CN103178956A - Method for realizing encrypted authentication of distribution automation remote control command - Google Patents
Method for realizing encrypted authentication of distribution automation remote control command Download PDFInfo
- Publication number
- CN103178956A CN103178956A CN2011104384327A CN201110438432A CN103178956A CN 103178956 A CN103178956 A CN 103178956A CN 2011104384327 A CN2011104384327 A CN 2011104384327A CN 201110438432 A CN201110438432 A CN 201110438432A CN 103178956 A CN103178956 A CN 103178956A
- Authority
- CN
- China
- Prior art keywords
- remote control
- distribution terminal
- power distribution
- signature
- control message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method for realizing encrypted authentication of a distribution automation remote control command. The method comprises the following steps of: (1) digitally signing a remote control message, and generating a key pair by a main station; (2) storing a private key by the main station and issuing a public key to a power distribution terminal; (3) storing the public key by the power distribution terminal; (4) signing by using the private key by the main station; (5) verifying the signature by using the public key by the power distribution terminal; and (6) sending out an actuating signal from the distribution terminal to a switch. The method comprises that: the main station generates the key pair periodically or randomly through manual triggering by using an asymmetric cryptographic algorithm, stores the private key locally, and sends the public key to the power distribution terminal through a public network; the power distribution terminal stores the received public key locally; the main station when sending the remote control command to the power distribution terminal firstly generates a signature for the remote control message by using the private key, and then attaches the signature at the tail end of the remote control message; and the terminal when receiving the remote control command verifies the signature on the remote control message by using the public key, then carries out the switching action after the successful signature verification, and refuses the action if the signature verification is failed. The method for realizing encrypted authentication of the distribution automation remote control command has strong practicability, and enhances reliability and safety of the remote control.
Description
Technical field
The invention belongs to the electrical engineering technical field, specifically refer to a kind of method that realizes power distribution automation guidance command encrypting and authenticating.
Background technology
The terminal quantity of electrical power distribution automatization system is huge, has a very wide distribution, and is difficult to all by the access of power optical fiber technology, extensive employing public network technology (as TD-SCDMA, GPRS, CDMA).Because public network is the public network that the every profession and trade such as electric power, bank and user share, therefore brought certain security risk to electrical power distribution automatization system.State Grid Corporation of China has issued (2011) No. 168 files of national grid accent " about strengthening the notice of distribution automation system security protection work " and " low and medium voltage distribution network automated system security protection supplementary provisions (trying) " in February, 2011 for this reason, the present invention is mainly for these documentation requirements, realized the authentication of electrical power distribution automatization system remote control encryption safe, and taken into full account the long-time running maintenance issues of system, realized that secret key is from distribution main website automatically issuing to distribution terminal.
Summary of the invention
The technical problem to be solved in the present invention is: the situation that too relies on common carrier for the security protection scheme of electrical power distribution automatization system public network communication, provide a kind of power distribution automation main station system initiatively to adopt " asymmetrical encryption algorithm " to carry out digital signature to the remote control message, to prevent network attack, to realize the method for power distribution automation guidance command encrypting and authenticating.
Technical solution of the present invention is: the method that realizes power distribution automation guidance command encrypting and authenticating is comprised of following steps; (1) the remote control message is carried out digital signature and generate key pair by main website; (2) main website stores private key and issues PKI to distribution terminal; (3) distribution terminal storage of public keys; (4) main website private key signature; (5) distribution terminal PKI sign test; (6) distribution terminal sends actuating signal to switch.
Because main website uses rivest, shamir, adelman (as the RSA of 1024bit, the ECC of 256bit), regularly or manual activation generate at random key pair, private key is stored in this locality, PKI is sent to distribution terminal by public network, distribution terminal is stored in this locality with the PKI that receives; When main website sends guidance command to distribution terminal, first with private key, the remote control message is generated signature, and signature is attached to the remote control message tail; When distribution terminal receives guidance command, with PKI, the remote control message is carried out sign test, the sign test success is carried out switch motion later again, the miss operation if sign test is failed.
The invention has the beneficial effects as follows:
1. the remote control message is signed, effectively stoped hacker's network attack;
2. distribution terminal quantity is huge, adopts asymmetric encryption techniques, key distribution and convenient management;
3. main website new key more regularly, strengthened key safety.
4. resend public key information when sign test is failed, avoided public key information to lose and caused the remote control failure, increased the reliability of remote control.
Description of drawings
Fig. 1 is guidance command encrypting and authenticating flow chart.
Fig. 2 is the format chart of the whole message of unilateral authentication.
Fig. 3 is the message format figure of public key information (the ECC mode is the PKI file, and the RSA mode is PKI).
Fig. 4 is the message format figure of modulus.
Embodiment
With reference to figure 1-Fig. 4, realize that the method for power distribution automation guidance command encrypting and authenticating is comprised of following steps: (1) is carried out digital signature to the remote control message and is generated key pair by main website; (2) main website stores private key and issues PKI to distribution terminal; (3) distribution terminal storage of public keys; (4) main website private key signature; (5) distribution terminal PKI sign test; (6) distribution terminal sends actuating signal to switch.
The distribution main website is as follows about the flow process of digital signature: main website sends the link startup message, distribution terminal is replied the link startup confirmation message, main website uses cipher mode according to distribution terminal, issue PKI file (ECC mode), perhaps PKI and modulus (RSA mode), distribution terminal is replied confirmation of receipt.Distribution terminal saves as local file with the public key information that receives, and after waiting for the reception guidance command, uses in the time of certifying signature.
After the distribution main website receives the interface and sends the guidance command request want, according to normal remote control order packing, after the normal remote control order, add the unilateral authentication heading, get the current time, insert timestamp.Fill in safety label.Use the algorithm of arranging with terminal, the 7th byte of guidance command begun to carry out digital signature to safety label, after the result of signing appends to safety label.
After distribution terminal receives the remote control message that main website issues, use local PKI file to carry out sign test to the signature message, if sign test success, according to the normal remote control flow returns, if sign test failure, returning to reason code and be 48. main websites, to receive reason code be after 48 anti-school newspaper literary composition, initiatively to issue public key information.The synchronous local PKI file of public key information that distribution terminal uses main website to issue.
Explosion command type in 104 stipulations, adopt the message format consistent with total calling, increase the PKI transmitting order to lower levels, can the PKI file of terminal be upgraded in running, revise under the order of existing total calling, for the ECC cipher mode, expansion type 108 is PKI file transmitting order to lower levels type, for the rsa encryption mode, expansion type 108 is PKI transmitting order to lower levels type, and expansion type 109 is modulus transmitting order to lower levels type.By prevent public key information greater than frame 104 stipulations the upper limit of energy transmission information, definition issues that in message part before public key information, third from the bottom byte is totalframes, the penultimate byte is current frame number, only has current frame number and totalframes to equate, public key information just is sent.
For guidance command, expansion code 48. send 48 on reason code after distribution terminal sign test failure, after main website receives that reason code is 48 remote control anti-school order, initiatively issues PKI and (for the ECC algorithm, issues the PKI file; For RSA Algorithm, issue PKI and mathematical model parameter) information, prevent from causing the remote control failure because public key information damages.
The distribution main website uses private key that whole control command and timestamp are signed, and digital signature is trailed to form after former control command message meet command message and send.The unilateral authentication message is divided into following components: (1) heading (2) timestamp (3) safety label (4) digital signature.
For being described in detail as follows of individual event message identifying:
(1) heading totally four bytes: first byte is encryption type 22, second byte is message length (comprise from then on and begin to the byte number of individual event message identifying ending after length byte), for RSA cryptographic algorithms, the result of signing out is regular length, carries out can filling in before digital signature so be in; For the ECC cryptographic algorithm, the length as a result of signing out is unfixing, so fill in 0 before being in signature, after signature finishes, then physical length is filled in; The 3rd byte is control bit, and the 4th byte is reserved place, temporarily all is set to 0.(2) timestamp is total to nybble, for from the January 1st, 1970 of value second till now, is Greenwich Mean Time.(3) safety label is now done reservation, and totally 16 bytes, be 0 entirely; (4) digital signature is the result of using cryptographic algorithm to sign out.
This method is applicable to the power distribution automation main station system and communicates by letter with distribution terminal with the public network technology, and the guidance command that main website issues is with the digital signature based on the scheduling certificate, after the legitimacy of distribution terminal digital signature in confirming guidance command, then fill order." public network " refers to all communication networks except " power communication private network ".
Claims (4)
1. method that realizes power distribution automation guidance command encrypting and authenticating is characterized in that being comprised of following steps: (1) is carried out digital signature to the remote control message and is generated key pair by main website; (2) main website stores private key and issues PKI to distribution terminal; (3) distribution terminal storage of public keys; (4) main website private key signature; (5) distribution terminal PKI sign test; (6) distribution terminal sends actuating signal to switch.
2. the method that realizes power distribution automation guidance command encrypting and authenticating according to claim 1, is characterized in that, main website adopts regular automatic or manual triggering mode, selects the rivest, shamir, adelman of appointment, generates key.
3. the method that realizes power distribution automation guidance command encrypting and authenticating according to claim 1, is characterized in that, the remote control message of electric power communication protocol is expanded, and increased message, the PKI that PKI issues type and issued confirmation message.
4. the method that realizes power distribution automation guidance command encrypting and authenticating according to claim 1, is characterized in that, the remote control message of electric power communication protocol is expanded, and for the remote control message has increased the signed data district, increased sign test failure response message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110438432.7A CN103178956B (en) | 2011-12-24 | 2011-12-24 | Method for realizing encrypted authentication of distribution automation remote control command |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110438432.7A CN103178956B (en) | 2011-12-24 | 2011-12-24 | Method for realizing encrypted authentication of distribution automation remote control command |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103178956A true CN103178956A (en) | 2013-06-26 |
| CN103178956B CN103178956B (en) | 2017-05-17 |
Family
ID=48638592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110438432.7A Active CN103178956B (en) | 2011-12-24 | 2011-12-24 | Method for realizing encrypted authentication of distribution automation remote control command |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103178956B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368742A (en) * | 2013-07-02 | 2013-10-23 | 国电南瑞科技股份有限公司 | Intelligent distribution terminal security protection method based on asymmetric digital signature authentication |
| CN103795541A (en) * | 2013-12-13 | 2014-05-14 | 国网上海市电力公司 | Secure communication method of electricity information acquisition system of 230M wireless private network channel |
| CN103888292A (en) * | 2014-02-25 | 2014-06-25 | 北京科东电力控制系统有限责任公司 | Tool and method for operation and maintenance of distribution terminal |
| CN104079579A (en) * | 2014-07-14 | 2014-10-01 | 国家电网公司 | Power distribution terminal communication encryption protocol detecting method |
| CN104270469A (en) * | 2014-10-23 | 2015-01-07 | 国家电网公司 | Remote-control data processing method and system |
| CN104462941A (en) * | 2013-09-23 | 2015-03-25 | 深圳怡化电脑股份有限公司 | Information protection method and device for currency detecting module |
| CN104579684A (en) * | 2015-01-04 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | SM2 checking algorithm suitable for data of power distribution network |
| CN105187453A (en) * | 2015-10-22 | 2015-12-23 | 宁波三星医疗电气股份有限公司 | Security encryption communication method of fault indicator |
| CN108111306A (en) * | 2018-01-03 | 2018-06-01 | 珠海科诺威配网自动化股份有限公司 | A kind of communication means between power distribution automation main station and distribution power automation terminal |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| CN112953968A (en) * | 2021-03-30 | 2021-06-11 | 云谷技术(珠海)有限公司 | Power distribution terminal operation and maintenance communication method and device based on security authentication |
| CN113098855A (en) * | 2021-03-26 | 2021-07-09 | 国网四川省电力公司营销服务中心 | GW376.1 protocol message encryption method and device |
| CN113298983A (en) * | 2021-05-24 | 2021-08-24 | 南方电网科学研究院有限责任公司 | ESAM security authentication-based electric intelligent lock security management and control method and device |
| CN114070605A (en) * | 2021-11-12 | 2022-02-18 | 南方电网海南数字电网研究院有限公司 | Master station downlink data security verification method |
| CN115277125A (en) * | 2022-07-13 | 2022-11-01 | 南京国电南自电网自动化有限公司 | Bidirectional credible safe transformer substation remote control method and system thereof |
| US11623671B2 (en) | 2019-04-11 | 2023-04-11 | Progress Rail Locomotive Inc. | Blockchain remote command verification |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102281203A (en) * | 2011-09-08 | 2011-12-14 | 航天科工深圳(集团)有限公司 | Method and system for transmitting IEC101 protocol message |
-
2011
- 2011-12-24 CN CN201110438432.7A patent/CN103178956B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102281203A (en) * | 2011-09-08 | 2011-12-14 | 航天科工深圳(集团)有限公司 | Method and system for transmitting IEC101 protocol message |
Non-Patent Citations (2)
| Title |
|---|
| 国家电网: "中低压配电网自动化系统安全防护补充规定(试行)", 《国家电网168号文件》 * |
| 霍锦强: "配电自动化系统关键技术研究及配变监测终端开发", 《国防科技大学硕士学位论文》 * |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103368742A (en) * | 2013-07-02 | 2013-10-23 | 国电南瑞科技股份有限公司 | Intelligent distribution terminal security protection method based on asymmetric digital signature authentication |
| CN104462941A (en) * | 2013-09-23 | 2015-03-25 | 深圳怡化电脑股份有限公司 | Information protection method and device for currency detecting module |
| CN103795541A (en) * | 2013-12-13 | 2014-05-14 | 国网上海市电力公司 | Secure communication method of electricity information acquisition system of 230M wireless private network channel |
| CN103795541B (en) * | 2013-12-13 | 2017-03-22 | 国网上海市电力公司 | Secure communication method of electricity information acquisition system of 230M wireless private network channel |
| CN103888292A (en) * | 2014-02-25 | 2014-06-25 | 北京科东电力控制系统有限责任公司 | Tool and method for operation and maintenance of distribution terminal |
| CN104079579A (en) * | 2014-07-14 | 2014-10-01 | 国家电网公司 | Power distribution terminal communication encryption protocol detecting method |
| CN104270469B (en) * | 2014-10-23 | 2018-12-28 | 国家电网公司 | Remote-control data processing method and system |
| CN104270469A (en) * | 2014-10-23 | 2015-01-07 | 国家电网公司 | Remote-control data processing method and system |
| CN104579684A (en) * | 2015-01-04 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | SM2 checking algorithm suitable for data of power distribution network |
| CN104579684B (en) * | 2015-01-04 | 2018-03-02 | 成都卫士通信息产业股份有限公司 | A kind of SM2 checking algorithms suitable for distribution network data |
| CN105187453A (en) * | 2015-10-22 | 2015-12-23 | 宁波三星医疗电气股份有限公司 | Security encryption communication method of fault indicator |
| CN108111306A (en) * | 2018-01-03 | 2018-06-01 | 珠海科诺威配网自动化股份有限公司 | A kind of communication means between power distribution automation main station and distribution power automation terminal |
| US11623671B2 (en) | 2019-04-11 | 2023-04-11 | Progress Rail Locomotive Inc. | Blockchain remote command verification |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| CN110995729B (en) * | 2019-12-12 | 2022-09-16 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| CN113098855A (en) * | 2021-03-26 | 2021-07-09 | 国网四川省电力公司营销服务中心 | GW376.1 protocol message encryption method and device |
| CN113098855B (en) * | 2021-03-26 | 2022-11-01 | 国网四川省电力公司营销服务中心 | GW376.1 protocol message encryption method and device |
| CN112953968A (en) * | 2021-03-30 | 2021-06-11 | 云谷技术(珠海)有限公司 | Power distribution terminal operation and maintenance communication method and device based on security authentication |
| CN113298983A (en) * | 2021-05-24 | 2021-08-24 | 南方电网科学研究院有限责任公司 | ESAM security authentication-based electric intelligent lock security management and control method and device |
| CN114070605A (en) * | 2021-11-12 | 2022-02-18 | 南方电网海南数字电网研究院有限公司 | Master station downlink data security verification method |
| CN115277125A (en) * | 2022-07-13 | 2022-11-01 | 南京国电南自电网自动化有限公司 | Bidirectional credible safe transformer substation remote control method and system thereof |
| CN115277125B (en) * | 2022-07-13 | 2024-02-13 | 南京国电南自电网自动化有限公司 | Substation remote control method and system with bidirectional credibility and safety |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103178956B (en) | 2017-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103178956A (en) | Method for realizing encrypted authentication of distribution automation remote control command | |
| CN109412794B (en) | Quantum key automatic charging method and system suitable for power business | |
| CN102111265B (en) | Method for encrypting secure chip of power system acquisition terminal | |
| CN109302491A (en) | A kind of industry internet framework and its operation method based on block chain | |
| CN202856452U (en) | Power distribution network system | |
| CN103795692A (en) | Open authorization method, open authorization system and authentication and authorization server | |
| CN104486316B (en) | A kind of quantum key graduation offer method for improving electric power data transmission security | |
| CN107846282A (en) | A kind of electronic data distribution keeping method and system based on block chain technology | |
| CN104320419A (en) | Encryption remote control system of power distribution network | |
| CN113114460B (en) | Quantum encryption-based power distribution network information secure transmission method | |
| CN104506500A (en) | GOOSE message authentication method based on transformer substation | |
| CN111737770A (en) | Key management method and application | |
| CN103501293B (en) | The authentication method that trusted end-user is accessed in a kind of intelligent grid | |
| CN111435390A (en) | Safety protection method for operation and maintenance tool of power distribution terminal | |
| CN115001717B (en) | Terminal equipment authentication method and system based on identification public key | |
| CN101931623B (en) | Safety communication method suitable for remote control with limited capability at controlled end | |
| CN113709191B (en) | Method for safely adjusting deterministic time delay | |
| CN104639328A (en) | GOOSE message authentication method and GOOSE (Generic Object Oriented Substation Event) message authentication system | |
| CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
| CN103873257A (en) | Secrete key updating, digital signature and signature verification method and device | |
| CN103856938A (en) | Encryption and decryption method, system and device | |
| CN105187453A (en) | Security encryption communication method of fault indicator | |
| CN116346335A (en) | Encryption communication method and encryption communication system for electric energy meter and concentrator | |
| KR20200143034A (en) | Certificate-based security electronic watt hour meter | |
| CN104363219B (en) | A kind of three parts cipher key management method based on IEC62056 data transmission security standards |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: The 410007 West Hunan province Changsha Yuhua District No. 471 Applicant after: Electric Power Design Institute Co., Ltd of energy source in China construction group Hunan Province Address before: The 410000 West Hunan province Changsha Yuhua District No. 471 Applicant before: Hunan Electric Power Prospecting Design Inst. |
|
| CB02 | Change of applicant information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Hong Wenguo Inventor after: Sun Zhiyun Inventor after: Zhao Fengqing Inventor after: Liao Hong Inventor after: Zhou Jun Inventor after: Zhao Yu Inventor after: Li Xinhua Inventor after: Zhong Yi Inventor before: Qi Mingjun Inventor before: Hong Wenguo Inventor before: Sun Zhiyun Inventor before: The inventor has waived the right to be mentioned Inventor before: The inventor has waived the right to be mentioned Inventor before: The inventor has waived the right to be mentioned Inventor before: The inventor has waived the right to be mentioned Inventor before: The inventor has waived the right to be mentioned |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |