CN109040120A - A kind of SV message encryption and decryption method based on IEC61850 standard - Google Patents

A kind of SV message encryption and decryption method based on IEC61850 standard Download PDF

Info

Publication number
CN109040120A
CN109040120A CN201811067787.8A CN201811067787A CN109040120A CN 109040120 A CN109040120 A CN 109040120A CN 201811067787 A CN201811067787 A CN 201811067787A CN 109040120 A CN109040120 A CN 109040120A
Authority
CN
China
Prior art keywords
message
key
encryption
instmag
management center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811067787.8A
Other languages
Chinese (zh)
Inventor
蒋程然
王青云
周喜章
陈兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Institute of Technology
Original Assignee
Nanjing Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Institute of Technology filed Critical Nanjing Institute of Technology
Priority to CN201811067787.8A priority Critical patent/CN109040120A/en
Publication of CN109040120A publication Critical patent/CN109040120A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3093Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses a kind of SV message encryption and decryption method based on IEC61850 standard, step 1, Key Management Center send key information to message transmitting party and message recipient;Step 2, agreement the number of iterations;Step 3, message transmitting party calculate encryption key;Step 4 extracts 61850 SV message instMag partial information data of IEC;Step 5 carries out encryption iteration operation;Step 6 fills encrypted result into 61850 SV message of IEC;Step 7, verification send message after passing through;Step 8, message recipient calculate decruption key;Step 9 extracts instMag partial information data in 61850 SV message of IEC;Interative computation is decrypted in step 10;Message merging is carried out after step 11, decryption, obtains respective electric amount.Under the premise of meeting communication of power system real-time, guarantee the safety of SV sampling value message, required calculation resources are few, and speed is fast.

Description

A kind of SV message encryption and decryption method based on IEC61850 standard
Technical field
The present invention relates to a kind of SV message encryptions and decryption method based on IEC61850 standard.
Background technique
Development and large-scale application with 61850 standard of IEC in China, and the investment of a large amount of digital transformer substations Operation, so that a wide range of share of electric power sampled data becomes possibility, it can be electric power by the real time communication of sampled data The new relay protection scheme for double such as system wide area protection provide data and support, avoid the appearance of information island.But as electric power is logical The rapid expansion of communication network, incident is the safety problem of powerline network, and sampled data message, which will face, is usurped The risk change, revealed, this is that cannot be neglected major issue for electric system.And traditional sampling message encryption algorithm by It is big in operation time, it is not able to satisfy the requirement of real-time of 61850 standard of IEC, is difficult to apply in engineering practice.
Summary of the invention
In view of the above-mentioned problems, the present invention provides a kind of SV message encryption and decryption method based on IEC61850 standard, Under the premise of meeting communication of power system real-time, guarantee the safety of SV sampling value message, using Encryption Algorithm only to message The partial information of electrical quantity instMag is encrypted, and required calculation resources are few, and speed is fast, and for algorithm secret key distribution, guarantor The problem of close difficulty introduces Key Management Protocol and carries out key encryption handling, maintains the safety of key and not will increase The computation burden of each communication node.
To realize above-mentioned technical purpose and the technique effect, the invention is realized by the following technical scheme:
A kind of SV message encryption and decryption method based on IEC61850 standard, includes the following steps:
Step 1, Key Management Center send key information to message transmitting party and message recipient;
Step 2, message transmitting party and message recipient are according to communication network environment and equipment operational capability agreement iteration time Number;
Step 3, message transmitting party calculate encryption key according to the key information combination private key that Key Management Center is sent, and Encryption key is divided into k (0), k (1), k (2), (3) four parts k, each 32;
Step 4 is extracted 61850 SV message instMag partial information data of IEC, and is grouped as the to be added of 64bit Secret report text, every group of clear text data are divided into v (0), (1) two part v, and each 32;
Step 5 carries out encryption iteration operation:
S=S+De;
Wherein, S is encryption iteration number, and initial value is 0;De value is 0x9e3779b9, is Fibonacci number;t1Initially For v (0), t2It is initially v (1);A is k (0), and b is k (1), and c is k (2), and d is k (3);"<<" indicate to left dislocation, ">>" indicate It is displaced to the right,Indicate XOR operation;
Merge encrypted result after step 6, operation, and encrypted result is filled into 61850 SV message of IEC;
Step 7 carries out CRC completeness check to 61850 SV message of IEC, and verification sends message after passing through;
After step 8, message recipient receive message, CRC check is carried out, after verification is errorless, message recipient is according to key The key information combination private key that administrative center sends calculates decruption key, and decruption key is divided into k (0), k (1), k (2), k (3) four parts, each 32;
Step 9, extract 61850 SV message of IEC in instMag partial information data, be grouped for 64bit it is to be decrypted Message, every group of message to be decrypted are divided into v ' (0), (1) two part v ', and each 32;
Interative computation is decrypted in step 10:
S '=S '-De;
Wherein, S ' is decryption the number of iterations, and initial value is De*n, n be message transmitting party and message recipient both sides about Fixed the number of iterations;o1It is initially v ' (0), o2It is initially v ' (1), a is k (0), and b is k (1), and c is k (2), and d is k (3), " < < " It indicates to left dislocation, " > > " indicate to be displaced to the right,Indicate XOR operation;
Message merging is carried out after step 11, decryption, obtains respective electric amount.
It is preferred that step 1 specifically comprises the following steps:
Step 1-1, Key Management Center selectes a Big prime q, selected one of message transmitting party and message recipient with Machine positive integer ru, wherein q >=m, m are the number of nodes of communication network, ru∈Zq *, Zq *For Big prime selected by Key Management Center Set;
Step 1-2, Key Management Center selectes 3 parameter p, j, k, p, j, k ∈ Z at randomq *, constructed fuction f (x, y):
F (x, y)=[p+j (x+y)+kxy] modq
Wherein, mod is mould except calculating, and x, y are variable;
Step 1-3, Key Management Center calculates function g according to the following formulaa(x) and gb(x):
ga(x)=f (x, ra)modq
gb(x)=f (x, rb)modq
Wherein, raFor the private key of recipient, rbFor the private key of sender;
Step 1-4, Key Management Center sends following key information to message transmitting party:
Epuk_a[ga(x),Ti,rb]||Skdc[ga(x),Ti,rb]
Key Management Center sends following key information to message recipient:
Epuk_b[gb(x),Ti,ra]||Skdc[gb(x),Ti,ra]
Wherein, E indicates Blom Encryption Algorithm;Puk_a and puk_b respectively indicates the encrypted public key of sender and recipient;S Indicate signature algorithm;The encrypted public key of kdc expression Key Management Center;TiTarget random number matrix when for band.
It is preferred that message transmitting party and message recipient, which are connected to after key information, calculates encryption key K using respective private keyab With decruption key Kba:
Kab=ga(rb)modq
Kba=gb(ra)modq
Wherein, Kab=ga(rb) modq=f (ra,rb)=gb(ra) modq=Kba
It is preferred that the value range of the number of iterations of agreement is 6-64 in step 2.
It is preferred that extracting the high 16bit information of each instMag information in step 4, every 4 instMag are used as one group to be added The clear text of close algorithm inputs.
It is preferred that being divided into one group of carry out encrypting and decrypting when instMag number in SV message is less than or equal to 4;When InstMag number is divided into 2 groups of carry out encrypting and decryptings when being greater than 4.
It is preferred that instMag is countless in clear text when instMag number in SV message is not 4 or 8 According to part, initial value is filled in order using 0;After decryption this instMag no data continuously is defaulted for 0 for 16.
The beneficial effects of the present invention are:
The first, the present invention only extracts electrical quantity in SV message for the particular content feature of 61850 SV message of IEC Partial data is iterated encrypting and decrypting using Encryption Algorithm, and proposes for the characteristics of structure and Encryption Algorithm of SV message A kind of new extraction information and information block method, guarantee its message integrality, required calculation resources finally by CRC check Few, speed is fast, can satisfy the requirement of 61850 standard real-time Transmission of IEC processing time 4ms, and the present invention is meeting electric system Under the premise of real-time communication requires, guarantee the safety of sampling value message.
The second, the present invention is extracted for the requirement of the specific structure feature and Encryption Algorithm of 61850 SV message of IEC InstMag partial information is grouped and encrypting and decrypting, ensure that the safe transmission of information while reducing operand.
The Encryption Algorithm that third, the present invention use realizes that simple, execution speed is fast, and can be good at adapting to embedding Enter the electric intelligent electronic equipment (Intelligent Electronic Device, IED) based on formula platform, stability is high, energy Enough meet the requirement of intelligent digitalized substation.
4th, since Encryption Algorithm used is symmetric encipherment algorithm, i.e. communicating pair is encrypted using identical key And decryption, and communication node is numerous in power system network, key safely, to be properly distributed it is difficult to realize, once appoint The Key Exposure of meaning node, will cause the information security of entire communication network risk occur, so invention introduces keys Administrative mechanism improves Encryption Algorithm, and the introducing of Key Management Center greatly reduces key distribution, the realization of secrecy hardly possible Degree, and since most of calculating work of secret key cryptographic algorithm is all completed by Key Management Center, it ensure that the safety of key Property and additional computing cost will not be increased to communicating pair.
Detailed description of the invention
Fig. 1 is communication structure schematic diagram of the present invention;
Fig. 2 is message encryption flow diagram of the present invention;
Fig. 3 is message encryption algorithm flow schematic diagram of the present invention;
Fig. 4 is message decipherment algorithm flow diagram of the present invention;
Fig. 5 is that distinct methods 32 of the present invention take turns iterative cryptographic time-consuming contrast schematic diagram;
Fig. 6 is that distinct methods 6 of the present invention take turns iterative cryptographic time-consuming contrast schematic diagram.
Specific embodiment
Technical solution of the present invention is described in further detail with specific embodiment with reference to the accompanying drawing, so that ability The technical staff in domain can better understand the present invention and can be practiced, but illustrated embodiment is not as to limit of the invention It is fixed.
The present invention to instMag partial information in 61850 SV message of IEC by carrying out being encrypted to ensure that the communication system of power grids Safety avoids the occurrence of the risk that communication data is maliciously tampered and reveals, for the communicating requirement of 61850 standard of IEC, originally The group technology that invention proposes meets the requirement of the design feature and Encryption Algorithm of SV message, and grouping is simple, speed is fast, uses Encryption Algorithm easily realizes, high-efficient and can select the number of iterations according to the actual situation, meets in Contemporary Digital substation The requirement of IED equipment, and introduce Key Management Protocol and encryption distribution has been carried out to key, substantially reduce communication network The security risk of network.
Specifically, a kind of SV message encryption and decryption method based on IEC61850 standard, includes the following steps:
