钱斌;蔡梓文;肖勇;张恒;彭曙蓉;苏盛;曹一家;

• 1:南方电网科学研究院有限公司
• 2:智能电网运行与控制湖南省重点实验室(长沙理工大学)

摘要(Abstract)：

传统上,电力系统网络安全防护主要依赖基于安全边界的纵深防护体系,对其他形态网络攻击考虑不足。分散分布的电力监控系统高度依赖时间同步系统进行电网的监视与保护控制,卫星时间同步攻击可诱骗时间同步装置输出错误的时钟同步信号,造成时间紊乱,并通过电力监控系统工作机制造成攻击破坏后果。分析了电力系统时间同步的机制与时间同步欺骗攻击原理,结合典型电力监控系统工作机制,分析了时间同步攻击的危害模式和破坏后果,总结了应用各种检测技术检测和防护时间同步攻击的有效性,最后结合最新时间同步装置技术规范和不同电力监控系统对时间偏差的容许范围,分析了新规范对不同类型电力监控系统时间同步攻击防护的有效性。

关键词(KeyWords)： 电力系统;时间同步攻击;网络攻击;攻击检测

Abstract:

Keywords:

基金项目(Foundation): 国家自然科学基金项目(51777015);; 国家重点研发计划项目(2018YFB0904903);; 南方电网科技项目(ZNKJXM20170085)~~

作者(Author): 钱斌;蔡梓文;肖勇;张恒;彭曙蓉;苏盛;曹一家;

Email:

