CN109040120A - A kind of SV message encryption and decryption method based on IEC61850 standard - Google Patents
A kind of SV message encryption and decryption method based on IEC61850 standard Download PDFInfo
- Publication number
- CN109040120A CN109040120A CN201811067787.8A CN201811067787A CN109040120A CN 109040120 A CN109040120 A CN 109040120A CN 201811067787 A CN201811067787 A CN 201811067787A CN 109040120 A CN109040120 A CN 109040120A
- Authority
- CN
- China
- Prior art keywords
- message
- key
- encryption
- instmag
- management center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3093—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving Lattices or polynomial equations, e.g. NTRU scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses a kind of SV message encryption and decryption method based on IEC61850 standard, step 1, Key Management Center send key information to message transmitting party and message recipient;Step 2, agreement the number of iterations;Step 3, message transmitting party calculate encryption key;Step 4 extracts 61850 SV message instMag partial information data of IEC;Step 5 carries out encryption iteration operation;Step 6 fills encrypted result into 61850 SV message of IEC;Step 7, verification send message after passing through;Step 8, message recipient calculate decruption key;Step 9 extracts instMag partial information data in 61850 SV message of IEC;Interative computation is decrypted in step 10;Message merging is carried out after step 11, decryption, obtains respective electric amount.Under the premise of meeting communication of power system real-time, guarantee the safety of SV sampling value message, required calculation resources are few, and speed is fast.
Description
Technical field
The present invention relates to a kind of SV message encryptions and decryption method based on IEC61850 standard.
Background technique
Development and large-scale application with 61850 standard of IEC in China, and the investment of a large amount of digital transformer substations
Operation, so that a wide range of share of electric power sampled data becomes possibility, it can be electric power by the real time communication of sampled data
The new relay protection scheme for double such as system wide area protection provide data and support, avoid the appearance of information island.But as electric power is logical
The rapid expansion of communication network, incident is the safety problem of powerline network, and sampled data message, which will face, is usurped
The risk change, revealed, this is that cannot be neglected major issue for electric system.And traditional sampling message encryption algorithm by
It is big in operation time, it is not able to satisfy the requirement of real-time of 61850 standard of IEC, is difficult to apply in engineering practice.
Summary of the invention
In view of the above-mentioned problems, the present invention provides a kind of SV message encryption and decryption method based on IEC61850 standard,
Under the premise of meeting communication of power system real-time, guarantee the safety of SV sampling value message, using Encryption Algorithm only to message
The partial information of electrical quantity instMag is encrypted, and required calculation resources are few, and speed is fast, and for algorithm secret key distribution, guarantor
The problem of close difficulty introduces Key Management Protocol and carries out key encryption handling, maintains the safety of key and not will increase
The computation burden of each communication node.
