变电站内传输IEC 62351通信密钥的加密传输方法

doi:10.11930/j.issn.1004-9649.201811056

中国电力 ›› 2019, Vol. 52 ›› Issue (10): 26-30,122.DOI: 10.11930/j.issn.1004-9649.201811056

• 泛在电力物联网——信息与通信安全防护 • 上一篇下一篇

变电站内传输IEC 62351通信密钥的加密传输方法

方芳¹, 李广华², 汪冬辉¹, 宣晓华¹

1. 国网浙江省电力有限公司电力科学研究院, 浙江杭州 310014;
2. 南京南瑞继保电气有限公司, 江苏南京 211102

收稿日期:2018-11-14 修回日期:2019-03-17 出版日期:2019-10-05 发布日期:2019-10-12
通讯作者: 李广华(1977-),男,通信作者,高级工程师,从事电力自动化系统通信与网络安全领域的研究与开发工作,Email:liguanghua@126.com
作者简介:方芳(1986-),女,高级工程师,从事电力系统继电保护及变电站信息安全领域的研究工作,E-mail:355348107@qq.com;李广华(1977-),男,通信作者,高级工程师,从事电力自动化系统通信与网络安全领域的研究与开发工作,Email:liguanghua@126.com
基金资助:
国网浙江省电力有限公司科技项目（智能变电站信息及网络安全技术研究，5211DS16002F）。

A Symmetric Encryption Method for Transmitting IEC 62351 Communicaiton Keys in Substations

FANG Fang¹, LI Guanghua², WANG Donghui¹, XUAN Xiaohua¹

1. State Grid Zhejiang Electric Power Research Institute, Hangzhou 310014, China;
2. NR Electric Co., Ltd., Nanjing 211102, China

Received:2018-11-14 Revised:2019-03-17 Online:2019-10-05 Published:2019-10-12
Supported by:
This work is supported by Science and Technology Project of State Grid Zhejiang Electric Power Research Institute (Research on Smart Substation Information and Network Security Technology, No.5211DS16002F).

摘要/Abstract

摘要： 随着智能变电站信息化水平的提高，通信系统的网络安全问题日益凸显。而以认证加密为核心的网络安全解决方案，如IEC62351标准，需要借助特定的安全传输通道来传输应用密钥。提出了一种在对称加密下实现通信密钥自动协商的方法来构造应用密钥的安全传输通道。该方法以高级加密标准算法及对称密钥组为基础，通过初始密钥结合随机数验证的方式实现了通信密钥的协商机制。协商后的通信密钥具有随机性特征，解决了传统对称加密所有通信使用同一密钥可能带来的安全风险问题。还在防重放、加密强度、抵御密钥失窃攻击等方面进行了技术分析。该方法具有很好的安全性，易用性，可为智能变电站网络安全系统的密钥传输提供借鉴。

关键词: 对称加密, 密钥组, 密钥协商, IEC 62351, 变电站

Abstract: With the improvement of the information level of the substation, the cyber security problem of information communication has become increasingly prominent. The authentication encryption-based network security solution, such as the IEC 62351 standard, needs to transmit the application keys through another special secure transmission channel. This paper creatively proposes a method to build a secure transmission channel of application encryption keys through communication key negotiation mechanism under symmetric encryption. Based on the advanced encryption standard algorithm and symmetric key group, this method realizes the communication key negotiation mechanism through the combination of initial key and random number. The negotiated key has the character of randomness, which solves the possible security risk caused by using the same key for all links of traditional symmetric encrypted communication. In this paper, the corresponding technical analysis is also carried out, which include anti-replay, encryption strength, and anti-key theft attack, etc. The method is good in security and convenient for use, and can provide reference for key transmission of intelligent substation cyber security system.

Key words: symmetric encryption, key group, key negotiation, IEC 62351, substation

中图分类号:

TM73
TM764

方芳, 李广华, 汪冬辉, 宣晓华. 变电站内传输IEC 62351通信密钥的加密传输方法[J]. 中国电力, 2019, 52(10): 26-30,122.

FANG Fang, LI Guanghua, WANG Donghui, XUAN Xiaohua. A Symmetric Encryption Method for Transmitting IEC 62351 Communicaiton Keys in Substations[J]. Electric Power, 2019, 52(10): 26-30,122.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.201811056

https://www.electricpower.com.cn/CN/Y2019/V52/I10/26

参考文献

[1] 莫峻, 谭建成. 基于IEC 61850的变电站网络安全分析[J]. 电力系统通信, 2009, 30(4):12-16 MO Jun, TAN Jiancheng. Research on network security in substations based on IEC 61850[J]. Telecommunications for Electric Power System, 2009, 30(4):12-16
[2] power systems management and associated information exchange-data and communications security-part 3:communication network and system security-profiles including TCP/IP:IEC 62351-3[S]. 2014.
[3] power systems management and associated information exchange-data and communications security-part 4:profiles including MMS:IEC 62351-4[S]. 2007.
[4] power systems management and associated information exchange-data and communications security-part 6:security for IEC 61850:IEC 62351-6[S]. 2007.
[5] power systems management and associated information exchange-data and communications security-part 9:cyber security key management for power system equipment:IEC 62351-9[S]. 2017.
[6] 邹晓峰, 肖远兴. 基于SM2的配电网Modbus报文安全性研究[J]. 电力系统保护与控制, 2018, 49(12):151-157 ZOU Xiaofeng, XIAO Yuanxing. Modbus telegram security of distribution network based on SM2[J]. Power System Protection and Control, 2018, 49(12):151-157
[7] 肖小兵, 徐长宝, 林呈辉, 等. 一种高效的配电网报文数字签名实现方法[J]. 电力系统保护与控制, 2017, 45(19):130-135 XIAO Xiaobing, XU Changbao, LIN Chenghui, et al. An efficient implementation method for distribution network packet based on digital signature[J]. Power System Protection and Control, 2017, 45(19):130-135
[8] 陶士全, 王自成, 李广华, 等. 基于IEC 62351的安全通信对站控层通信性能的影响[J]. 电力系统自动化, 2018, 42(23):155-158 TAO Shiquan, WANG Zicheng, Li Guanghua, et al. Effect of IEC 62351 based security communication on communication performance of station level[J]. Automation of Electric Power Systems, 2018, 42(23):155-158
[9] CHEN Lu, WANG Yufei, ZHANG Tao. Security authentication for smart substation communication based on IEC 62351[J]. Applied Mechanics and Materials, 2013(12):91-96.
[10] 杨继高, 陶文伟, 张静, 等. 符合IEC62351标准的变电站原型系统关键技术[J]. 电力系统自动化, 2015, 39(14):114-119 YANG Jigao, TAO Wenwei, ZHANG Jing, et al. Key technologies of substation prototype system conforming to IEC 62351 standard[J]. Automation of Electric Power Systems, 2015, 39(14):114-119
[11] 王自成, 李广华, 方芳, 等. IEC 62351国际互操作的总结与思考[J]. 电力系统自动化, 2019, 43(5):1-5 WANG Zicheng, LI Guanghua, FANG Fang, et al. Summary and consideration of IEC 62351 international interoperability[J]. Automation of Electric Power Systems, 2019, 43(5):1-5
[12] 张文正, 陈克非, 赵伟. 密码学的基本理论与技术[M]. 北京:国防工业出版社, 2015.
[13] Douglas R. Stinson. 密码学原理与实践[M]. 3版. 冯登国, 译. 北京:电子工业出版社, 2016.
[14] William Stallings. 密码编码学与网络安全-原理与实践[M]. 6版.唐明, 译. 北京:电子工业出版社, 2017.
[15] 余勇, 林为民, 何军. 电力数字证书服务系统的设计及应用[J]. 电力系统自动化, 2005, 29(10):64-68 YU Yong, LIN Weimin, HE Jun. Design and application of power digital certificate service system[J]. Automation of Electric Power Systems, 2005, 29(10):64-68
[16] 刘宝龙, 陈桦. X.509数字证书有效性自验证方案研究[J]. 西安工业大学学报, 2012, 32(7):540-544 LIU Baolong, CHEN Hua. Research on self-validation scheme for X.509 digital certificate status[J]. Journal of Xi'an Technological University, 2012, 32(7):540-544
[17] 邓晓军. 证书撤销机制的分析与研究[J]. 计算机工程与设计, 2007, 28(7):1538-1540 DENG Xiaojun. Analysis and research mechanism of certificate revocation[J]. Computer Engineering and Design, 2007, 28(7):1538-1540
[18] 张明德, 刘伟. PKI/CA与数字证书技术大全[M]. 北京:电子工业出版社, 2015.
[19] 丁明, 李晓静, 张晶晶. 面向SCADA的网络攻击对电力系统可靠性的影响[J]. 电力系统保护与控制, 2018, 46(11):37-44 DING Ming, LI Xiaojing, ZHANG Jingjing. Effect of SCADA-oriented cyber attack on power system reliability[J]. Power System Protection and Control, 2018, 46(11):37-44

