GB/T 41868-2022 English PDFUS$409.00 ยท In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 41868-2022: Modbus TCP security protocol specification Status: Valid
Basic dataStandard ID: GB/T 41868-2022 (GB/T41868-2022)Description (Translated English): Modbus TCP security protocol specification Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: N10 Classification of International Standard: 25.040 Word Count Estimation: 22,245 Date of Issue: 2022-10-14 Date of Implementation: 2023-05-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 41868-2022: Modbus TCP security protocol specification---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.Modbus TCP security protocol specification ICS 25.040 CCSN10 National Standards of People's Republic of China ModbusTCP Security Protocol Specification Published on 2022-10-12 2023-05-01 Implementation State Administration for Market Regulation Released by the National Standardization Administration directory Preface I Introduction II 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 1 5 Normative Statements 2 6 Overview 2 6.1 mbap overview 2 6.2 Overview of mbaps 3 6.3 Overview of Transport Layer Security 3 7 Service Definition 7 8 Protocol Specification 7 8.1 TLS Protocol 7 8.2 TLS handshake 7 8.3 Cipher Suite Selection 11 8.4 mbaps role-based client authorization 11 9 System dependencies 13 10 TLS requirements 13 10.1 TLS version 13 10.2 TLSv1.2 Cipher Selection 13 10.3 TLS Fragmentation 14 10.4 TLS compression 14 10.5 TLS session renegotiation 15 Appendix A (normative) mbaps packet structure 16 Reference 18 forewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" drafted. Please note that some content of this document may be patented. The issuing agency of this document assumes no responsibility for identifying patents. This document is proposed by China Machinery Industry Federation. This document is under the jurisdiction of the National Technical Committee on Standardization of Industrial Process Measurement Control and Automation (SAC/TC124). This document is drafted by. Machinery Industry Instrumentation Comprehensive Technology and Economic Research Institute, Schneider Electric (China) Co., Ltd. Shanghai Branch Company, Chongqing Xin'an Network Security Rating Evaluation Co., Ltd., Guoneng Zhishen Control Technology Co., Ltd., Zhejiang Zhongkong Technology Co., Ltd., Shenyang Institute of Automation, Chinese Academy of Sciences, Dongfang Electric Group Science and Technology Research Institute Co., Ltd., Beijing Zhuoshi Network Security Technology Co., Ltd. Division, Southwest University. The main drafters of this document. Feng Xiawei, Wang Yong, Zhou Yanhui, Wang Yumin, Shang Yujia, Zhu Jingling, Chen Junyu, Zhang Wei, Liu Mingzhe, Sang Zi, Liu Ren, Liu Feng, Mei Ke.IntroductionThe national standards for the Modbus protocol that have been published so far include. GB/T 19582.1-2008 "Industrial Automation Network Specification Based on Modbus Protocol Part 1.Modbus Application Protocol"; GB/T 19582.2-2008 "Industrial Automation Network Specification Based on Modbus Protocol Part 2.Modbus Protocol in Serial Implementation Guide on Links; GB/T 19582.3-2008 "Industrial Automation Network Specification Based on Modbus Protocol Part 3.Modbus Protocol in Implementation Guide on TCP/IP"; GB/T 25919.1-2010 "Modbus Test Specification Part 1.Modbus Serial Link Conformance Test Specification"; GB/T 25919.2-2010 "Modbus Test Specification Part 2.Modbus Serial Link Interoperability Test Specification". The Modbus protocol was originally used in 1979 as a serial protocol for communication between industrial controllers and computers or other upper computers. year.1996, The Modbus protocol has been extended to Ethernet, using port 502 registered by IANA, supporting ModbusTCP Ethernet-based protocol. At the same time, ModbusTCP maintains the consistency and compatibility with the ModbusRTU serial protocol, which makes Modbus serial devices Bridging communication via ModbusTCP is very easy. In.2002, Modbus abstracted the Modbus application layer, began to use the concept of ModbusPDU, released the Modbus application layer specification, for different serial and TCP ADU, also published specifications for serial and Ethernet. At the same time, Modbus also joined IEC 61784 as one of the profiles. Based on the conversion of the Modbus protocol specification in IEC 61784, my country has released the GB/T 19582 Modbus series of recommended countries standard. It is also due to the publication of national standards, which makes it possible to conduct interoperability testing in accordance with normative standards. It was later published GB/T 25919 series of standards, which greatly improves the consistency and interoperability of a large number of Modbus applications, which is beneficial to industrial automation systems. system development and integration. Like all industrial communication protocols, Modbus was originally designed without information security features. With industrial communication and applications for data The demand for confidentiality and integrity, device identification, etc. has increased. This document uses the common TLS transport layer encryption technology to support Modbus The protocol has been extended to enable encrypted Modbus communications to increase resistance to common attacks such as replay and man-in-the-middle. ModbusTCP security maintains the same ADU as ModbusTCP, which enables easy ModbusTCP communication to migrate to ModbusSecurity. ModbusTCP security uses the IANA registered port 802 for secure communication. Mod- bussecurity only allows TLS1.2 and above. ModbusTCP security also uses the X.509v3 digital signature certificate, which is used when the client and the server conduct the TLS negotiation handshake. Use two-way authentication. At the same time, the OID extension is used in the certificate, and device manufacturers can use this extension to specify the role and authority of the client, User identification and role-based control required for industrial information security can be realized. With the introduction of the ModbusTCP security standard, There are a large number of devices using Modbus, which provides a concise and direct upgrade path. ModbusTCP Security Protocol Specification1 ScopeThis document specifies the service definition, protocol description, system dependencies, and TLS requirements of the ModbusTCP security protocol. This document is intended for organizations developing or testing Modbus products.2 Normative referencesThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, dated citations documents, only the version corresponding to that date applies to this document; for undated references, the latest edition (including all amendments) applies to this document. RFC5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile [Internetx.5093 Terms and DefinitionsThere are no terms and definitions that need to be defined in this document.4 AbbreviationsThe following abbreviations apply to this document. AuthZ. Authorization BER. Basic Encoding Rules (BasicEncodingRules) ...... |
