公开(公告)号：US20100183150A1

公开(公告)日：2010-07-22

申请号：US12384173

申请日：2009-03-31

Applicant: Sung-jin Lee ,  Seung-joo Kim ,  Dong-ho Won ,  Dong-hyun Choi ,  Kwang-woo Lee ,  Byung-hee Lee ,  Han-jae Jeong ,  Woong-ryul Jeon ,  Soon-haeng Hur ,  Wook-jae Cha ,  Sung-kyu Cho ,  Hyun-sang Park ,  Hyoung-seob Lee ,  Hyun-seung Lee ,  Song-yi Kim ,  Young-jun Cho

Inventor： Sung-jin Lee ,  Seung-joo Kim ,  Dong-ho Won ,  Dong-hyun Choi ,  Kwang-woo Lee ,  Byung-hee Lee ,  Han-jae Jeong ,  Woong-ryul Jeon ,  Soon-haeng Hur ,  Wook-jae Cha ,  Sung-kyu Cho ,  Hyun-sang Park ,  Hyoung-seob Lee ,  Hyun-seung Lee ,  Song-yi Kim ,  Young-jun Cho

IPC: H04L9/08

CPC classification number: H04L9/0836 ,  H04L9/0822 ,  H04L9/0861

Abstract: A shared key management method for a Supervisory Control And Data Acquisition (SCADA) system in which a master terminal unit (MTU), a plurality of sub master terminal units (SUB-MTUs), and a plurality of remote terminal units (RTUs) are configured in a sequential hierarchy, is provided. The method includes: (a) at the MTU, generating a plurality of secret keys and respectively allocating the secret keys to the RTUs; (b) at the MTU, generating a group key in a tree structure, wherein a leaf node of the tree structure corresponds to each RTU, a parent node of a node corresponding to an RTU corresponds to a SUB-RTU to which the RTU is connected, a shared key of each node of the group key is generated by hashing shared keys of all child nodes, and a shared key of a leaf node of the group key is set as a secret key of the RTU; (c) at the RTU or the SUM-MTU, receiving and storing shared keys of every node from a node corresponding to itself to a root node; (d) when the RTU or the SUM-MTU is added or deleted, at the MTU, generating shared keys of nodes along a path from a node corresponding to the added or deleted terminal unit to the root node again; and (e) at the RTU or the SUB-MTU, receiving and storing the generated shared keys. According to the key management method for the SCADA system described above, in the case of encrypting and broadcasting or multicasting a message, a computation amount can be reduced.

Abstract translation: 一种用于监控和数据采集（SCADA）系统的共享密钥管理方法，其中主终端单元（MTU），多个子主站终端单元（SUB-MTU）和多个远程终端单元（RTU）是 被提供在顺序层次结构中。 该方法包括：（a）在MTU处，产生多个秘密密钥，并分别向RTU分配秘密密钥; （b）在MTU中生成树结构中的组密钥，其中树结构的叶节点对应于每个RTU，对应于RTU的节点的父节点对应于RTU所在的SUB-RTU 通过对所有子节点的共享密钥进行散列生成组密钥的每个节点的共享密钥，并且将组密钥的叶节点的共享密钥设置为RTU的秘密密钥; （c）在RTU或SUM-MTU处，从与其自身相对应的节点的根节点接收和存储每个节点的共享密钥; （d）当在MTU处添加或删除RTU或SUM-MTU时，沿着从对应于添加或删除的终端单元的节点的路径生成节点的共享密钥再次到根节点; 和（e）在RTU或SUB-MTU处，接收和存储所生成的共享密钥。 根据上述SCADA系统的密钥管理方法，在加密和广播或组播消息的情况下，可以减少计算量。