变电站内传输IEC 62351通信密钥的加密传输方法

A Symmetric Encryption Method for Transmitting IEC 62351 Communicaiton Keys in Substations

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	叶远波, 王吉文, 汪伟, 毛玉荣, 王志华. 基于哈希和编辑距离算法的SCD双层向量化与变更校验技术[J]. 中国电力, 2024, 57(1): 255-262.
[2]	唐旭辰, 潮铸, 段秦尉, 苏炳洪, 陈卉灿. 基于分层测量数据的高压变电站概率负荷预测方法[J]. 中国电力, 2023, 56(8): 143-150.
[3]	皮志勇, 朱益, 廖玄, 李振兴, 方豪, 吴沛. 智能变电站多信息融合建模的通信链路故障定位方法[J]. 中国电力, 2023, 56(8): 207-215.
[4]	皮志勇, 朱益, 廖玄, 李振兴, 方豪, 吴沛. 基于深度学习的智能变电站通信链路故障定位方法[J]. 中国电力, 2023, 56(7): 136-145.
[5]	张杰, 王恒凤, 刘生春, 王华彪, 王沧海, 冉垚, 王献敏, 马勇飞, 颜伟. 基于内点法和邻域搜索解耦动态规划法的区域电网动态无功优化方法[J]. 中国电力, 2023, 56(2): 59-67.
[6]	钟鸣, 陶军, 刘洵宇, 杨逸, 杨炳元. 智能变电站光纤虚实回路映射及故障诊断技术[J]. 中国电力, 2023, 56(10): 171-178.
[7]	严亚兵, 褚旭, 肖豪龙, 梁文武, 李辉, 夏振兴. 基于改进支持向量机的数字化变电站安全措施生成技术[J]. 中国电力, 2023, 56(10): 194-201.
[8]	汤锦慧, 伍发元, 支妍力, 毛梦婷, 代小敏. 基于深度强化学习的户内变电站通风降噪优化设计[J]. 中国电力, 2023, 56(1): 96-105,118.
[9]	李肖博, 于杨, 姚浩, 习伟, 蔡田田. 新一代智能变电站采控装置[J]. 中国电力, 2022, 55(4): 85-92.
[10]	范长俊, 孟飞, 郭添亨, 杜彦锟, 崔晓琳, 张程. 预制舱变电站多状态监测技术探讨[J]. 中国电力, 2022, 55(12): 98-104.
[11]	闫帅, 李朋宇, 王高洁, 李强, 吴凡, 罗林根. 基于特高频无线智能传感阵列的敞开式变电站放电定位方法[J]. 中国电力, 2021, 54(2): 52-57,65.
[12]	李金, 张喜铭, 胡荣, 许艾, 周华锋, 邱荣福. 变电站软件版本安全管控与溯源[J]. 中国电力, 2021, 54(11): 206-213.
[13]	王小虎, 郭广鑫, 董佳涵, 王磊, 曹灿. 变电站应用实景复制技术建模和网络安全监控[J]. 中国电力, 2021, 54(11): 221-228.
[14]	王永红, 焦重庆, 肖冰, 郭安琪, 邱桂中, 秘立鹏, 徐克强. 变电站接地网上两点间电位差的特性[J]. 中国电力, 2021, 54(1): 150-158.
[15]	任辉, 栗会峰, 赵辉, 贺枫, 窦仁晖, 姚志强, 赵国庆. 电能计量用通信规约安全改造技术[J]. 中国电力, 2021, 54(1): 167-174.

模态框（Modal）标题

变电站内传输IEC 62351通信密钥的加密传输方法

A Symmetric Encryption Method for Transmitting IEC 62351 Communicaiton Keys in Substations

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics