电力物联网安全通信协议研究

doi:10.3969/j.issn.1671-1122.2021.09.002

摘要/Abstract

摘要：

为了全面提高电力物联网安全综合防御能力,解决目前电力物联网终端安全防护及终端认证机制的缺失和不足、电力物联网中海量终端安全接入的问题,文章提出一种基于标识密码公钥体制的安全通信协议。该协议以设备指纹和SM9算法为基础,使用终端唯一识别标记代替传统的数字证书完成终端身份认证,并将其应用到电力物联网终端的数据加密传输中,最后对该协议进行安全性分析,并与传统电力通信接入网的安全接入协议进行对比。结果表明,文章所提协议能有效防范各类网络攻击,节省计算和网络资源,有效解决海量电力物联网终端的安全接入问题。

关键词: 电力物联网, SM9, 身份认证, 安全接入, 密钥协商

Abstract:

In order to comprehensively improve the security comprehensive defense capability of power Internet of Things (IoT) and solve the lack of security protection, terminal authentication mechanism of power IoT terminal, this paper proposed a secure communication protocol based on IBC (Identity-based Cryptography) system based on the fingerprint and SM9 algorithm, the terminal identity authentication was completed by using the terminal unique identification mark instead of the traditional digital certificate. It was applied to the data encryption transmission of the power IoT terminal. Finally, the security analysis of the protocol was carried out, and the comparison was made with the traditional power communication access protocol. The results show that the protocol can effectively prevent various network attacks, save computing and network resources, and effectively solve the security access problems of mass power IoT terminals.

Key words: power Internet of Things, SM9, identity authentication, secure access, key agreement

中图分类号:

TP309

吴克河, 程瑞, 郑碧煌, 崔文超. 电力物联网安全通信协议研究[J]. 信息网络安全, 2021, 21(9): 8-15.

WU Kehe, CHENG Rui, ZHENG Bihuang, CUI Wenchao. Research on Security Communication Protocol of Power Internet of Things[J]. Netinfo Security, 2021, 21(9): 8-15.

图/表 10

图1

图2

图3

表1

表2

表3

表4

图4

图5

图6

参考文献 16

[1]	State Grid Corporation of China. Ubiquitous Electricity Internet of Things White Paper 2019[EB/OL]. http://www.lianmenhu.com/blockchain-14145-1,2019-10-16.
	中国人民共和国国家电网有限公司. 泛在电力物联网白皮书2019[EB/OL]. http://www.lianmenhu.com/blockchain-14145-1,2019-10-16.
[2]	ZHAO Mengmeng, TANG Pingzhou, SUN Kun. Development and Prospect of Ubiquitous Power Internet of Things[J]. Journal of North China Electric Power University, 2020, 47(5): 63-74.
	赵萌萌, 唐平舟, 孙堃. 泛在电力物联网发展与展望[J]. 华北电力大学学报, 2020, 47(5): 63-74.
[3]	LIU Lin, QI Bing, LI Shan. Demand and Development Trend of Power Communication Network for New Business of Power Internet of Things[J]. Power Grid Technology, 2020, 44(8): 3114-3128.
	刘林, 祁兵, 李姗. 面向电力物联网新业务的电力通信网需求及发展趋势[J]. 电网技术, 2020, 44(8): 3114-3128.
[4]	WANG Siqi. Research on Smart Grid Monitoring System Based on Internet of Things[J]. Chinese Journal of Power Sources, 2018, 42(1): 125-127.
	王思齐. 基于物联网的智能电网监控系统研究[J]. 电源技术, 2018, 42(1): 125-127.
[5]	CHEN Xin, JIANG Yizhe, WANG Xue, et al. Research on the Development of Energy Internet from the Internet Perspective[J]. China Power, 2018, 51(8): 43-48.
	陈昕, 姜怡喆, 王雪, 等. 互联网视角下的能源互联网发展研究[J]. 中国电力, 2018, 51(8): 43-48.
[6]	ZHOU Feng, ZHOU Hui, DIAO Yinglong. Thoughts on the Development of Key Technologies for Intelligent Perception in Ubiquitous Electricity Internet of Things[J]. Chinese Journal Electrical Engineering, 2020, 40(1): 70-82.
	周峰, 周晖, 刁赢龙. 泛在电力物联网智能感知关键技术发展思路[J]. 中国电机工程学报, 2020, 40(1): 70-82.
[7]	SHEN Bo, CAI Zexiang, DAI Guanquan, et al. Communication Analysis of Intelligent Power Distribution Information Collection Service for Ubiquitous Power IoT[J]. Electric Power Construction, 2019, 40(9): 27-34.
	沈博, 蔡泽祥, 戴观权, 等. 面向泛在电力物联网的智能配用电信息采集业务通信分析[J]. 电力建设, 2019, 40(9): 27-34.
[8]	YANG Ting, ZHAI Feng, ZHAO Yingjie, et al. Definition and Research Prospect of Ubiquitous Electricity Internet of Things[J]. Automation of Electric Power Systems, 2019, 43(13): 9-20.
	杨挺, 翟峰, 赵英杰, 等. 泛在电力物联网释义与研究展望[J]. 电力系统自动化, 2019, 43(13): 9-20.
[9]	KIMANI K, ODUOL V, LANGAT K. Cyber Security Challenges for IoT-based Smart Grid Networks[J]. International Journal of Critical Infrastructure Protection, 2019, 25(6): 36-49. doi: 10.1016/j.ijcip.2019.01.001 URL
[10]	SHRESTHA M, JOHANSEN C, NOLL J, et al. A Methodology for Security Classification Applied to Smart Grid Infrastructures[J]. International Journal of Critical Infrastructure Protection, 2020, 28(3): 1-19.
[11]	Q/GDW11118-2013 Specification for Information Security Access of Voltage Monitoringdevices Based on Wireless APN Virtual Private Network[S]. Beijing: China National Standard Press, 2014.
	Q/GDW11118-2013 基于无线APN虚拟专网的电压监测装置信息安全接入规范[S]. 北京: 中国标准出版社, 2014.
[12]	LIN Nan, CHEN Zuosong, ZUO Liming, et al. Security Analysis and Improvement of Access Protocol of Power Grid Voltage Monitoring Device[J]. Computer Engineering and Design, 2019, 40(11): 3085-3089.
	林楠, 陈祚松, 左黎明, 等. 电网电压监测装置接入协议安全分析与改进[J]. 计算机工程与设计, 2019, 40(11): 3085-3089.
[13]	LUO Zhao, XIE Jihua, GU Wei, et al. Development of Power Grid Information Security Support Platform Based on SM2 Cryptosystem[J]. Automation of Electric Power Systems, 2014, 38(6): 68-74.
	骆钊, 谢吉华, 顾伟, 等. 基于SM2密码体系的电网信息安全支撑平台开发[J]. 电力系统自动化, 2014, 38(6): 68-74.
[14]	LI Wei, LI Rui, WU Kehe, et al. Design and Implementation of an SM2-based Security Authentication Scheme with the Key Agreement for Smart Grid Communications[J]. IEEE Access, 2018, 6(10): 71194-71207. doi: 10.1109/Access.6287639 URL
[15]	WANG Yufeng, WU Lie, YANG Yun. Security Authentication Method of Terminal Trusted Access in Smart Grid[J]. International Journal of Security and its Applications, 2015, 9(7): 337-346.
[16]	LU Qiong, CUI Wenchao. Research on Security Monitoring and Analysis Technology of Ubiquitous Power Internet of Things Terminal Layer[J]. Information Technology, 2020, 44(2): 121-125.
	卢琼, 崔文超. 泛在电力物联网终端层安全监测分析技术研究[J]. 信息技术, 2020, 44(2): 121-125.

名称	说明
类型	密钥协商类型
子类型	密钥协商第一步
长度	数据总长度
版本号	版本号
SN	客户端随机分配的序列号
SIM卡号	SIM卡卡号
设备ID	终端唯一ID号（芯片ID）
Enc(R₁ \|\|TIME₁, ID_gw)	随机数和时间戳的密文
Sign(Hash(REQ₁), SK_client)	本端私钥签名

名称	说明
类型	密钥协商类型
子类型	密钥协商第一步
长度	数据总长度
版本号	版本号
SN+1	序列号
Enc(R₂ \|\|TIME₂, ID_client)	对端ID加密随机数和时间戳
Sign(SM3(REQ₂), SK_gw)	本端私钥签名

名称	说明
类型	密钥协商类型
子类型	密钥协商第一步
长度	数据总长度
版本号	版本号
SN+2	序列号
TIME₃	本地时间戳
SM3(R₁^R₂)	哈希值

名称	说明
类型	密文通信
子类型	无
长度	总长度
IV	随机IV
TIME	当前时间戳
密文数据	加密报文
签名值	对报文进行哈希运算之后的签名值