DOI: 10.13335/j.1000-3673.pst.2019.1232

参考文献(References)：

• [1]张道农，于跃海．电力系统时间同步技术[M]．北京：中国电力出版社，2017.
• [2]赵廷，李泽文，邹彬，等．卫星时钟与网络时钟互备的广域时间同步方法[J]．电力系统自动化，2017,41(14):202-207.Zhao Ting,Li Zewen,Zou Bin,et al.Wide-area time synchronization method for mutual preparation of satellite clock and network clock[J].Automation of Electric Power Systems,2017,41(14):202-207(in Chinese).
• [3]黄龙，龚航，朱祥维，等．针对GNSS授时接收机的转发式欺骗干扰技术研究[J]．国防科技大学学报，2013,35(4):93-96.Huang Long, Gong Hang, Zhu Xiangwei, et al. Research of re-radiating spoofing technique to GNSS timing receiver[J].Journal of National University of Defense Technology,2013,35(4):93-96(in Chinese).
• [4]苏盛，吴长江，马钧，等．基于攻击方视角的电力CPS网络攻击模式分析[J]．电网技术，2014,38(11):3115-3120.Su Sheng,Wu Changjiang,Ma Jun,et al.Attacker’s perspective based analysis on cyber-attack mode to cyber-physical system[J].Power System Technology,2014,38(11):3115-3120(in Chinese).
• [5]李田，苏盛，杨洪明，等．电力信息物理系统的攻击行为与安全防护[J]．电力系统自动化，2017,41(22):162-167.Li Tian,Su Sheng,Yang Hongming,et al.Attacks and cyber security defense in cyber-physical power system[J].Automation of Electric Power Systems,2017,41(22):162-167(in Chinese).
• [6] Huang Lin,Yang Qing.Low cost GPS simulator:GPS spoofing by SDR[C]//2015 DEF CON 23.Paris&Bally's in Las Vegas:DEF CON Communications,2015.
• [7] Andrew J Kerns,Daniel P Shepard,Jahshan A Bhatti,et al.Unmanned aircraft capture and control via GPS spoofing[J].Journal of Field Robotics,2014,31(4):617-636.
• [8] Bull T.A new high performance way of detecting and mitigating the jamming meaconing and spoofing of commercial GNSS signals[C]//2010 5th ESA Workshop on Satellite Navigation Technologies and European Workshop on GNSS Signals and Signal Processing(NAVITEC).Noordwijk:IEEE,2010.
• [9]王莹．复杂环境下GPS信号模拟源算法研究[D]．南京：南京航空航天大学，2012.
• [10] Pozzobon O,Canzian L,Danieletto M,et al.Anti-spoofing and open GNSS signal authentication with signal authentication sequences[C]//2010 IEEE Workshop on Satellite Navigation Technologies&European Workshop on Gnss Signals&Signal Processing.Noordwijk,Netherlands:IEEE,2010.
• [11] Wesson K,Rothlisberger M,Humphreys T.Practical cryptographic civil GPS signal authentication[J].Navigation,2012,59(3):177-193.
• [12] Humphreys T E. Detection strategy for cryptographic GNSS antispoofing[J]. IEEE Transactions on Aerospace and Electronic Systems,2013,49(2):1073-1090.
• [13]盛莹，李宏宇，周述勇，等．GPS生成式欺骗干扰方法研究[J]．国外电子测量技术，2018,37(8):39-43.Shengying,Li Hongyu,Zhou Shuyong,et al.Research on GPS generated deception jamming method[J]. Foreign Electronic Measurement Technology,2018,37(8):39-43(in Chinese).
• [14]王松林，张树春，叶强，等．一种采用改进自调零技术的误差放大器设计[J]．复旦学报(自然科学版)，2010,49(6):667-673.Wang Songlin,Zhang Shuchun,Ye Qiang,et al.An error amplifier with improved auto-zeroing technique[J]. Journal of Fudan University(Natural Science),2010,49(6):667-673(in Chinese).
• [15] Guna J,Jakus G,Poga?nik M,et al.An analysis of the precision and reliability of the leap motion sensor and its suitability for static and dynamic tracking.[J].Sensors,2014,14(2):3702-3720.
• [16]黄鑫，王永福，张道农，等．智能变电站IEC61588时间同步系统与安全评估[J]．电力系统自动化，2012,36(13):76-80.Huang Xin,Wang Yongfu,Zhang Daonong,et al.IEC 61588 time synchronization system and security evaluation for smart substations[J].Automation of Electric Power Systems,2012,36(13):76-80(in Chinese).
• [17]韩笑，宋丽群，朱冬力．配电网广域监测及故障定位信息集成方案[J]．电力系统自动化，2013,37(2):97-101.Han Xiao,Song Liqun,Zhu Dongli.An information integrated scheme for distribution network wide area monitoring and fault location[J].Automation of Electric Power Systems,2013,37(2):97-101(in Chinese).
• [18]刘亮，苏盛，钱斌，等．计量自动化系统卫星时间同步攻击危害与防护[J]．南方电网技术，2020,14(1):3-9.Liu Liang,Su Sheng,Qian Bin,et al.Impact analysis and protection of satellite time synchronization attacks in advanced metering infrastructure[J].Southern Power System Technology,2020,14(1):3-9(in Chinese).
• [19] Q/GDW242-2010．输电线路状态监测装置通用技术规范[S]．北京：国家电网有限公司，2010.
• [20] So E,Arseneau R,Bennett D,et al.Computer-controlled system for calibrating high-voltage revenue metering equipment under actual operating conditions[J].IEEE Transactions on Instrumentation and Measurement,2011,60(7):2500-2505.
• [21]李正，杨靖波，韩军科，等．2008年输电线路冰灾倒塔原因分析[J]．电网技术，2009,33(2):31-35.Li Zheng,Yang Jingbo,Han Junke,et al.Analysis on transmission tower toppling caused by icing disaster in 2008[J].Power System Technology,2009,33(2):31-35(in Chinese).
• [22] Huneault M,Langheit C,Caron J.Combined models for glaze ice accretion and de-icing of current-carrying electrical conductors[J].IEEE Transactions on Power Delivery,2005,20(2):1611-1616.
• [23] Péter Z,Volat C,Farzaneh M,et al.Numerical investigations of a new thermal de-icing method for overhead conductors based on high current impulses[J]. IET Generation of Transmission and Distribution,2008,2(5):666-675.
• [24]刘春城，刘佼．输电线路导线覆冰机制及雨凇覆冰模型[J]．高电压技术，2011,37(1):241-248.Liu Chuncheng,Liu Jiao.Ice accretion mechanism and glaze loads model on wires of power transmission lines[J]. High Voltage Engineering,2011,37(1):241-248(in Chinese).
• [25] Huang S,Lu C,Lo Y.Evaluation of AMI and SCADA data synergy for distribution feeder modeling[J].IEEE Transactions on Smart Grid,2015,6(4):1639-1647.
• [26] Luan Wenpeng,Duncan Sharp.Data traffic analysis of utility smart metering network[C]//IEEE Power&Energy Society General Meeting.Vancouver:IEEE,2013.
• [27] T/CEC 122.1—2016．电、水、气、热能源计量管理系统[S]．北京：中国电力企业联合会，2016.
• [28]秦晓辉，毕天姝，杨奇逊．基于广域同步量测的电力系统扰动识别与定位方法[J]．电网技术，2009,33(12):35-41.Qin Xiaohui,Bi Tianshu,Yang Qixun.WAMS based power system disturbance identification and location approach[J].Power System Technology,2009,33(12):35-41(in Chinese).
• [29]段刚，严亚勤，谢晓冬，等．广域相量测量技术发展现状与展望[J]．电力系统自动化．2015,39(1):73-80.Duan Gang,Yan Yaqin,Xie Xiaodong,et al.Development status quo and tendency of wide area phasor measuring technology[J].Automation of Electric Power Systems,2015,39(1):73-80(in Chinese).
• [30]吴为，汤涌，孙华东，等．基于广域量测信息的电力系统暂态稳定研究综述[J]．电网技术，2012,36(9):81-87.Wu Wei,Tang Yong,Sun Huadong,et al.A survey on research of power system transient stability based on wide area measurement information[J].Power System Technology,2012,36(9):81-87(in Chinese).
• [31]秦晓辉，毕天姝，杨奇逊．基于WAMS的电力系统机电暂态过程动态状态估计[J]．中国电机工程学报，2008,28(7):19-25.Qin Xiaohui,Bi Tianshu,Yang Qixun.Dynamic state estimation based on WAMS during power system transient process[J].Proceedings of CSEE,2008,28(7):19-25(in Chinese).
• [32]王茂海，高洵，王蓓，等．基于广域测量系统的次同步振荡在线监测预警方法[J]．电力系统自动化，2011,35(6):98-102.Wang Maohai,Gao Xun,Wang Bei,et al.Online early-warning of sub-synchronous oscillation based on wide area measurement[J].Automation of Electric Power Systems,2011,35(6):98-102(in Chinese).
• [33]江全元，邹振宇，曹一家，等．考虑时滞影响的电力系统稳定分析和广域控制研究进展[J]．电力系统自动化，2005,29(3):1-7.Jiang Quanyuan,Zou Zhenyu,Cao Yijia,et al.Overview of power system stability analysis and wide area control in consideration of time delay[J].Automation of Electric Power Systems,2005,29(3):1-7(in Chinese).
• [34]宋洪磊，吴俊勇．基于广域量测信息的电力系统主动解列控制研究综述[J]．电网技术，2013,37(12):3467-3474.Song Honglei, Wu Junyong. A summarization of research on wide-area measurement information based power system controlled Islanding[J].Power System Technology,2013,37(12):3467-3474(in Chinese).
• [35]丁军策，蔡泽祥，王克英．基于广域测量系统的状态估计研究综述[J]．电力系统自动化，2006,30(7):98-103.Ding Junce,Cai Zexiang,Wang Keying.An overview of state estimation based on wide-area measurement system[J].Automation of Electric Power Systems,2006,30(7):98-103(in Chinese).
• [36] C37.118.1—2011.IEEE Standard for Synchrophasor Measurements for Power Systems[S].USA:IEEE,2011.
• [37] Risbud P,Gatsis N,Taha A.Assessing power system state estimation accuracy with GPS-spoofed PMU measurements[C]//2016 IEEE Power&Energy Society Innovative Smart Grid Technologies Conference(ISGT).Minneapolis,MN:IEEE,2016.
• [38] Charalambos Konstantinou,Marios Sazos,Ahmed S Musleh,et al.GPS spoofing effect on phase angle monitoring and control in a real-time digital simulator-based hardware-in-the-loop environment[J]. IET Cyber-Physical Systems:Theory&Applications,2017,2(4):180-187.
• [39]李泽文，花欢欢，邓丰，等．基于广域行波信息的行波保护[J]．中国电机工程学报，2014,34(34):6238-6245.Li Zewen,Hua Huanhuan,Deng Feng,et al.Traveling wave protection based on wide area travelling wave information[J].Proceedings of the CSEE,2014,34(34):6238-6245(in Chinese).
• [40] Almas M S, Vanfretti L, Singh R S, et al. Vulnerability of synchrophasor-based WAMPAC applications to time synchronization spoofing[C]//2018 IEEE Power&Energy Society General Meeting.Portland,OR,USA:IEEE,2018.
• [41]李文飞．雷电定位系统在输电线路故障点巡查的应用[J]．低碳世界，2016,6(18):41-42.Li Wenfei.Application of lightning location system in fault point inspection of transmission lines[J].Low-carbon World,2016,6(18):41-42(in Chinese).
• [42] Shao X M,Stanley M,Regan A,et al.Total lightning observations with the new and improved los alamos steric array[J].Journal of Atmospheric Oceanic Technology,2006,23(10):1273-1288.
• [43]陈家宏，张勤，冯万兴，等．中国电网雷电定位系统与雷电监测网[J]．高电压技术，2008,34(3):425-431.Chen Jiahong,Zhang Qin,Feng Wanxing,et al.Lightning location system and lightning detection network of China power grid[J].High Voltage Engineering,2008,34(3):425-431(in Chinese).
• [44]陈家宏，赵淳，谷山强，等．我国电网雷电监测与防护技术现状及发展趋势[J]．高电压技术，2016,42(11):3361-3375.Chen Jiahong,Zhao Chun,Gu Shanqiang,et al.Current status and development trend of lightning monitoring and protection technology in China’s power grid[J].High Voltage Engineering,2016,42(11):3361-3375(in Chinese).
• [45]王昊昊，罗建裕，徐泰山，等．中国电网自然灾害防御技术现状调查与分析[J]．电力系统自动化，2010,34(23):5-10.Wang Haohao,Luo Jianyu,Xu Taishan,et al.Investigation and analysis of natural disaster prevention technology situation in China power grid[J].Automation of Electric Power Systems,2010,34(23):5-10(in Chinese).
• [46] Kenneth L,Murphy M J.An overview of lightning locating systems:history,techniques,and data uses,with an in-depth look at the US NLDN[J].IEEE Transactions on Electromagnetic Compatibility,2009,51(3):499-518.
• [47] Guo Juntian,Gu Shanqiang,Feng Wanxing.A lightning motion prediction technology based on spatial clustering method[C]//2011 7th Asia-Pacific International Conference on Lightning.Chengdu,China:IEEE,2011.
• [48]蔡力，王建国，章涛，等．基于到达时差法的雷电定位系统2维定位误差分析[J]．高电压技术，2014,40(3):721-726.Cai Li,Wang Jianguo,Zhang Tao,et al.2-dimensional positioning error analysis of lightning location system based on arrival time difference method[J].High Voltage Engineering,2014,40(3):721-726(in Chinese).
• [49]陆国俊，熊俊，陈家宏，等．广州地域1999—2008年地闪密度图及雷电参数分析[J]．高电压技术，2009,35(12):2930-2936.Lu Guojun,Xiong Jun,Chen Jiahong,et al.Analysis of ground flash destiny and lightning parameters of Guangzhou in 1999-2008[J].High Voltage Engineering,2009,35(12):2930-2936(in Chinese).
• [50]罗毅，王剑，刘亚新，等．雷电定位监测系统在输电线路防雷中的应用[J]．电网技术，2009,33(20):173-176.Luo Yi,Wang Jian,Liu Yaxin,et al.Application of lightning location and monitoring system in prevention of lightning faults of transmission line[J].Power System Technology,2009,33(20):173-176(in Chinese).
• [51] Fan Xiaoyuan,Du Liang,Duan Dongliang.Synchrophasor data correction under GPS spoofing attack:a state estimation based approach[J].IEEE Transactions on Smart Grid,2018,9(5):4538-4546.
• [52] Wang Yongqiang,Jo?o P Hespanha.Distributed estimation of power system oscillation modes under attacks on GPS clocks[J].IEEE Transactions on Instrumentation and Measurement,2018,67(7):1626-1637.
• [53] GB/T 26866—2011．电力系统的时间同步系统检测规范[S]．北京：中华人民共和国国家质量监督检验检疫总局，2011.
• [54] DL/T 1100.1—2009．电力系统的时间同步系统(第1部分—技术规范)[S]．北京：中华人民共和国国家能源局，2009.
• [55] GB/T 33591—2017．智能变电站时间同步系统及设备技术规范[S]．北京：中华人民共和国国家质量监督检验检疫总局，2017.
• [56] Joerger M,Stevanovic S,Khanafseh S,et al.Differential RAIM and relative RAIM for orbit ephemeris fault detection[C]//Proceedings of the 2012 IEEE/ION Position, Location and Navigation Symposium.Myrtle Beach,SC:IEEE,2012.
• [57] Yang Y,Li H,Lu M.Performance assessment of signal quality monitoring based GNSS spoofing detection techniques[C]//2015Proceedings of China Satellite Navigation Conference. Berlin Heidelberg:Springer,2015.
• [58] Wesson K D,Gross J N,Humphreys T E,et al.GNSS signal authentication via power and distortion monitoring[J]. IEEE Transactions on Aerospace and Electronic Systems,2018,54(2):739-754.
• [59] Hu Yanfeng,Cao Kejin,Bian Shaofeng,et al.GNSS spoofing detection algorithm based on clock frequency drift monitoring[J].Systems Engineering&Electronics,2015,37(7):1629-1632.
• [60] Caparra G,Sturaro S,Laurenti N,et al.Evaluating the security of one-way key chains in TESLA-based GNSS Navigation Message Authentication schemes[C]//International Conference on Localization&Gnss.Barcelona,Spain:IEEE,2016.
• [61]王宏伟，张爽娜，魏婵娟．民用导航信号电文加密技术综述[J]．现代导航，2017,8(4):243-248.Wang Hongwei,Zhang Shuangna,Wei Chanjuan.Review of civil navigation message authentication technology[J]. Modern Navigation,2017,8(4):243-248(in Chinese).
• [62]唐超，孙希延，纪元法，等．GNSS民用导航电文加密认证技术研究[J]．计算机仿真，2015,32(9):86-90.Tang Chao,Sun Xiyan,Ji Yuanfa,et al.Research on GNSS civil navigation message encryption and authentication technology[J].Computer Simulation,2015,32(9):86-90(in Chinese).
• [63]张鑫，庞晶，苏映雪，等．天线阵载波相位双差的欺骗干扰检测技术[J]．国防科技大学学报，2014,36(4):55-60.Zhang Xin,Pang Jing,Su Yingxue,et al.Spoofing detection technology for carrier phase double difference of antenna array[J].Journal of National University of Defense Technology,2014,36(4):55-60(in Chinese).
• [64]张鑫．卫星导航欺骗干扰信号检测技术综述[J]．全球定位系统，2018,43(6):1-7.Zhang Xin.Overview of satellite navigation spoofing signal detection technology[J]. Global Positioning System, 2018, 43(6):1-7(in Chinese).
• [65] Mizrahi T.A game theoretic analysis of delay attacks against time synchronization protocols[C]//2012 IEEE International Symposium on Precision Clock Synchronization for Measurement, Control and Communication Proceedings.San Francisco,CA:IEEE,2012.