| 摘要: | 近年來網路與資訊技術有長足進步,致使物聯網、大數據分析以及AI人工智慧的興起,也增長網路安全攻擊手法有更多的工具可以使用,因此,網路安全上的問題也持續地層出不窮尤其在跟國家有關聯的安全議題上,更是不能馬虎,本計畫內容針對跟國家安全有密切關係的國家基礎設施網路安全進行研究,一個國家基礎設施若被駭客控制,國家安全將立即面臨很大的危機,甚至會癱瘓整體國家運作,因此不可不謂重要,因此保護國家級關鍵基礎建設的安全是最近很重要的資訊安全問題,本計畫研究中,我們會假設駭客攻擊監控與資料收集系統的情況確實會發生,在入侵到這個系統之後就會進行偽造或下達PLC的指令進行破壞性的操作,我們的計畫將這樣的環境下進行研究防禦機制,之前文章發展出一個強化IPv6內動態位置安全的架構],利用IPv6內有支援動態移動IP的機制特性來保護關鍵基礎建設系統的安全,本研究發現這樣的機制依舊可能暴露通訊雙方的永就位址,我們利用無通訊方式進行位址轉移並且利用各種強化方式進行機制內弱點強化,諸如同步以及封包遺失,並且計畫也規劃未來評估方式以及可能的實作,提供未來關鍵基礎建設的安全防護。
Recently, networking and information technology are getting advanced, which cause the arise of IoT, Big Data and AI. However, the network hacker also can employ these tools to intrude the network easily. Hence, many network security issues in many different scenarios occur. Especially, the security of notional critical infrastructure catches much attention in recent years. These infrastructures are usually monitored and controlled through SCADA. If the hacker can obtain IP of HMI and PLC (the components of SCADA), he/she can alter or forge message to control SCADA, which leads to vital damage to Nation security. Hence, Protecting SCADA becomes much more important. In this project, we observe that the previous research employs moving target defense to achieve the security goal for SCADA. With this novel mechanism, the hacker hardly tracks IP of the target (e.g. PLC and HMI in SCADA). However, we find their research still possibly expose IP to hacker because one end still need to send the HoA(Home of Address) to the other end. Hence, we develop a novel moving target address generation in which two ends do not inform their HoA to each other. We also find some bugs in our opinion and also propose several enhanced methods to improve. We finally plan to implement our opinion in a small scale simulated scenario. The goal of this project is to improve and enhance the security of SCADA. |
