关键词: 水利工控系统；数据传输风险；数据加解密；协议加固；商用密码算法；通信安全

Abstract: Given the security risks such as data monitoring, data tampering, and data forgery in water conservancy industrial control systems, research on data security transmission technology based on commercial cryptographic algorithms is carried out to ensure the confidentiality, integrity, and authenticity of industrial Ethernet data and fieldbus data transmission in water conservancy systems. We analyzed the data transmission risks faced by the current water conservancy industrial control system. Then we designed the security reinforcement for the 2 major types of communication protocols for industrial control, completed the design of the cryptographic module, and carried out multi-scenario security testing and analysis. Field tests were carried out at an integrated gate of a water conservancy base. Each communication device sent and received data 10 000 times in the two modes, of which the industrial Ethernet layer successfully sent and received data 10 000 times, with 0 failures. The average delay before and after encryption was 0.25 ms. And the fieldbus layer successfully sent and received data 9977 times, with 23 failures. The average delay before and after encryption was 269.28 ms. In addition, identity impersonation, data theft, and data tampering attacks were tested. The experimental results show that the method has a high success rate of encryption and decryption, a low delay, a very stable operation, and can resist external attacks. It can effectively guarantee the data communication process security in the water conservancy industrial control scenario without affecting the business operation.

Key words: water conservancy industrial control system；data transmission risk；data encryption and decryption；protocol reinforcement；commercial cryptographic algorithm；communication security