陶文伟,王景,曹扬,苏扬,江泽铭,庞晓健,易思瑶
TAO Wenwei,WANG Jing,CAO Yang,SU Yang,JIANG Zeming,PANG Xiaojian,YI Siyao

• 1:中国南方电网有限责任公司
• 2:北京科东电力控制系统有限责任公司

摘要(Abstract)：

新型电力系统采用“物理分布、逻辑统一”的全新体系架构重构了电网调控支撑体系。在新架构下，人机云终端（以下简称“云终端”）实现了本地、异地无差别浏览功能，但同时也面临了新的安全挑战。首先，对新架构和人机访问过程进行分析，指出其存在的安全问题。然后，提出了一种基于硬件指纹对云终端进行设备统一安全认证的方法；结合电力调度数字证书和生物特征识别技术，对用户进行多因子身份认证；对服务进行启动认证和服务调用验证，并对服务通信数据进行加密传输，保证服务启动和访问安全。最后，对服务认证加密的性能进行测试，并给出针对不同服务请求大小的认证加密策略；测试结果表明，通过对云终端、用户身份、服务的认证及通信数据加密，实现了人机访问的全链路安全。
With the adoption of a novel system architecture characterized by “physical distribution and logical unity” in new-type power systems, the support system for power grid scheduling is reconstructed. Under the new architecture, the human-machine cloud terminal(hereinafter referred to as “cloud terminal”) can realize local and remote undifferentiated browsing. However, the cloud terminal is also faced with new security challenges. First, the new architecture and the human-machine access process are analyzed, and the security problems are pointed out.Then, a unified security authentication method is proposed based on hardware fingerprint to authenticate humanmachine cloud terminal is proposed. By use of digital certificates for power scheduling and biometric identification technology, multi-factor user identity authentication is performed. Startup authentication and service invocation verification are carried out, and encrypted transmission of service communication data is made possible to ensure service startup and access security. The service communication data is encrypted and transmitted to ensure the security of service startup and access. Finally, the performance of service authentication and encryption is tested, and the authentication and encryption strategies for different service request sizes are proposed. The test results show that the whole link security of human-machine access is guaranteed through the authentication of the cloud terminal, user identity, service, and communication data encryption.

关键词(KeyWords)： 设备认证;生物特征识别;数字证书;服务认证;数据加密
device authentication;biometric identification;digital certificate;service authentication;data encryption

Abstract:

Keywords:

基金项目(Foundation): 中国南方电网有限责任公司科技项目（ZDKJXM20200057）

作者(Author): 陶文伟,王景,曹扬,苏扬,江泽铭,庞晓健,易思瑶
TAO Wenwei,WANG Jing,CAO Yang,SU Yang,JIANG Zeming,PANG Xiaojian,YI Siyao

