Communication Security Protection Technology Between Dispatching and Substation

Gang LIU; Ai XU; Yanming XU; Wei LI

doi:10.13648/j.cnki.issn1674-0629.2021.05.008

PDF(1817 KB)

South Power Sys Technol ›› 2021, Vol. 15 ›› Issue (5) : 64-71. DOI: 10.13648/j.cnki.issn1674-0629.2021.05.008

Power System Analysis

Communication Security Protection Technology Between Dispatching and Substation

Gang LIU ¹ ,
Ai XU ² ,
Yanming XU ¹ ,
Wei LI ¹

Author information +

History +

Abstract

At present, the communication between dispatching and substation is mainly protected by the power vertical encryption authentication device. The power vertical encryption authentication device at both ends of the dispatching and substation can protect the confidentiality and integrity of data transmission at both ends. However, the communication protocol IEC 60870-5-104 (IEC104) between dispatching and substation does not have a corresponding security mechanism. The protocol data is easy to be forged, tampered, replayed and stolen before the encryption device of the dispatch and after the encryption device of the substation, which poses certain security risks. Therefore, this paper extends the protocol security domain on the basis of IEC 104 protocol, and solves the problem of communication security between dispatch and substation from the protocol level. The identity-based cryptographic algorithm SM9 provides algorithmic support to achieve this goal. According to the characteristics of the algorithm and the protocol, the security of the protocol can be realized by a little extension of the protocol in this paper. The highlights of this paper are as followes: 1) based on the identity-based cryptographic algorithm the security communication between dispatching and substation is achieved, which is fundamentally different from the digital certificate based security communication in other documents, without certificate management and other complicated matters; 2) the end-to-end security authentication of the communication between the dispatching master station and the substation is achieved; 3) the security hidden dangers of the protocol are solved through the identity-based cryptographic algorithm, and the two-way identity authentication between the dispatching and the substation and the confidentiality, integrity and non-repudiation of the communication data are realized.

Key words

protocol security / substation security / identity authentication / identity-based cryptographic algorithm SM9 / communication security

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

Gang LIU , Ai XU , Yanming XU , et al. Communication Security Protection Technology Between Dispatching and Substation[J]. Southern Power System Technology. 2021, 15(5): 64-71 https://doi.org/10.13648/j.cnki.issn1674-0629.2021.05.008

References

List( Publishing order | Descend order by publishing year | Descend order by cited within ) Chart analysis

[1]

徐毅, 袁保平, 朱学珍, 等. 基于IEC 61850智能变电站通信网络的可靠性评估[J]. 微型电脑应用, 2021, 37(4): 114-116, 120.

, YUAN

Baoping

, ZHU

Xuezhen

, et al. Reliability evaluation of communication network in intelligent substation based on IEC 61850[J]. Microcomputer Application, 2021, 37(4): 114-116, 120.

Cited in this article [1]

[2]	任雁铭, 操丰梅, 唐喜, 等. 智能电网的通信技术标准化建议[J]. 电力系统自动化, 2011, 35(3):1-4, 61. REN Yanming, CAO Fengmei, TANG Xi, et al. Recommendations for the standardization of smart grid communication technology[J]. Automation of Electric Power Systems, 2011, 35(3):1-4, 61. Cited in this article [1]

[3]	赵宏大, 王哲, 朱铭霞, 等. 5G通信技术在范在电力物联网的应用[J]. 南方电网技术, 2020, 14(8):9-17. ZHAO Hongda, WANG Zhe, ZHU Mingxia, et al. Application of 5G communication technology in ubiquitous power Internet of Things[J]. Southern Power System Technology, 2020, 14(8): 9-17. Cited in this article [1]

[4]	杨继高, 陶文伟, 张静, 等. 符合IEC 62351标准的变电站原型系统关键技术[J]. 电力系统自动化, 2015, 39(14): 116-117. YANG Jigao, TAO Wenwei, ZHANG Jing, et al. The key technology of substation prototype system conforming to IEC 62351 standard[J]. Automation of Electric Power Systems, 2015, 39(14): 116-117. Cited in this article [1]

[5]

丁心志, 李慧杰, 杨慧霞, 等. 基于IEC/TC 57国际标准体系现状分析研究与展望[J]. 电力系统保护与控制, 2014, 42(21): 145-154.

DING

Xinzhi

, LI

Huijie

, YANG

Huixia

, et al. Based on IEC/TC 57 international standard system status analysis research and prospects[J]. Power System Protection and Control, 2014, 42(21): 145-154.

Cited in this article [1]

[6]

沈雯婷, 张惠刚, 李忠安. 基于IEC 62351智能变电站通信加密的可行性分析[J]. 南京工程学院学报(自然科学版), 2019, 17(2): 72-77.

SHEN

Wenting

, ZHANG

Huigang

, LI

Zhongan

. Feasibility analysis based on IEC 62351 smart substation communication encryption[J]. Journal of Nanjing Institute of Technology (Natural Science Edition), 2019, 17(2): 72-77.

Cited in this article [1]

[7]	雒佳, 徐茹枝, 计鹏程. 基于IEC 62351标准的变电站通信安全问题综述[J]. 电力信息与通信技术, 2018, 16(12):22-28. LUO Jia, XU Ruzhi, JI Pengcheng. Overview of substation communication security issues based on IEC 62351 standard[J]. Electric Power Information and Communication Technology, 2018, 16(12): 22-28. Cited in this article [1]

[8]	翟峰, 岑炜, 赵兵, 等. 智能变电站系统安全防护技术研究[J]. 自动化与仪表, 2015, 30(3): 6-9. ZHAI Feng, CEN Wei, ZHAO Bing, et al. Research on safety protection technology of intelligent substation system[J]. Automation and Instrumentation, 2015, 30(3): 6-9. Cited in this article [1]

[9]	郝文江, 武捷, 王巍. 关键基础设施安全威胁及对策分析[C]// 中国计算机学会计算机安全专业委员会.第28次全国计算机安全学术交流会论文集. 北京: 中国计算机学会计算机安全专业委员会, 2013: 21-23. Cited in this article [1]

[10]	高昆仑, 辛耀中, 李钊, 等. 智能电网调度控制系统安全防护技术及发展[J]. 电力系统自动化, 2015, 39(1):48-52. GAO Kunlun, XIN Yaozhong, LI Zhao, et al. Security protection technology and development of smart grid dispatching control system[J]. Automation of Electric Power Systems, 2015, 39(1): 48-52. Cited in this article [1]

[11]	汤奕, 陈倩, 李梦雅, 等. 电力信息物理融合系统环境中的网络攻击研究综述[J]. 电力系统自动化, 2016, 40(17): 59-69. TANG Yi, CHEN Qian, LI Mengya, et al. Overview of research on cyber attacks in the environment of power cyber-physical fusion systems[J]. Automation of Electric Power Systems, 2016, 40(17): 59-69. Cited in this article [1]

[12]

龙林德, 李晶, 刘莉莉. 基于IEC 62351的变电站自动化系统通信安全的研究[J]. 长沙通信职业技术学院学报, 2010, 9(3): 1-6.

LONG

Linde

, LI

Jing

, LIU

Lili

. Research on communication security of substation automation system based on IEC 62351[J]. Journal of Changsha Telecommunications Vocational and Technical College, 2010, 9(3): 1-6.

Cited in this article [2]

[13]	丁杰, 奚后玮, 陈爱林, 等. 基于IEC 62351安全体系的变电站自动化系统[J]. 电网技术, 2006, 30(S2): 345-348. DING Jie, XI Houwei, CHEN Ailin, et al. Substation automation system based on IEC 62351 safety system[J]. Power System Technology, 2006, 30(S2): 345-348. Cited in this article [1]

[14]	王自成, 李广华, 方芳, 等. IEC 62351国际互操作的总结与思考[J]. 电力系统自动化, 2019, 43(5): 1-7. WANG Zicheng, LI Guanghua, FANG Fang, et al. Summary and thinking on IEC 62351 international interoperability[J]. Automation of Electric Power Systems, 2019, 43(5): 1-7. Cited in this article [1]

[15]	国家密码管理局. SM9标识密码算法:GM/T 0044—2016[S]. 北京: 中国标准出版社, 2016. Cited in this article [1]

[16]	国家发改委. 国家发展和改革委员会令第14号电力监控系统安全防护规定[A]. 北京: 国家发改委, 2014. Cited in this article [1]

[17]	国家能源局. 国家能源局国能安全[2015]36号电力监控系统安全防护总体方案[A]. 北京: 国家能源局, 2015. Cited in this article [1]

[18]	骆钊, 严童, 谢吉华, 等. SM2加密体系在智能变电站远动通信中的应用[J]. 电力系统自动化, 2016, 40(19): 127-133. LUO Zhao, YAN Tong, XIE Jihua, et al. Application of SM2 encryption system in smart substation telecontrol communication[J]. Automation of Electric Power Systems, 2016, 40(19): 127-133. Cited in this article [1]

[19]	俞飞. 简议“心脏出血”漏洞[J]. 保密科学技术, 2014(4):67-70. YU Fei. A brief discussion on the "heart bleeding" vulnerability[J]. Confidential Science and Technology, 2014(4):67-70. Cited in this article [1]

[20]	许艾, 刘刚, 徐延明. 基于SM9标识密码智能变电站安全防护技术[J]. 自动化博览, 2018, 35(S2): 65-71. XU Ai, LIU Gang, XU Yanming. Security protection technology of smart substation based on SM9 identification code[J]. Automation Expo, 2018, 35(S2): 65-71. Cited in this article [2]

[21]	马勇. 基于IBC机制的内容中心网络安全认证方案[J]. 电子设计工程, 2016, 24(13): 88-91. MA Yong. Network security authentication scheme for content center based on IBC mechanism[J]. Electronic Design Engineering, 2016, 24(13): 88-91. Cited in this article [1]

[22]	张喜铭, 李金, 邱荣福, 等. 国密体系在智能变电站的研究与应用[J]. 南方电网技术, 2020, 14(1): 39-45. ZHANG Ximing, LI Jin, QIU Rongfu, et al. Research and application of national secret system in smart substation[J]. Southern Power System Technology, 2020, 14(1):39-45. Cited in this article [1]

[23]	LI Jiguo, WANG Zhiwei, ZHANG Yichen. Provably secure certificate-based signature scheme without pairings[J]. Information Sciences, 2013, 233(6):28-29. Cited in this article [2]

[24]	邱帆, 陈兰兰, 林楠, 等. 基于SM9的配电网Modbus报文安全性分析及改进[J]. 中国电力, 2019, 52(10):18-25. QIU Fan, CHEN Lanlan, LIN Nan, et al. Security analysis and improvement of Modbus messages in distribution network based on SM9[J]. Electric Power, 2019, 52(10):18-25. Cited in this article [2]