$${c_1}(s){{\rm e}^{ - \tau s}} + {c_0}(s) = 0 \nonumber$$$

 \begin{aligned} {b_4}(T){s^4} + & {b_3}(T){s^3} + {b_2}(T){s^2} + \\ & {b_1}(T)s + {b_0}(T) = 0 \end{aligned} \nonumber

 $$$\Theta = \left\{ {\tau |\tau \in (0, {\rm{ }}0.321)} \right\}$$$ (17)

 $$$\left\{ \begin{array}{l} \Phi{{\rm{(AES)}}} = \left\{ {l|l \in [ 64, 153]} \right\}\\ \Phi{{\rm{(DES)}}} = \left\{ {l|l \in [ 64, 161]} \right\} \end{array} \right.$$$ (18)

4.2.2 实时性能分析

 图 4 不同AES加密数据长度下实际转速变化曲线 Figure 4 Timely varying curves of the actual speed under different length of AES encrypted data

 1 Knowles W, Prince D, Hutchison D, Disso J F P, Jones K. A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 2015, 9: 52-80. DOI:10.1016/j.ijcip.2015.02.002 2 ICS-CERT. ICS-CERT Monitor[Online], available: https://ics-cert.us-cert.gov/monitors/ICS-MM201512, May 3, 2016. 3 Pang Z H, Liu G P, Zhou D H, Hou F Y, Sun D H. Two-channel false data injection attacks against output tracking control of networked systems. IEEE Transactions on Industrial Electronics, 2016, 63(5): 3242-3251. DOI:10.1109/TIE.2016.2535119 4 Tang B X, Alvergue L D, Gu G X. Secure networked control systems against replay attacks without injecting authentication noise. In: Proceedings of the 2015 American Control Conference (ACC). Chicago, USA: IEEE, 2015. 6028-6033 5 Zijlstra P. Cryptography for a Networked Control System using Asynchronous Event-Triggered Control[Master dissertation], Delft University of Technology, Netherlands, 2016. 6 Zhang L Y, Xie L, Li W Z, Wang Z L. Security solutions for networked control systems based on des algorithm and improved grey prediction model. International Journal of Computer Network and Information Security (IJCNIS), 2013, 6(1): 78-85. DOI:10.5815/ijcnis 7 Wei M K, Wang W Y. Safety can be dangerous: secure communications impair smart grid stability under emergencies. In: Proceedings of the 2015 IEEE Global Communications Conference (GLOBECOM). San Diego, USA: IEEE, 2015. 1-6 8 Sipahi R, Niculescu S I, Abdallah C T, Michiels W, Gu K Q. Stability and stabilization of systems with time delay. IEEE Control Systems, 2011, 31(1): 38-65. DOI:10.1109/MCS.2010.939135 9 Sipahi R, Olgac N. A unique methodology for the stability robustness of multiple time delay systems. Systems & Control Letters, 2006, 55(10): 819-825. 10 Olgac N, Sipahi R. An exact method for the stability analysis of time-delayed linear time-invariant (LTI) systems. IEEE Transactions on Automatic Control, 2002, 47(5): 793-797. DOI:10.1109/TAC.2002.1000275 11 Harris T J. Assessment of control loop performance. The Canadian Journal of Chemical Engineering, 1989, 67(5): 856-861. DOI:10.1002/cjce.v67:5 12 Eriksson P G, Isaksson A J. Some aspects of control loop performance monitoring. In: Proceedings of the 3rd IEEE Conference on Control Applications. Scotland, UK: IEEE, 1994. 1029-1034 13 Gupta R A, Chow M Y. Performance assessment and compensation for secure networked control systems. In: Proceedings of the 34th Annual Conference of IEEE Industrial Electronics. Orlando, USA: IEEE, 2008. 2929-2934 14 Zeng W T, Chow M Y. Optimal tradeoff between performance and security in networked control systems based on coevolutionary algorithms. IEEE Transactions on Industrial Electronics, 2012, 59(7): 3016-3025. DOI:10.1109/TIE.2011.2178216 15 Yu Z P, Wang J D, Huang B, Bi Z F. Performance assessment of PID control loops subject to setpoint changes. Journal of Process Control, 2011, 21(8): 1164-1171. DOI:10.1016/j.jprocont.2011.06.012 16 Smith R S. Covert misappropriation of networked control systems:presenting a feedback structure. IEEE Control Systems, 2015, 35(1): 82-92. DOI:10.1109/MCS.2014.2364723