电动汽车充电桩自动化渗透测试系统的研究和设计
|
摘要
信息物理系统(cyber physical systems,CPS)是集计算、通信与控制于一体的智能系统。电动汽车充电设施是一种典型的信息物理系统,但当前大量部署在现场的充电桩终端存在着用户入侵充电桩系统导致系统异常等安全隐患,亟须研究设计一套针对充电桩的自动化渗透测试系统。从指纹扫描、漏洞检测和漏洞挖掘3个方面对充电桩自动化渗透测试系统进行研究与设计,旨在检测已知漏洞和挖掘未知漏洞,有效地对电动汽车充电桩进行全方位的自动化安全检测,提高充电桩的安全防护等级,加强充电桩的安全防护能力,减少针对充电桩安全攻击所造成的信息泄露和经济损失。
Cyber physical system(CPS)is an intelligent system integrating computing,communication and control.As an important gateway to the energy internet,the electric vehicle charging facilities are responsible for important functions such as power supply,metering and billing,data interconnection and charging security,which is also a typical CPS system.There are many potential threats in the charging pile terminals in the field,such as system abnormality caused by user intrusion of charging pile system,which would subsequently threaten the security of the national grid.It is therefore necessary to study and design an automatic penetration testing system for charging piles.This paper makes a research and design of the charging pile automatic penetration testing system from three aspects:fingerprint scanning,vulnerability detection and vulnerability mining,which aims to detect the known vulnerabilities and discover unknown ones,and effectively carry out all-round automatic inspection of charging electric vehicles,subsequently improving the protection level of charging piles,and strengthening the protection capability of charging piles and reducing the information leakage and economic loss caused by the attacks on charging piles.
Cyber physical system(CPS)is an intelligent system integrating computing,communication and control.As an important gateway to the energy internet,the electric vehicle charging facilities are responsible for important functions such as power supply,metering and billing,data interconnection and charging security,which is also a typical CPS system.There are many potential threats in the charging pile terminals in the field,such as system abnormality caused by user intrusion of charging pile system,which would subsequently threaten the security of the national grid.It is therefore necessary to study and design an automatic penetration testing system for charging piles.This paper makes a research and design of the charging pile automatic penetration testing system from three aspects:fingerprint scanning,vulnerability detection and vulnerability mining,which aims to detect the known vulnerabilities and discover unknown ones,and effectively carry out all-round automatic inspection of charging electric vehicles,subsequently improving the protection level of charging piles,and strengthening the protection capability of charging piles and reducing the information leakage and economic loss caused by the attacks on charging piles.
引文
[1]张靖,高峰,徐双庆,等.能源互联网技术架构与实例分析[J].中国电力,2018,51(8):24-30.ZHANG Jing,GAO Feng,XU Shuangqing,et al.Energy Internet technology architecture and case analysis[J].Electric Power,2018,51(8):24-30.
[2]张世翔,李林沣.电动汽车充电桩与市政LED设施一体化建设经营模式[J].中国电力,2017,50(7):43-48.ZHANG Shixiang,LI Linfeng.Electric vehicle charging pile and municipal LED facilities integration construction business model[J].Electric Power,2017,50(7):43-48.
[3]于长奇.工控设备漏洞挖掘技术研究[D].北京:北京邮电大学,2015:6-7.
[4]孙易安,井柯,汪义舟.工业控制系统安全网络防护研究[J].信息安全研究,2017,3(2):171-176.SUN Yi’an,JING Ke,WANG Yizhou.Research on safety network protection of industrial control system[J].Information Security Research,2017,3(2):171-176.
[5]吕尧.基于多核的网络扫描研究与实现[D].西安:西安电子科技大学,2010:26-27.
[6]何颖.基于Nessus的网络安全检测[D].长春:吉林大学,2006:32-33.
[7]CUI Jingsong,ZHANG Heng,QI Jing,et al.Hidden process offline forensic based on memory analysis in Windows[J].Wuhan University Journal of Natural Sciences,2017,22(4):346-354.
[8]汪先明,刘国平.基于GPRS水管网无线监控系统设计[J].南昌工程学院学报,2009,28(6):32-35.WANG Xianming,LIU Guoping.Design of wireless monitoring system based on GPRS water pipe network[J].Journal of Nanchang Institute of Technology,2009,28(6):32-35.
[9]RSH PIGGIN.Development of industrial cyber security standards:IEC 62443 for SCADA and industrial control system security[C]//IET Conference on Control and Automation 2013:Uniting Problems and Solutions.Birmingham,UK,2013:1-6.
[10]U.S.Department of Homeland Security.Strategic principles for securing the Internet of Things.(2016-11-15)[2018-11-20].https://www.dhs.gov/sites/default/files/publications/Strategic_Princip les_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf
[11]Yehia Mamdouh.Penetration testing a SCADA industrial control systems.(2014-12-29)[2018-11-20].https://www.slideshare.net/yehiamamdouh1/scada-industrial-control-systems-penetration-testing.
[12]Alpha_h4ck.如何理解工控系统中的系统安全风险[EB/OL].(2017-06-01)[2018-11-20].http://www.freebuf.com/news/135674.html.
[2]张世翔,李林沣.电动汽车充电桩与市政LED设施一体化建设经营模式[J].中国电力,2017,50(7):43-48.ZHANG Shixiang,LI Linfeng.Electric vehicle charging pile and municipal LED facilities integration construction business model[J].Electric Power,2017,50(7):43-48.
[3]于长奇.工控设备漏洞挖掘技术研究[D].北京:北京邮电大学,2015:6-7.
[4]孙易安,井柯,汪义舟.工业控制系统安全网络防护研究[J].信息安全研究,2017,3(2):171-176.SUN Yi’an,JING Ke,WANG Yizhou.Research on safety network protection of industrial control system[J].Information Security Research,2017,3(2):171-176.
[5]吕尧.基于多核的网络扫描研究与实现[D].西安:西安电子科技大学,2010:26-27.
[6]何颖.基于Nessus的网络安全检测[D].长春:吉林大学,2006:32-33.
[7]CUI Jingsong,ZHANG Heng,QI Jing,et al.Hidden process offline forensic based on memory analysis in Windows[J].Wuhan University Journal of Natural Sciences,2017,22(4):346-354.
[8]汪先明,刘国平.基于GPRS水管网无线监控系统设计[J].南昌工程学院学报,2009,28(6):32-35.WANG Xianming,LIU Guoping.Design of wireless monitoring system based on GPRS water pipe network[J].Journal of Nanchang Institute of Technology,2009,28(6):32-35.
[9]RSH PIGGIN.Development of industrial cyber security standards:IEC 62443 for SCADA and industrial control system security[C]//IET Conference on Control and Automation 2013:Uniting Problems and Solutions.Birmingham,UK,2013:1-6.
[10]U.S.Department of Homeland Security.Strategic principles for securing the Internet of Things.(2016-11-15)[2018-11-20].https://www.dhs.gov/sites/default/files/publications/Strategic_Princip les_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf
[11]Yehia Mamdouh.Penetration testing a SCADA industrial control systems.(2014-12-29)[2018-11-20].https://www.slideshare.net/yehiamamdouh1/scada-industrial-control-systems-penetration-testing.
[12]Alpha_h4ck.如何理解工控系统中的系统安全风险[EB/OL].(2017-06-01)[2018-11-20].http://www.freebuf.com/news/135674.html.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |