CN108306863A - A kind of electric power message reinforcement means based on communication connection attribute - Google Patents
A kind of electric power message reinforcement means based on communication connection attribute Download PDFInfo
- Publication number
- CN108306863A CN108306863A CN201810001873.2A CN201810001873A CN108306863A CN 108306863 A CN108306863 A CN 108306863A CN 201810001873 A CN201810001873 A CN 201810001873A CN 108306863 A CN108306863 A CN 108306863A
- Authority
- CN
- China
- Prior art keywords
- message
- electric power
- communication connection
- connection attribute
- reinforcement means
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of electric power message reinforcement means based on communication connection attribute, the communication connection attribute of various electric power messages is judged first, it is broadly divided into bilateral association and multicast is associated with two kinds of situations, HMAC operations are carried out to the message of bilateral association type, security hardening is digitally signed to the message of multicast association type.HMAC can realize information source authentication and the anti-tamper certification of message with digital signature encryption mode, this complex optimum scheme is conducive to preferably balancing safety and real-time, improve security hardening effect, and there is apparent advantage in terms of power system security key management.
Description
Technical field
The present invention relates to a kind of electric power message security hardening technology more particularly to a kind of electric power based on communication connection attribute
Message reinforcement means.
Background technology
Power grid intelligence is the development trend of electric system instantly, and the utilization of various intelligent electronic devices is to electric system
Control brings facility with state-detection, but there is also certain command, control, communications, and information security risks.International Electrotechnical Commission proposes
The data and communication security of electric system are provided Integral Thought by 62351 standards of IEC.State Electricity Regulatory Commission is sent out
Cloth《Electric power secondary system security protection provides》, the peace of each electric power enterprise electrical secondary system of the specification including intelligent substation
Full protection works, and proposes the principle of " security partitioning, network-specific, lateral isolation, longitudinal certification ".Electric power message is electric system
The security hardening of the important component of communication, electric power message mainly realizes information source authentication and the integrality of sending ending equipment
Certification.
Instantly electric power message security hardening measure lacks, and does not consider that communication connection belongs to during security hardening
Property, this rough security hardening mode complexity in terms of key management is higher, less efficient.For example, MMS messages are bilateral
It is associated with message, the as message of One-to-one communication, it is assumed that its message amount is NS;GOOSE, SV message are multicast association type
Message, the message of as one-to-many communication, it is assumed that its message amount is ND, the average received end equipment quantity of multicast association type
For NJ (NJ>=2), when all being reinforced using single HMAC modes to it, required security key quantity is NS+ND*NJ, base
The security key quantity needed for the improved security hardening solution of communication type is NS+ND, to required security key quantity
It substantially reduces.Thus we need a kind of electric power message for taking corresponding reinforcing mode for electric power message difference connection attribute
Reinforcement means.
Invention content
Goal of the invention:The present invention provides one kind for connection attribute difference, to using the electricity of different authentications
Power message reinforcement means, it is intended to improve the comprehensive safety consolidation effect of electric power message, improve power system security key management
Efficiency.
Technical solution:A kind of electric power message reinforcement means based on communication connection attribute of the present invention, including it is following
Step:
(1) the communication connection attribute of electric power message is judged;
(2) it is directed to and communicates to connect different electric power messages using different reinforcement means.
The communication connection of step (1) the electric power message, mainly there is bilateral association type and multicast association type.
The step (2) includes the following steps:
(21) HMAC authentications are used to the message of bilateral association type;
(22) digital signature authentication is used to the message of multicast association type.
The step (21) includes the following steps:
(211) HMAC operations are carried out with key A to the electric power message to be sent in transmitting terminal;
(212) digest value that HMAC operations obtain is defined as V1, is attached to original electric power message end and is sent, and receives
After end equipment receives, HMAC operations are carried out with same key A to the original message part received, obtain digest value V2;
(213) compare V1 and V2, if equal, safety verification passes through;If unequal, message is abnormal.
The step (22) includes the following steps:
(221) eap-message digest operation is carried out to original message in transmitting terminal;
(222) digest value is encrypted with private key, encrypted value is attached to original message end and is sent, and receives
After end equipment receives, Hash operations are carried out to electric power message, obtain digest value H1 (M), then encrypted digest value is used
Operation is decrypted in public key, obtains H2 (M);
(223) compare H1 (M) and H2 (M), if equal, safety verification passes through;If unequal, message is abnormal.
Advantageous effect:Compared with prior art, beneficial effects of the present invention:1, safety is carried out according to communication connection attribute to add
Gu the integrated configuration of mode is advantageously implemented safety and the optimization of real-time and balance, and in electric system key management side
Face has significant advantage, improves the effect of security hardening;2, in terms of security key management, HMAC each two IED it
Between communication be required to a key, in one-to-many communication, number of keys dramatically increases, key management difficulty increase;Number
Signature technology only needs a pair of public and private key in one-to-many communication due to using asymmetric encryption, and required number of keys is less,
Therefore the security hardening for electric power message being carried out based on communication connection attribute can effectively reduce required security key quantity, reduce
The complexity of key management improves security key management efficiency.
Description of the drawings
Fig. 1 is flow diagram of the present invention;
Fig. 2 is that bilateral association type communicates to connect schematic diagram;
Fig. 3 is that multicast association type communicates to connect schematic diagram;
Fig. 4 is the flow chart of the HMAC safety certifications of bilateral association message;
Fig. 5 is the flow chart for the digital signature safety certification that multicast is associated with message.
Specific implementation mode
Present invention is further described in detail below in conjunction with the accompanying drawings.
Fig. 1 is that flow chart of the present invention first often judges electric system with the communication connection attribute of message, secondly
Different authentications is used for the electric power message of different connection attributes.Electric power message is various information in electric system
The various situations such as the principal mode of communication, including status information, control information, file journalization.According to message source and reception
The quantity at end, i.e. the communication connection attribute of electric power message, can be divided into two kinds of bilateral association type and multicast association type.It is bilateral
Association type communication connection state is as shown in Fig. 2, in bilateral association type, and the destination address of electric power message is simple target, often
Secondary is in communication with each other there are two entity, and transmitting terminal and receiving terminal all uniquely determine;In this communication connection mode, transmitting terminal
Communication process between receiving terminal is more accurate, and the message being mainly used between the station level of intelligent substation and wall is logical
Letter process realizes that the information between station control server or host and wall smart machine is transmitted.Multicast association type communication link
Situation is connect as shown in figure 3, in multicast association type, the sender of message is a power equipment, but the recipient of message is
Multiple power equipments;The message efficiency of multicast association type is higher, is carried out in practice frequently with the virtual LAN based on port
The limitation of message spread scope reduces the influence to other networks.
HMAC authentications are used to the message of bilateral association type, number is used to the message of multicast association type
The certification of electric power message authenticity and integrality can be achieved with digital signature by signature authentication, HMAC.
The HMAC safety certification process of bilateral association type electric power message:HMAC processes transmitting terminal uses same with receiving terminal
A key, it is consistent with the bilateral communication feature of association type message.The HMAC safety certification mistakes of bilateral association type electric power message
Journey with key A to the electric power message to be sent in transmitting terminal as shown in figure 4, carry out HMAC operations, in HMAC operations first
MD5 algorithms or SM3 algorithms can be used in Hash processes, and the digest value that HMAC operations obtain is defined as V1, is attached to original electric power report
The end of writing end is sent, and after receiving device receives, is carried out HAMC operations with same key A to original message part, is obtained
To digest value V2;Compare V1 and V2, if equal, safety verification passes through, and realizes the identification of the sending ending equipment of electric power message
Certification, and electric power message is not changed in communication transmission process;If V1 is unequal with V2, there are problems for electric power message, can
It can be changed in communication process.
The digital signature safety certification process of multicast association type electric power message:Digital signature authentication is using public
The mode of private key is suitble to the communication process of multicast association type, sending ending equipment to use private key, although receiving device has more
It is a, but a public key need to be only used, the efficiency of management of power system security key can be significantly improved.Multicast association type electric power
The digital signature safety certification process of message to original message in transmitting terminal as shown in figure 5, carry out eap-message digest (Hash) first
Then operation is encrypted digest value with private key, encrypted value is attached to original message end and is sent, and receiving terminal is set
After receiving, Hash operations are carried out to electric power message, obtain digest value H1 (M), public key then is used to encrypted digest value
Operation is decrypted, obtains H2 (M);Compare H1 (M) and H2 (M), if equal, safety verification passes through;If unequal, message
It is abnormal.
Claims (5)
1. a kind of electric power message reinforcement means based on communication connection attribute, which is characterized in that include the following steps:
(1) the communication connection attribute of electric power message is judged;
(2) it is directed to and communicates to connect different electric power messages using different security hardening modes.
2. a kind of electric power message reinforcement means based on communication connection attribute according to claim 1, which is characterized in that step
Suddenly the communication connection of (1) described electric power message, mainly there is bilateral association type and multicast association type.
3. a kind of electric power message reinforcement means based on communication connection attribute according to claim 1, which is characterized in that institute
Step (2) is stated to include the following steps:
(21) HMAC authentications are used to the message of bilateral association type;
(22) digital signature authentication is used to the message of multicast association type.
4. a kind of electric power message reinforcement means based on communication connection attribute according to claim 3, which is characterized in that institute
Step (21) is stated to include the following steps:
(211) HMAC operations are carried out with key A to the electric power message to be sent in transmitting terminal;
(212) digest value that HMAC operations obtain is defined as V1, is attached to original electric power message end and is sent, receiving terminal is set
After receiving, HMAC operations are carried out with same key A to the original message part received, obtain digest value V2;
(213) compare V1 and V2, if equal, safety verification passes through;If unequal, message is abnormal.
5. a kind of electric power message reinforcement means based on communication connection attribute according to claim 3, which is characterized in that institute
Step (22) is stated to include the following steps:
(221) eap-message digest operation is carried out to original message in transmitting terminal;
(222) digest value is encrypted with private key, encrypted value is attached to original message end and is sent, and receiving terminal is set
After receiving, Hash operations are carried out to electric power message, obtain digest value H1 (M), public key then is used to encrypted digest value
Operation is decrypted, obtains H2 (M);
(223) compare H1 (M) and H2 (M), if equal, safety verification passes through;If unequal, message is abnormal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810001873.2A CN108306863A (en) | 2018-01-02 | 2018-01-02 | A kind of electric power message reinforcement means based on communication connection attribute |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810001873.2A CN108306863A (en) | 2018-01-02 | 2018-01-02 | A kind of electric power message reinforcement means based on communication connection attribute |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108306863A true CN108306863A (en) | 2018-07-20 |
Family
ID=62868238
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810001873.2A Pending CN108306863A (en) | 2018-01-02 | 2018-01-02 | A kind of electric power message reinforcement means based on communication connection attribute |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108306863A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109104279A (en) * | 2018-08-31 | 2018-12-28 | 国网河北省电力有限公司沧州供电分公司 | A kind of encryption method of electric power data, system and terminal device |
CN111865562A (en) * | 2020-07-23 | 2020-10-30 | 积成电子股份有限公司 | Encryption method and system based on AES and HMAC-SHA in DNP protocol of power distribution terminal |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104506500A (en) * | 2014-12-11 | 2015-04-08 | 广东电网有限责任公司电力科学研究院 | GOOSE message authentication method based on transformer substation |
CN104702599A (en) * | 2015-02-16 | 2015-06-10 | 中国南方电网有限责任公司 | Safety exchange method for MMS specification application layer |
CN105656623A (en) * | 2016-01-22 | 2016-06-08 | 东南大学 | Device for enhancing security of intelligent substation IED |
-
2018
- 2018-01-02 CN CN201810001873.2A patent/CN108306863A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104506500A (en) * | 2014-12-11 | 2015-04-08 | 广东电网有限责任公司电力科学研究院 | GOOSE message authentication method based on transformer substation |
CN104702599A (en) * | 2015-02-16 | 2015-06-10 | 中国南方电网有限责任公司 | Safety exchange method for MMS specification application layer |
CN105656623A (en) * | 2016-01-22 | 2016-06-08 | 东南大学 | Device for enhancing security of intelligent substation IED |
Non-Patent Citations (1)
Title |
---|
崔秀帅: "智能变电站报文安全及其实时性研究", 《中国优秀硕士学位论文全文数据库工程科技II辑》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109104279A (en) * | 2018-08-31 | 2018-12-28 | 国网河北省电力有限公司沧州供电分公司 | A kind of encryption method of electric power data, system and terminal device |
CN111865562A (en) * | 2020-07-23 | 2020-10-30 | 积成电子股份有限公司 | Encryption method and system based on AES and HMAC-SHA in DNP protocol of power distribution terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106789015B (en) | Intelligent power distribution network communication safety system | |
CN110958111B (en) | Block chain-based identity authentication mechanism of electric power mobile terminal | |
CN112104604B (en) | System and method for realizing secure access service based on electric power Internet of things management platform | |
CN106941491B (en) | Safety application data link layer equipment of electricity utilization information acquisition system and communication method | |
KR101575862B1 (en) | Security association system between heterogeneous power devices | |
CN111711625A (en) | Power system information security encryption system based on power distribution terminal | |
CN103297429A (en) | Embedded upgrading file transmission method | |
CN112671710B (en) | Security encryption device based on national cryptographic algorithm, bidirectional authentication and encryption method | |
US9900296B2 (en) | Securing communication within a network endpoint | |
CN104506500A (en) | GOOSE message authentication method based on transformer substation | |
CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
CN104202170A (en) | Identity authentication system and method based on identifiers | |
CN115001717B (en) | Terminal equipment authentication method and system based on identification public key | |
CN107249002B (en) | Method, system and device for improving safety of intelligent electric energy meter | |
CN111404886A (en) | Electric power metering terminal and electric power metering platform | |
CN108306863A (en) | A kind of electric power message reinforcement means based on communication connection attribute | |
CN103327020A (en) | Security access method and system based on region dividing | |
Sun et al. | Research on distributed feeder automation communication based on XMPP and GOOSE | |
CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
CN112398655A (en) | File transmission method, server and computer storage medium | |
CN112769778B (en) | Encryption and decryption processing method and system based on cross-network cross-border data security transmission | |
CN114070607A (en) | Electric power data distribution and data leakage risk control system | |
CN107196928A (en) | Cloud lock encryption method, cloud lock administration system and the cloud lock of a kind of high security | |
CN103414707B (en) | message access processing method and device | |
CN111065091B (en) | Wireless data acquisition system and data transmission method based on lora |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180720 |