DOI: 10.19585/j.zjdl.202308002

参考文献(References)：

• [1]辛耀中，石俊杰，周京阳，等.智能电网调度控制系统现状与技术展望[J].电力系统自动化，2015,39(1):2-8.XIN Yaozhong,SHI Junjie,ZHOU Jingyang,et al.Technology development trends of smart grid dispatching and control systems[J]. Automation of Electric Power Systems,2015,39(1):2-8.
• [2]黄健，陈一丰，马翔，董树锋，等.一种基于马尔可夫链与两点估计法的电网调度操作风险评估方法[J].电力电容器与无功补偿，2022,43(1):127-133.HUANG Jian,CHEN Yifeng,MA Xiang,et al.Risk assessment method for power grid dispatching operation based on markov chain and two-point estimation method[J]. Power Capacitor&Reactive Power Compensation,2022,43(1):127-133.
• [3]张敏，徐春雷，张琦兵，等.基于微服务架构的变电站自动化装置远程运维技术[J].电力工程技术，2022,41(4):177-182.ZHANG Min,XU Chunlei,ZHANG Qibing,et al.emote operation and maintenance technology of substation automation device based on micro-services architecture[J].R emote operation and maintenance technology of substation automation device based on micro-services architecture,2022,41(4):177-182.
• [4]彭小圣，邓迪元，程时杰，等.面向智能电网应用的电力大数据关键技术[J].中国电机工程学报，2015,35(3):503-511.PENG Xiaosheng,DENG Diyuan,CHENG Shijie,et al.Key technologies of electric power big data and its application prospects in smart grid[J].Proceedings of the CSEE,2015,35(3):503-511.
• [5]翟明玉，许洪强，彭晖，等.新一代调控系统分析决策中心业务多活框架与技术[J].电力系统自动化，2019,43(22)110-115.ZHAI Mingyu,XU Hongqiang,PENG Hui,et al.Framework and technologies of multi-active service in analysis and decision-making centers of new generation dispatching and control system[J].Automation of Electric Power Systems,2019,43(22):110-115.
• [6]闪鑫，陆晓，翟明玉，等.人工智能应用于电网调控的关键技术分析[J].电力系统自动化，2019,43(1):49-57.SHAN Xin,LU Xiao,ZHAI Mingyu,et al. Analysis of key technologies for artificial intelligence applied to power grid dispatch and control[J]. Automation of Electric Power Systems,2019,43(1):49-57.
• [7]郭琦，卢远宏.新型电力系统的建模仿真关键技术及展望[J].电力系统自动化，2022,46(10):18-32.GUO Qi,LU Yuanhong. Key technologies and prospects of modeling and simulation of new power system[J].Automation of Electric Power Systems,2022,46(10):18-32.
• [8]刘永辉，张显，孙鸿雁，等.能源互联网背景下电力市场大数据应用探讨[J].电力系统自动化，2021,45(11):1-10.LIU Yonghui,ZHANG Xian,SUN Hongyan,et al.Discussion on application of big data in electricity market in background of energy internet[J]. Automation of Electric Power Systems,2021,45(11):1-10.
• [9]赵天阳，张华君，徐岩，等.不确定环境下含云计算数据中心的电网韧性增强调度[J].电力系统自动化，2021,45(3):49-57.ZHAO Tianyang,ZHANG Huajun,XU Yan,et al.Resilience-enhanced scheduling of power system with cloud computing data centers under uncertainty[J].Automation of Electric Power Systems,2021,45(3):49-57.
• [10]成亮，孙茜.基于大数据的配电网风险预警管控[J].山西电力，2020(3):39-42.CHENG Liang,SUN Qian.Early risk warning and control of distribution network based on big data[J].Shanxi Electric Power,2020(3):39-42.
• [11]冯树海，姚建国，杨胜春，等.“物理分布、逻辑集中”架构下调度系统一体化分析中心总体设计[J].电力自动化设备，2015,35(12):138-144.FENG Shuhai,YAO Jianguo,YANG Shengchun,et al.Overall design of integrated analysis centre for physicallydistributed and logically-integrated dispatch system[J].Electric Power Automation Equipment,2015,35(12):138-144.
• [12]许洪强，姚建国，於益军，等.支撑一体化大电网的调度控制系统架构及关键技术[J].电力系统自动化，2018,42(6):1-8.XU Hongqiang,YAO Jianguo,YU Yijun,et al.Architecture and key technologies of dispatch and control system supporting integrated bulk power grids[J].Automation of Electric Power Systems,2018,42(6):1-8.
• [13]郭建成，南贵林，许丹，等.大电网全局监控内涵与关键技术[J].电力系统自动化，2018,42(18):1-7.GUO Jiancheng,NAN Guilin,XU Dan,et al.Connotation and key technology of global monitoring for large power grid[J].Automation of Electric Power Systems,2018,42(18):1-7.
• [14]卫鹏杰.基于电网调度信息管理系统智能化和规范化日前检修票系统的开发与应用[J].山西电力，2020(5):23-25.WEI Pengjie. Development and application of intelligent and standardized day—ahead maintenance Ticket System Based on OMS[J]. Shanxi Electric Power,2020(5):23-25.
• [15]文祥宇，李帅，刘文彬，等.面向配电网的云边端协同技术研究[J].山东电力技术，2022,49(7):8-11.WEN Xiangyu,LI Shuai,LIU Wenbin,et al.Research on cloud-edge-user collaboration technology for distribution network[J].Shandong Electric Power,2022,49(7):8-11.
• [16]刘冬兰，张昊，张方哲，等.基于安全标签的自动分级数据安全防护方案[J].山东电力技术，2021,48(12):1-10.LIU Donglan,ZHANG Hao,ZHANG Fangzhe,et al.Scheme of Automatic Classification Data Security Protection Based on Security Labels[J]. Shandong Electric Power,2021,48(12):1-10.
• [17]韩水保，汤卫东，张令涛，等.支撑大电网调控系统无差别浏览的人机云终端及关键技术[J].电网技术，2020,44(2):420-427.HAN Shuibao,TANG Weidong,ZHANG Lingtao,et al.Undifferentiated browsing human-machine cloud terminal supporting large power grid dispatching control system and its key technologies[J]. Power System Technology,2020,44(2):420-427.
• [18]许洪强，赵林，景沈艳，等.面向大电网的人机云终端设计[J].电力系统自动化，2019,43(22):130-136.XU Hongqiang,ZHAO Lin,JING Shenyan,et al.Design of human-machine cloud terminal for large-scale power grid[J].Automation of Electric Power Systems,2019,43(22):130-136.
• [19]国家市场监督管理总局，国家标准化管理委员会.信息安全技术网络安全等级保护基本要求：GB/T 22239—2019[S].北京：中国标准出版社，2019.
• [20]姚键.国产商用密码算法研究及性能分析[J].计算机应用与软件，2019,36(6):327-333.YAO Jian. Domestic commercial cryptographic algorithm and its performance analysis[J]. Computer Applications and Software,2019,36(6):327-333.
• [21]孙哲南，赫然，王亮，等.生物特征识别学科发展报告[J].中国图象图形学报，2021,26(6):1254-1329.SUN Zhenan,HE Ran,WANG Liang,et al.Overview of biometrics research[J]. Journal of Image and Graphics,2021,26(6):1254-1329.
• [22]余璀璨，李慧斌.基于深度学习的人脸识别方法综述[J].工程数学学报，2021,38(4):451-469.YU Cuican,LI Huibin.Deep learning based 2D face recognition:a survey[J].Chinese Journal of Engineering Mathematics,2021,38(4):451-469.
• [23]张迪.基于深度学习的静默式人脸活体检测[D].哈尔滨：哈尔滨工业大学，2021.ZHANG Di. Silent face detection based on deep learning[D].Harbin:Harbin Institute of Technology,2021.
• [24]吴俊青，彭长根，谭伟杰，等.FaceEncAuth：基于FaceNet和国密算法的人脸识别隐私安全方案[J].计算机工程与应用，2022,58(11):93-99.WU Junqing,PENG Changgen,TAN Weijie,et al.FaceEncAuth:face recognition privacy security scheme based on FaceNet and SM algorithms[J].Computer Engineering and Applications,2022,58(11):93-99.
• [25]梅峥，路轶，李西太，等.电网调控系统广域服务访问及管理方法[J].电力系统自动化，2017,41(19):74-81.MEI Zheng,LU Yi,LI Xitai,et al.Wide-area service access and management for power grid dispatching and control system[J]. Automation of Electric Power Systems,2017,41(19):74-81.
• [26]尚学伟，赵林，范泽龙，等.基于调度数据网的广域数据总线体系架构和关键技术[J].电力系统自动化，2018,42(11):109-114.SHANG Xuewei,ZHAO Lin,FAN Zelong,et al.Architecture and key technologies of wide-area data bus based on dispatching data network[J]. Automation of Electric Power Systems,2018,42(11):109-114.
• [27]奚宇航，黄一平，苏检德，等.基于国密算法的即时通信加密软件系统的设计与实现[J].计算机应用与软件，2020,37(6):303-308.XI Yuhang,HUANG Yiping,SU Jiande,et al.Design and implementation of instant messaging encryption software system based on national secret algorithm[J]. Computer Applications and Software,2020,37(6):303-308.
• [28]徐茹枝，郭健，李衍辉.智能电网中电力调度数字证书系统[J].中国电力，2011,44(1):37-40.XU Ruzhi,GUO Jian,LI Yanhui.Power dispatching digital certificate system in smart grid[J]. Electric Power,2011,44(1):37-40.
• [29]周虎.一种基于JWT认证token刷新机制研究[J].软件工程，2019,22(12):18-20.ZHOU Hu.Research on a refresh mechanism of authentication token based on JWT[J].Software Engineer,2019,22(12):18-20.