李露,谢映宏,李蔚凡,丁凯,李峰
LI Lu,XIE Yinghong,LI Weifan,DING Kai,LI Feng

• 1:长园深瑞继保自动化有限公司
• 2:深圳市峰泳科技有限公司

摘要(Abstract)：

为了解决开放互联环境中配电自动化终端通信安全问题，针对配电自动化终端通信系统的安全需求展开研究，设计出符合我国国情的配电自动化终端安全通信架构。该安全架构基于国密算法，在不影响通信效率的前提下，对规约进行改造设计，实现了应用层和网络层的双重加密和认证功能，并应用到配电网终端通信中。RFC（请求注解）标准和国密标准分析、安全性分析、方案比较、测试验证的结果均表明，该配电网终端通信架构具有加密和认证能力，可有效解决终端协议的脆弱性问题，降低算法复杂度并提高通信效率。
The security requirements of a terminal communication system for distribution automation are studied.Moreover, a communication security architecture for distribution automation terminal conforming to the actual situations of China is designed to solve the security problem in distribution automation terminal communication in an open interconnection environment. The security architecture is based on cryptographic algorithm standards. The protocol is modified and designed without affecting communication efficiency. The double encryption and authentication functions of the application layer and the network layer are realized and applied to the communication of the distribution network terminal. The analysis of the RFC(request for comments) standard and cryptographic algorithm standard, security analysis, scheme comparison, and test verification confirm that the communication architecture is eligible for encryption and authentication capabilities. Besides, it can overcome the vulnerability of the terminal protocols and reduce the algorithm′s complexity while improving communication efficiency.

关键词(KeyWords)： 配电网;PRS-3351;国密算法;通信技术;加密认证
distribution networks;PRS-3351;cryptographic algorithm;communication technology;encryption and authentication

Abstract:

Keywords:

基金项目(Foundation): 国家重点研发计划资助项目（2018YFB0904903）

作者(Author): 李露,谢映宏,李蔚凡,丁凯,李峰
LI Lu,XIE Yinghong,LI Weifan,DING Kai,LI Feng

DOI: 10.19585/j.zjdl.202212010

参考文献(References)：

• [1]陶耀东，李宁，曾广圣.工业控制系统安全综述[J].计算机工程与应用，2016,52(13):8-18.
• [2]俞华，穆广祺，牛津文，等.智能变电站网络安全防护应用研究[J].电力系统保护与控制，2021,49(1):115-124.
• [3]黄虹，文康珍，刘璇，等.泛在电力物联网背景下基于联盟区块链的电力交易方法[J].电力系统保护与控制，2020,48(3):22-28.
• [4]XU Y.A review of cyber security risks of power systems:from static to dynamic false data attacks[J].Protection and Control of Modern Power Systems,2020,5(19):2-10.
• [5]康文洋，汤鹏志，左黎明，等.基于NB-IOT的孤岛式微电网密钥协商协议研究[J].电力系统保护与控制，2020,48(5):119-126.
• [6]王雷，李乐为，史金伟，等.EMS与DMS间数据交互的数据传输与安全控制操作方法研究[J].电力系统保护与控制，2018,46(10):75-80.
• [7]李大虎，袁志军，黄文涛，等.电网安全风险闭环管控体系构建方法设计[J].电力系统保护与控制，2021,49(22):161-170.
• [8]冯涛，鲁晔，方君丽.工业以太网协议脆弱性与安全防护技术综述[J].通信学报，2017,38（增刊2):185-196.
• [9]张文亮，刘壮志，王明俊，等.智能电网的研究进展及发展趋势[J].电网技术，2009,33(13):1-11.
• [10]AMOAH R,CAMTEPE S,FOO E.Formal modelling and analysis of DNP3 secure authentication[J].Joumal of Network&Computer applications,2016,59:345-360.
• [11]AMOAH R,CAMTEPE S,FOO E.Securing DNP3broadcast communications in SCADA systems[J].IEEETransactions on Industrial Informatics,2016,12(4):1474-1485.
• [12]MAJDALAWICH M,PARISI-PRESICCE F,WIJESEKERA D.DNPSec:Distributed network protocol version 3 (DNP3) security framework[M].Advances in Computer,Information,and Systems Sciences,and Engineering.Dordrecht,Netherlands:[s.n.],2007.
• [13]CRAIN J A,BRATUS S.Bolt-on security extensions for industrial control system protocols:A case study of DNP3SAv5[J].IEEE Security&Privacy,2015,13(3):74-79.
• [14]IAN Y X.Real-time and interactive attacks on DNP3 critical infrastructure using Scapy[C]//Australasian Information Security Conference (ACSW-AISC).Sydney,Australasia:IEEE,2015:67-70.
• [15]JIN D,NICOL DM,YAN G.An event buffer flooding attack in DNP3 controlled SCADA systems[C]//Simulation Conference.Phoenix,USA:IEEE,2012:2614-2626.
• [16]常方圆，李二霞，亢超群，等.配电终端可信安全防护方案研究[J].计算机应用研究，2020,37（增刊2):256-259.
• [17]吴克河，程瑞，郑碧煌，等.电力物联网安全通信协议研[J].信息网络安全，2021,21(9):8-15.
• [18]国家密码管理局.SM2椭圆曲线公钥密码算法：GM/T0003-2012[S].北京：中国标准出版社，2012．
• [19]WANG X Y,YIN Y L,YU H B.Finding collisions in the full SHA-1[C]//International Association for Cryptologic Research.Santa Barbara,USA:IEEE,2005:17-36.
• [20]WANG X Y,YU H B.How to break MD5 and other hash functions[C]//International Association for Cryptologic Research,Santa Barbara,USA:IEEE,2005:19-35.
• [21]国家密码管理局.IPSec VPN技术规范：GM/T 0022-2014[S].北京：中国标准出版社，2014.
• [22]周益旻，刘方正，杜镇宇，等.IPSec VPN安全性漏洞分析及验证[J].计算机工程，2021,47(6):142-151.