电能计量用通信规约安全改造技术

doi:10.11930/j.issn.1004-9649.202003037

中国电力 ›› 2021, Vol. 54 ›› Issue (1): 167-174.DOI: 10.11930/j.issn.1004-9649.202003037

电能计量用通信规约安全改造技术

任辉^1,5, 栗会峰², 赵辉³, 贺枫⁴, 窦仁晖^1,5, 姚志强^1,5, 赵国庆^1,5

1. 中国电力科学研究院有限公司南京分院，江苏南京 210003;
2. 国网河北省电力有限公司电力科学研究院，河北石家庄 050021;
3. 积成电子股份有限公司，山东济南 250100;
4. 上海博般数据技术有限公司，上海 200333;
5. 电力调度自动化技术研究与系统评价北京重点实验室，北京 100192

收稿日期:2020-03-05 修回日期:2020-03-30 出版日期:2021-01-05 发布日期:2021-01-11
作者简介:任辉(1987—)，男，通信作者，硕士，高级工程师，从事变电站自动化研究，E-mail: rythmhector@163.com;栗会峰(1987—)，男，硕士，工程师，从事电力自动化研究，E-mail：489384610@qq.com;赵辉(1976—)，男，高级工程师，从事电能计量及用电信息采集系统技术研究，E-mail: zhaoh@ieslab.cn
基金资助:
国家电网有限公司科技项目(变电站站控层国产化通信协议研究与应用，5108-202018037A-0-0-00)

Security Transformation Technology for Electricity Metering Communication Protocol

REN Hui^1,5, LI Huifeng², ZHAO Hui³, HE Feng⁴, DOU Renhui^1,5, YAO Zhiqiang^1,5, ZHAO Guoqing^1,5

1. Nanjing Department of China Electric Power Research Institute, Nanjing 210003, China;
2. State Grid Hebei Electric Power Supply Co., Ltd. Electric Power Research Institute, Shijiazhuang 050021, China;
3. Jicheng Electronic Co., Ltd., Jinan 250100, China;
4. Shanghai Boban Data Technology Co., Ltd., Shanghai 200333, China;
5. Beijing Key Laboratory of Research and System Evaluation of Power Dispatching Automation Technology, Beijing 100192, China

Received:2020-03-05 Revised:2020-03-30 Online:2021-01-05 Published:2021-01-11
Supported by:
This work is supported by Science and Technology Project of SGCC (Research and Application of Domestic Communication Protocol for Substation Control Layer, No.5108-202018037A-0-0-00)

摘要/Abstract

摘要： 网络攻击正向工业控制系统渗透。电能量采集关系到各方面经济利益，及时获取精准的电量数据尤为重要。基于IEC 62351标准对采用网络传输的102规约进行了网络安全性改造，在传输层增加传输层安全（transport layer security，TLS）协议，应用层采用哈希运算消息认证码（Hash-based message authentication code，HMAC）对报文应用服务数据单元（application service data unit，ASDU）进行安全性校验，实现电能量采集系统主子站间通信加密、认证和完整性校验功能。测试电能量采集系统102规约改造前后主子站间通信的认证时间、单帧数据增加时间等关键数据指标。测试结果表明：应用层改造环节消耗较多时间，在报文帧数量大的情况下会严重影响通信效率。综合比较，当TLS使用国密SM4加密套件时，整体性能较优。

关键词: 102规约, IEC 62351, TLS协议, 加密认证, 应用层改造

Abstract: Network attacks are now penetrating into industrial control system. Acquisition of electricity energy data is related to the economic interests of all parties, so it is very important to obtain accurate electricity data in time. In the paper, security transformation is made to the 102 protocol based on IEC 62351. The TLS protocol is added in the transmission layer, and the HMAC is used in the application layer to verify the security of ASDU message, so as to realize such functions as the communication encryption, authentication and integrity verification between the main and sub stations of the electricity energy acquisition system. The key data indexes, such as the authentication time of the main and sub stations, the increase time of the single frame data before and after the 102 protocol transformation of the electricity energy acquisition system, are simulated and tested. The testing results show that transformation of the application layer consumes more time and can seriously affect the communication efficiency when message frames are large in numbers. It is concluded through comprehensive comparison that the overall performance is better when SM4 encryption suite is used for TLS protocol.

Key words: 102 protocol, IEC 62351, TLS protocol, encryption and authentication, transformation of application layer

任辉, 栗会峰, 赵辉, 贺枫, 窦仁晖, 姚志强, 赵国庆. 电能计量用通信规约安全改造技术[J]. 中国电力, 2021, 54(1): 167-174.

REN Hui, LI Huifeng, ZHAO Hui, HE Feng, DOU Renhui, YAO Zhiqiang, ZHAO Guoqing. Security Transformation Technology for Electricity Metering Communication Protocol[J]. Electric Power, 2021, 54(1): 167-174.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202003037

https://www.electricpower.com.cn/CN/Y2021/V54/I1/167

参考文献

[1] 张盛杰, 何冰, 王立富, 等. 乌克兰停电事件对全球能源互联网安全的启示[J]. 电力信息与通信技术, 2016, 14(3): 77-83
ZHANG Shengjie, HE Bing, WANG Lifu, et al. Enlightenments of the Ukraine blackout to cyber security of global energy interconnection[J]. Electric Power Information and Communication Technology, 2016, 14(3): 77-83
[2] 姬翔. 面向工控领域APT攻击威胁智能感知技术研究[D]. 哈尔滨: 哈尔滨工程大学, 2016.
JI Xiang. Research on intellisense technology against ATP attacks in industrial control [D]. Harbin: Harbin Engineering University, 2016.
[3] 何金栋, 王宇, 赵志超, 等. 智能变电站嵌入式终端的网络攻击类型研究及验证[J]. 中国电力, 2020, 53(1): 81-91
HE Jindong, WANG Yu, ZHAO Zhichao, et al. Type and verification of network attacks on embedded terminals of intelligent substation[J]. Electric Power, 2020, 53(1): 81-91
[4] 钟清, 程瑛, 王振宇, 等. 广东电网电能计量自动化系统安全防护研究[J]. 华东电力, 2012, 40(9): 1587-1591
ZHONG Qing, CHENG Ying, WANG Zhenyu, et al. Safe protection of electricity measurement automation system for Guangdong power grid[J]. East China Electric Power, 2012, 40(9): 1587-1591
[5] 远动设备及系统第5部分: 传输规约第102篇: 电力系统电能累计量计量传输配套标准: DL/T 719—2000 [S]. 北京: 中华人民共和国国家经济贸易委员会, 2000.
[6] 王顺江. 电力自动化通讯规约精解 [M/OL]. 沈阳: 东北大学出版社, 2014.
[7] 王栋, 陈传鹏, 颜佳, 等. 新一代电力信息网络安全架构的思考[J]. 电力系统自动化, 2016, 40(2): 6-11
WANG Dong, CHEN Chuanpeng, YAN Jia, et al. Pondering a new-generation security architecture model for power information network[J]. Automation of Electric Power Systems, 2016, 40(2): 6-11
[8] 梁潇, 高昆仑, 徐志博, 等. 美国电力行业信息安全工作现状与特点分析[J]. 电网技术, 2011, 35(12): 221-228
LIANG Xiao, GAO Kunlun, XU Zhibo, et al. A survey on cybersecurity of U. S. Electric power industry[J]. Power System Technology, 2011, 35(12): 221-228
[9] 杨继高, 陶文伟, 张静, 等. 符合IEC 62351标准的变电站原型系统关键技术[J]. 电力系统自动化, 2015, 39(14): 114-119
YANG Jigao, TAO Wenwei, ZHANG Jing, et al. Key technologies of substation prototype system conforming to IEC 62351 standard[J]. Automation of Electric Power Systems, 2015, 39(14): 114-119
[10] 陶士全, 王自成, 李广华, 等. 基于IEC 62351的安全通信对站控层通信性能的影响[J]. 电力系统自动化, 2018, 42(23): 155-158
TAO Shiquan, WANG Zicheng, LI Guanghua, et al. Effect of IEC 62351 based security communication on communication performance of station level[J]. Automation of Electric Power Systems, 2018, 42(23): 155-158
[11] 胡洋, 任振兴, 滕国山, 等. 一种基于IEC 62351的变电站远动通信混合加密算法[J]. 电力信息与通信技术, 2018, 16(5): 24-29
HU Yang, REN Zhenxing, TENG Guoshan, et al. A hybrid encryption approach based on IEC 62351 in substation telecontrol communication[J]. Electric Power Information and Communication Technology, 2018, 16(5): 24-29
[12] 方芳, 李广华, 汪冬辉, 等. 变电站内传输IEC 62351通信密钥的加密传输方法[J]. 中国电力, 2019, 52(10): 26-30, 122
FANG Fang, LI Guanghua, WANG Donghui, et al. A symmetric encryption method for transmitting IEC 62351 communication keys in substations[J]. Electric Power, 2019, 52(10): 26-30, 122
[13] 沈雯婷, 张惠刚, 李忠安. 基于IEC 62351智能变电站通信加密的可行性分析[J]. 南京工程学院学报(自然科学版), 2019, 17(2): 72-77
SHEN Wenting, ZHANG Huigang, LI Zhongan. Feasibility analysis of communication encryption based on IEC 62351 of intelligent substation[J]. Journal of Nanjing Institute of Technology(Natural Science Edition), 2019, 17(2): 72-77
[14] 王自成, 李广华, 方芳, 等. IEC 62351国际互操作的总结与思考[J]. 电力系统自动化, 2019, 43(5): 1-7
WANG Zicheng, LI Guanghua, FANG Fang, et al. Summary and consideration of IEC 62351 international interoperability[J]. Automation of Electric Power Systems, 2019, 43(5): 1-7
[15] Telecontrol equipment and systems - Pat 5-7: transmission protocols - security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols(applying IEC 62351): IEC/TS 60870-5-7 [S]. 2013.
[16] Power systems management and associated information exchange -data and communications security - Parts 5: Security for IEC 60870-5 and derivatives: IEC/TS 62351-5 [S]. 2013.
[17] 伍少成, 周尚礼, 张亚东, 等. 对IEC60870-5-102标准的扩展及应用[J]. 广东电力, 2009, 22(6): 20-23, 32
WU Shaocheng, ZHOU Shangli, ZHANG Yadong, et al. Extension of IEC 60870-5-102 standard and its application[J]. Guangdong Electric Power, 2009, 22(6): 20-23, 32
[18] 冯军军, 贺晓春, 王海沛. 基于DSP的电量传输协议的实现[J]. 电子设计工程, 2018, 26(4): 126-129, 135
FENG Junjun, HE Xiaochun, WANG Haipei. The realization of power transmission protocol based on DSP[J]. Electronic Design Engineering, 2018, 26(4): 126-129, 135

电能计量用通信规约安全改造技术

Security Transformation Technology for Electricity Metering Communication Protocol

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

模态框（Modal）标题

电能计量用通信规约安全改造技术

Security Transformation Technology for Electricity Metering Communication Protocol

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics