基于SM9的配电网Modbus报文安全性分析及改进

doi:10.11930/j.issn.1004-9649.201811094

中国电力 ›› 2019, Vol. 52 ›› Issue (10): 18-25.DOI: 10.11930/j.issn.1004-9649.201811094

• 泛在电力物联网——信息与通信安全防护 • 上一篇下一篇

基于SM9的配电网Modbus报文安全性分析及改进

邱帆¹, 陈兰兰², 林楠³, 左黎明²

1. 国网江西省电力公司吉安供电分公司, 江西吉安 343009;
2. 华东交通大学系统工程与密码学研究所, 江西南昌 330013;
3. 国网江西电力有限公司电力科学研究院, 江西南昌 330096

收稿日期:2018-11-22 修回日期:2019-04-10 出版日期:2019-10-05 发布日期:2019-10-12
作者简介:邱帆(1974-),男,工程师,从事网络信息系统,网络环境下智能信息处理与自动化数据采集研究,E-mail:jaqf@163.com;陈兰兰(1995-),女,通信作者,硕士研究生,从事信息安全研究,E-mail:291805564@qq.com;左黎明(1981-),男,硕士,副教授,从事信息安全研究,E-mail:limingzuo@126.com
基金资助:
国家自然科学基金资助项目（11761033）；国网江西省电力有限公司科技项目（52182017001L）。

Security Analysis and Improvement of Modbus Message in Distribution Network Based on SM9

QIU Fan¹, CHEN Lanlan², LIN Nan³, ZUO Liming²

1. Ji'an Power Supply Branch of State Grid Jiangxi Electric Power Company, Ji'an 343009, China;
2. SEC Institute, East China Jiaotong University, Nanchang 330013, China;
3. State Grid Jiangxi Electric Power Co., Ltd., Electric Power Research Institute, Nanchang 330096, China

Received:2018-11-22 Revised:2019-04-10 Online:2019-10-05 Published:2019-10-12
Supported by:
This work is supported by National Natural Science Foundation of China (No.11761033), Science and Technology Project of State Grid Jiangxi Electric Power Co., Ltd. (No.52182017001L).

摘要/Abstract

摘要： 为了确保智能配电网系统中信息的安全，越来越多的密码算法被应用在通信工程中。针对基于SM2的配电网Modbus报文安全性研究，指出其易受重放攻击和篡改攻击，并有几处描述错误。为改进基于SM2的方法，提出了一种适用于Modbus TCP（transmission control protocol）报文的基于国密算法SM9标识算法的协议。首先介绍了SM9数字签名过程，进而将其应用到Modbus TCP报文通信中，并加入时戳机制，对改进的协议进行了安全性分析。最后，采用C语言实现签名方案，并与几种签名方案进行效率比较。结果表明：改进后的协议不仅可以抵抗重放攻击和消息篡改攻击，保证报文通信过程中的数据完整性和来源可靠性，而且在运行效率方面具有较强的优势。

关键词: 配电网, 国密算法, SM9, 时戳机制, 安全性分析

Abstract: In order to ensure the information security in smart distribution network, more and more cryptographic algorithms are applied in the communication process. by SM2-based Modbus message security of distribution network was analyzed to find out such defects as its vulnerability to replay attack and tampering attack, and several other description errors. In order to improve this method, the authors in this paper propose a SM9-based protocol of identification algorithm suitable for Modbus TCP (transmission control protocol) message. At first, the process of SM9 digital signature is introduced, and then it is applied to Modbus TCP message communication added with the timestamp mechanism. And the security of the improved protocol is analyzed. Finally, the C language is used to realize the signature scheme, and its efficiency is compared with several other signature schemes. The results show that the improved protocol can not only resist replay attacks and tamper attacks, and ensure the data integrity and source reliability in the process of message communication, but also have a good advantage in running efficiency.

Key words: distribution network, national cryptographic algorithm, SM9, timestamp mechanism, security analysis

中图分类号:

TM76

邱帆, 陈兰兰, 林楠, 左黎明. 基于SM9的配电网Modbus报文安全性分析及改进[J]. 中国电力, 2019, 52(10): 18-25.

QIU Fan, CHEN Lanlan, LIN Nan, ZUO Liming. Security Analysis and Improvement of Modbus Message in Distribution Network Based on SM9[J]. Electric Power, 2019, 52(10): 18-25.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.201811094

