CN104506500A - GOOSE message authentication method based on transformer substation - Google Patents
GOOSE message authentication method based on transformer substation Download PDFInfo
- Publication number
- CN104506500A CN104506500A CN201410767518.8A CN201410767518A CN104506500A CN 104506500 A CN104506500 A CN 104506500A CN 201410767518 A CN201410767518 A CN 201410767518A CN 104506500 A CN104506500 A CN 104506500A
- Authority
- CN
- China
- Prior art keywords
- message
- authentication
- goose message
- goose
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention aims to provide a GOOSE message authentication method based on transformer substation communication. The method comprises the following steps: introducing identity authentication, message authentication and key management; adding the identity authentication, the message authentication and key information into a reserved field and an extension field in a GOOSE message for sending together with the original message to realize authentication of GOOSE message sending and receiving, wherein the field transform meets the TLV (Threshold Limit Value) transformational grammar of an ASN.1 basic coding rule, the original message and an authentication message can be compatible in an automatic communication system of the transformer substation, and an IEC 62351 standard is reached. By adopting the authentication method, hackers are prevented from taking the attack measures of illegal authentication, tampering, replay, repudiation and the like, so that the secrecy, integrity, availability and non-repudiation in a GOOSE message communication process based on the transformer substation are ensured.
Description
Technical field
The present invention relates to electric power system data transmission security technical field, relate in particular to a kind of GOOSE message authentication method based on transformer station, this authentication method mainly realizes for the certification protection in the higher GOOSE message transmitting procedure of requirement of real-time.
Background technology
Different from other industrial control systems, the communication authentication problem that power system operation controls to face has certain particularity.Such as, current most of communication authentication strategy is the assault for taking precautions against from the Internet, and power system operation controls environment and has very large difference with public the Internet environment.If the authentication communication technology of public the Internet indiscriminately imitated during power system operation controls environment, obviously lack the profound understanding to the communication authentication demand that power system operation controls.
Current predominant authentication service and product mainly design towards general industry user, possibly cannot meet power system operation control environment under harsh Performance And Reliability requirement.
The attack that substation network system is easily subject to various ways destroys, and different attack modes can produce different threats, and then the integrality of destruction substation information, confidentiality, validity and non-repudiation.Therefore, the initial attack form analyzing transformer station is the top priority solving message safety, and common attack form has: eavesdrop, interrupt, intercept and capture, distort.Correspondingly, all kinds of attacks for transformer station's message mainly cause following several threat:
1) mandate is violated.Substation control system personnel utilize and authorize identity or equipment, perform unauthorized operation.
2) distort.After message is intercepted and captured by third party in transmitting procedure, after deleting, insert, revise, change the operation such as order, playback, issue recipient again, to reach the object damaging message.
3) denial of service.Send mass data to substation network, cause network or supervisory control system paralysis.
4) deny.Access information system is gone forward side by side line operate, but disallows the fact afterwards.For above-mentioned 4 kinds of threats, the corresponding precautionary measures can be used.
Based on above attack mode, designing corresponding authentication method just becomes the most important thing of message in transmitting procedure, therefore for above-mentioned 4 kinds of threats, must take the corresponding precautionary measures.
Summary of the invention
The object of this invention is to provide a kind of authentication method based on transformer station's GOOSE message, this authentication method introduces authentication, message authentication, the concept of key management, the threat that the current GOOSE message of effective solution faces in network transmission process, and the requirement of GOOSE information for real-time can be ensured.
Object of the present invention realizes by following technical measures:
Based on a GOOSE message authentication method for transformer substation communication, comprise following content:
Carry out authentication when the message transmitted, namely in original GOOSE message, add authentication information and send to recipient.Object is to prevent in GOOSE message normal course of communications, and Substation Operating controllers utilizes the behavior of authorizing identity to perform illegal Authorized operation to occur.
In message, add message authentication, namely increase and encapsulation operation is carried out to data, and send to recipient with the form of informative abstract with message.Object is in order to after preventing GOOSE message data being intercepted and captured by third party in transmitting procedure, through deleting, inserting, amendment, change the operation such as order, playback after issue recipient again, to reach the object damaging message.
Key management is introduced, timing more new key in message.Object sends mass data in order to prevent third party from intercepting and capturing after message to substation network, causes network or supervisory control system paralysis, thus reach data cannot the object of proper communication, to reach the object preventing Replay Attack.
In GOOSE message, authentication information and message authentication information are adopted specific algorithm carry out encapsulation operation and generate corresponding character string respectively, the extended field that two character strings generated are merged in GOOSE message is sent together with original message; Reserved field in GOOSE message is then used to the relevant information describing extended field.Receiving terminal seals off operation to extended field content after receiving message more accordingly, carries out the checking of authentication and message authentication information.Object is the integrality ensureing transfer of data, consistency.
No matter be transmitting terminal or receiving terminal, safeguard the pool of keys of oneself all separately, when Key Management server sends the key upgraded, transmitting terminal and receiving terminal need to carry out real-time update to the pool of keys oneself safeguarded simultaneously.
The concrete steps of described authentication are as follows:
(1.1) transmitting terminal is by the user name of configuration, password and key use DES algorithm to carry out replacement operator as cleartext information, after conversion, generating ciphertext character string joins in the extended field 1 of GOOSE message, form authentication message with original GOOSE message and send to receiving terminal, wherein, DES algorithm uses the key of 64bit, can not produce ciphertext and expand.The operation principle of DES algorithm is public encryption and decipherment algorithm, only maintains secrecy to key.
(1.2) after receiving terminal receives message, the cipher-text information of authentication is carried out restoring operation by same use DES algorithm, content after reduction and local authentication information are compared, if with the user name needing to receive, password and key information unanimously then pass through the authentication of this message, to complete identity identifying method.
The concrete steps of described message authentication are as follows:
(2.1) when transmitting terminal sends GOOSE message; data message in message is carried out data compression step by MD5 algorithm; generate the informative abstract character string of fixed length; subsequently informative abstract character string is filled in the extended field 2 of GOOSE message; form message identifying with original GOOSE message and send to receiving terminal; wherein MD5 algorithm is the widely used a kind of hash function of computer safety field, in order to provide the integrity protection of message.
(2.2) after receiving terminal receives message, the data message received is carried out squeeze operation by MD5 algorithm equally, the informative abstract character string of generation and the character string received are compared, if consistent, then determine that the message received is not intercepted by third party and distorts in the process of transmission, with by message authentication link, subsequently the message received is processed.
Two reserved fields and reserved field 1 (2Byte) is had in original GOOSE message, reserved field 2 (2Byte), the GOOSE message identifying sent needs to use this two reserved fields, wherein reserved field 1 is as the sign being whether GOOSE authentication extension message, regulation: if value is for 0XFFFF, be message identifying, if not being then original GOOSE message.
The particular content that reserved field in described GOOSE message is then used to the relevant information describing extended field is as follows:
(3.1) two reserved fields and reserved field 1 (2Byte) is had in original GOOSE message, reserved field 2 (2Byte), the GOOSE message identifying sent needs to use this two reserved fields, judge the value of reserved field 1 be 0XFFFF then as message identifying, if not being then original GOOSE message.
(3.2) content of reserved field 2 is the length of extended field.
The concrete steps of described key management are as follows:
(4.1) key management adopts cipher key pre-distribution scheme, and the main frame encryption server that the generation of key is specified by national Password Management office has come; Server generates the pool of keys of 220 in advance, and is numbered the key in pool of keys.Due to privacy and the importance of key, need to carry out strict management to key.
(4.2) extract key, by multicast mode, the pool of keys of generation is sent to the equipment needing to receive.Being difficult to make assailant obtain real-time cipher key information, to the distribution of key, consulting, recall and carry out cycleoperation.
Described maintenance key pond concrete steps as follows:
(5.1) the regular stochastic generation pool of keys of Key Management server, and the content of renewal is sent to transmitting terminal and the receiving terminal of GOOSE message, when transmitting terminal and receiving terminal receive the information that Key Management server sends, create and the pool of keys of maintenance update oneself.
(5.2) described Key Management server is by independent device independent operating, and regular update key information sends to the transmitting terminal and receiving terminal that need to receive, obtains key carry out Replay Attack to prevent third party.
Accompanying drawing explanation
Fig. 1 be GOOSE original message of the present invention with GOOSE authentication extension message compare schematic diagram.
What Fig. 2 described is the general authentication flow chart of GOOSE authentication extension message.
That Fig. 3 describes is the flow for authenticating ID figure of GOOSE authentication extension message.
Fig. 4 be describe be GOOSE authentication extension message identifying procedure figure.
Embodiment
Cardinal principle of the present invention: in order to realize the authentication method of GOOSE message Internet Transmission, needs to expand the form of original message.The GOOSE message form of expansion not only meets the regulation of IEC 61850-9-2, and meets ISO/IEC 8802-3 frame structure and ASN.1 Basic Encoding Rules.Utilize the reservation 1 in original GOOSE message form simultaneously and retain 2 two fields, authentication method and extended field are remarked additionally.
First, the extended field for GOOSE message form is made up of two parts, and Part I is used for authentication, and Part II is used for message authentication.Wherein, the content of Part I authentication comprises user name, password, and the key information of Key Management server regular update, subsequently above three kinds of information are carried out replacement operator by DES algorithm, generate corresponding ciphertext character string, the authentication information as message joins original GOOSE message and transmits.The message authentication of Part II is then carry out squeeze operation to the data message in GOOSE message, employing be MD5 algorithm, data are compressed the informative abstract character string of rear generation fixed length.Finally, the character string generated with authentication forms the content of extended field, is sent on network by transmitting terminal.
For the receiving terminal of GOOSE message, first GOOSE authentication extension message is determined whether after receiving the GOOSE message that network is come, if it is first authentication is carried out, the authentication character string received is carried out replacement operator by DES algorithm, then by the character string after displacement, i.e. user name, password, key information and the corresponding informance of self are compared, if username and password is consistent, and key information is also consistent with the key information in pool of keys, then by the authentication of GOOSE message.Authentication by rear continuation by the data message that receives by MD5 algorithm information generated summary character string, then compare with the informative abstract character string received, if consistent, pass through message authentication.
When authentication and message authentication all by after then think that this frame message is by certification, receiving terminal sends a frame acknowledgment message immediately and determines that certification is passed through.After transmitting terminal receives confirmation message, by carrying out the communication of original GOOSE message in the authentication communication time period T consulted, namely no longer carry out authentication operation in GOOSE message transmitting-receiving process.Exceed when in communication after consulting authentication communication time period T, then need to resend the GOOSE message identifying comprising authentication and message authentication and carry out certification again.
Wherein, generation for pool of keys is then completed separately by key server, and regular update, each pool of keys upgraded all can send to transmitting terminal and the receiving terminal of GOOSE message, the pool of keys that after receiving pool of keys, real-time update oneself is safeguarded, to reach the object improving GOOSE message fail safe.
Be described below in conjunction with accompanying drawing:
Fig. 1 be GOOSE original message of the present invention with GOOSE authentication extension message compare schematic diagram.
As can be seen from Figure 1, the left side is the original message form of GOOSE, and the right is the authentication extension message format of GOOSE.Authentication extension message comprises authentication and message authentication two parts content, altogether takies 40Byte size.Wherein authentication takies 36Byte, and message authentication takies 4Byte.
Authentication is made up of user name, password, key three part, by DES algorithm, replacement operator is carried out to above content, the string length generated after displacement must not more than 36Byte, and the string length that the user name that is before displacement, password, key three add up must not more than 36Byte.
Message authentication is made up of the APDU message in GOOSE message form, carries out squeeze operation by MD5 algorithm to APDU message, and the string length generated after compression must not more than 4Byte.
Reserved field Reserved1 (2Byte) in addition in original message and Reserved2 (2Byte) also uses as a part for GOOSE authentication extension message content, wherein, Reserved1 is as the unique sign determining whether GOOSE authentication extension message, namely when the value of reserved field is FFFF, then receiving terminal thinks that this message is GOOSE authentication extension message, is original GOOSE message in addition.Reserved2 then records the physical length of authentication extension message, and its size should be less than maximum occupying space 40Byte.
What Fig. 2 described is the general authentication flow chart of GOOSE authentication extension message.
When transmitting terminal will send GOOSE authentication extension message, first authentication information will be replaced, the character string after displacement will be added in the authentication field of authentication extension message; Then message authentication information is compressed, character string after compression is added in the message authentication field of authentication extension message, then by authentication information, message authentication information and reserved field 1, reserved field 2 and GOOSE original message form GOOSE message identifying and send to receiving terminal.
First receiving terminal determines whether message identifying after receiving GOOSE message, if so, then first reads the authentication information in message, carries out authentication.Authentication then reads message authentication information after passing through, and carries out message authentication.When message authentication by after then think that the GOOSE message received is safety and reliably, sends authenticate-acknowledge message, inform that the other side's certification is passed through, just carry out the communication of normal original GOOSE message subsequently subsequently to transmitting terminal.
When exceeding " consulting the authentication communication period " T when in communication, transmitting terminal needs again to send authentication extension message and carries out certification again, and certification just can proceed normal original GOOSE message communication by rear.
That Fig. 3 describes is the flow for authenticating ID figure of GOOSE authentication extension message.
When GOOSE authentication extension message carries out authentication, first transmitting terminal reads local user name, password and key information, above three groups of information are formed one group of expressly character string M, then use DES algorithm to be carried out by character string M replacing the new ciphertext character string M1 of generation, the message authentication field of being added to by M1 in authentication extension message sends to receiving terminal.
First the authentication field of GOOSE authentication extension message is read when receiving terminal receives authentication message, then the authentication ciphertext character string M1 read is generated new plaintext character string M2 by the reduction of DES algorithm, then by user name that character string M2 and the machine read, password and key information are compared, if comparison result unanimously, thinks that authentication is passed through, proceed message authentication operation.
Fig. 4 be describe be GOOSE authentication extension message identifying procedure figure.
When GOOSE authentication extension message carries out message authentication, first transmitting terminal reads the APDU information character string N in GOOSE original message, then use MD5 algorithm to be carried out by character string N compressing the informative abstract character string N1 generating fixed length, N1 is added in authentication extension message and send to receiving terminal in message authentication field.
First the message authentication field of GOOSE authentication extension message is read when receiving terminal receives message authentication message, then the APDU information N read is used equally MD5 algorithm information generated summary character string N2, then character string N1 and character string N2 is compared, if comparison result unanimously, thinks that message authentication passes through.
When message authentication by after then determine that GOOSE authentication extension message is by certification, immediately send acknowledgement frame inform the other side's authentication success to transmitting terminal.
Embodiments of the present invention are not limited thereto; under stating basic fundamental thought prerequisite on the invention; according to the ordinary technical knowledge of this area and customary means to content of the present invention make the amendment of other various ways, replacement or change, all drop within rights protection scope of the present invention.
Claims (6)
1., based on a GOOSE message authentication method for transformer substation communication, it is characterized in that comprising following content:
Carrying out authentication when transmitting GOOSE message, namely in original GOOSE message, adding authentication information and sending to recipient;
In GOOSE message, add message authentication, namely increase and encapsulation operation is carried out to data, and send to recipient with the form of informative abstract with GOOSE message;
Key management is introduced, timing more new key in GOOSE message;
In GOOSE message, authentication information and message authentication information are adopted specific algorithm carry out encapsulation operation and generate corresponding character string respectively, the extended field that two character strings generated are merged in GOOSE message is sent together with original GOOSE message; Reserved field in GOOSE message is then used to the relevant information describing extended field;
Receiving terminal seals off operation to extended field content after receiving GOOSE message more accordingly, carries out the checking of authentication and message authentication information;
Meanwhile, no matter be transmitting terminal or receiving terminal, safeguard the pool of keys of oneself all separately, when Key Management server sends the key upgraded, transmitting terminal and receiving terminal need to carry out real-time update to the pool of keys oneself safeguarded simultaneously.
2. method according to claim 1, is characterized in that: the concrete steps of described authentication are as follows:
(1.1) transmitting terminal is by the user name of configuration, password and key use DES algorithm to carry out replacement operator as cleartext information, after conversion, generating ciphertext character string joins in the extended field 1 of GOOSE message, form authentication GOOSE message with original GOOSE message and send to receiving terminal, wherein, DES algorithm uses the key of 64bit, can not produce ciphertext and expand;
(1.2) after receiving terminal receives GOOSE message, the cipher-text information of authentication is carried out restoring operation by same use DES algorithm, content after reduction and local authentication information are compared, if with the user name needing to receive, password and key information unanimously then pass through the authentication of this GOOSE message, to complete authentication.
3. described in, the concrete steps of message authentication are as follows:
(2.1) when transmitting terminal sends GOOSE message, data message in GOOSE message is carried out data compression step by MD5 algorithm, generate the informative abstract character string of fixed length, subsequently informative abstract character string is filled in the extended field 2 of GOOSE message, forms certification GOOSE message with original GOOSE message and send to receiving terminal;
(2.2) after receiving terminal receives GOOSE message, the data message received is carried out squeeze operation by MD5 algorithm equally, the informative abstract character string of generation and the character string received are compared, if consistent, then determine that the GOOSE message received is not intercepted by third party and distorts, to pass through message authentication in the process of transmission.
4. method according to claim 1, is characterized in that: the particular content that the reserved field in described GOOSE message is then used to the relevant information describing extended field is as follows:
(3.1) two reserved fields and reserved field 1 (2Byte) is had in original GOOSE message, reserved field 2 (2Byte), the GOOSE message sent needs to use this two reserved fields when carrying out certification, judge the value of reserved field 1 be 0XFFFF then as message identifying, if not being then original GOOSE message.
(3.2) content of reserved field 2 is the length of extended field.
5. method according to claim 1, is characterized in that: the concrete steps of described key management are as follows:
(4.1) key management adopts cipher key pre-distribution scheme, and the main frame encryption server that the generation of key is specified by national Password Management office has come; Server generates the pool of keys of 220 in advance, and is numbered the key in pool of keys;
(4.2) extract key, by multicast mode, the pool of keys of generation is sent to the equipment needing to receive.
6. method according to claim 1, is characterized in that: the concrete steps in described maintenance key pond are as follows:
(5.1) the regular stochastic generation pool of keys of Key Management server, and the content of renewal is sent to transmitting terminal and the receiving terminal of GOOSE message, when transmitting terminal and receiving terminal receive the information that Key Management server sends, create and the pool of keys of maintenance update oneself;
(5.2) described Key Management server is by independent device independent operating, and regular update key information sends to the transmitting terminal and receiving terminal that need to receive, obtains key carry out Replay Attack to prevent third party.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410767518.8A CN104506500A (en) | 2014-12-11 | 2014-12-11 | GOOSE message authentication method based on transformer substation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410767518.8A CN104506500A (en) | 2014-12-11 | 2014-12-11 | GOOSE message authentication method based on transformer substation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104506500A true CN104506500A (en) | 2015-04-08 |
Family
ID=52948215
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410767518.8A Pending CN104506500A (en) | 2014-12-11 | 2014-12-11 | GOOSE message authentication method based on transformer substation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104506500A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072104A (en) * | 2015-07-30 | 2015-11-18 | 积成电子股份有限公司 | Switch system having anti-IEE1588 falsification function and processing method |
| CN105516105A (en) * | 2015-12-01 | 2016-04-20 | 浙江宇视科技有限公司 | Method and system for safely accessing to target device by changing hardware identifiers |
| CN106327043A (en) * | 2015-07-02 | 2017-01-11 | 北京东土科技股份有限公司 | Data processing method, system and apparatus in substation integration |
| CN106452684A (en) * | 2016-12-08 | 2017-02-22 | 广州科腾信息技术有限公司 | Self-checking method for IEC61850 report data transmission message |
| CN107317673A (en) * | 2017-05-25 | 2017-11-03 | 云南电网有限责任公司电力科学研究院 | A kind of intelligent electric energy meter communication encryption algorithm |
| CN108306863A (en) * | 2018-01-02 | 2018-07-20 | 东南大学 | A kind of electric power message reinforcement means based on communication connection attribute |
| CN108366055A (en) * | 2018-02-05 | 2018-08-03 | 国电南瑞科技股份有限公司 | A kind of GOOSE message signature and the method for certification |
| CN108494722A (en) * | 2018-01-23 | 2018-09-04 | 国网浙江省电力有限公司电力科学研究院 | Intelligent substation communication message completeness protection method |
| CN110224823A (en) * | 2019-06-12 | 2019-09-10 | 湖南大学 | Substation's message safety protecting method, device, computer equipment and storage medium |
| CN111884796A (en) * | 2020-06-17 | 2020-11-03 | 中国电子科技集团公司第三十研究所 | Method and system for carrying information based on random number field |
| CN112887132A (en) * | 2021-01-19 | 2021-06-01 | 国网浙江省电力有限公司电力科学研究院 | Transformer substation integral process layer configuration-free GOOSE self-adaptive probe method |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377571A (en) * | 2011-11-15 | 2012-03-14 | 航天科工深圳(集团)有限公司 | Method and system for implementing IEC104 message transmission |
| CN102685012A (en) * | 2012-05-25 | 2012-09-19 | 国电南瑞科技股份有限公司 | GOOSE secondary virtual wiring dynamic verification method for intelligent device |
| CN102904721A (en) * | 2012-09-20 | 2013-01-30 | 湖北省电力公司电力科学研究院 | Signature and authentication method for information safety control of intelligent substations and device thereof |
| US20130142336A1 (en) * | 2010-05-14 | 2013-06-06 | Siemens Aktiengesellschaft | Method of group key generation and management for generic object oriented substantiation events model |
| CN103746962A (en) * | 2013-12-12 | 2014-04-23 | 华南理工大学 | GOOSE electric real-time message encryption and decryption method |
| CN103763095A (en) * | 2014-01-06 | 2014-04-30 | 华南理工大学 | Intelligent substation key management method |
| CN103856372A (en) * | 2014-03-11 | 2014-06-11 | 电信科学技术仪表研究所 | Method and device for monitoring GOOSE messages of digital substation |
| CN103873461A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security interaction method for GOOSE message |
| CN103873462A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security configuration verification method for IED schema file and IED configuration file |
-
2014
- 2014-12-11 CN CN201410767518.8A patent/CN104506500A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130142336A1 (en) * | 2010-05-14 | 2013-06-06 | Siemens Aktiengesellschaft | Method of group key generation and management for generic object oriented substantiation events model |
| CN102377571A (en) * | 2011-11-15 | 2012-03-14 | 航天科工深圳(集团)有限公司 | Method and system for implementing IEC104 message transmission |
| CN102685012A (en) * | 2012-05-25 | 2012-09-19 | 国电南瑞科技股份有限公司 | GOOSE secondary virtual wiring dynamic verification method for intelligent device |
| CN102904721A (en) * | 2012-09-20 | 2013-01-30 | 湖北省电力公司电力科学研究院 | Signature and authentication method for information safety control of intelligent substations and device thereof |
| CN103746962A (en) * | 2013-12-12 | 2014-04-23 | 华南理工大学 | GOOSE electric real-time message encryption and decryption method |
| CN103763095A (en) * | 2014-01-06 | 2014-04-30 | 华南理工大学 | Intelligent substation key management method |
| CN103873461A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security interaction method for GOOSE message |
| CN103873462A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security configuration verification method for IED schema file and IED configuration file |
| CN103856372A (en) * | 2014-03-11 | 2014-06-11 | 电信科学技术仪表研究所 | Method and device for monitoring GOOSE messages of digital substation |
Non-Patent Citations (3)
| Title |
|---|
| 丁杰等: "《基于IEC62351的变电站通信安全技术的研究》", 《电力***自动化》 * |
| 王保义等: "《一种基于GCM的智能变电站报文安全传输方法》", 《电力***自动化》 * |
| 雷煜卿等: "《电力***通信安全措施研究》", 《ELECTRIC POWER IT》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106327043A (en) * | 2015-07-02 | 2017-01-11 | 北京东土科技股份有限公司 | Data processing method, system and apparatus in substation integration |
| CN105072104A (en) * | 2015-07-30 | 2015-11-18 | 积成电子股份有限公司 | Switch system having anti-IEE1588 falsification function and processing method |
| CN105516105A (en) * | 2015-12-01 | 2016-04-20 | 浙江宇视科技有限公司 | Method and system for safely accessing to target device by changing hardware identifiers |
| CN105516105B (en) * | 2015-12-01 | 2019-08-02 | 浙江宇视科技有限公司 | The secure accessing purpose equipment method and system of hardware identifier variation |
| CN106452684A (en) * | 2016-12-08 | 2017-02-22 | 广州科腾信息技术有限公司 | Self-checking method for IEC61850 report data transmission message |
| CN107317673A (en) * | 2017-05-25 | 2017-11-03 | 云南电网有限责任公司电力科学研究院 | A kind of intelligent electric energy meter communication encryption algorithm |
| CN108306863A (en) * | 2018-01-02 | 2018-07-20 | 东南大学 | A kind of electric power message reinforcement means based on communication connection attribute |
| CN108494722A (en) * | 2018-01-23 | 2018-09-04 | 国网浙江省电力有限公司电力科学研究院 | Intelligent substation communication message completeness protection method |
| CN108366055A (en) * | 2018-02-05 | 2018-08-03 | 国电南瑞科技股份有限公司 | A kind of GOOSE message signature and the method for certification |
| CN110224823A (en) * | 2019-06-12 | 2019-09-10 | 湖南大学 | Substation's message safety protecting method, device, computer equipment and storage medium |
| CN111884796A (en) * | 2020-06-17 | 2020-11-03 | 中国电子科技集团公司第三十研究所 | Method and system for carrying information based on random number field |
| CN112887132A (en) * | 2021-01-19 | 2021-06-01 | 国网浙江省电力有限公司电力科学研究院 | Transformer substation integral process layer configuration-free GOOSE self-adaptive probe method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104506500A (en) | GOOSE message authentication method based on transformer substation | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN109257327B (en) | Communication message safety interaction method and device for power distribution automation system | |
| Zhou et al. | Joint physical-application layer security for wireless multimedia delivery | |
| CN103581173B (en) | Safe data transmission method, system and device based on industrial Ethernet | |
| Wang | sSCADA: securing SCADA infrastructure communications | |
| Lim et al. | Security protocols against cyber attacks in the distribution automation system | |
| CN105245329B (en) | A kind of credible industrial control network implementation method based on quantum communications | |
| CN104113839A (en) | Mobile data safety protection system and method based on SDN | |
| CN104753953A (en) | Access control system | |
| CN104811427B (en) | A kind of safe industrial control system communication means | |
| CN103297429A (en) | Embedded upgrading file transmission method | |
| CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
| CN106549502B (en) | A kind of safe distribution of electric power protecting, monitoring system | |
| CN105721508A (en) | Information security protection monitoring method of LED asynchronous control card | |
| Musa et al. | Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN115001717B (en) | Terminal equipment authentication method and system based on identification public key | |
| CN105099699A (en) | Safe and high-efficiency communication method based on equipment of Internet of things and system | |
| CN105812338B (en) | Data access control method and network management equipment | |
| CN112311553B (en) | Equipment authentication method based on challenge response | |
| CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
| CN104994107A (en) | MMS message off-line analysis method based on IEC62351 | |
| CN112020037A (en) | Domestic communication encryption method suitable for rail transit | |
| Wang | Smart grid, automation, and scada systems security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150408 |