Step 1, Key Management Center send key information to message transmitting party and message recipient: in power system network Communication node is numerous, key safely, to be properly distributed it is difficult to realize, once the Key Exposure of arbitrary node, will lead It causes the information security of entire communication network risk occur, Encryption Algorithm is changed so invention introduces key management mechanisms Into.As shown in Figure 1, listing the communication network architecture figure of 3 communication nodes, key present invention uses Key Management Protocol Administrative center will distribute real-time cipher key information to each node, and each node is according to key information computation key, then carries out SV report Text encryption and decryption.
It is preferred that step 1 specifically comprises the following steps:
Step 1-1, Key Management Center selectes a Big prime q, selected one of message transmitting party and message recipient with Machine positive integer ru, wherein q >=m, m are the number of nodes of communication network, ru∈Zq *, Zq *For Big prime selected by Key Management Center Set, the selection of this implementation column Key Management Center realize that software translating platform is VS2013 using computer software.
Step 1-2, Key Management Center selectes 3 parameter p, j, k, p, j, k ∈ Z at randomq *, constructed fuction f (x, y):
F (x, y)=[p+j (x+y)+kxy] modq
Wherein, mod be mould except calculate, x, y for institute constructed fuction f variable.
Step 1-3, Key Management Center calculates function g according to the following formulaa(x) and gb(x):
ga(x)=f (x, ra)modq
gb(x)=f (x, rb)modq
Wherein, raFor the private key of recipient, rbFor the private key of sender;
Step 1-4, Key Management Center sends following key information to message transmitting party:
Epuk_a[ga(x),Ti,rb]||Skdc[ga(x),Ti,rb]
Key Management Center sends following key information to message recipient:
Epuk_b[gb(x),Ti,ra]||Skdc[gb(x),Ti,ra]
Wherein, E indicates Blom Encryption Algorithm;Puk_a and puk_b respectively indicates the encrypted public key of sender and recipient;S Indicate signature algorithm;The encrypted public key of kdc expression Key Management Center;TiTarget random number matrix when for band.
Key Management Center sends T to message transmitting partyiThe Encryption Algorithm E of corresponding moment senderpuk_a[ga(x),Ti, rb] and signature algorithm Skdc[ga(x),Ti,rb], collectively constitute the key information of sender;T is sent to message recipientiWhen to correspondence Carve the decipherment algorithm E of recipientpuk_b[gb(x),Ti,ra] and signature algorithm Skdc[gb(x),Ti,ra], collectively constitute sender's Key information.
Message transmitting party and message recipient are connected to after key information and calculate encryption key K using respective private keyabReconciliation Key Kba:
Kab=ga(rb)mod q
Kba=gb(ra)mod q
Because of polynomial symmetry thus, both sides' calculated result key: Kab=ga(rb) mod q=f (ra,rb)=gb(ra) Modq=Kba
Step 2, message transmitting party and message recipient are according to communication network environment and equipment operational capability agreement iteration time Number.Sending and receiving both sides arrange the number of iterations according to communication network environment and equipment operational capability, based on encryption used herein Arithmetic logic and feature at least carry out 6 wheel iteration, and all digits of information data can all change, if message safety collar Border is severe and IED performance allows, and the number of iterations can increase to 32 wheels, and maximum 64 is taken turns.
Step 3, message transmitting party calculate encryption key according to the key information combination private key that Key Management Center is sent, and Encryption key is divided into k (0), k (1), k (2), (3) four parts k, each 32, total 128bit.
Step 4 is extracted 61850 SV message instMag partial information data of IEC, and is grouped as the to be added of 64bit Secret report text, every group of clear text data are divided into v (0), (1) two part v, and each 32.
As shown in Fig. 2, the present invention extracts instMag partial information in 61850 SV message of IEC, each SV report first Literary structure include beginning flag, address, priority, type, length and protocol Data Unit (Protocol data Unit, PDU), provide that each PDU may include 1 to 8 Application service data unit (Application according to 61850 standard of IEC Service Data Unit, ASDU), the part instMag is located in the domain DataSet of ASDU latter half, each The thresholding of instMag all reflects the specific value of an electrical quantity, is the most crucial content of whole SV message, ensure that The data safety of the part instMag, it is ensured that the essential information safety of SV message.Finally using the complete of CRC check message Property, it is ensured that electric power communication network it is safe and reliable.
It is preferred that extracting information in step 4 and group technology being as follows:
The safety that can guarantee information need to be only encrypted i.e. to partial information, provided according to IEC61850 standard, every SV message 8 instMag information are contained up to, each instMag information is 32bit, and Encryption Algorithm input clear text is fixed as 64bit, extracts the high 16bit information of each instMag information, and every 4 instMag are one group of secret report to be added as Encryption Algorithm Text input.
When instMag number in SV message is less than or equal to 4, it is divided into one group of carry out encrypting and decrypting;When instMag Number is divided into 2 groups of carry out encrypting and decryptings when being greater than 4.
When instMag number in SV message is not 4 or 8, the portion of instMag no data in clear text Point, initial value is filled in order using 0;After decryption this instMag no data continuously is defaulted for 0 for 16.
Step 5 carries out encryption iteration operation:
S=S+De;
Wherein, S is encryption iteration number, and initial value is 0;De value is 0x9e3779b9, is Fibonacci number;t1Initially For v (0), t2It is initially v (1);A is k (0), and b is k (1), and c is k (2), and d is k (3);"<<" indicate to left dislocation, ">>" indicate It is displaced to the right,Indicate XOR operation;T1, t2 are the data informations obtained after being grouped confidential information to be added, each time It can change after iteration.
Merge encrypted result after step 6, operation, and encrypted result is filled into 61850 SV message of IEC.Report For text encryption implementation flow chart as shown in figure 3, variable i represents iterative algorithm counting how many times flag bit in figure, n represents sending and receiving both sides The number of iterations of agreement, " ^ " indicate XOR operation.
Step 7 carries out CRC completeness check to 61850 SV message of IEC, and verification sends message after passing through, passes through CRC Verification guarantees message integrality.
After step 8, message recipient receive message, CRC check is carried out, after verification is errorless, message recipient is according to key The key information combination private key that administrative center sends calculates decruption key, and decruption key is divided into k (0), k (1), k (2), k (3) four parts, each 32.
Step 9 extracts instMag partial information data in 61850 SV message of IEC, and extracted information is to have added at this time Secret report text, is grouped as 64bit message to be decrypted, and every group of message to be decrypted is divided into v ' (0), (1) two part v ', and each 32 Position.
Interative computation is decrypted in step 10:
S '=S '-De;
Wherein, S ' is decryption the number of iterations, and initial value is De*n, n be message transmitting party and message recipient both sides about Fixed the number of iterations;o1It is initially v ' (0), o2It is initially v ' (1), a is k (0), and b is k (1), and c is k (2), and d is k (3), " < < " It indicates to left dislocation, " > > " indicate to be displaced to the right,Indicate XOR operation;
Message merging is carried out after step 11, decryption, obtains respective electric amount, implementation flow chart such as Fig. 4 institute of message decryption Show, variable i represents iterative algorithm counting how many times flag bit in figure, and n represents the number of iterations of sending and receiving both sides agreement, and " ^ " indicates different Or operation.
It as shown in Figure 5, Figure 6, is iteration 32 times and iteration 6 times under distinct methods time-consuming comparisons, dotted line expression is not extracted InstMag information encrypts the entire part PDU, and solid line indicates according to the method for the present invention, to extract instMag information and carry out Encryption, statistics indicate that the present invention is clearly more superior in time-consuming.
The beneficial effects of the present invention are:
The first, the present invention only extracts electrical quantity in SV message for the particular content feature of 61850 SV message of IEC Partial data is iterated encrypting and decrypting using Encryption Algorithm, and proposes for the characteristics of structure and Encryption Algorithm of SV message A kind of new extraction information and information block method, guarantee its message integrality, required calculation resources finally by CRC check Few, speed is fast, can satisfy the requirement of 61850 standard real-time Transmission of IEC processing time 4ms, and the present invention is meeting electric system Under the premise of real-time communication requires, guarantee the safety of sampling value message.
The second, the present invention is extracted for the requirement of the specific structure feature and Encryption Algorithm of 61850 SV message of IEC InstMag partial information is grouped and encrypting and decrypting, ensure that the safe transmission of information while reducing operand.
The Encryption Algorithm that third, the present invention use realizes that simple, execution speed is fast, and can be good at adapting to embedding Enter the electric intelligent electronic equipment (Intelligent Electronic Device, IED) based on formula platform, stability is high, energy Enough meet the requirement of intelligent digitalized substation.
4th, since Encryption Algorithm used is symmetric encipherment algorithm, i.e. communicating pair is encrypted using identical key And decryption, and communication node is numerous in power system network, key safely, to be properly distributed it is difficult to realize, once appoint The Key Exposure of meaning node, will cause the information security of entire communication network risk occur, so invention introduces keys Administrative mechanism improves Encryption Algorithm, and the introducing of Key Management Center greatly reduces key distribution, the realization of secrecy hardly possible Degree, and since most of calculating work of secret key cryptographic algorithm is all completed by Key Management Center, it ensure that the safety of key Property and additional computing cost will not be increased to communicating pair.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure made by bright specification and accompanying drawing content perhaps equivalent process transformation or be directly or indirectly used in other correlation Technical field, be included within the scope of the present invention.

Claims (7)

1. a kind of SV message encryption and decryption method based on IEC61850 standard, which comprises the steps of:
Step 1, Key Management Center send key information to message transmitting party and message recipient;
Step 2, message transmitting party and message recipient arrange the number of iterations according to communication network environment and equipment operational capability;
Step 3, message transmitting party calculate encryption key according to the key information combination private key that Key Management Center is sent, and will add Key is divided into k (0), k (1), k (2), (3) four parts k, and each 32;
Step 4 extracts 61850 SV message instMag partial information data of IEC, and the secret report to be added being grouped as 64bit Text, every group of clear text data are divided into v (0), (1) two part v, and each 32;
Step 5 carries out encryption iteration operation:
S=S+De;
Wherein, S is encryption iteration number, and initial value is 0;De value is 0x9e3779b9, is Fibonacci number;t1It is initially v (0), t2It is initially v (1);A is k (0), and b is k (1), and c is k (2), and d is k (3);"<<" indicate to left dislocation, ">>" indicate to Right displacement,Indicate XOR operation;
Merge encrypted result after step 6, operation, and encrypted result is filled into 61850 SV message of IEC;
Step 7 carries out CRC completeness check to 61850 SV message of IEC, and verification sends message after passing through;
After step 8, message recipient receive message, CRC check is carried out, after verification is errorless, message recipient is according to key management The key information combination private key that center is sent calculates decruption key, and decruption key is divided into k (0), k (1), k (2), k (3) four A part, each 32;
Step 9 extracts instMag partial information data in 61850 SV message of IEC, is grouped as 64bit report to be decrypted Text, every group of message to be decrypted are divided into v ' (0), (1) two part v ', and each 32;
Interative computation is decrypted in step 10:
S '=S '-De;
Wherein, S ' is decryption the number of iterations, and initial value is De*n, and n is that message transmitting party and message recipient both sides arrange The number of iterations;o1It is initially v ' (0), o2It is initially v ' (1), a is k (0), and b is k (1), and c is k (2), and d is k (3), and " < < " indicates To left dislocation, " > > " indicate to be displaced to the right,Indicate XOR operation;
Message merging is carried out after step 11, decryption, obtains respective electric amount.
2. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 1, feature exist In step 1 specifically comprises the following steps:
Step 1-1, Key Management Center selectes a Big prime q, and message transmitting party and message recipient are selecting one at random just Integer ru, wherein q >=m, m are the number of nodes of communication network, ru∈Zq *, Zq *For the set of Big prime selected by Key Management Center;
Step 1-2, Key Management Center selectes 3 parameter p, j, k, p, j, k ∈ Z at randomq *, constructed fuction f (x, y):
F (x, y)=[p+j (x+y)+kxy] modq
Wherein, mod is mould except calculating, and x, y are variable;
Step 1-3, Key Management Center calculates function g according to the following formulaa(x) and gb(x):
ga(x)=f (x, ra)modq
gb(x)=f (x, rb)modq
Wherein, raFor the private key of recipient, rbFor the private key of sender;
Step 1-4, Key Management Center sends following key information to message transmitting party:
Epuk_a[ga(x),Ti,rb]||Skdc[ga(x),Ti,rb]
Key Management Center sends following key information to message recipient:
Epuk_b[gb(x),Ti,ra]||Skdc[gb(x),Ti,ra]
Wherein, E indicates Blom Encryption Algorithm;Puk_a and puk_b respectively indicates the encrypted public key of sender and recipient;S is indicated Signature algorithm;The encrypted public key of kdc expression Key Management Center;TiTarget random number matrix when for band.
3. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 2, feature exist In message transmitting party and message recipient are connected to after key information and calculate encryption key K using respective private keyabAnd decruption key Kba:
Kab=ga(rb)modq
Kba=gb(ra)modq
Wherein, Kab=ga(rb) modq=f (ra,rb)=gb(ra) modq=Kba
4. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 1, feature exist In in step 2, the value range of the number of iterations of agreement is 6-64.
5. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 2, feature exist In, in step 4, extract the high 16bit information of each instMag information, every 4 instMag be one group as Encryption Algorithm to Encrypt message input.
6. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 5, feature exist In, when instMag number in SV message be less than or equal to 4 when, be divided into one group of carry out encrypting and decrypting;When instMag number is big It is divided into 2 groups of carry out encrypting and decryptings when 4.
7. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 6, feature exist In, when instMag number in SV message is not 4 or 8, the part of instMag no data in clear text, just Initial value is filled in order using 0;After decryption this instMag no data continuously is defaulted for 0 for 16.
CN201811067787.8A 2018-09-13 2018-09-13 A kind of SV message encryption and decryption method based on IEC61850 standard Pending CN109040120A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811067787.8A CN109040120A (en) 2018-09-13 2018-09-13 A kind of SV message encryption and decryption method based on IEC61850 standard

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811067787.8A CN109040120A (en) 2018-09-13 2018-09-13 A kind of SV message encryption and decryption method based on IEC61850 standard

Publications (1)

Publication Number Publication Date
CN109040120A true CN109040120A (en) 2018-12-18

Family

ID=64622034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811067787.8A Pending CN109040120A (en) 2018-09-13 2018-09-13 A kind of SV message encryption and decryption method based on IEC61850 standard

Country Status (1)

Country Link
CN (1) CN109040120A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113364756A (en) * 2021-05-31 2021-09-07 广东电网有限责任公司 Intelligent electronic equipment data transmission method, device, system and medium
CN113556231A (en) * 2021-06-16 2021-10-26 南京南瑞继保工程技术有限公司 Control information security authentication method based on IEC61850 control model
CN114697081A (en) * 2022-02-28 2022-07-01 国网江苏省电力有限公司淮安供电分公司 Intrusion detection method and system based on IEC61850 SV message operation situation model

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110252243A1 (en) * 2010-04-07 2011-10-13 Apple Inc. System and method for content protection based on a combination of a user pin and a device specific identifier
CN103716163A (en) * 2013-12-12 2014-04-09 华南理工大学 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard
CN105391701A (en) * 2015-10-28 2016-03-09 济南知芯集成电路技术有限公司 Data encryption method and system
CN106845304A (en) * 2017-01-22 2017-06-13 国网江苏省电力公司电力科学研究院 A kind of method and system for realizing reader and smart-tag authentication in rfid system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110252243A1 (en) * 2010-04-07 2011-10-13 Apple Inc. System and method for content protection based on a combination of a user pin and a device specific identifier
CN103716163A (en) * 2013-12-12 2014-04-09 华南理工大学 SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard
CN105391701A (en) * 2015-10-28 2016-03-09 济南知芯集成电路技术有限公司 Data encryption method and system
CN106845304A (en) * 2017-01-22 2017-06-13 国网江苏省电力公司电力科学研究院 A kind of method and system for realizing reader and smart-tag authentication in rfid system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SIMON J. SHEPHERD: "The Tiny Encryption Algorithm", 《CRYPTOLOGIA》 *
王智东等: "基于微型加密算法的IEC 61850-9-2LE报文加密方法", 《电力系统自动化》 *
路保辉: "智能电网AMI 通信系统及其数据安全策略研究", 《电网技术》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113364756A (en) * 2021-05-31 2021-09-07 广东电网有限责任公司 Intelligent electronic equipment data transmission method, device, system and medium
CN113556231A (en) * 2021-06-16 2021-10-26 南京南瑞继保工程技术有限公司 Control information security authentication method based on IEC61850 control model
CN113556231B (en) * 2021-06-16 2024-04-09 南京南瑞继保工程技术有限公司 Control information security identification method based on IEC61850 control model
CN114697081A (en) * 2022-02-28 2022-07-01 国网江苏省电力有限公司淮安供电分公司 Intrusion detection method and system based on IEC61850 SV message operation situation model
CN114697081B (en) * 2022-02-28 2024-05-07 国网江苏省电力有限公司淮安供电分公司 Intrusion detection method and system based on IEC61850 SV message running situation model

Similar Documents

Publication Publication Date Title
CN109412794B (en) Quantum key automatic charging method and system suitable for power business
CN103138938B (en) Based on SM2 certificate request and the application process of CSP
CN105072107A (en) System and method for enhancing data transmission and storage security
CN102594842A (en) Device-fingerprint-based network management message authentication and encryption scheme
CN105610837A (en) Method and system for identity authentication between master station and slave station in SCADA (Supervisory Control and Data Acquisition) system
CN109040120A (en) A kind of SV message encryption and decryption method based on IEC61850 standard
CN103746962A (en) GOOSE electric real-time message encryption and decryption method
CN111224974A (en) Method, system, electronic device and storage medium for network communication content encryption
CN104660590A (en) Cloud storage scheme for file encryption security
CN113312608A (en) Electric power metering terminal identity authentication method and system based on timestamp
CN110620660A (en) Key distribution method for data communication based on block chain
CN109586924A (en) A kind of intelligent distribution network data safe transmission method based on cloud computing
CN107249002B (en) Method, system and device for improving safety of intelligent electric energy meter
CN114024698A (en) Power distribution Internet of things service safety interaction method and system based on state cryptographic algorithm
Gong et al. The application of data encryption technology in computer network communication security
CN111953487B (en) Key management system
Tohidi et al. Lightweight authentication scheme for smart grid using Merkle hash tree and lossless compression hybrid method
Wang et al. Research and Implementation of Hybrid Encryption System Based on SM2 and SM4 Algorithm
CN107147626A (en) The encryption document transmission method that a kind of aes algorithm is combined with ElGamal algorithms
CN110113340A (en) Based on distribution RSA in Hadoop platform and DES mixed encryption method
CN108768923A (en) A kind of real-time encrypted method of chat of the Encryption Algorithm based on Quantum Reversible Logic circuit
CN107040921A (en) One kind is based on point-to-point SMS encryption system
CN111431721A (en) IBE-based Internet of things equipment encryption method in intelligent medical environment
Zhou et al. Dynamic encryption of power internet of things data based on national secret algorithm
Li et al. Research on the fusion architecture and application mode of quantum cryptography and classic cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181218