|
|
|
| Research of substation communication security system based on dynamic negotiation of security policy |
| XU Guanghui1,2, GAO Shihang1,2, MA Yulong1,2, TENG Chuntao1,2, LIU Ruhua1,2 |
1. NARI Technology Co., Ltd, Nanjing 211106;
2. NARI Group Corporation, Nanjing 211106 |
|
|
|
|
Abstract In view of the inadequate response of single fixed encryption and decryption algorithm in substations to third-party interceptions and brute-force attacks, this paper analyzes the characteristics of substation network and proposes a secure system scheme with dynamic negotiation of security policy. First, a unified security policy library is established, which is managed through certificate authority and secret key agent, and a subset of the policy library matching with each device is made. In the communication progress, the security policy that adapt to the communication devices is dynamically selected, the device characteristics information is added to the secret key data in the distribution process, and a time-effective management is performed. This mechanism can realize the adaptive select of the security policy, and improve the ability to cope with third-party interception and brute-force cracking. Through the design of a test platform, it is confirmed that the policy dynamic update mechanism does not affect the normal operation of the key functions of the equipments, and has a slight impact on the real-time communication of the equipment.
|
|
Received: 25 January 2024
|
|
|
|
| Cite this article: |
|
XU Guanghui,GAO Shihang,MA Yulong等. Research of substation communication security system based on dynamic negotiation of security policy[J]. Electrical Engineering, 2024, 25(7): 32-38.
|
|
|
|
| URL: |
|
http://dqjs.cesmedia.cn/EN/Y2024/V25/I7/32
|
[1] 童晓阳, 王晓茹. 乌克兰停电事件引起的网络攻击与电网信息安全防范思考[J]. 电力系统自动化, 2016, 40(7): 144-148.
[2] 周泽元, 班秋成, 陶佳冶. 电力系统信息安全的重要性及防护探微[J]. 网络安全技术与应用, 2021(4): 151-152.
[3] 张沛超, 高翔. 智能变电站[J]. 电气技术, 2010, 11(8): 4-10.
[4] 郑玉平. 变电站自动化技术与应用[M]. 北京: 中国电力出版社, 2020.
[5] 张浩然, 贾帅锋, 赵冠华, 等. 直流控制保护系统网络安全分析与对策[J]. 电气技术, 2020, 21(1): 110-112.
[6] 郑洁. 智能变电站网络可靠性和信息安全的研究[J]. 电气技术, 2015, 16(11): 118-121.
[7] 兰天, 吉庆兵, 于飞, 等. 基于GPU的MD5破解技术研究与实现[J]. 通信技术, 2013, 46(12): 62-65.
[8] 杜之波, 吴震, 王敏, 等. 基于SM3的动态令牌的能量分析攻击方法[J]. 通信学报, 2017, 38(3): 65-72.
[9] 周平, 王韬, 张帆, 等. SM2签名算法flush-reload cache计时攻击[J]. 华中科技大学学报(自然科学版), 2018, 46(3): 24-29.
[10] 王保义, 王民安, 张少敏. 一种基于GCM的智能变电站报文安全传输方法[J]. 电力系统自动化, 2013, 37(3): 87-92.
[11] 沈雯婷, 张惠刚, 李忠安. 智能变电站GOOSE报文数字签名实现[J]. 南京工程学院学报(自然科学版), 2019, 17(3): 38-44.
[12] 王智东, 王钢, 许志恒, 等. 结合域含义的GOOSE报文加解密方法[J]. 华南理工大学学报(自然科学版), 2016, 44(4): 63-70.
[13] 陈清, 谢吉华, 方芳, 等. 基于GOOSE报文特征的电力通信安全优化研究[J]. 电工技术, 2018(11): 1-3.
[14] 孙树才, 朱陈鹏. 基于第三方验证的变电站命令交互方法的研究[J]. 电气技术, 2018, 19(11): 115-118.
[15] 李跃鹏, 康婧婧, 张健, 等. 链式可信启动在高压直流输电控制保护主机中的应用[J]. 电气技术, 2023, 24(11): 71-75.
[16] 陶士全, 王自成, 李广华, 等. 基于IEC 62351的安全通信对站控层通信性能的影响[J]. 电力系统自动化, 2018, 42(23): 155-158.
[17] 胡洋, 任振兴, 滕国山, 等. 一种基于IEC 62351的变电站远动通信混合加密算法[J]. 电力信息与通信技术, 2018, 16(5): 24-29. |
|
|
|
2024, Vol. 25 
