CN102904721A - Signature, authentication method and device for smart substation information security control - Google Patents
Signature, authentication method and device for smart substation information security control Download PDFInfo
- Publication number
- CN102904721A CN102904721A CN2012103503944A CN201210350394A CN102904721A CN 102904721 A CN102904721 A CN 102904721A CN 2012103503944 A CN2012103503944 A CN 2012103503944A CN 201210350394 A CN201210350394 A CN 201210350394A CN 102904721 A CN102904721 A CN 102904721A
- Authority
- CN
- China
- Prior art keywords
- message
- signature
- evolution
- ring
- signing messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a signature and authentication method for information safety control of intelligent substations and a device thereof. An evolution ring signature method is used for distinguish false four-remote message in the intelligent substations, possibly-existed big potential safety hazards for controlling the intelligent substations by faking the message are overcome, and integrity and non-repudiation of network control information messaging of the intelligent substations are guaranteed. The signature and authentication method enables nodes belong to a same virtual local area network (VLAN) in the intelligent substations to be divided into a ring, the evolution ring signature method is respectively used for signature and authentication according to multimedia messaging service/generic object oriented substation event/systems view (MMS/GOOSE/SV) message, and the message is guaranteed to be free of falsifying in a transmission process of the message. The evolution ring signature method all-dimensionally guarantees the integrity and the non-repudiation in the message transmission process, and safety of information in the intelligent substations is guaranteed.
    Description
Technical field
      The present invention relates to the information security control field of intelligent substation, specifically a kind of signature for the intelligent substation information security control, authentication method and device thereof.
    Background technology
      Day by day perfect along with the intelligent substation correlation technique, intelligent substation progressively enters the extensive practical stage.Electric control system and information system application are more and more, and the standardization of communication of power system agreement is subject to " hacker " attack so that information communication is easier, and this fail safe to electric control system and data network, reliability have proposed new challenge.At present, in intelligent substation, exist three kinds of messages to have potential safety hazard, a kind of is GOOSE (Generic Object Oriented Substation Event, transformer substation case towards general object) message, a kind of is SV (Sampled Value, sampled value) message, a kind of is MMS (Manufactoring Message Specification makes message specification) message.
      Intelligent substation is adopted international standards the IEC61850 agreement as communication standard, guarantees that four distant signals transmit in network according to communication specification, and then realizes the intellectuality control of intelligent substation.This communication mechanism can satisfy the mechanism of electric substation automation system rapid message demand, and being applied to of success transmitted real-time trip signal, interval logic blocking, inspection same period etc.The digital protection testing equipment of transmission Network Based is gradual perfection also.The computer supervisory control system of transformer station's configuration one cover advanced technology and perfect in shape and function, bear that the operations staff normally controls, the function of the each side such as supervision, signal, measurement and data statistic analysis, supervisory control system adopts the IEC61850 communication standard, utilize the Fast Ethernet characteristic, realize information exchange and supervision interval connection blocking function between the protection by GOOSE (object-oriented transformer station general purpose event), with protection system unified Modeling, unified networking, share unified information platform, improve fail safe, the reliability of electrical secondary system; The stipulations conversion equipment has been saved in the application of IEC61850, has cancelled the preposition intermediate communication link that waits, and reduces operation, maintenance, maintenance workload, saves the secondary device of repetition to reach cost-effective purpose.
      In the construction and running of intelligent substation, between the reliable and stable operation of network and the IED equipment accurately communication process become the key of intelligent substation success.This just requires the intelligent substation not only can be to real-time analysis, monitoring, management and the prediction of network operation situation and IED communication between devices process, and to guarantee the accurate transmission of intelligent substation network signal, this is the urgent and necessary requirement of intelligent substation safe operation.Because the safe operation of electrical network is ensureing normal production, the orders of life of country, in case safety problem appears in intelligent substation, light then will cause the damage of visual plant in the intelligent grid, heavy then will cause great bodily injury to the normal productive life of country, its loss even is not second to a war occurs.Yet, just because of standardization transmission and the intelligent control to network signal, intelligent substation is just easier to be subject to assault, and therefore, how can the information security of intelligent substation be control effectively becomes the important subject of the countries concerned's fundamental interests of can't but go ahead.But, so far, in the intelligent substation process of construction of China, also fully do not recognize this problem.
