Method and system for transmitting control data in a manner that is secured against manipulation

US 9,252,956 B2
Filed: 07/22/2011
Issued: 02/02/2016
Est. Priority Date: 08/03/2010
Status: Active Grant

First Claim

Patent Images

1. A method for recognizing manipulation during transmission of control data from a first controller to a second controller via a transmission network, the first controller including a processor and memory and being connected to a first control network including a first gateway, the second control network including a second gateway, the first and second control networks comprising production cells in a production plant, the method comprising the steps of:

(a) generating, by an integrity check generator arranged in the first gateway, integrity check information data on a transmitter side for the control data transmitted by the first controller connected to the first control network, the first controller transmitting the control data;

(b) calculating a cryptographic checksum for the integrity check information data generated on the transmitter side by the integrity check generator using a cryptographic key;

(c) transmitting, via the transmission network, the integrity check information data generated on the transmitter side and the corresponding cryptographic checksum calculated by the integrity check generator to an integrity check verifier arranged in the second gateway, the integrity check verifier verifying the cryptographic checksum on a receiver side using the cryptographic key;

(d) generating, by the integrity check verifier, integrity check information data on the receiver side for the control data received by the second controller connected to the second control network; and

(e) comparing, by the integrity check verifier, the integrity check information data generated on the receiver side by the integrity check verifier and the integrity check information data generated on the transmitter side and received together with the cryptographic checksum which is verified by the integrity check verifier to detect manipulation of the transmitted control data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for detecting manipulation when control data are transmitted from a first control unit to a second control unit via a network, which includes generating integrity check information data for the control data transmitted by the first control unit via an integrity check generating unit on the transmitter side, calculating a cryptographic checksum for the integrity check information data generated on the transmitter side via the integrity check generating unit, transmitting the integrity check information data and the cryptographic checksum to an integrity check verifying unit that verifies the cryptographic checksum on the receiver side, generating integrity check information data on the receiver side for the control data received by the second control unit using the integrity check verifying unit, and comparing the integrity check information data and the integrity check information data with the cryptographic checksum to detect the manipulation of the transmitted control data.

Citations

21 Claims

1. A method for recognizing manipulation during transmission of control data from a first controller to a second controller via a transmission network, the first controller including a processor and memory and being connected to a first control network including a first gateway, the second control network including a second gateway, the first and second control networks comprising production cells in a production plant, the method comprising the steps of:
- (a) generating, by an integrity check generator arranged in the first gateway, integrity check information data on a transmitter side for the control data transmitted by the first controller connected to the first control network, the first controller transmitting the control data;
  
  (b) calculating a cryptographic checksum for the integrity check information data generated on the transmitter side by the integrity check generator using a cryptographic key;
  
  (c) transmitting, via the transmission network, the integrity check information data generated on the transmitter side and the corresponding cryptographic checksum calculated by the integrity check generator to an integrity check verifier arranged in the second gateway, the integrity check verifier verifying the cryptographic checksum on a receiver side using the cryptographic key;
  
  (d) generating, by the integrity check verifier, integrity check information data on the receiver side for the control data received by the second controller connected to the second control network; and
  
  (e) comparing, by the integrity check verifier, the integrity check information data generated on the receiver side by the integrity check verifier and the integrity check information data generated on the transmitter side and received together with the cryptographic checksum which is verified by the integrity check verifier to detect manipulation of the transmitted control data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as claimed in claim 1, wherein the control data is transmitted unencrypted in control data packets which comprise packet administration data and useful data.
  - 3. The method as claimed in claim 2, wherein the generated integrity check information data is formed by a hash value of at least one of at least part of the control data and the packet administration data contained in one of a control data packet and a number of control data packets.
  - 4. The method as claimed in claim 1, wherein the generated integrity check information data is formed by a hash value of at least one of at least part of the control data and packet administration data contained in one of a control data packet and a number of control data packets.
  - 5. The method as claimed in claim 4, wherein the integrity check information data is generated by the integrity check generator for each control data packet, the integrity check information data comprising:
    - a hash value of the packet administration data of the control data packet;
      
      a hash value for the useful data of the control data packet; and
      
      a time stamp recording a time point of the generation of the integrity check information data on the transmitter side.
  - 6. The method as claimed in claim 1, wherein the integrity check information data is generated at regular time intervals by the integrity check generator.
  - 7. The method as claimed in claim 1, wherein the control data is transmitted via one of a wireless and a wire-bound transmission network in real time.
  - 8. The method as claimed in claim 1, wherein the cryptographic checksum calculated by the integrity check generator is transmitted together with the integrity check information data generated on the transmitter side via one of the transmission network for the control data and a separate communication connection from the first controller to the second controller.
  - 9. The method as claimed in claim 1, wherein, on recognizing a manipulation arising during transmission of the control data from the first controller to the second controller, the integrity check verifier generates an alarm signal and transmits the alarm signal to the second controller.
  - 10. The method as claimed in claim 9, wherein, after reception of the alarm signal by the integrity check verifier, the second controller switches to an operationally secure state.

11. A data transmission system for transmitting control data from a first controller to a second controller via a transmission network, the first controller including a processor and memory and being connected to a first control network including a first gateway, the second controller being connected to a second control network including a second gateway, the first and second control networks comprising production cells in a production plant, the data transmission system comprising:
- (a) at least one integrity check generator arranged in the first gateway and configured to generate integrity check information data on a transmitter side for the control data transmitted by the first controller connected to the first control network and calculate a cryptographic checksum for the integrity check information data generated using a cryptographic key, the first controller transmitting the control data via the transmission network; and
  
  (b) at least one integrity check verifier arranged in the second gateway and configured to receive the integrity check information data generated by the integrity check generator arranged in the first gateway on the transmitter side, receive an associated calculated cryptographic checksum and verify the cryptographic checksum using the cryptographic key;
  
  wherein the integrity check verifier generates the integrity check information data for the control data received by the second controller connected to the second control network on the receiver side and compares the integrity check information data generated on the receiver side with the integrity check information data received and generated on the transmitter side together with the verified cryptographic checksum to detect manipulation of the transmitted control data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The data transmission system as claimed in claim 11, wherein the first and second gateways of the first and second control networks are connected to one another via the transmission network.
  - 13. The data transmission system as claimed in claim 12, wherein at least one of the first control network, the second control network and the transmission network is an Ethernet.
  - 14. The data transmission system as claimed in claim 13, wherein the Ethernet is a Profinet.
  - 15. The data transmission system as claimed in claim 13, wherein the network is one of a train network, an energy control network and an automation control network, and wherein the automation control network is one of a process control network and a production control network.
  - 16. The data transmission system as claimed in claim 12, wherein the first and second controllers each comprise sensors, actuators and a control computer.
  - 17. The data transmission system as claimed in claim 12, wherein the network is one of a train network, an energy control network and an automation control network, and wherein the automation control network is one of a process control network and a production control network.
  - 18. The data transmission system as claimed in claim 12, wherein the integrity check generator is integrated into the first gateway of the first control network and the integrity check verifier is integrated into the second gateway of the second control network.
  - 19. The data transmission system as claimed in claim 11, wherein the first and second controllers each comprise sensors, actuators and a control computer.
  - 20. The data transmission system as claimed in claim 19, wherein the network is one of a train network, an energy control network and an automation control network, and wherein the automation control network is one of a process control network and a production control network.
  - 21. The data transmission system as claimed in claim 11, wherein the network is a vehicle network, an energy control network or an automation control network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Falk, Rainer
Primary Examiner(s)
LESNIEWSKI, VICTOR D

Application Number

US13/813,867
Publication Number

US 20130132730A1
Time in Patent Office

1,656 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 12/4616   LAN interconnection over a ...

H04L 63/123   received data contents, e.g...

H04L 9/3215   using a plurality of channe...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3297   involving time stamps, e.g....

H04W 12/106   Packet or message integrity

Method and system for transmitting control data in a manner that is secured against manipulation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for transmitting control data in a manner that is secured against manipulation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links