电动汽车充电桩自动化渗透测试系统的研究和设计

doi:10.11930/j.issn.1004-9649.201811139

中国电力 ›› 2019, Vol. 52 ›› Issue (1): 57-62,109.DOI: 10.11930/j.issn.1004-9649.201811139

• 信息物理电力系统(CPPS)专栏 • 上一篇下一篇

电动汽车充电桩自动化渗透测试系统的研究和设计

孙舟, 潘鸣宇, 陈振, 袁小溪, 陈平

国网北京电力科学研究院, 北京 100075

收稿日期:2018-12-02 出版日期:2019-01-05 发布日期:2019-01-14
作者简介:孙舟(1986-),男,硕士,高级工程师,从事电动汽车充换电技术研究,E-mail:sunzhou0812@163.com;潘鸣宇(1985-),男,硕士,高级工程师,从事充电网络规划运营和关键设备研制工作,E-mail:pan_my619@sina.com;陈振(1989-),男,硕士,助理工程师,从事电动汽车信息化管理系统和充电桩信息化系统研究,E-mail:zchen@tju.edu.cn;袁小溪(1989-),女,硕士,助理工程师,从事充换电设施选址规划研究,E-mail:498297227@qq.com;陈平(1966-),男,硕士,高级工程师,从事电力系统分析研究,E-mail:772093280@qq.com
基金资助:
国家电网公司科技项目（电动汽车充电桩信息安全检测评估方法研究及应用，520223170010）。

Research and Design of Automatic Penetration Testing System for Electric Vehicle Charging Piles

SUN Zhou, PAN Mingyu, CHEN Zhen, YUAN Xiaoxi, CHEN Ping

State Grid Beijing Electric Power Research Institute, Beijing 100075, China

Received:2018-12-02 Online:2019-01-05 Published:2019-01-14
Supported by:
This work is supported by Science and Technology Project of State Grid Corporation of China (No.520223170010).

摘要/Abstract

摘要： 信息物理系统（cyber physical systems，CPS）是集计算、通信与控制于一体的智能系统。电动汽车充电设施是一种典型的信息物理系统，但当前大量部署在现场的充电桩终端存在着用户入侵充电桩系统导致系统异常等安全隐患，亟须研究设计一套针对充电桩的自动化渗透测试系统。从指纹扫描、漏洞检测和漏洞挖掘3个方面对充电桩自动化渗透测试系统进行研究与设计，旨在检测已知漏洞和挖掘未知漏洞，有效地对电动汽车充电桩进行全方位的自动化安全检测，提高充电桩的安全防护等级，加强充电桩的安全防护能力，减少针对充电桩安全攻击所造成的信息泄露和经济损失。

关键词: 信息物理系统（CPS）, 充电桩安全, 漏洞检测, 漏洞挖掘, 渗透测试

Abstract: Cyber physical system (CPS) is an intelligent system integrating computing, communication and control. As an important gateway to the energy internet, the electric vehicle charging facilities are responsible for important functions such as power supply, metering and billing, data interconnection and charging security, which is also a typical CPS system. There are many potential threats in the charging pile terminals in the field, such as system abnormality caused by user intrusion of charging pile system, which would subsequently threaten the security of the national grid. It is therefore necessary to study and design an automatic penetration testing system for charging piles. This paper makes a research and design of the charging pile automatic penetration testing system from three aspects: fingerprint scanning, vulnerability detection and vulnerability mining, which aims to detect the known vulnerabilities and discover unknown ones, and effectively carry out all-round automatic inspection of charging electric vehicles, subsequently improving the protection level of charging piles, and strengthening the protection capability of charging piles and reducing the information leakage and economic loss caused by the attacks on charging piles.

Key words: cyber physical system, charging pile security, vulnerability detection, vulnerability mining, penetration testing

中图分类号:

TM73

孙舟, 潘鸣宇, 陈振, 袁小溪, 陈平. 电动汽车充电桩自动化渗透测试系统的研究和设计[J]. 中国电力, 2019, 52(1): 57-62,109.

SUN Zhou, PAN Mingyu, CHEN Zhen, YUAN Xiaoxi, CHEN Ping. Research and Design of Automatic Penetration Testing System for Electric Vehicle Charging Piles[J]. Electric Power, 2019, 52(1): 57-62,109.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.201811139

https://www.electricpower.com.cn/CN/Y2019/V52/I1/57

参考文献 12

[1]	张靖, 高峰, 徐双庆, 等. 能源互联网技术架构与实例分析[J]. 中国电力, 2018, 51(8):24-30 ZHANG Jing, GAO Feng, XU Shuangqing, et al. Energy Internet technology architecture and case analysis[J]. Electric Power, 2018, 51(8):24-30
[2]	张世翔, 李林沣. 电动汽车充电桩与市政LED设施一体化建设经营模式[J]. 中国电力, 2017, 50(7):43-48 ZHANG Shixiang, LI Linfeng. Electric vehicle charging pile and municipal LED facilities integration construction business model[J]. Electric Power, 2017, 50(7):43-48
[3]	于长奇. 工控设备漏洞挖掘技术研究[D]. 北京:北京邮电大学, 2015:6-7.
[4]	孙易安, 井柯, 汪义舟. 工业控制系统安全网络防护研究[J]. 信息安全研究, 2017, 3(2):171-176 SUN Yi'an, JING Ke, WANG Yizhou. Research on safety network protection of industrial control system[J]. Information Security Re-search, 2017, 3(2):171-176
[5]	吕尧. 基于多核的网络扫描研究与实现[D]. 西安:西安电子科技大学, 2010:26-27.
[6]	何颖. 基于Nessus的网络安全检测[D]. 长春:吉林大学, 2006:32-33.
[7]	CUI Jingsong, ZHANG Heng, QI Jing, et al. Hidden process offline forensic based on memory analysis in Windows[J]. Wuhan University Journal of Natural Sciences, 2017, 22(4):346-354.
[8]	汪先明, 刘国平. 基于GPRS水管网无线监控系统设计[J]. 南昌工程学院学报, 2009, 28(6):32-35 WANG Xianming, LIU Guoping. Design of wireless monitoring system based on GPRS water pipe network[J]. Journal of Nanchang Institute of Technology, 2009, 28(6):32-35
[9]	RSH PIGGIN. Development of industrial cyber security standards:IEC 62443 for SCADA and industrial control system security[C]//IET Conference on Control and Automation 2013:Uniting Problems and Solutions. Birmingham, UK, 2013:1-6.
[10]	U.S. Department of Homeland Security. Strategic principles for securing the Internet of Things. (2016-11-15)[2018-11-20]. https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf
[11]	Yehia Mamdouh. Penetration testing a SCADA industrial control systems. (2014-12-29)[2018-11-20]. https://www.slideshare.net/yehiamamdouh1/scada-industrial-control-systems-penetration-testing.
[12]	Alpha_h4ck. 如何理解工控系统中的系统安全风险[EB/OL]. (2017-06-01)[2018-11-20]. http://www.freebuf.com/news/135674.html.

电动汽车充电桩自动化渗透测试系统的研究和设计

Research and Design of Automatic Penetration Testing System for Electric Vehicle Charging Piles

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献 12

相关文章 7

编辑推荐

Metrics

[1]	刘林彬, 苗泉强, 李俊娥. 基于模糊测试的GOOSE协议解析漏洞挖掘方法[J]. 中国电力, 2022, 55(4): 33-43.
[2]	万克厅, 陆玲霞, 于淼, 齐冬莲. 基于多组件并行架构的电力CPS实时联合仿真平台[J]. 中国电力, 2022, 55(2): 51-61.
[3]	韩丽芳, 胡博文, 杨军, 应欢, 周纯杰, 方锡康. 基于攻击预测的电力CPS安全风险评估[J]. 中国电力, 2019, 52(1): 48-56.
[4]	高志远, 黄海峰, 孙芊, 张鸿, 曹阳, 唐保国. 跨国调度与交易系统互联的信息通信支撑研究[J]. 中国电力, 2019, 52(1): 40-47.
[5]	李红, 朱红, 杨志宏, 唐成虹, 张明, 周冬旭. 配电网CPS综合建模方法及其交互影响机理研究[J]. 中国电力, 2019, 52(1): 17-24.
[6]	郑佩祥. 配电网CPS理论架构和典型场景应用[J]. 中国电力, 2019, 52(1): 10-16,31.
[7]	刘林, 张运洲, 王雪, 姜怡喆, 左新强, 代红才. 能源互联网目标下电力信息物理系统深度融合发展研究[J]. 中国电力, 2019, 52(1): 2-9.

模态框（Modal）标题

电动汽车充电桩自动化渗透测试系统的研究和设计

Research and Design of Automatic Penetration Testing System for Electric Vehicle Charging Piles

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献 12

相关文章 7

编辑推荐

Metrics