基于IEC60870-5-104的配电自动化通信安全协议

计算机科学 ›› 2013, Vol. 40 ›› Issue (11): 81-84.

基于IEC60870-5-104的配电自动化通信安全协议

马钧,张一斌

电力系统安全运行与控制湖南省高校重点实验室长沙理工大学长沙410004;长沙理工大学电气与信息工程学院长沙410015

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受湖南省科技厅科技计划一般项目(2012GK3053)资助

Security Protocol Based on IEC60870-5-104for Communication in Distribution Automation

MA Jun and ZHANG Yi-bin

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 基于IEC60870-5-104规约的配电自动化通信过程存在信息安全隐患。为了实现配电主站前置机和配电终端之间的相互身份认证和共享密钥建立,提出了一种基于单向数字签名和单向哈希认证码算法的安全协议,分析了配电自动化通信EPON网络的结构特点以及与之相应的信息安全威胁和安全需求,给出了协议的实现过程。协议考虑了配电终端的有限计算能力,配合使用专用的安全设备,不改变原有配电终端的软硬件。对协议的安全分析证明该协议能抵御外部攻击、重放攻击和假冒攻击。与已有的协议相比,新协议具有更高的安全性和较高的效率,能够满足实际的应用需求。

关键词: 配电自动化,网络安全,IEC60870-5-104规约,数字签名,HMAC算法

Abstract: It has been found that there are some cyber security risks in the communication process of distribution automation system(DAS)based on IEC60870-5-104protocol．In order to realize mutual authentication and shared key establishment for DAS Front-End Processor(FEP)and any terminal,this article presented a scheme based on unidirectional digital signature and unidirectional Keyed-Hashing for Message Authentication(HMAC)algorithm．It analyzed the features of communication network architecture based on EPON in DAS,the corresponding cyber security risks and security requirements,showed the implementation procedure of the scheme．The scheme needs not change original software and hardware of legacy terminals and considers resource-constraint terminals by using dedicated security devices．Security analysis proves that the scheme can resist outsider attack,replay attack and impersonation attack．Compared with the related works,the proposed scheme is more secure and practical,which can satisfy the application requirement.

Key words: Distribution automation,Cyber security,IEC60870-5-104protocol,Digital signature,HMAC algorithm

马钧,张一斌. 基于IEC60870-5-104的配电自动化通信安全协议[J]. 计算机科学, 2013, 40(11): 81-84. https://doi.org/

MA Jun and ZHANG Yi-bin. Security Protocol Based on IEC60870-5-104for Communication in Distribution Automation[J]. Computer Science, 2013, 40(11): 81-84. https://doi.org/

参考文献

[1] IEC TS 62351-1,IEC Technical Committee 57,Data and Communications Security,Part1:Communication Network and System Security-Introduction to Security Issues[S].2007
[2] IEC TS 62351-5,IEC Technical Committee 57,Data and Communications Security,Part5:Security for IEC 60870-5and derivatives[S].2009
[3] Ma Jun,She Jun．Research on Cyber Security Segre-gation for Industrial Control Systems[J].International Journal of Digital Content Technology and its Applications,2011,5(8):9-15
[4] Igure V M,Laughter S A,Williams R D．Security issues in SCADA networks [J]．Computers and Security,2006,25(7):498-506
[5] III B C L,Buennemeyer T K ,Thomas R W．Next generation SCADA security:best practices and client puzzles[C]∥Proc．6th Annual．IEEE System,Information Assurance Workshop．2005:426-427
[6] Lim I H,Hong S,Lee S J,et al．Security Protocols Against cyber attacks in the distribution automation system[J]．IEEE Transactions on Power Delivery,2010,25(1):448-454
[7] 黄梦婕,胥布工．基于HMAC算法的远程电力监控通信安全策略[J]．电力系统保护与控制,2011,39(19):79-82
[8] Kim M,Metzner J J．A key exchange method for intelligent electronic devices in distribution automation[J]．IEEE Transactions on Power Delivery,2010,25(3):1458-1463
[9] 孙中伟,张荣刚．智能配电网通信系统访问控制研究[J]．电力系统保护与控制,2010,38(21):118-121
[10] Sun Zhong-wei,Wu Ju-ying．Identity-based access con-trol for distribution automation using EPON[J]．Chinese Journal of Electronics,2011,0(3):443-446
[11] Hirschler B,Treytl A．Internet Protocol Security and PowerLine Communication[C]∥2012IEEE International Symposium on Power Line Communication and its Applications．2012:102-107
[12] Yan Ye,Hu R Q,Das S K,et al．An Efficient Security Protocol for Advanced Metering Infrastructure in Smart Grid [J]．IEEE Network,2013,7(4):64-71

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed