配电自动化远程终端的可信研究Research on Trustiness of Remote Terminal Units in Distribution Automation
孙辰;刘东;凌万水;陆一鸣;
摘要(Abstract):
为解决配电自动化系统中配电远程终端的通信安全问题,基于可信计算理论和可信安全芯片技术提出一种适用于多种类型配电终端设备的分层三级可信认证机制,为遥测、遥信与遥控等数据信息的传输设计了安全流程,并提出一种量化反映终端设备状态完整性与真实性可信度的数学模型。在MATLAB环境下模拟配电终端与主站间数据信息的交互过程,使用具有不同密钥长度的10条椭圆曲线,分析了进行密码运算的时间开销以及可信机制所运用的椭圆曲线加密算法和时间戳校验机制的安全性,计算得出终端设备的真实性可信度。据此验证了该可信机制具有较强的保密性和较高的抵御重放攻击的准确性。
关键词(KeyWords): 配电终端;可信计算;三级认证;椭圆曲线;时间戳校验
基金项目(Foundation): 国家863高技术研究发展计划(2012AA050803);; 国家电网总部科技项目(提高配电网故障处理能力的关键技术研究与开发)~~
作者(Author): 孙辰;刘东;凌万水;陆一鸣;
Email:
DOI: 10.13335/j.1000-3673.pst.2014.03.029
参考文献(References):
- [1]郭创新,陆海波,俞斌,等.电力二次系统安全风险评估研究综述[J].电网技术,2013,37(1):112-118.Guo Chuangxin,Lu Haibo,Yu Bin,et al.A survey of research on security risk assessment of secondary system[J].Power System Technology,2013,37(1):112-118(in Chinese).
- [2]胡炎,谢小荣,辛耀中.一种定量化的电力信息系统安全体系设计方法[J].电网技术,2006,30(2):7-13.Hu Yan,Xie Xiaorong,Xin Yaozhong.A quantitative security architecture design method for power information system[J].Power System Technology,2006,30(2):7-13(in Chinese).
- [3]冯小安,祁兵.电力信息系统安全体系的构建[J].电网技术,2008,32(S1):77-80.Feng Xiaoan,Qi Bing.Security architecture construction for power information systems[J].Power System Technology,2008,32(S1):77-80(in Chinese).
- [4]刘莉莉,段斌,李晶,等.基于IEC61850的风电场SCADA系统安全访问控制模型设计[J].电网技术,2008,32(1):76-81.Liu Lili,Duan Bin,Li Jing,et al.Design of IEC 61850 based secure access control model of SCADA system for wind power farm[J].Power System Technology,2008,32(1):76-81(in Chinese).
- [5]段斌,林媛源,苏永新,等.改进传输层安全协议在提高风电场数据通信安全中的应用[J].电网技术,2009,33(17):49-55.Duan Bin,Lin Yuanyuan,Su Yongxin,et al.Application of improved transport layer security protocol in enhancing data communication security of wind farm[J].Power System Technology,2009,33(17):49-55(in Chinese).
- [6]路保辉,马永红.智能电网AMI通信系统及其数据安全策略研究[J].电网技术,2013,37(8):2244-2249.Lu Baohui,Ma Yonghong.Research on communication system of advanced metering infrastructure for smart grid and its data security measures[J].Power System Technology,2013,37(8):2244-2249(in Chinese).
- [7]冯小安,解鸿斌,刘艳平.基于模糊综合评判法的电力网络信息系统安全评估[J].电网技术,2008,32(23):40-43.Feng Xiao’an,Xie Hongbin,Liu Yanping.Security evaluation of power network information systems based on fuzzy comprehensive judgement[J].Power System Technology,2008,32(23):40-43(in Chinese).
- [8]杨贤,冯加辉,李朝晖,等.智能电站控制-维护-管理系统集成中的安全隔离技术[J].电网技术,2012,36(7):269-274.Yang Xian,Feng Jiahui,Li Zhaohui,et al.Security isolation technology for integration of control-maintenance-management system in intelligent power plant[J].Power System Technology,2012,36(7):269-274(in Chinese).
- [9]Trusted Computing Group.TCG specification architecture overview,version 1.2[EB/OL].2011-01-25[2013].http://www.trustedcomputing group.org.
- [10]Pearson S.Trusted computing platform-the next security solution[J].ACM,2002,2(9):31-35.
- [11]伍军,段斌,黄生龙.基于可信计算方法的变电站自动化远程通信设计[J].电力系统自动化,2005,29(24):60-64.Wu Jun,Duan Bin,Huang Shenglong.Design of remote communication in substation automation based on trusted computing method[J].Automation of Electric Power Systems,2005,29(24):60-64(in Chinese).
- [12]童晓阳.基于可信计算的广域保护与变电站通信安全防御策略[J].电力系统自动化,2011,35(20):53-58.Tong Xiaoyang.Proactive defense strategies for wide-area protection and substation communication based on trusted computing[J].Automation of Electric Power Systems,2011,35(20):53-58(in Chinese).
- [13]冯登国,秦宇,汪丹,等.可信计算技术研究[J].计算机研究与发展,2011,48(8):1332-1349.Feng Dengguo,Qin Yu,Wang Dan,et al.Research on trusted computing technology[J].Journal of Computer Research and Development,2011,48(8):1332-1349(in Chinese).
- [14]Trusted Computing Group.TPM main specification,version 1.2[EB/OL].2011-01-25[2013].http://www.trustedcomputinggroup.org.
- [15]刘孜文.基于可信计算的安全操作系统研究[D].合肥:中国科学技术大学,2010.
- [16]刘威鹏,胡俊,方艳湘,等.基于可信计算的终端安全体系结构研究与进展[J].计算机科学,2007,34(10):257-263.Liu Weipeng,Hu Jun,Fang Yanxiang,et al.Research and development on the secure architecture of terminal based on trusted computing[J].Computer Science,2007,34(10):257-263(in Chinese).
- [17]韩国政,徐丙垠.基于IEC61850的高级配电自动化开放式通信体系[J].电网技术,2011,35(4):183-186.Han Guozheng,Xu Bingyin.IEC 61850-based open communication system of advanced distribution automation[J].Power System Technology,2011,35(4):183-186(in Chinese).
- [18]李德庆.椭圆曲线密码体制的研究与实现[D].西安:西安电子科技大学,2008.
- [19]丁勇.椭圆曲线密码快速算法理论[M].北京:人民邮电出版社,2012:21-50.
- [20]Trusted Computing Group.Trusted network connect specification[EB/OL].2005-03-13[2013].http://www.trustedcomputinggroup.org/groups/network.
- [21]Goldman K,Perez R,Sailer R.Linking remote attestation to secure tunnel endpoints[C]//Proceedings of the 2006 ACM Workshop on Scalable Trusted Computing.New York:ACM,2006:21-24.
- [22]Network access for IEC 60870-5-101 using standard transport profiles,part 5-104:transmission protocol,telecontrol equipment and systems[S].2000.
- [23]陈书义,闻英友,赵宏.基于模糊集合的可信计算信任模型评估[J].计算机科学,2008,35(11):39-41.Chen Shuyi,Wen Yingyou,Zhao Hong.Trust evaluation of trusted computing models based on fuzzy set[J].Computer Science,2008,35(11):39-41(in Chinese).
- [24]Dieter Gollmann.Valuation of trust in open networks[C]//The Third European Symposium on Research in Computer Security,1994.Brighton,UK,1994:3-18.
- [25]陈玮.基于可信度的RBAC模型及应用研究[D].南京:南京信息工程大学,2008.