      For the concern to national fundamental interests such as intelligent grid safety, national economy lives, the invention provides a kind of signature for the intelligent substation information security control, authentication method and device thereof, adopt the falseness four distant messages in the ring endorsement method identification intelligent transformer station of developing, solution may exist passes through the potential major safety risks that counterfeit message is controlled whole intelligent substation, guarantee integrality and non repudiation that intelligent substation network control message message sends, guarantee that message is not tampered in transmission course.Evolution ring endorsement method provided by the invention and device can comprehensively be guaranteed integrality and the non repudiation in the message transport process, guarantee the safety of intelligent substation information.
    Summary of the invention
      The invention provides a kind of signature for the intelligent substation information security control, authentication method and device thereof, adopt the falseness control message in the ring endorsement method identification intelligent transformer station of developing, solution may exist passes through the potential major safety risks that counterfeit message is controlled whole intelligent substation, guarantee integrality and non repudiation that intelligent substation network control message message sends, guarantee that message is not tampered in transmission course, guarantee the safety of intelligent substation information.
      A kind of signature apparatus for the intelligent substation information security control comprises base key evolution unit, message information collecting unit, signature user key evolution unit, signing messages writing unit, credible message checking unit;
      Described base key evolution unit is used for storage base key evolution algorithmic, and generates base key and the stochastic signature factor according to described base key evolution algorithmic;
      Described message information collecting unit is used for gathering according to different message informations respectively data acquisition system and the message time sequence status in corresponding message data district, and receives base key and the stochastic signature factor that the base sends over;
      Described signature user key evolution unit, for the base key that sends over according to the base, utilize signature user key evolution algorithmic to generate the signature user key, utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the described stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages;
      Described signing messages writing unit is for the reserved field that described evolution ring signing messages is write corresponding message;
      Described credible message checking unit is used for message is verified, with the message determining to receive credible message whether.
      A kind of endorsement method for the intelligent substation information security control is used above-mentioned signature apparatus as message signature end, comprises the steps:
      The message information collecting unit of step 1, message signature end gathers data acquisition system and the message time sequence status in corresponding message data district according to different message informations, and receives base key and the stochastic signature factor that the base sends over;
      Step 2, signature user key evolution unit generate the signature user key according to described base key utilization signature user key evolution algorithmic; Utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the described stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages;
      Step 3, described signing messages writing unit write described evolution ring signing messages in the reserved field of corresponding message.
      A kind of signature authentication method for the intelligent substation information security control is used above-mentioned signature apparatus as the message authentication end, comprises the steps:
      The message information collecting unit of step 1, message authentication end gathers data acquisition system, message time sequence status and the ring signing messages that develops in the corresponding message data district of message signature end transmission according to different message informations, and receives base key and the stochastic signature factor that the base sends over;
      The signature user key evolution unit of step 2, message authentication end generates the signature user key according to described base key utilization signature user key evolution algorithmic; Utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the described stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages;
      The evolution ring signing messages that the signature end sends over is obtained in the credible message checking unit of step 3, message authentication end, the evolution ring signing messages that the evolution ring signing messages that the signature user key evolution unit of message authentication end is generated and the signature end that credible message checking unit is obtained send over relatively, whether the signature message of differentiating reception according to comparison result is credible message.
      A kind of signature for the intelligent substation information security control, authentication method and device thereof that the embodiment of the invention provides, falseness four distant messages in can identification intelligent transformer station, solution may exist passes through the potential major safety risks that counterfeit message is controlled whole intelligent substation, guarantees integrality and non repudiation that intelligent substation network control message message sends.
    Description of drawings
      Fig. 1 is the structural representation of the signature apparatus for the intelligent substation information security control provided by the invention;
      Fig. 2 is the signature-identifying procedure schematic diagram of the signature for the intelligent substation information security control provided by the invention, authentication method and device thereof;
      Fig. 3 is that base of the present invention produces flow process and base action schematic diagram;
      Fig. 4 is the schematic flow sheet that the present invention signs and holds;
      Fig. 5 is the schematic flow sheet that the present invention authenticates end;
      Fig. 6 is that the present invention is with the vlan topology schematic diagram of the different electric pressure classification of equipments of intelligent substation.
    Embodiment
      Below in conjunction with the accompanying drawing among the present invention, the technical scheme among the present invention is clearly and completely described.
      Figure 1 shows that the present invention is used for the structural representation of the ring signature apparatus 100 of intelligent substation information security control, described ring signature apparatus 100 comprises ballot unit  101, base, base key evolution unit  102, message information collecting unit  103, signature user key evolution unit  104, signing messages writing unit  105, the credible message checking unit  106 based on the variable time window.
      Described ballot unit  101, base based on the variable time window is used for every one section variable time (this time window also can be fixed), and just to the base ballot, to determine next time period as the node in base, concrete voting process sees below continuous part and describes.
      Described base key evolution unit  102 is used for storage base key evolution algorithmic (such as Sherwood algorithm or linear congruential method etc.), and generates base key and the stochastic signature factor according to described base key evolution algorithmic.
      Described message information collecting unit  103, be used for gathering according to different message information (MMS/GOOSE/SV) respectively data and the message time sequence status in corresponding message data district, and receive base key and the stochastic signature factor that the base sends over, if this message information collecting unit corresponding device as the authentication end, also is responsible for gathering the evolution ring signing messages that message signature end sends over.Wherein, for the GOOSE/SV message, message information collecting unit  103 is obtained message ASDU (Application Service Data Unit, application service data cell) data acquisition system A; For the MMS message, message information collecting unit  103 is obtained message time sequence status U in message ItemName data acquisition system I and the UTC field.
      Described signature user key evolution unit  104, for the base key that sends over according to the base, utilize signature user key evolution algorithmic (cryptographic algorithm of publishing at present such as RSA cryptographic algorithms or elliptic curve cryptography etc.) to generate the signature user key, utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages.
      Described signing messages writing unit  105 is used for will writing to the evolution ring signing messages that the data in message data district carry out generating after the digital signature reserved field of corresponding message according to different message information (MMS/GOOSE/SV).For the GOOSE/SV message, the evolution ring signing messages that generates is write in IEC61850 message reserved1, the reserved2 field; For the MMS message, the evolution ring signing messages that generates is write in the Ostring field.
      Described credible message checking unit  106 is used for message is verified, with the message determining to receive credible message whether.
      If described signature apparatus 100 is the base by vote by ballot, its module of having an effect comprises ballot unit  101, base, base key evolution unit  102, message information collecting unit  103, signature user key evolution unit  104, the signing messages writing unit  105 based on the variable time window; If described evolution ring signature apparatus 100 is not elected as the base, its module of having an effect comprises based on the unit  101 of voting in the base of variable time window, message information collecting unit  103, signature user key evolution unit  104, signing messages writing unit  105 and credible message checking unit  106.
      The present invention's ballot from message evolution ring signature apparatus produces generation flow process and the base in base and moves such as Fig. 3 and shown in Figure 6, may further comprise the steps:
      Step 1: the VLAN (Virtual Local Area Network, VLAN) with the different electric pressure classification of equipments of intelligent substation is divided into different ring R with the intelligent substation network
        i, i=1,2 ..., S, wherein S is the number (shown in Figure 6 have 4 VLAN) of VLAN;
      
      Step 2: establish each ring R
        iAnd ring interior nodes N
        I, k, k=1,2 ..., M, wherein M is ring R
        iInterior interstitial content is established ring R
        iVariable time window W
        i 
      Step 3: for ring R
        i, W at set intervals
        i, by each node N in the ring
        I, kElect one of them node as ring R according to voting mechanism
        iBase B
        i 
      Step 4: base B
        iAccording to base key evolution algorithmic BA
        iGenerate base key BK
        iWith the stochastic signature factor-alpha
        i 
      Step 5: base B
        iTo ring R
        iInterior message signature end and authentication end send base key BK simultaneously
        iWith the stochastic signature factor-alpha
        i 
      If time window is overtime, then return execution in step 2; Otherwise, return execution in step 4.
      By the dynamic evolution that encircles interior base and base key constantly being upgraded the key in signer and base, so that even the opponent can accomplish to invade simultaneously the user within the extremely short time and thereby invasion period signing messages is repeatedly cracked arbitrarily in the base, it also can't calculate the At All Other Times signature key of section, and then greatly improves the Information Security in the VLAN.Backward, even the key of each period can both be cracked in certain VLAN, as long as other VLAN is not cracked simultaneously, it can not threaten the safety of whole intelligent grid, and then guarantees the information security of whole intelligent grid.
      The invention provides a kind of endorsement method for the intelligent substation information security control, the application signature device is as message signature end, and its flow process may further comprise the steps as shown in Figure 4:
      The message information collecting unit  103 of step 1, message signature end gathers data acquisition system and the message time sequence status in corresponding message data district according to different message informations, and receives the base key BK that the base sends over
        iWith the stochastic signature factor-alpha
        iWherein, for the GOOSE/SV message, message information collecting unit  103 is obtained message ASDU (Application Service Data Unit, application service data cell) data acquisition system A and message time sequence status T (Fig. 2 describes as an example of the GOOSE/SV message example); For the MMS message, message information collecting unit  103 is obtained message time sequence status U in message ItemName data acquisition system I and the UTC field.
      
      Step 2, signature user key evolution unit  104 are according to described base key BK
        iUtilize signature user key evolution algorithmic SA
        iGenerate signature user key SK
        iUtilize the fingerprint function F that described data acquisition system information generated is made a summary, according to described stochastic signature factor-alpha
        iObtain the subset of described informative abstract, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages.
      
      Concrete, signature user key evolution unit  104 utilizes the fingerprint function F to A or I information generated summary DA or DI.For the GOOSE/SV message, signature user key evolution unit  104 is according to the stochastic signature factor-alpha
        iObtain the subset P of informative abstract DA
        GS∈ DA; For the MMS message, signature user key evolution unit  104 is according to the stochastic signature factor-alpha
        iObtain the subset P of informative abstract DI
        MMS∈ DI.For the GOOSE/SV message, signature user key evolution unit  104 utilizes signature user key SK
        iWith message time sequence status T to informative abstract subset P
        GSCarry out digital signature, produce and evolution ring signature information D SM
        GSFor the MMS message, signature user key evolution unit  104 utilizes signature user key SK
        iWith message time sequence status U in the UTC field to informative abstract subset P
        MMSCarry out digital signature, produce and evolution ring signature information D SM
        MMS 
      Step 3, described signing messages writing unit  105 write described evolution ring signing messages in the reserved field of corresponding message.Wherein, for the GOOSE/SV message, signing messages writing unit  105 will develop and encircle signature information D SM
        GSWrite in IEC61850 message reserved1, the reserved2 field; For the MMS message, signing messages writing unit  105 will develop and encircle signature information D SM
        MMSWrite in the Ostring field.
      
      A kind of authentication method for the intelligent substation information security control provided by the invention, the application signature device is as the message authentication end, and its flow process may further comprise the steps as shown in Figure 5:
      The message information collecting unit  103 of step 1, message authentication end gathers data acquisition system, the message time sequence status in the corresponding message data district of message signature end transmission according to different message informations, and receives base key and the stochastic signature factor that the base sends over; Wherein, for the GOOSE/SV message, message information collecting unit  103 is obtained message ASDU (Application Service Data Unit, application service data cell) data acquisition system A and message time sequence status T; For the MMS message, message information collecting unit  103 is obtained message time sequence status U in message ItemName data acquisition system I and the UTC field.
      The signature user key evolution unit  104 of step 2, message authentication end generates the signature user key according to described base key utilization signature user key evolution algorithmic; Utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the described stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages.
      Concrete, signature user key evolution unit  104 utilizes the fingerprint function F to A or I information generated summary DA or DI.For the GOOSE/SV message, signature user key evolution unit  104 is according to the stochastic signature factor-alpha
        iObtain the subset P of informative abstract DA
        GS∈ DA; For the MMS message, signature user key evolution unit  104 is according to the stochastic signature factor-alpha
        iObtain the subset P of informative abstract DI
        MMS∈ DI.For the GOOSE/SV message, signature user key evolution unit  104 utilizes signature user key SK
        iWith message time sequence status T to informative abstract subset P
        GSCarry out digital signature, produce and evolution ring signature information D SM
        GSFor the MMS message, signature user key evolution unit  104 utilizes signature user key SK
        iWith message time sequence status U in the UTC field to informative abstract subset P
        MMSCarry out digital signature, produce and evolution ring signature information D SM
        MMS 
      The evolution ring signature information D SM ' that signature end sends over is obtained in the credible message checking unit  106 of step 3, message authentication end, the evolution ring signature information D SM that the signature user key evolution unit  104 of message authentication end is generated
        GSOr DSM
        MMSCompare with DSM ', judge whether its content is identical, and differentiate according to comparison result whether the signature message that receives is credible message.Concrete, can be with the ring signature information D SM that develops
        GSOr DSM
        MMSDepositing differentiation district PJ in the comparison result of DSM ', is FALSE if differentiate district PJ data, and then this message is insincere message, and the message of should signing is abandoned; Whether if differentiating district PJ data is TRUE, then further differentiating according to sequential is insincere message.
      
      Concrete, for the GOOSE/MMS message, credible message checking unit  106 can directly carry out sequence check, judges the message that this receives and the message that the received last time message transmitting time that whether interval is fixed in time, and the sequence check result deposits sequential in and differentiates district TJ; For the SV message, credible message checking unit  106 carries out sequence check according to a upper counter, judges whether counter data is continuous, and the sequence check result deposits sequential in and differentiates district TJ.
      Describedly differentiate according to sequential whether to be insincere message office concrete steps be: be TRUE if differentiate district PJ data, then read sequential and differentiate district TJ state that if the TJ state is FALSE, then this message is insincere message; If the TJ state is TRUE, then this message is credible message.
      The invention provides a kind of signature for the intelligent substation information security control, authentication method and device thereof, adopt the falseness four distant messages in the ring endorsement method identification intelligent transformer station of developing, solution may exist passes through the potential major safety risks that counterfeit message is controlled whole intelligent substation, guarantees integrality and non repudiation that intelligent substation network control message message sends.This message develops and encircles comprehensive integrality and the non repudiation of guaranteeing in the message transport process of signature apparatus, guarantees the safety of intelligent substation information, is conducive to power grid security production and stable operation.
      The above; be the specific embodiment of the present invention only, but protection scope of the present invention is not limited to this, anyly belongs to those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
    Claims (9)
1. a signature apparatus that is used for the intelligent substation information security control is characterized in that: comprise base key evolution unit (102), message information collecting unit (103), signature user key evolution unit (104), signing messages writing unit (105), credible message checking unit (106);
      Described base key evolution unit (102) is used for storage base key evolution algorithmic, and generates base key and the stochastic signature factor according to described base key evolution algorithmic;
      Described message information collecting unit (103) is used for gathering according to different message informations respectively data acquisition system and the message time sequence status in corresponding message data district, and receives base key and the stochastic signature factor that the base sends over;
      Described signature user key evolution unit (104), for the base key that sends over according to the base, utilize signature user key evolution algorithmic to generate the signature user key, utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the described stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages;
      Described signing messages writing unit (105) is for the reserved field that described evolution ring signing messages is write corresponding message;
      Described credible message checking unit (106) is used for message is verified, with the message determining to receive credible message whether.
    2. the signature apparatus for the intelligent substation information security control as claimed in claim 1, it is characterized in that: also comprise the ballot unit (101), base based on the variable time window, be used for voting to the base every one section variable time, determine next time period as the node in base, the process that ballot produces the base is:
      VLAN with the different electric pressure classification of equipments of intelligent substation is divided into different ring R with the intelligent substation network
          i, i=1,2 ..., S, wherein S is the number of VLAN;
        
      If each encircles R
          iAnd ring interior nodes N
          I, k, k=1,2 ..., M, wherein M is ring R
          iInterior interstitial content is established ring R
          iVariable time window W
          i 
      For ring R
          i, W at set intervals
          i, by each node N in the ring
          I, kElect one of them node as ring R according to voting mechanism
          iBase B
          i 
    3. the signature apparatus for the intelligent substation information security control as claimed in claim 2 is characterized in that: described signature apparatus uses as message signature end or message authentication end.
    4. the signature apparatus for the intelligent substation information security control as claimed in claim 1, it is characterized in that: signing messages writing unit (105), the reserved field that is used for described evolution ring signing messages is write corresponding message is specially: for the GOOSE/SV message, the evolution ring signing messages that generates is write in IEC61850 message reserved1, the reserved2 field; For the MMS message, the evolution ring signing messages that generates is write in the Ostring field.
    5. endorsement method that is used for the intelligent substation information security control, application rights requires 1 described signature apparatus as message signature end, it is characterized in that comprising the steps:
      The message information collecting unit (103) of step 1, message signature end gathers data acquisition system and the message time sequence status in corresponding message data district according to different message informations, and receives base key and the stochastic signature factor that the base sends over;
      Step 2, signature user key evolution unit (104) generate the signature user key according to described base key utilization signature user key evolution algorithmic; Utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the described stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages;
      Step 3, described signing messages writing unit (105) write described evolution ring signing messages in the reserved field of corresponding message.
    6. the signature apparatus for the intelligent substation information security control as claimed in claim 5, it is characterized in that step 3 specifically comprises: for the GOOSE/SV message, signing messages writing unit (105) will develop the ring signing messages write in IEC61850 message reserved1, the reserved2 field; For the MMS message, signing messages writing unit (105) will develop the ring signing messages write in the Ostring field.
    7. signature authentication method that is used for the intelligent substation information security control, application rights requires 1 described signature apparatus as the message authentication end, it is characterized in that comprising the steps:
      The message information collecting unit (103) of step 1, message authentication end gathers data acquisition system, message time sequence status and the ring signing messages that develops in the corresponding message data district of message signature end transmission according to different message informations, and receives base key and the stochastic signature factor that the base sends over;
      The signature user key evolution unit (104) of step 2, message authentication end generates the signature user key according to described base key utilization signature user key evolution algorithmic; Utilize the fingerprint function that described data acquisition system information generated is made a summary, obtain the subset of described informative abstract according to the described stochastic signature factor, and utilize described signature user key and message time sequence status that the subset of described informative abstract is carried out digital signature produce and evolution ring signing messages;
      The evolution ring signing messages that the signature end sends over is obtained in the credible message checking unit (106) of step 3, message authentication end, the evolution ring signing messages that the evolution ring signing messages that the signature user key evolution unit (104) of message authentication end is generated and the signature end that credible message checking unit (106) is obtained send over relatively, whether the signature message of differentiating reception according to comparison result is credible message.
    8. the authenticate device for the intelligent substation information security control as claimed in claim 7, it is characterized in that in the step 3 differentiating according to comparison result whether the signature message that receives is that credible message is specially: the comparison result of the evolution ring signing messages that the evolution ring signing messages that the signature user key evolution unit (104) of message authentication end is generated and the signature end that credible message checking unit (106) is obtained send over deposits in to differentiate distinguishes PJ, if differentiating district PJ data is FALSE, then this message is insincere message; Whether if differentiating district PJ data is TRUE, then further differentiating according to sequential is insincere message.
    9. the authenticate device for the intelligent substation information security control as claimed in claim 8, whether it is characterized in that differentiating according to sequential is that insincere message specifically comprises:
      For the GOOSE/MMS message, credible message checking unit (106) directly carries out sequence check, judge the message that this receives and the message that the received last time message transmitting time that whether interval is fixed in time, the sequence check result deposits sequential in and differentiates district TJ;
      For the SV message, credible message checking unit (106) carries out sequence check according to a upper counter, judges whether counter data is continuous, and the sequence check result deposits sequential in and differentiates district TJ; Describedly differentiate according to sequential whether to be insincere message office concrete steps be: be TRUE if differentiate district PJ data, then read sequential and differentiate district TJ state that if the TJ state is FALSE, then this message is insincere message; If the TJ state is TRUE, then this message is credible message.
    Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN201210350394.4A CN102904721B (en) | 2012-09-20 | 2012-09-20 | Signature and authentication method for information safety control of intelligent substations and device thereof | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN201210350394.4A CN102904721B (en) | 2012-09-20 | 2012-09-20 | Signature and authentication method for information safety control of intelligent substations and device thereof | 
Publications (2)
| Publication Number | Publication Date | 
|---|---|
| CN102904721A true CN102904721A (en) | 2013-01-30 | 
| CN102904721B CN102904721B (en) | 2015-04-08 | 
Family
ID=47576775
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN201210350394.4A Active CN102904721B (en) | 2012-09-20 | 2012-09-20 | Signature and authentication method for information safety control of intelligent substations and device thereof | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN102904721B (en) | 
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN103326862A (en) * | 2013-06-20 | 2013-09-25 | 天地融科技股份有限公司 | Electronically signing method and system | 
| CN103873461A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security interaction method for GOOSE message | 
| CN104253813A (en) * | 2014-09-05 | 2014-12-31 | 国电南瑞科技股份有限公司 | Modulation integrated system remote maintenance-based safety protection method | 
| CN104506500A (en) * | 2014-12-11 | 2015-04-08 | 广东电网有限责任公司电力科学研究院 | GOOSE message authentication method based on transformer substation | 
| CN110224823A (en) * | 2019-06-12 | 2019-09-10 | 湖南大学 | Substation's message safety protecting method, device, computer equipment and storage medium | 
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US7127067B1 (en) * | 2005-06-30 | 2006-10-24 | Advanced Micro Devices, Inc. | Secure patch system | 
| CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | CSK-based digital signature method | 
| CN102025502A (en) * | 2009-09-15 | 2011-04-20 | 安智金融与工业公司 | Cryptographical reinforced secure signature process for messages, signature verification process, and corresponding systems and program products | 
| CN202949437U (en) * | 2012-09-20 | 2013-05-22 | 湖北省电力公司电力科学研究院 | Endorsing device used for intelligent transformer station information safety control | 
- 
        2012
        - 2012-09-20 CN CN201210350394.4A patent/CN102904721B/en active Active
 
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US7127067B1 (en) * | 2005-06-30 | 2006-10-24 | Advanced Micro Devices, Inc. | Secure patch system | 
| CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | CSK-based digital signature method | 
| CN102025502A (en) * | 2009-09-15 | 2011-04-20 | 安智金融与工业公司 | Cryptographical reinforced secure signature process for messages, signature verification process, and corresponding systems and program products | 
| CN202949437U (en) * | 2012-09-20 | 2013-05-22 | 湖北省电力公司电力科学研究院 | Endorsing device used for intelligent transformer station information safety control | 
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN103326862A (en) * | 2013-06-20 | 2013-09-25 | 天地融科技股份有限公司 | Electronically signing method and system | 
| CN103326862B (en) * | 2013-06-20 | 2017-02-22 | 天地融科技股份有限公司 | Electronically signing method and system | 
| CN103873461A (en) * | 2014-02-14 | 2014-06-18 | 中国南方电网有限责任公司 | IEC62351-based security interaction method for GOOSE message | 
| CN103873461B (en) * | 2014-02-14 | 2015-09-23 | 中国南方电网有限责任公司 | Based on the safety interacting method of the GOOSE message of IEC62351 | 
| CN104253813A (en) * | 2014-09-05 | 2014-12-31 | 国电南瑞科技股份有限公司 | Modulation integrated system remote maintenance-based safety protection method | 
| CN104506500A (en) * | 2014-12-11 | 2015-04-08 | 广东电网有限责任公司电力科学研究院 | GOOSE message authentication method based on transformer substation | 
| CN110224823A (en) * | 2019-06-12 | 2019-09-10 | 湖南大学 | Substation's message safety protecting method, device, computer equipment and storage medium | 
| CN110224823B (en) * | 2019-06-12 | 2021-02-23 | 湖南大学 | Transformer substation message safety protection method and device, computer equipment and storage medium | 
Also Published As
| Publication number | Publication date | 
|---|---|
| CN102904721B (en) | 2015-04-08 | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| Kwon et al. | A behavior-based intrusion detection technique for smart grid infrastructure | |
| Le et al. | Advanced metering infrastructure based on smart meters in smart grid | |
| Yang | ICT technologies standards and protocols for active distribution network | |
| CN113037745A (en) | Intelligent substation risk early warning system and method based on security situation awareness | |
| KR101659113B1 (en) | System for clouding service provide of power system | |
| Song et al. | Research on applications of the internet of things in the smart grid | |
| CN102904721A (en) | Signature, authentication method and device for smart substation information security control | |
| CN109473945A (en) | A kind of verification of relay protection model data and method of automatic configuration | |
| Cao et al. | Analysis and prospect of the application of wireless sensor networks in ubiquitous power internet of things | |
| Bagdadee et al. | A review of the smart grid concept for electrical power system | |
| Ang et al. | Cyber security in the energy world | |
| CN103729544A (en) | Method for guaranteeing smart grid information safety on the basis of CPS | |
| CN103607240B (en) | A kind of fault judgment method when link of intelligent substation chain rupture and equipment | |
| Hammouti et al. | Proposed architecture of cyber security in smart grids, blockchain as solution | |
| CN203455678U (en) | Electric network scheduling automation equipment clock monitoring system | |
| CN103576014A (en) | Clock monitoring device and monitoring method of transformer substation | |
| Liu et al. | Security Protection Technology Based on Power Communication Terminal Intelligent Equipment | |
| Zhou et al. | Intelligent Substation Online Monitoring System Based on Block Chain Technology | |
| CN105610846A (en) | System for managing electrical energy monitoring terminal data acquisition energy consumption and application method thereof | |
| Farooq et al. | Impact of cyber‐attack on coordinated voltage control in low voltage grids | |
| CN202949437U (en) | Endorsing device used for intelligent transformer station information safety control | |
| CN206226484U (en) | Process layer SMV network attack detections, locking, the device of evidence obtaining | |
| Lai et al. | An active security defense strategy for wind farm based on automated decision | |
| CN102882854A (en) | Power grid data access method | |
| CN202888969U (en) | Distribution automation communication safety device | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |