CN108306863A - A kind of electric power message reinforcement means based on communication connection attribute - Google Patents

A kind of electric power message reinforcement means based on communication connection attribute Download PDF

Info

Publication number
CN108306863A
CN108306863A CN201810001873.2A CN201810001873A CN108306863A CN 108306863 A CN108306863 A CN 108306863A CN 201810001873 A CN201810001873 A CN 201810001873A CN 108306863 A CN108306863 A CN 108306863A
Authority
CN
China
Prior art keywords
message
electric power
communication connection
connection attribute
reinforcement means
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810001873.2A
Other languages
Chinese (zh)
Inventor
谢吉华
陈清
唐悦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201810001873.2A priority Critical patent/CN108306863A/en
Publication of CN108306863A publication Critical patent/CN108306863A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of electric power message reinforcement means based on communication connection attribute, the communication connection attribute of various electric power messages is judged first, it is broadly divided into bilateral association and multicast is associated with two kinds of situations, HMAC operations are carried out to the message of bilateral association type, security hardening is digitally signed to the message of multicast association type.HMAC can realize information source authentication and the anti-tamper certification of message with digital signature encryption mode, this complex optimum scheme is conducive to preferably balancing safety and real-time, improve security hardening effect, and there is apparent advantage in terms of power system security key management.

Description

A kind of electric power message reinforcement means based on communication connection attribute
Technical field
The present invention relates to a kind of electric power message security hardening technology more particularly to a kind of electric power based on communication connection attribute Message reinforcement means.
Background technology
Power grid intelligence is the development trend of electric system instantly, and the utilization of various intelligent electronic devices is to electric system Control brings facility with state-detection, but there is also certain command, control, communications, and information security risks.International Electrotechnical Commission proposes The data and communication security of electric system are provided Integral Thought by 62351 standards of IEC.State Electricity Regulatory Commission is sent out Cloth《Electric power secondary system security protection provides》, the peace of each electric power enterprise electrical secondary system of the specification including intelligent substation Full protection works, and proposes the principle of " security partitioning, network-specific, lateral isolation, longitudinal certification ".Electric power message is electric system The security hardening of the important component of communication, electric power message mainly realizes information source authentication and the integrality of sending ending equipment Certification.
Instantly electric power message security hardening measure lacks, and does not consider that communication connection belongs to during security hardening Property, this rough security hardening mode complexity in terms of key management is higher, less efficient.For example, MMS messages are bilateral It is associated with message, the as message of One-to-one communication, it is assumed that its message amount is NS;GOOSE, SV message are multicast association type Message, the message of as one-to-many communication, it is assumed that its message amount is ND, the average received end equipment quantity of multicast association type For NJ (NJ>=2), when all being reinforced using single HMAC modes to it, required security key quantity is NS+ND*NJ, base The security key quantity needed for the improved security hardening solution of communication type is NS+ND, to required security key quantity It substantially reduces.Thus we need a kind of electric power message for taking corresponding reinforcing mode for electric power message difference connection attribute Reinforcement means.
Invention content
Goal of the invention:The present invention provides one kind for connection attribute difference, to using the electricity of different authentications Power message reinforcement means, it is intended to improve the comprehensive safety consolidation effect of electric power message, improve power system security key management Efficiency.
Technical solution:A kind of electric power message reinforcement means based on communication connection attribute of the present invention, including it is following Step:
(1) the communication connection attribute of electric power message is judged;
(2) it is directed to and communicates to connect different electric power messages using different reinforcement means.
The communication connection of step (1) the electric power message, mainly there is bilateral association type and multicast association type.
The step (2) includes the following steps:
(21) HMAC authentications are used to the message of bilateral association type;
(22) digital signature authentication is used to the message of multicast association type.
The step (21) includes the following steps:
(211) HMAC operations are carried out with key A to the electric power message to be sent in transmitting terminal;
(212) digest value that HMAC operations obtain is defined as V1, is attached to original electric power message end and is sent, and receives After end equipment receives, HMAC operations are carried out with same key A to the original message part received, obtain digest value V2;
(213) compare V1 and V2, if equal, safety verification passes through;If unequal, message is abnormal.
The step (22) includes the following steps:
(221) eap-message digest operation is carried out to original message in transmitting terminal;
(222) digest value is encrypted with private key, encrypted value is attached to original message end and is sent, and receives After end equipment receives, Hash operations are carried out to electric power message, obtain digest value H1 (M), then encrypted digest value is used Operation is decrypted in public key, obtains H2 (M);
(223) compare H1 (M) and H2 (M), if equal, safety verification passes through;If unequal, message is abnormal.
Advantageous effect:Compared with prior art, beneficial effects of the present invention:1, safety is carried out according to communication connection attribute to add Gu the integrated configuration of mode is advantageously implemented safety and the optimization of real-time and balance, and in electric system key management side Face has significant advantage, improves the effect of security hardening;2, in terms of security key management, HMAC each two IED it Between communication be required to a key, in one-to-many communication, number of keys dramatically increases, key management difficulty increase;Number Signature technology only needs a pair of public and private key in one-to-many communication due to using asymmetric encryption, and required number of keys is less, Therefore the security hardening for electric power message being carried out based on communication connection attribute can effectively reduce required security key quantity, reduce The complexity of key management improves security key management efficiency.
Description of the drawings
Fig. 1 is flow diagram of the present invention;
Fig. 2 is that bilateral association type communicates to connect schematic diagram;
Fig. 3 is that multicast association type communicates to connect schematic diagram;
Fig. 4 is the flow chart of the HMAC safety certifications of bilateral association message;
Fig. 5 is the flow chart for the digital signature safety certification that multicast is associated with message.
Specific implementation mode
Present invention is further described in detail below in conjunction with the accompanying drawings.
Fig. 1 is that flow chart of the present invention first often judges electric system with the communication connection attribute of message, secondly Different authentications is used for the electric power message of different connection attributes.Electric power message is various information in electric system The various situations such as the principal mode of communication, including status information, control information, file journalization.According to message source and reception The quantity at end, i.e. the communication connection attribute of electric power message, can be divided into two kinds of bilateral association type and multicast association type.It is bilateral Association type communication connection state is as shown in Fig. 2, in bilateral association type, and the destination address of electric power message is simple target, often Secondary is in communication with each other there are two entity, and transmitting terminal and receiving terminal all uniquely determine;In this communication connection mode, transmitting terminal Communication process between receiving terminal is more accurate, and the message being mainly used between the station level of intelligent substation and wall is logical Letter process realizes that the information between station control server or host and wall smart machine is transmitted.Multicast association type communication link Situation is connect as shown in figure 3, in multicast association type, the sender of message is a power equipment, but the recipient of message is Multiple power equipments;The message efficiency of multicast association type is higher, is carried out in practice frequently with the virtual LAN based on port The limitation of message spread scope reduces the influence to other networks.
HMAC authentications are used to the message of bilateral association type, number is used to the message of multicast association type The certification of electric power message authenticity and integrality can be achieved with digital signature by signature authentication, HMAC.
The HMAC safety certification process of bilateral association type electric power message:HMAC processes transmitting terminal uses same with receiving terminal A key, it is consistent with the bilateral communication feature of association type message.The HMAC safety certification mistakes of bilateral association type electric power message Journey with key A to the electric power message to be sent in transmitting terminal as shown in figure 4, carry out HMAC operations, in HMAC operations first MD5 algorithms or SM3 algorithms can be used in Hash processes, and the digest value that HMAC operations obtain is defined as V1, is attached to original electric power report The end of writing end is sent, and after receiving device receives, is carried out HAMC operations with same key A to original message part, is obtained To digest value V2;Compare V1 and V2, if equal, safety verification passes through, and realizes the identification of the sending ending equipment of electric power message Certification, and electric power message is not changed in communication transmission process;If V1 is unequal with V2, there are problems for electric power message, can It can be changed in communication process.
The digital signature safety certification process of multicast association type electric power message:Digital signature authentication is using public The mode of private key is suitble to the communication process of multicast association type, sending ending equipment to use private key, although receiving device has more It is a, but a public key need to be only used, the efficiency of management of power system security key can be significantly improved.Multicast association type electric power The digital signature safety certification process of message to original message in transmitting terminal as shown in figure 5, carry out eap-message digest (Hash) first Then operation is encrypted digest value with private key, encrypted value is attached to original message end and is sent, and receiving terminal is set After receiving, Hash operations are carried out to electric power message, obtain digest value H1 (M), public key then is used to encrypted digest value Operation is decrypted, obtains H2 (M);Compare H1 (M) and H2 (M), if equal, safety verification passes through;If unequal, message It is abnormal.

Claims (5)

1. a kind of electric power message reinforcement means based on communication connection attribute, which is characterized in that include the following steps:
(1) the communication connection attribute of electric power message is judged;
(2) it is directed to and communicates to connect different electric power messages using different security hardening modes.
2. a kind of electric power message reinforcement means based on communication connection attribute according to claim 1, which is characterized in that step Suddenly the communication connection of (1) described electric power message, mainly there is bilateral association type and multicast association type.
3. a kind of electric power message reinforcement means based on communication connection attribute according to claim 1, which is characterized in that institute Step (2) is stated to include the following steps:
(21) HMAC authentications are used to the message of bilateral association type;
(22) digital signature authentication is used to the message of multicast association type.
4. a kind of electric power message reinforcement means based on communication connection attribute according to claim 3, which is characterized in that institute Step (21) is stated to include the following steps:
(211) HMAC operations are carried out with key A to the electric power message to be sent in transmitting terminal;
(212) digest value that HMAC operations obtain is defined as V1, is attached to original electric power message end and is sent, receiving terminal is set After receiving, HMAC operations are carried out with same key A to the original message part received, obtain digest value V2;
(213) compare V1 and V2, if equal, safety verification passes through;If unequal, message is abnormal.
5. a kind of electric power message reinforcement means based on communication connection attribute according to claim 3, which is characterized in that institute Step (22) is stated to include the following steps:
(221) eap-message digest operation is carried out to original message in transmitting terminal;
(222) digest value is encrypted with private key, encrypted value is attached to original message end and is sent, and receiving terminal is set After receiving, Hash operations are carried out to electric power message, obtain digest value H1 (M), public key then is used to encrypted digest value Operation is decrypted, obtains H2 (M);
(223) compare H1 (M) and H2 (M), if equal, safety verification passes through;If unequal, message is abnormal.
CN201810001873.2A 2018-01-02 2018-01-02 A kind of electric power message reinforcement means based on communication connection attribute Pending CN108306863A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810001873.2A CN108306863A (en) 2018-01-02 2018-01-02 A kind of electric power message reinforcement means based on communication connection attribute

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810001873.2A CN108306863A (en) 2018-01-02 2018-01-02 A kind of electric power message reinforcement means based on communication connection attribute

Publications (1)

Publication Number Publication Date
CN108306863A true CN108306863A (en) 2018-07-20

Family

ID=62868238

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810001873.2A Pending CN108306863A (en) 2018-01-02 2018-01-02 A kind of electric power message reinforcement means based on communication connection attribute

Country Status (1)

Country Link
CN (1) CN108306863A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104279A (en) * 2018-08-31 2018-12-28 国网河北省电力有限公司沧州供电分公司 A kind of encryption method of electric power data, system and terminal device
CN111865562A (en) * 2020-07-23 2020-10-30 积成电子股份有限公司 Encryption method and system based on AES and HMAC-SHA in DNP protocol of power distribution terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506500A (en) * 2014-12-11 2015-04-08 广东电网有限责任公司电力科学研究院 GOOSE message authentication method based on transformer substation
CN104702599A (en) * 2015-02-16 2015-06-10 中国南方电网有限责任公司 Safety exchange method for MMS specification application layer
CN105656623A (en) * 2016-01-22 2016-06-08 东南大学 Device for enhancing security of intelligent substation IED

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104506500A (en) * 2014-12-11 2015-04-08 广东电网有限责任公司电力科学研究院 GOOSE message authentication method based on transformer substation
CN104702599A (en) * 2015-02-16 2015-06-10 中国南方电网有限责任公司 Safety exchange method for MMS specification application layer
CN105656623A (en) * 2016-01-22 2016-06-08 东南大学 Device for enhancing security of intelligent substation IED

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
崔秀帅: "智能变电站报文安全及其实时性研究", 《中国优秀硕士学位论文全文数据库工程科技II辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104279A (en) * 2018-08-31 2018-12-28 国网河北省电力有限公司沧州供电分公司 A kind of encryption method of electric power data, system and terminal device
CN111865562A (en) * 2020-07-23 2020-10-30 积成电子股份有限公司 Encryption method and system based on AES and HMAC-SHA in DNP protocol of power distribution terminal

Similar Documents

Publication Publication Date Title
CN106789015B (en) Intelligent power distribution network communication safety system
CN110958111B (en) Block chain-based identity authentication mechanism of electric power mobile terminal
CN112104604B (en) System and method for realizing secure access service based on electric power Internet of things management platform
CN106941491B (en) Safety application data link layer equipment of electricity utilization information acquisition system and communication method
KR101575862B1 (en) Security association system between heterogeneous power devices
CN111711625A (en) Power system information security encryption system based on power distribution terminal
CN103297429A (en) Embedded upgrading file transmission method
CN112671710B (en) Security encryption device based on national cryptographic algorithm, bidirectional authentication and encryption method
US9900296B2 (en) Securing communication within a network endpoint
CN104506500A (en) GOOSE message authentication method based on transformer substation
CN115632779B (en) Quantum encryption communication method and system based on power distribution network
CN104202170A (en) Identity authentication system and method based on identifiers
CN115001717B (en) Terminal equipment authentication method and system based on identification public key
CN107249002B (en) Method, system and device for improving safety of intelligent electric energy meter
CN111404886A (en) Electric power metering terminal and electric power metering platform
CN108306863A (en) A kind of electric power message reinforcement means based on communication connection attribute
CN103327020A (en) Security access method and system based on region dividing
Sun et al. Research on distributed feeder automation communication based on XMPP and GOOSE
CN111435389A (en) Power distribution terminal operation and maintenance tool safety protection system
CN112398655A (en) File transmission method, server and computer storage medium
CN112769778B (en) Encryption and decryption processing method and system based on cross-network cross-border data security transmission
CN114070607A (en) Electric power data distribution and data leakage risk control system
CN107196928A (en) Cloud lock encryption method, cloud lock administration system and the cloud lock of a kind of high security
CN103414707B (en) message access processing method and device
CN111065091B (en) Wireless data acquisition system and data transmission method based on lora

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180720