To realize above-mentioned technical purpose and the technique effect, the invention is realized by the following technical scheme:
A kind of SV message encryption and decryption method based on IEC61850 standard, includes the following steps:
Step 1, Key Management Center send key information to message transmitting party and message recipient;
Step 2, message transmitting party and message recipient are according to communication network environment and equipment operational capability agreement iteration time
Number;
Step 3, message transmitting party calculate encryption key according to the key information combination private key that Key Management Center is sent, and
Encryption key is divided into k (0), k (1), k (2), (3) four parts k, each 32;
Step 4 is extracted 61850 SV message instMag partial information data of IEC, and is grouped as the to be added of 64bit
Secret report text, every group of clear text data are divided into v (0), (1) two part v, and each 32;
Step 5 carries out encryption iteration operation:
S=S+De;
Wherein, S is encryption iteration number, and initial value is 0;De value is 0x9e3779b9, is Fibonacci number;t1Initially
For v (0), t2It is initially v (1);A is k (0), and b is k (1), and c is k (2), and d is k (3);"<<" indicate to left dislocation, ">>" indicate
It is displaced to the right,Indicate XOR operation;
Merge encrypted result after step 6, operation, and encrypted result is filled into 61850 SV message of IEC;
Step 7 carries out CRC completeness check to 61850 SV message of IEC, and verification sends message after passing through;
After step 8, message recipient receive message, CRC check is carried out, after verification is errorless, message recipient is according to key
The key information combination private key that administrative center sends calculates decruption key, and decruption key is divided into k (0), k (1), k (2), k
(3) four parts, each 32;
Step 9, extract 61850 SV message of IEC in instMag partial information data, be grouped for 64bit it is to be decrypted
Message, every group of message to be decrypted are divided into v ' (0), (1) two part v ', and each 32;
Interative computation is decrypted in step 10:
S '=S '-De;
Wherein, S ' is decryption the number of iterations, and initial value is De*n, n be message transmitting party and message recipient both sides about
Fixed the number of iterations;o1It is initially v ' (0), o2It is initially v ' (1), a is k (0), and b is k (1), and c is k (2), and d is k (3), " < < "
It indicates to left dislocation, " > > " indicate to be displaced to the right,Indicate XOR operation;
Message merging is carried out after step 11, decryption, obtains respective electric amount.
It is preferred that step 1 specifically comprises the following steps:
Step 1-1, Key Management Center selectes a Big prime q, selected one of message transmitting party and message recipient with
Machine positive integer ru, wherein q >=m, m are the number of nodes of communication network, ru∈Zq *, Zq *For Big prime selected by Key Management Center
Set;
Step 1-2, Key Management Center selectes 3 parameter p, j, k, p, j, k ∈ Z at randomq *, constructed fuction f (x, y):
F (x, y)=[p+j (x+y)+kxy] modq
Wherein, mod is mould except calculating, and x, y are variable;
Step 1-3, Key Management Center calculates function g according to the following formulaa(x) and gb(x):
ga(x)=f (x, ra)modq
gb(x)=f (x, rb)modq
Wherein, raFor the private key of recipient, rbFor the private key of sender;
Step 1-4, Key Management Center sends following key information to message transmitting party:
Epuk_a[ga(x),Ti,rb]||Skdc[ga(x),Ti,rb]
Key Management Center sends following key information to message recipient:
Epuk_b[gb(x),Ti,ra]||Skdc[gb(x),Ti,ra]
Wherein, E indicates Blom Encryption Algorithm;Puk_a and puk_b respectively indicates the encrypted public key of sender and recipient;S
Indicate signature algorithm;The encrypted public key of kdc expression Key Management Center;TiTarget random number matrix when for band.
It is preferred that message transmitting party and message recipient, which are connected to after key information, calculates encryption key K using respective private keyab
With decruption key Kba:
Kab=ga(rb)modq
Kba=gb(ra)modq
Wherein, Kab=ga(rb) modq=f (ra,rb)=gb(ra) modq=Kba。
It is preferred that the value range of the number of iterations of agreement is 6-64 in step 2.
It is preferred that extracting the high 16bit information of each instMag information in step 4, every 4 instMag are used as one group to be added
The clear text of close algorithm inputs.
It is preferred that being divided into one group of carry out encrypting and decrypting when instMag number in SV message is less than or equal to 4;When
InstMag number is divided into 2 groups of carry out encrypting and decryptings when being greater than 4.
It is preferred that instMag is countless in clear text when instMag number in SV message is not 4 or 8
According to part, initial value is filled in order using 0;After decryption this instMag no data continuously is defaulted for 0 for 16.
The beneficial effects of the present invention are:
The first, the present invention only extracts electrical quantity in SV message for the particular content feature of 61850 SV message of IEC
Partial data is iterated encrypting and decrypting using Encryption Algorithm, and proposes for the characteristics of structure and Encryption Algorithm of SV message
A kind of new extraction information and information block method, guarantee its message integrality, required calculation resources finally by CRC check
Few, speed is fast, can satisfy the requirement of 61850 standard real-time Transmission of IEC processing time 4ms, and the present invention is meeting electric system
Under the premise of real-time communication requires, guarantee the safety of sampling value message.
The second, the present invention is extracted for the requirement of the specific structure feature and Encryption Algorithm of 61850 SV message of IEC
InstMag partial information is grouped and encrypting and decrypting, ensure that the safe transmission of information while reducing operand.
The Encryption Algorithm that third, the present invention use realizes that simple, execution speed is fast, and can be good at adapting to embedding
Enter the electric intelligent electronic equipment (Intelligent Electronic Device, IED) based on formula platform, stability is high, energy
Enough meet the requirement of intelligent digitalized substation.
4th, since Encryption Algorithm used is symmetric encipherment algorithm, i.e. communicating pair is encrypted using identical key
And decryption, and communication node is numerous in power system network, key safely, to be properly distributed it is difficult to realize, once appoint
The Key Exposure of meaning node, will cause the information security of entire communication network risk occur, so invention introduces keys
Administrative mechanism improves Encryption Algorithm, and the introducing of Key Management Center greatly reduces key distribution, the realization of secrecy hardly possible
Degree, and since most of calculating work of secret key cryptographic algorithm is all completed by Key Management Center, it ensure that the safety of key
Property and additional computing cost will not be increased to communicating pair.
Detailed description of the invention
Fig. 1 is communication structure schematic diagram of the present invention;
Fig. 2 is message encryption flow diagram of the present invention;
Fig. 3 is message encryption algorithm flow schematic diagram of the present invention;
Fig. 4 is message decipherment algorithm flow diagram of the present invention;
Fig. 5 is that distinct methods 32 of the present invention take turns iterative cryptographic time-consuming contrast schematic diagram;
Fig. 6 is that distinct methods 6 of the present invention take turns iterative cryptographic time-consuming contrast schematic diagram.
Specific embodiment
Technical solution of the present invention is described in further detail with specific embodiment with reference to the accompanying drawing, so that ability
The technical staff in domain can better understand the present invention and can be practiced, but illustrated embodiment is not as to limit of the invention
It is fixed.
The present invention to instMag partial information in 61850 SV message of IEC by carrying out being encrypted to ensure that the communication system of power grids
Safety avoids the occurrence of the risk that communication data is maliciously tampered and reveals, for the communicating requirement of 61850 standard of IEC, originally
The group technology that invention proposes meets the requirement of the design feature and Encryption Algorithm of SV message, and grouping is simple, speed is fast, uses
Encryption Algorithm easily realizes, high-efficient and can select the number of iterations according to the actual situation, meets in Contemporary Digital substation
The requirement of IED equipment, and introduce Key Management Protocol and encryption distribution has been carried out to key, substantially reduce communication network
The security risk of network.
Specifically, a kind of SV message encryption and decryption method based on IEC61850 standard, includes the following steps:
Step 1, Key Management Center send key information to message transmitting party and message recipient: in power system network
Communication node is numerous, key safely, to be properly distributed it is difficult to realize, once the Key Exposure of arbitrary node, will lead
It causes the information security of entire communication network risk occur, Encryption Algorithm is changed so invention introduces key management mechanisms
Into.As shown in Figure 1, listing the communication network architecture figure of 3 communication nodes, key present invention uses Key Management Protocol
Administrative center will distribute real-time cipher key information to each node, and each node is according to key information computation key, then carries out SV report
Text encryption and decryption.
It is preferred that step 1 specifically comprises the following steps:
Step 1-1, Key Management Center selectes a Big prime q, selected one of message transmitting party and message recipient with
Machine positive integer ru, wherein q >=m, m are the number of nodes of communication network, ru∈Zq *, Zq *For Big prime selected by Key Management Center
Set, the selection of this implementation column Key Management Center realize that software translating platform is VS2013 using computer software.
Step 1-2, Key Management Center selectes 3 parameter p, j, k, p, j, k ∈ Z at randomq *, constructed fuction f (x, y):
F (x, y)=[p+j (x+y)+kxy] modq
Wherein, mod be mould except calculate, x, y for institute constructed fuction f variable.
Step 1-3, Key Management Center calculates function g according to the following formulaa(x) and gb(x):
ga(x)=f (x, ra)modq
gb(x)=f (x, rb)modq
Wherein, raFor the private key of recipient, rbFor the private key of sender;
Step 1-4, Key Management Center sends following key information to message transmitting party:
Epuk_a[ga(x),Ti,rb]||Skdc[ga(x),Ti,rb]
Key Management Center sends following key information to message recipient:
Epuk_b[gb(x),Ti,ra]||Skdc[gb(x),Ti,ra]
Wherein, E indicates Blom Encryption Algorithm;Puk_a and puk_b respectively indicates the encrypted public key of sender and recipient;S
Indicate signature algorithm;The encrypted public key of kdc expression Key Management Center;TiTarget random number matrix when for band.
Key Management Center sends T to message transmitting partyiThe Encryption Algorithm E of corresponding moment senderpuk_a[ga(x),Ti,
rb] and signature algorithm Skdc[ga(x),Ti,rb], collectively constitute the key information of sender;T is sent to message recipientiWhen to correspondence
Carve the decipherment algorithm E of recipientpuk_b[gb(x),Ti,ra] and signature algorithm Skdc[gb(x),Ti,ra], collectively constitute sender's
Key information.
Message transmitting party and message recipient are connected to after key information and calculate encryption key K using respective private keyabReconciliation
Key Kba:
Kab=ga(rb)mod q
Kba=gb(ra)mod q
Because of polynomial symmetry thus, both sides' calculated result key: Kab=ga(rb) mod q=f (ra,rb)=gb(ra)
Modq=Kba。
Step 2, message transmitting party and message recipient are according to communication network environment and equipment operational capability agreement iteration time
Number.Sending and receiving both sides arrange the number of iterations according to communication network environment and equipment operational capability, based on encryption used herein
Arithmetic logic and feature at least carry out 6 wheel iteration, and all digits of information data can all change, if message safety collar
Border is severe and IED performance allows, and the number of iterations can increase to 32 wheels, and maximum 64 is taken turns.
Step 3, message transmitting party calculate encryption key according to the key information combination private key that Key Management Center is sent, and
Encryption key is divided into k (0), k (1), k (2), (3) four parts k, each 32, total 128bit.
Step 4 is extracted 61850 SV message instMag partial information data of IEC, and is grouped as the to be added of 64bit
Secret report text, every group of clear text data are divided into v (0), (1) two part v, and each 32.
As shown in Fig. 2, the present invention extracts instMag partial information in 61850 SV message of IEC, each SV report first
Literary structure include beginning flag, address, priority, type, length and protocol Data Unit (Protocol data Unit,
PDU), provide that each PDU may include 1 to 8 Application service data unit (Application according to 61850 standard of IEC
Service Data Unit, ASDU), the part instMag is located in the domain DataSet of ASDU latter half, each
The thresholding of instMag all reflects the specific value of an electrical quantity, is the most crucial content of whole SV message, ensure that
The data safety of the part instMag, it is ensured that the essential information safety of SV message.Finally using the complete of CRC check message
Property, it is ensured that electric power communication network it is safe and reliable.
It is preferred that extracting information in step 4 and group technology being as follows:
The safety that can guarantee information need to be only encrypted i.e. to partial information, provided according to IEC61850 standard, every SV message
8 instMag information are contained up to, each instMag information is 32bit, and Encryption Algorithm input clear text is fixed as
64bit, extracts the high 16bit information of each instMag information, and every 4 instMag are one group of secret report to be added as Encryption Algorithm
Text input.
When instMag number in SV message is less than or equal to 4, it is divided into one group of carry out encrypting and decrypting;When instMag
Number is divided into 2 groups of carry out encrypting and decryptings when being greater than 4.
When instMag number in SV message is not 4 or 8, the portion of instMag no data in clear text
Point, initial value is filled in order using 0;After decryption this instMag no data continuously is defaulted for 0 for 16.
Step 5 carries out encryption iteration operation:
S=S+De;
Wherein, S is encryption iteration number, and initial value is 0;De value is 0x9e3779b9, is Fibonacci number;t1Initially
For v (0), t2It is initially v (1);A is k (0), and b is k (1), and c is k (2), and d is k (3);"<<" indicate to left dislocation, ">>" indicate
It is displaced to the right,Indicate XOR operation;T1, t2 are the data informations obtained after being grouped confidential information to be added, each time
It can change after iteration.
Merge encrypted result after step 6, operation, and encrypted result is filled into 61850 SV message of IEC.Report
For text encryption implementation flow chart as shown in figure 3, variable i represents iterative algorithm counting how many times flag bit in figure, n represents sending and receiving both sides
The number of iterations of agreement, " ^ " indicate XOR operation.
Step 7 carries out CRC completeness check to 61850 SV message of IEC, and verification sends message after passing through, passes through CRC
Verification guarantees message integrality.
After step 8, message recipient receive message, CRC check is carried out, after verification is errorless, message recipient is according to key
The key information combination private key that administrative center sends calculates decruption key, and decruption key is divided into k (0), k (1), k (2), k
(3) four parts, each 32.
Step 9 extracts instMag partial information data in 61850 SV message of IEC, and extracted information is to have added at this time
Secret report text, is grouped as 64bit message to be decrypted, and every group of message to be decrypted is divided into v ' (0), (1) two part v ', and each 32
Position.
Interative computation is decrypted in step 10:
S '=S '-De;
Wherein, S ' is decryption the number of iterations, and initial value is De*n, n be message transmitting party and message recipient both sides about
Fixed the number of iterations;o1It is initially v ' (0), o2It is initially v ' (1), a is k (0), and b is k (1), and c is k (2), and d is k (3), " < < "
It indicates to left dislocation, " > > " indicate to be displaced to the right,Indicate XOR operation;
Message merging is carried out after step 11, decryption, obtains respective electric amount, implementation flow chart such as Fig. 4 institute of message decryption
Show, variable i represents iterative algorithm counting how many times flag bit in figure, and n represents the number of iterations of sending and receiving both sides agreement, and " ^ " indicates different
Or operation.
It as shown in Figure 5, Figure 6, is iteration 32 times and iteration 6 times under distinct methods time-consuming comparisons, dotted line expression is not extracted
InstMag information encrypts the entire part PDU, and solid line indicates according to the method for the present invention, to extract instMag information and carry out
Encryption, statistics indicate that the present invention is clearly more superior in time-consuming.
The beneficial effects of the present invention are:
The first, the present invention only extracts electrical quantity in SV message for the particular content feature of 61850 SV message of IEC
Partial data is iterated encrypting and decrypting using Encryption Algorithm, and proposes for the characteristics of structure and Encryption Algorithm of SV message
A kind of new extraction information and information block method, guarantee its message integrality, required calculation resources finally by CRC check
Few, speed is fast, can satisfy the requirement of 61850 standard real-time Transmission of IEC processing time 4ms, and the present invention is meeting electric system
Under the premise of real-time communication requires, guarantee the safety of sampling value message.
The second, the present invention is extracted for the requirement of the specific structure feature and Encryption Algorithm of 61850 SV message of IEC
InstMag partial information is grouped and encrypting and decrypting, ensure that the safe transmission of information while reducing operand.
The Encryption Algorithm that third, the present invention use realizes that simple, execution speed is fast, and can be good at adapting to embedding
Enter the electric intelligent electronic equipment (Intelligent Electronic Device, IED) based on formula platform, stability is high, energy
Enough meet the requirement of intelligent digitalized substation.
4th, since Encryption Algorithm used is symmetric encipherment algorithm, i.e. communicating pair is encrypted using identical key
And decryption, and communication node is numerous in power system network, key safely, to be properly distributed it is difficult to realize, once appoint
The Key Exposure of meaning node, will cause the information security of entire communication network risk occur, so invention introduces keys
Administrative mechanism improves Encryption Algorithm, and the introducing of Key Management Center greatly reduces key distribution, the realization of secrecy hardly possible
Degree, and since most of calculating work of secret key cryptographic algorithm is all completed by Key Management Center, it ensure that the safety of key
Property and additional computing cost will not be increased to communicating pair.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure made by bright specification and accompanying drawing content perhaps equivalent process transformation or be directly or indirectly used in other correlation
Technical field, be included within the scope of the present invention.
Claims (7)
1. a kind of SV message encryption and decryption method based on IEC61850 standard, which comprises the steps of:
Step 1, Key Management Center send key information to message transmitting party and message recipient;
Step 2, message transmitting party and message recipient arrange the number of iterations according to communication network environment and equipment operational capability;
Step 3, message transmitting party calculate encryption key according to the key information combination private key that Key Management Center is sent, and will add
Key is divided into k (0), k (1), k (2), (3) four parts k, and each 32;
Step 4 extracts 61850 SV message instMag partial information data of IEC, and the secret report to be added being grouped as 64bit
Text, every group of clear text data are divided into v (0), (1) two part v, and each 32;
Step 5 carries out encryption iteration operation:
S=S+De;
Wherein, S is encryption iteration number, and initial value is 0;De value is 0x9e3779b9, is Fibonacci number;t1It is initially v
(0), t2It is initially v (1);A is k (0), and b is k (1), and c is k (2), and d is k (3);"<<" indicate to left dislocation, ">>" indicate to
Right displacement,Indicate XOR operation;
Merge encrypted result after step 6, operation, and encrypted result is filled into 61850 SV message of IEC;
Step 7 carries out CRC completeness check to 61850 SV message of IEC, and verification sends message after passing through;
After step 8, message recipient receive message, CRC check is carried out, after verification is errorless, message recipient is according to key management
The key information combination private key that center is sent calculates decruption key, and decruption key is divided into k (0), k (1), k (2), k (3) four
A part, each 32;
Step 9 extracts instMag partial information data in 61850 SV message of IEC, is grouped as 64bit report to be decrypted
Text, every group of message to be decrypted are divided into v ' (0), (1) two part v ', and each 32;
Interative computation is decrypted in step 10:
S '=S '-De;
Wherein, S ' is decryption the number of iterations, and initial value is De*n, and n is that message transmitting party and message recipient both sides arrange
The number of iterations;o1It is initially v ' (0), o2It is initially v ' (1), a is k (0), and b is k (1), and c is k (2), and d is k (3), and " < < " indicates
To left dislocation, " > > " indicate to be displaced to the right,Indicate XOR operation;
Message merging is carried out after step 11, decryption, obtains respective electric amount.
2. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 1, feature exist
In step 1 specifically comprises the following steps:
Step 1-1, Key Management Center selectes a Big prime q, and message transmitting party and message recipient are selecting one at random just
Integer ru, wherein q >=m, m are the number of nodes of communication network, ru∈Zq *, Zq *For the set of Big prime selected by Key Management Center;
Step 1-2, Key Management Center selectes 3 parameter p, j, k, p, j, k ∈ Z at randomq *, constructed fuction f (x, y):
F (x, y)=[p+j (x+y)+kxy] modq
Wherein, mod is mould except calculating, and x, y are variable;
Step 1-3, Key Management Center calculates function g according to the following formulaa(x) and gb(x):
ga(x)=f (x, ra)modq
gb(x)=f (x, rb)modq
Wherein, raFor the private key of recipient, rbFor the private key of sender;
Step 1-4, Key Management Center sends following key information to message transmitting party:
Epuk_a[ga(x),Ti,rb]||Skdc[ga(x),Ti,rb]
Key Management Center sends following key information to message recipient:
Epuk_b[gb(x),Ti,ra]||Skdc[gb(x),Ti,ra]
Wherein, E indicates Blom Encryption Algorithm;Puk_a and puk_b respectively indicates the encrypted public key of sender and recipient;S is indicated
Signature algorithm;The encrypted public key of kdc expression Key Management Center;TiTarget random number matrix when for band.
3. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 2, feature exist
In message transmitting party and message recipient are connected to after key information and calculate encryption key K using respective private keyabAnd decruption key
Kba:
Kab=ga(rb)modq
Kba=gb(ra)modq
Wherein, Kab=ga(rb) modq=f (ra,rb)=gb(ra) modq=Kba。
4. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 1, feature exist
In in step 2, the value range of the number of iterations of agreement is 6-64.
5. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 2, feature exist
In, in step 4, extract the high 16bit information of each instMag information, every 4 instMag be one group as Encryption Algorithm to
Encrypt message input.
6. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 5, feature exist
In, when instMag number in SV message be less than or equal to 4 when, be divided into one group of carry out encrypting and decrypting;When instMag number is big
It is divided into 2 groups of carry out encrypting and decryptings when 4.
7. a kind of SV message encryption and decryption method based on IEC61850 standard according to claim 6, feature exist
In, when instMag number in SV message is not 4 or 8, the part of instMag no data in clear text, just
Initial value is filled in order using 0;After decryption this instMag no data continuously is defaulted for 0 for 16.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811067787.8A CN109040120A (en) | 2018-09-13 | 2018-09-13 | A kind of SV message encryption and decryption method based on IEC61850 standard |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811067787.8A CN109040120A (en) | 2018-09-13 | 2018-09-13 | A kind of SV message encryption and decryption method based on IEC61850 standard |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109040120A true CN109040120A (en) | 2018-12-18 |
Family
ID=64622034
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811067787.8A Pending CN109040120A (en) | 2018-09-13 | 2018-09-13 | A kind of SV message encryption and decryption method based on IEC61850 standard |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109040120A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113364756A (en) * | 2021-05-31 | 2021-09-07 | 广东电网有限责任公司 | Intelligent electronic equipment data transmission method, device, system and medium |
CN113556231A (en) * | 2021-06-16 | 2021-10-26 | 南京南瑞继保工程技术有限公司 | Control information security authentication method based on IEC61850 control model |
CN114697081A (en) * | 2022-02-28 | 2022-07-01 | 国网江苏省电力有限公司淮安供电分公司 | Intrusion detection method and system based on IEC61850 SV message operation situation model |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110252243A1 (en) * | 2010-04-07 | 2011-10-13 | Apple Inc. | System and method for content protection based on a combination of a user pin and a device specific identifier |
CN103716163A (en) * | 2013-12-12 | 2014-04-09 | 华南理工大学 | SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard |
CN105391701A (en) * | 2015-10-28 | 2016-03-09 | 济南知芯集成电路技术有限公司 | Data encryption method and system |
CN106845304A (en) * | 2017-01-22 | 2017-06-13 | 国网江苏省电力公司电力科学研究院 | A kind of method and system for realizing reader and smart-tag authentication in rfid system |
-
2018
- 2018-09-13 CN CN201811067787.8A patent/CN109040120A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110252243A1 (en) * | 2010-04-07 | 2011-10-13 | Apple Inc. | System and method for content protection based on a combination of a user pin and a device specific identifier |
CN103716163A (en) * | 2013-12-12 | 2014-04-09 | 华南理工大学 | SV message encryption and decryption method meeting IEC61850-9-2 (LE) standard |
CN105391701A (en) * | 2015-10-28 | 2016-03-09 | 济南知芯集成电路技术有限公司 | Data encryption method and system |
CN106845304A (en) * | 2017-01-22 | 2017-06-13 | 国网江苏省电力公司电力科学研究院 | A kind of method and system for realizing reader and smart-tag authentication in rfid system |
Non-Patent Citations (3)
Title |
---|
SIMON J. SHEPHERD: "The Tiny Encryption Algorithm", 《CRYPTOLOGIA》 * |
王智东等: "基于微型加密算法的IEC 61850-9-2LE报文加密方法", 《电力系统自动化》 * |
路保辉: "智能电网AMI 通信系统及其数据安全策略研究", 《电网技术》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113364756A (en) * | 2021-05-31 | 2021-09-07 | 广东电网有限责任公司 | Intelligent electronic equipment data transmission method, device, system and medium |
CN113556231A (en) * | 2021-06-16 | 2021-10-26 | 南京南瑞继保工程技术有限公司 | Control information security authentication method based on IEC61850 control model |
CN113556231B (en) * | 2021-06-16 | 2024-04-09 | 南京南瑞继保工程技术有限公司 | Control information security identification method based on IEC61850 control model |
CN114697081A (en) * | 2022-02-28 | 2022-07-01 | 国网江苏省电力有限公司淮安供电分公司 | Intrusion detection method and system based on IEC61850 SV message operation situation model |
CN114697081B (en) * | 2022-02-28 | 2024-05-07 | 国网江苏省电力有限公司淮安供电分公司 | Intrusion detection method and system based on IEC61850 SV message running situation model |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109412794B (en) | Quantum key automatic charging method and system suitable for power business | |
CN103138938B (en) | Based on SM2 certificate request and the application process of CSP | |
CN105072107A (en) | System and method for enhancing data transmission and storage security | |
CN102594842A (en) | Device-fingerprint-based network management message authentication and encryption scheme | |
CN105610837A (en) | Method and system for identity authentication between master station and slave station in SCADA (Supervisory Control and Data Acquisition) system | |
CN109040120A (en) | A kind of SV message encryption and decryption method based on IEC61850 standard | |
CN103746962A (en) | GOOSE electric real-time message encryption and decryption method | |
CN111224974A (en) | Method, system, electronic device and storage medium for network communication content encryption | |
CN104660590A (en) | Cloud storage scheme for file encryption security | |
CN113312608A (en) | Electric power metering terminal identity authentication method and system based on timestamp | |
CN110620660A (en) | Key distribution method for data communication based on block chain | |
CN109586924A (en) | A kind of intelligent distribution network data safe transmission method based on cloud computing | |
CN107249002B (en) | Method, system and device for improving safety of intelligent electric energy meter | |
CN114024698A (en) | Power distribution Internet of things service safety interaction method and system based on state cryptographic algorithm | |
Gong et al. | The application of data encryption technology in computer network communication security | |
CN111953487B (en) | Key management system | |
Tohidi et al. | Lightweight authentication scheme for smart grid using Merkle hash tree and lossless compression hybrid method | |
Wang et al. | Research and Implementation of Hybrid Encryption System Based on SM2 and SM4 Algorithm | |
CN107147626A (en) | The encryption document transmission method that a kind of aes algorithm is combined with ElGamal algorithms | |
CN110113340A (en) | Based on distribution RSA in Hadoop platform and DES mixed encryption method | |
CN108768923A (en) | A kind of real-time encrypted method of chat of the Encryption Algorithm based on Quantum Reversible Logic circuit | |
CN107040921A (en) | One kind is based on point-to-point SMS encryption system | |
CN111431721A (en) | IBE-based Internet of things equipment encryption method in intelligent medical environment | |
Zhou et al. | Dynamic encryption of power internet of things data based on national secret algorithm | |
Li et al. | Research on the fusion architecture and application mode of quantum cryptography and classic cryptography |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |