CN104717211B - A kind of transformer station's message analysis method of the shared key management based on coded communication - Google Patents
A kind of transformer station's message analysis method of the shared key management based on coded communication Download PDFInfo
- Publication number
- CN104717211B CN104717211B CN201510085393.5A CN201510085393A CN104717211B CN 104717211 B CN104717211 B CN 104717211B CN 201510085393 A CN201510085393 A CN 201510085393A CN 104717211 B CN104717211 B CN 104717211B
- Authority
- CN
- China
- Prior art keywords
- negotiation
- key
- information
- message analysis
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 42
- 230000006854 communication Effects 0.000 title claims abstract description 38
- 238000004891 communication Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims abstract description 9
- 239000000284 extract Substances 0.000 claims description 3
- 238000003795 desorption Methods 0.000 claims 1
- 238000007726 management method Methods 0.000 abstract description 12
- 230000002123 temporal effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000000682 scanning probe acoustic microscopy Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
- H04L63/064—Hierarchical key distribution, e.g. by multi-tier trusted parties
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Small-Scale Networks (AREA)
Abstract
It is an object of the invention to provide a kind of transformer station's message analysis method of the shared key management based on coded communication, by using temporary key administrative center, the passage safe to use between temporary key administrative center and MMS service ends, message analysis equipment, tls protocol communication handshake negotiations process is based in MMS, communication key is transferred by temporary key administrative center and gives message analysis equipment.Message analysis equipment selects communication key decrypted message by link, temporal information.The present invention is directed to substation, when intelligent electronic equipment of transformer substation is communicated using TLS security protocols, message analysis instrument equipment is caused to obtain TLS communication keys by using shared key management method, with from just in real time or quasi real time can analyzing security protocol message, communication equipment is monitored in the case of protocol communication safe to use to solve transformer station, and facilitates commissioning device.
Description
Technical field
This patent belongs to security information for power system field, and in particular to a kind of the present invention relates to shared close based on coded communication
Transformer station's message analysis method of key management.
Background technology
IEC 61850 proposes one group of common communication standard of transformer station, passes through a series of standardization to equipment so that
IED (intelligent electronic device) can be seamlessly connected under unified standard, in order to promote the development need of domestic transformer station, state
Inside propose the standards of DL/T 860 based on IEC 61850.
Transformer substation communication system is divided into substation level, wall, process layer by the standards of IEC 61850.IEC61850 net
Network communication upper strata is used uniformly Abstract Common Service Interface, to specific network, by by bottom layer realization interface mappings to being abstracted
Communication interface is docked.Abstract Common Service Interface is mapped to manufacture message specification between substation level and wall
(MMS), transmission control protocol/internet protocol (TCP/IP) Ethernet or optical networking.State Grid Corporation of China is in Eleventh Five-Year Plan
In clearly propose digital transformer substation of the research and extension based on IEC 61850 and electronic type PT/CT.Network as can be seen here
Turn into most important communication mode in transformer station.
But due to when the standards of IEC 61850 propose, only focusing on the shared communication between IED, and in communication process
Safety is not paid attention to, and causes transformer station once being invaded, and would become hard to think without any safeguard procedures, consequence inside transformer station
As.In April, 2005, International Organization for standardization IEC has formulated IEC62351 data and communication security standard (draft), to solve electricity
The data and communication security problem of power communication field.In IEC62351, certification and encryption are core contents.
In IEC62351 standards, application layer progress authentication and visit are included in the security hardening of transformer station's mobile agent server protocol
Control is asked, in transport layer TLS safe to use (Transport Layer Security, Transport Layer Security) agreement.Investigating
When use of the domestic manufacturers to the mobile agent server protocol after security hardening is suggested, for MMS agreements safe to use, what everybody was concerned about very much
Thing is that message analysis instrument does not have any analysis ability to the message of crawl, so as to the calling of reaching the standard grade to transformer station, operation monitoring
And safeguard and bring very serious operating cost, or even will be difficult to carry out security hardening product.
The content of the invention
It is an object of the invention to provide a kind of message analysis side of transformer station of the shared key management based on coded communication
Method, in real time or quasi real time security protocol message can be analyzed, to solve transformer station in protocol communication safe to use
In the case of monitor communication equipment, and facilitate commissioning device.
The purpose of the present invention can be realized by following technical measures:
A kind of transformer station's message analysis method of the shared key management based on coded communication, step are as follows:
1) TLS shakes hands or consulted again after the completion of, by the negotiation information of both sides:Communication link, negotiation algorithm and key, negotiation
Time is submitted to temporary key administrative center by escape way;
2) negotiation information is uniformly processed in temporary key administrative center, and is actively issued to message analysis equipment according to configuration,
If without configuration, information cache is treated into message analysis equipment actively to extract;
3) message analysis equipment is locally searching negotiation algorithm first according to the message obtained according to communication link and time
And key, if local do not have, actively go to extract to temporary key administrative center, after obtaining negotiation algorithm and key, solve secret report
Text.The message analysis equipment is substation network message analysis instrument, for remembering and analyzing the equipment of network message.
Transformer station's message analysis equipment is enabled in temporary key management by using the method proposed in the present invention
Under the assistance of the heart, the communication message based on TLS security protocols is correctly parsed by escape way, so as in TLS safety
O&M when debugging when the running situation of transformer station is monitored on passage, and contributing to the transformer station to reach the standard grade and failure.
Present invention contrast prior art, has the following advantages:
First, correctly parse TLS by using the mode of temporary key administrative center, solution transformer station message analysis equipment and lead to
The problem of believing message.
2nd, can be to more message equipment using temporary key administrative center, more communication links carry out key management and divided
Hair.
Brief description of the drawings
Fig. 1 is transformer station's message analysis general frame figure of tls protocol of the present invention;
Fig. 2 is that TLS interactions responder of the present invention sends negotiation information to temporary key administrative center;
Fig. 3 is temporary key management management negotiation information step of the present invention;
Fig. 4 is that message analysis equipment of the present invention uses negotiation algorithm and secret key decryption message step;
Embodiment
A kind of transformer station's message analysis method of the shared key management based on coded communication, by using temporary key pipe
Reason center, passage safe to use, is based in MMS between temporary key administrative center and MMS service ends, message analysis equipment
After the completion of tls protocol communication handshake is consulted, link, negotiation algorithm and key, negotiation time are passed through into temporary key administrative center
Transfer and give message analysis equipment.Message analysis equipment selects the communication of algorithms and secret key decryption message by link, temporal information.Should
Method and step is as follows:
Step 1:As shown in figure 1, TLS shakes hands or negotiations process again, TLS shakes hands or consulted again after the completion of, by the association of both sides
Business's information is submitted to temporary key administrative center by escape way, and the negotiation information is communication link, negotiation algorithm and close
Key and negotiation time;
After the completion of the negotiation of TLS communicating pairs, by the passive side (service side) that communicates by the algorithm after negotiation, communication key
And negotiation time passes to temporary key administrative center.As shown in Fig. 2 TLS interactions responder sends negotiation information extremely
The detailed process of temporary key administrative center is as follows:
Step 1.1:Hello message is exchanged to consult cipher suite, exchanges random number, determines whether session reuses.
Step 1.2:Necessary parameter is exchanged, consults pre- master key;
Step 1.3:Certificate information is exchanged, for verifying other side;
Step 1.4:Use pre- master key and the generating random number master key exchanged;
Step 1.5:Security parameter is provided to recording layer;
Step 1.6:Verify uniformity, the authenticity and integrity of handshake procedure for the security parameter that both sides calculate.
Step 1.7:Build negotiation information data structure<L,A,K,T>, wherein L is link information, and A and K are negotiation algorithm
And key, T are negotiation time, then the link information of communicating pair, negotiation algorithm and key and negotiation deadline are assigned
Negotiation information structure;
Step 1.8:Digital certificate is configured, uses public key cryptography RSA (Rivest, Shamir , &Adleman
(public key encryption technology)) AES encryption<L,A,K,T>, and it is sent to temporary key management
Center.For AES by taking RSA as an example, main thought is using IKE, is consulted by escape way to exchange herein
Information, naturally it is also possible to using other AESs.
Step 2:As shown in figure 3, negotiation information is uniformly processed in temporary key administrative center, and actively it is issued to according to configuration
Message analysis equipment, if without configuration, information cache is treated into message analysis equipment actively to extract;Detailed process is as follows:
Temporary key administrative center builds two kinds of data structures first, and one kind is using link information as major key, during consulting
Between, negotiation algorithm and key is are worth, structure negotiation information list, in building process, are built in order using time size as sequence;It is another
Kind, using link information as value, builds device link list using device address as major key.Negotiation information list, which is used to be managed collectively, assists
Business's information, device link list are used for active push negotiation information.Step is as follows:
Step 2.1:Build negotiation information list<L,<T,A,K>>With device link list<PA,L>, wherein, PA is message
Analytical equipment, L are link information, and A and K are negotiation algorithm and key, and T is negotiation time.Negotiation information list can run
During dynamic construction.Device link list needs static configuration before system operation.
Step 2.2:Digital certificate is configured, the negotiation information received using RSA cryptographic algorithms decryption, is obtained<L,A,K,T
>。
Step 2.3:L is extracted, from<L,<T,A,K>>In search whether L be present, if in the presence of, using time size as sequence will<L,
A,K,T>Added according to negotiation information listings format.If being not present, newly-built one in negotiation information list.
Step 2.4:Device link list is traveled through using L, if finding the PA using L, uses RSA Algorithm encrypted negotiation information
<L,A,K,T>, encrypted data is actively then sent to equipment PA.
Step 2.5:If not finding the PA using L, negotiation information is cached with negotiation information list mode, waits report
Literary analytical equipment is extracted.
Step 2.6:When the request for receiving equipment PA, decrypt, obtain first by RSA Algorithm<PA,L,T>, then using L
Negotiation information list with T from caching<L,<T, A, K>>Middle lookup., will if finding<A,K>After information uses rsa encryption
Return to equipment PA.
Step 3:As shown in figure 4, message analysis equipment, according to the message obtained, foundation communication link and time are first at this
The negotiation algorithm and key that ground is looked into, do not have if local, actively go to extract to temporary key administrative center, acquisition negotiation algorithm and
After key, decrypted message.Detailed process is as follows:
Step 3.1:Message analysis monitoring of equipment link packet;
Step 3.2:Message analysis equipment extracts message link L and time T, according to L and T from local negotiation information caching
Extract negotiation information<A,K>, local negotiation information caching is the content of temporary key administrative center active push.If in the presence of entering
Enter step 3.4;
Step 3.3:Message analysis equipment is encrypted RSA Algorithm with L and T<PA,L,T>, in then being managed to temporary key
The heart initiates request, waits to be returned.
Step 3.4:Extraction<A,K>, message is decrypted using negotiation algorithm A and key K.
Step 3.5:After message decryption, communication equipment is monitored by plaintext and O&M.
Transformer station's message analysis method that this patent passes through shared key management of the proposition based on tls protocol so that awarding
In the case of power, using tls protocol communicating pair, in TLS handshake procedures, the AES of negotiation and key are passed through into secrecy hand
Section is supplied to message analysis instrument, and message analysis instrument selects suitable algorithm and key to be reported using link and time parameter
Text analysis.
The implementation of the present invention is not limited to this, under the premise of the above-mentioned basic fundamental thought of the present invention, according to this area
Ordinary technical knowledge and customary means make the modification, replacement or change of other diversified forms to present invention, all fall within
Within rights protection scope of the present invention.
Claims (3)
- A kind of 1. transformer station's message analysis method of the shared key management based on coded communication, it is characterised in that including following step Suddenly:Step 1:TLS shakes hands or consulted again after the completion of, the negotiation information of both sides is submitted to temporary key pipe by escape way Reason center, the negotiation information are communication link, negotiation algorithm and key and negotiation time;Step 2:Negotiation information is uniformly processed in temporary key administrative center, and is actively issued to message analysis equipment according to configuration, If without configuration, information cache is treated into message analysis equipment actively to extract;Step 3:Message analysis equipment is consulted in locally lookup first according to the message obtained according to communication link and negotiation time Algorithm and key, if local do not have, actively go to extract to temporary key administrative center, after obtaining negotiation algorithm and key, solution Secret report text.
- 2. transformer station's message analysis method according to claim 1, it is characterised in that:By the association of both sides in the step 1 The detailed process that business's information is submitted to temporary key administrative center by escape way is as follows:Step 1.1:Hello message is exchanged to consult cipher suite, exchanges random number, determines whether session reuses;Step 1.2:Necessary parameter is exchanged, consults pre- master key;Step 1.3:Certificate information is exchanged, for verifying other side;Step 1.4:Use pre- master key and the generating random number master key exchanged;Step 1.5:Security parameter is provided to recording layer;Step 1.6:Verify uniformity, the authenticity and integrity of handshake procedure for the security parameter that both sides calculate;Step 1.7:Build negotiation information data structure<L, A, K, T>, wherein L is link information, A and K be negotiation algorithm and Key, T are negotiation time, then assign the link information of communicating pair, negotiation algorithm and key and negotiation deadline to association Business's message structure;Step 1.8:Digital certificate is configured, is encrypted using public key cryptography AES<L,A,K,T>, and be sent to interim close Key administrative center.
- 3. transformer station's message analysis method according to claim 2, it is characterised in that:Temporary key pipe in the step 2 It is as follows that negotiation information detailed process is uniformly processed in reason center:Step 2.1:Build negotiation information list<L,<T,A,K>>With device link list<PA,L>, wherein, PA is message analysis Equipment, L are link information, and A and K are negotiation algorithm and key, and T is negotiation time;Step 2.2:Digital certificate is configured, the negotiation information received using RSA cryptographic algorithms decryption, is obtained<L,A,K,T>;Step 2.3:L is extracted, from<L,<T,A,K>>In search whether L be present, if in the presence of, using time size as sequence will<L,A,K, T>Added according to negotiation information listings format;If being not present, newly-built one in negotiation information list;Step 2.4:Device link list is traveled through using L, if finding the PA using L, uses RSA Algorithm encrypted negotiation information<L, A,K,T>, encrypted data is actively then sent to equipment PA;Step 2.5:If not finding the PA using L, negotiation information is cached with negotiation information list mode, waits message point Desorption device extracts;Step 2.6:When the request for receiving equipment PA, decrypt, obtain first by RSA Algorithm<PA,L,T>, then using L and T From the negotiation information list of caching<L,<T, A, K>>Middle lookup;, will if finding<A,K>Information after rsa encryption using returning Give equipment PA.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510085393.5A CN104717211B (en) | 2015-02-16 | 2015-02-16 | A kind of transformer station's message analysis method of the shared key management based on coded communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510085393.5A CN104717211B (en) | 2015-02-16 | 2015-02-16 | A kind of transformer station's message analysis method of the shared key management based on coded communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104717211A CN104717211A (en) | 2015-06-17 |
| CN104717211B true CN104717211B (en) | 2017-12-19 |
Family
ID=53416174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510085393.5A Expired - Fee Related CN104717211B (en) | 2015-02-16 | 2015-02-16 | A kind of transformer station's message analysis method of the shared key management based on coded communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104717211B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105791285A (en) * | 2016-03-01 | 2016-07-20 | 积成电子股份有限公司 | Online analyzing method of MMS (Manufacturing Message Specification) message in support of IEC62351 encryption |
| CN109873972B (en) * | 2019-02-13 | 2022-02-18 | 苏州科达科技股份有限公司 | Registration method, calling method, medium and device for preventing renegotiation DoS attack |
| CN110224823B (en) * | 2019-06-12 | 2021-02-23 | 湖南大学 | Transformer substation message safety protection method and device, computer equipment and storage medium |
| CN112165494B (en) * | 2020-09-30 | 2023-04-28 | 厦门亿联网络技术股份有限公司 | Message analysis method, device, electronic equipment and storage medium |
| CN113364582B (en) * | 2021-05-11 | 2022-07-12 | 国网浙江省电力有限公司电力科学研究院 | Method for communication key configuration and update management in transformer substation |
| CN113595758B (en) * | 2021-06-18 | 2024-05-14 | 国网浙江省电力有限公司电力科学研究院 | Fault positioning method under encrypted communication of transformer substation |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
-
2015
- 2015-02-16 CN CN201510085393.5A patent/CN104717211B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
Non-Patent Citations (3)
| Title |
|---|
| IEC61850安全性分析及解决方案研究;盛兆勇;《中国优秀硕士学位论文全文数据库 工程科技Ⅱ辑》;20140315(第3期);第C042-458页 * |
| 基于IEC 62351的变电站自动化系统通信安全的研究;龙林德 等;《长沙通信职业技术学院学报》;20100930;第9卷(第3期);第1-6页 * |
| 基于IEC 62351的变电站通信安全技术的研究;梁锋,丁杰;《2007第十一届全国保护和控制学术研讨会》;20071231;第392-396页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104717211A (en) | 2015-06-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104717211B (en) | A kind of transformer station's message analysis method of the shared key management based on coded communication | |
| CN102983965B (en) | Transformer station's quantum communications model, quantum key distribution center and model implementation method | |
| King et al. | A distributed security mechanism for resource-constrained IoT devices | |
| CN102882847B (en) | Secure digital (SD)-password-card-based secure communication method of Internet of things healthcare service system | |
| CN104702611B (en) | A kind of device and method for protecting Secure Socket Layer session key | |
| CN103428221B (en) | Safe login method, system and device to Mobile solution | |
| Iyer | Cyber security for smart grid, cryptography, and privacy | |
| CN106941491B (en) | Safety application data link layer equipment of electricity utilization information acquisition system and communication method | |
| CN104468618B (en) | XMPP safety access method based on sensor network | |
| CN102932790B (en) | Mobile-communication-network-based security authentication method of Internet of Things | |
| CN105577365B (en) | A kind of user accesses the cryptographic key negotiation method and device of WLAN | |
| Zhang et al. | A security scheme for intelligent substation communications considering real-time performance | |
| CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
| Coppolino et al. | Exposing vulnerabilities in electric power grids: An experimental approach | |
| CN112422560A (en) | Lightweight substation secure communication method and system based on secure socket layer | |
| Schlegel et al. | Assessing the security of IEC 62351 | |
| CN102629928B (en) | Implementation method for safety link of internet lottery ticket system based on public key | |
| CN104994107A (en) | MMS message off-line analysis method based on IEC62351 | |
| CN105656623A (en) | Device for enhancing security of intelligent substation IED | |
| CN114205131A (en) | Safety certification protocol for transformer substation measurement and control and PMU (power management unit) equipment | |
| CN110233735B (en) | Comprehensive safety protection method and system for grid-connected power station industrial control system | |
| Zhang et al. | Design and Implementation of IEC61850 Communication Security Protection Scheme for Smart Substation based on Bilinear Function | |
| Ustun et al. | Initialization Vector for application of IEC 61850-90-5 security features on R-GOOSE and R-SV messages | |
| Butpheng et al. | A Secure IoT and Cloud Computing‐Enabled e‐Health Management System | |
| CN104994096B (en) | A kind of dynamic load is in the collocation method of the security hardening mechanism module of intelligent substation communication manager |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171219 Termination date: 20190216 |