https://www.electricpower.com.cn/CN/Y2019/V52/I10/18

参考文献

[1] 秦红霞, 谭志海, 葛亮, 等. 智能配电网自愈控制系统技术研究与设计[J]. 电力系统保护与控制, 2014, 42(22):134-139 QIN Hongxia, TAN Zhihai, GE Liang, et al. Study and design of smart distribution grid self-healing control system technology[J]. Power System Protection and Control, 2014, 42(22):134-139
[2] VIJAYAPRIYA T, KOTHARI D P. Smart grid:an overview[J]. Smart Grid and Renewable Energy, 2011, 2(4):305.
[3] 高志远, 姚建国, 郭昆亚, 等. 智能电网对智慧城市的支撑作用研究[J]. 电力系统保护与控制, 2015, 43(11):148-153 GAO Zhiyuan, YAO Jianguo, GUO Kunya, et al. Study on the supporting role of smart grid to the construction of smart city[J]. Power System Protection and Control, 2015, 43(11):148-153
[4] PIATKOWSKA E, BAJRAKTARI A, CHHAJED D, et al. Tool support for data protection impact assessment in the smart grid[J]. e & i Elektrotechnik und Informationstechnik, 2017, 134(1):26-29.
[5] 张少敏, 李晓强, 王保义. 基于Hadoop的智能电网数据安全存储设计[J]. 电力系统保护与控制, 2013, 41(14):136-140 ZHANG Shaomin, LI Xiaoqiang, WANG Baoyi. Design of data security storage in smart grid based on Hadoop[J]. Power System Protection and Control, 2013, 41(14):136-140
[6] 王雷, 李乐为, 史金伟, 等. EMS与DMS间数据交互的数据传输与安全控制操作方法研究[J]. 电力系统保护与控制, 2018, 46(10):75-80 WANG Lei, LI Lewei, SHI Jinwei, et al. Research on data transmission and security control operation method of data interaction between EMS and DMS[J]. Power System Protection and Control, 2018, 46(10):75-80
[7] 余容, 黄剑, 何朝明. 基于SM4并行加密的智能电网监控与安全传输系统[J]. 电子技术应用, 2016, 42(11):66-69 YU Rong, HUANG Jian, HE Zhaoming. Smart grid monitoring and secure transmission system based on SM4 parallel encryption[J]. Application of Electronic Technique, 2016, 42(11):66-69
[8] 韩亚楠, 李发根. 适用于智能电网的组合公钥密码体制研究[J]. 密码学报, 2016, 3(4):340-351 HAN Yanan, LI Fagen. Research on combined public key cryptographic scheme for smart grid[J]. Journal of Cryptologic Research, 2016, 3(4):340-351
[9] 马李翠, 黎妹红, 吴倩倩, 等. 智能电网通信中动态密钥加密方法的研究与改进[J]. 北京邮电大学学报, 2017, 40(4):74-79 MA Licui,LI Meihong,WU Qianqian,et al. Research of dynamic key encryption algorithm in smart grid communication[J]. Journal of Beijing University of Posts and Telecommunications, 2017, 40(4):74-79
[10] LANG B, WANG J, CAO Z. Multidimensional data tight aggregation and fine-grained access control in smart grid[J]. Journal of Information Security and Applications, 2018, 40:156-165.
[11] 李学俊, 袁亚文, 金春花. 一种适用于广电网的属性基广播加密方案[J]. 计算机研究与发展, 2018, 55(7):1409-1420 LI Xuejun, YUAN Yawen, JIN Chunhua. An attribute-based broadcast encryption scheme suitable for the broadcasting network[J]. Journal of Computer Research and Development, 2018, 55(7):1409-1420
[12] 骆钊, 谢吉华, 顾伟, 等. 基于SM2密码体系的电网信息安全支撑平台开发[J]. 电力系统自动化, 2014, 38(6):68-74 LUO Zhao, XIE Jihua, GU Wei, et al. SM2-cryptosystem based information security supporting platform in power grid[J]. Automation of Electric Power Systems, 2014, 38(6):68-74
[13] LV Xixiang, MU Yi, LI Hui. Key management for smart grid based on asymmetric key-wrapping[J]. International Journal of Computer Mathematics, 2015, 92(3):498-512.
[14] 邓伟, 闻楷, 张浩, 等. 配电网数据加密认证方案的设计与分析[J]. 软件, 2017, 38(6):17-23 DENG Wei, WEN Kai, ZHANG Hao, et al. Design and analysis of data encryption and authentication scheme for distribution grid[J]. Computer Engineering & Software, 2017, 38(6):17-23
[15] 杨晓朋, 陈海涛, 梅力宸, 等. 量子密钥分发技术在智能变电站中的研究[J]. 电信科学, 2018(10):163-169 YANG Xiaopeng, CHEN Haitao, MEI Lichen, et al. Research on quantum key distribution technology in intelligent substation[J]. Telecommunications Science, 2018(10):163-169
[16] ZHENG Jiamin, TAN Yu'an, ZHANG Xiaosong, et al. Multi-domain lightweight asymmetric group key agreement[J]. Chinese Journal of Electronics, 2018, 27(5):1085-1091.
[17] ODELU V, DAS A K, WAZID M, et al. Provably secure authenticated key agreement scheme for smart grid[J]. IEEE Transactions on Smart Grid, 2018, 9(3):1900-1910.
[18] 邹晓峰, 肖远兴. 基于SM2的配电网Modbus报文安全性研究[J]. 电力系统保护与控制, 2018, 46(12):151-157 ZOU Xiaofeng, XIAO Yuanxing. Modbus telegram security of distribution network based on SM2[J]. Power System Protection and Control, 2018, 46(12):151-157
[19] 袁峰, 程朝辉. SM9标识密码算法综述[J]. 信息安全研究, 2016, 2(11):1008-1027 YUAN Feng, CHENG Zhaohui. Overview on SM9 identity-based cryptographic algorithm[J]. Journal of Information Security Research, 2016, 2(11):1008-1027
[20] LI J G, WANG Z W, ZHANG Y C. Provably secure certificate-based signature scheme without pairings[J]. Information Sciences, 2013, 233(7):313-320.
[21] SARDE P, BANERJEE A, DEWANGAN C L. A secure and an efficient ID-based multi-proxy multi-signature scheme from bilinear pairings[J]. International Journal of Computer Applications, 2017, 157(10):1-6.
[22] LI J G, HUANG X Y, ZHANG Y C, et al. An efficient short certificate-based signature scheme[J]. Journal of Systems & Software, 2012, 85(2):314-322.

基于SM9的配电网Modbus报文安全性分析及改进

Security Analysis and Improvement of Modbus Message in Distribution Network Based on SM9

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	贺春光, 王林峰, 曹媛, 安佳坤, 雷子健, 宋关羽, 冀浩然. 考虑综合收益的多电压等级配电网柔性互联装置协同规划方法[J]. 中国电力, 2025, 58(1): 78-84.
[2]	祝士焱, 许寅, 和敬涵, 王颖. 基于多微电网投影的配电系统协调恢复方法[J]. 中国电力, 2024, 57(9): 224-230.
[3]	张亚健, 陈茨, 薛飞, 马丽, 郑敏. 电制氢协同的含高比例光伏配电网两阶段电压随机优化控制[J]. 中国电力, 2024, 57(8): 23-35.
[4]	孙东磊, 孙毅, 刘蕊, 孙鹏凯, 张玉敏. 计及多层级配电网的分布式新能源最大消纳空间分解测算[J]. 中国电力, 2024, 57(8): 108-116.
[5]	凡鹏飞, 李宝琴, 侯江伟, 李嵘, 宋崇明, 林凯骏. 配电网分布式电源经济可承载力评估[J]. 中国电力, 2024, 57(7): 196-202.
[6]	王家武, 赵佃云, 刘长锋, 陈康, 张玉敏. 基于目标级联法的多主体主动配电网自治协同优化[J]. 中国电力, 2024, 57(7): 214-226.
[7]	韩璟琳, 胡平, 侯若松, 陈志永, 李洪涛, 柴园园. 计及多光储一体机的配电网电压优化控制策略[J]. 中国电力, 2024, 57(6): 69-77, 152.
[8]	徐峰亮, 王克谦, 王文豪, 王鹏, 王文烨, 张帅, 赵凤展. 计及激励型需求响应的低压配电网混合储能优化配置[J]. 中国电力, 2024, 57(6): 90-101.
[9]	乔俊峰, 周爱华, 彭林, 王一清, 沈晓峰, 潘森, 杨佩, 黄晨宏. 基于多源数据深度融合的配电网运行评价方法[J]. 中国电力, 2024, 57(6): 193-203.
[10]	张宇, 魏新迟, 冯凯辉, 时珊珊, 孟子涵, 梁媛. 计及分布式光伏承载力的配电网侧独立储能充放电策略[J]. 中国电力, 2024, 57(4): 111-117.
[11]	魏明江, 李鹏, 于浩, 冀浩然, 宋关羽, 习伟. 数字配电网边缘计算模拟实验平台[J]. 中国电力, 2024, 57(3): 12-19.
[12]	焦昊, 殷岩岩, 吴晨, 刘建, 徐春雷, 徐贤, 孙国强. 基于安全强化学习的主动配电网有功-无功协调优化调度[J]. 中国电力, 2024, 57(3): 43-50.
[13]	刘国强, 李国春, 郝亚楠, 李贵海, 吴中杰. 低压直流配电网强弱电弧特征及检测算法[J]. 中国电力, 2024, 57(2): 94-102.
[14]	刘志伟, 马悦, 沙志成, 邵云姝, 牛远方, 董晓明, 王成福. 考虑新能源多重相关性的柔性配电网分布鲁棒优化策略[J]. 中国电力, 2024, 57(12): 97-108.
[15]	李铁成, 范辉, 张卫明, 王献志, 张艺宏, 戴志辉. 基于5G通信的有源配电网新能源送出线路纵联保护[J]. 中国电力, 2024, 57(11): 139-150.

模态框（Modal）标题

基于SM9的配电网Modbus报文安全性分析及改进

Security Analysis and Improvement of Modbus Message in Distribution Network Based on SM9

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics