CN110233735B - Comprehensive safety protection method and system for grid-connected power station industrial control system - Google Patents

Abstract

A comprehensive safety protection method and system for a grid-connected power station industrial control system comprises the following steps: the field station initiates access authentication to the field terminal; after passing the authentication, the field station acquires the operation data of the field terminal, and encrypts and transmits the operation data to the master station based on a pre-constructed network transmission layer between the field station and the master station. According to the scheme, the safety encryption authentication is built on the field station and the field terminal, so that the safety of the new energy station system is improved in each link, the data packets transmitted in each link of the station system are prevented from being tampered and eavesdropped maliciously, and the running stability and the safety of the system are improved.

Description

Comprehensive safety protection method and system for grid-connected power station industrial control system

Technical Field

The invention relates to the field of electric power information safety, in particular to a comprehensive safety protection method and system for an industrial control system of a grid-connected power station.

Background

The power generation, transmission, transformation, distribution, power consumption, scheduling and other links of the power system are highly dependent on informatization. The power system is also gradually shifted from traditional closed independent to open interconnected. The network security risk faced by the new energy plant station is greatly increased. Once the new energy plant station is attacked by the network, large-area power failure accidents can be caused, and serious influence is brought to the normal order of the country and the society.

Compared with the traditional information system, the new energy plant station has the characteristics of complex field devices, wide distribution, high service continuity and real-time requirements, adoption of a special network transmission protocol and the like. Along with the gradual development of new energy factory station systems to intellectualization and interactivity, a great deal of researches are carried out on the aspects of network safety of a power grid by a learner, but the following problems still exist: (1) The protection of a large number of field terminal devices is weak, the environment is uncontrollable, and the problems of malicious control and further threat to the safety of a master station exist; (2) Because the electric power business has high requirement on real-time performance, part of special network transmission protocols have the problem of insufficient safety mechanism; (3) The industrial control system is mainly focused on service functions at the beginning of design, network security is not fully considered, and the problem that the main station has low perception capability on system network attack exists.

Disclosure of Invention

The invention provides a comprehensive safety protection method and system for a grid-connected power station industrial control system, and aims to solve the problem that in the information transmission process of a new energy station information system in the prior art, the research is easy to attack and threaten.

The technical scheme provided by the invention is as follows:

A comprehensive safety protection method for a grid-connected power station industrial control system comprises the following steps:

The field station initiates access authentication to the field terminal;

After passing the authentication, the field station acquires the operation data of the field terminal, and encrypts and transmits the operation data to the master station based on a pre-constructed network transmission layer between the field station and the master station.

Preferably, the access authentication of the field station to the field terminal includes:

the field station makes an authentication command;

After encrypting the authentication command, sending the authentication command to a field terminal;

and the field station receives the feedback command of the field terminal and constructs safety handshake authentication.

Preferably, the field station formulates an authentication command, encrypts the authentication command and sends the encrypted authentication command to the field terminal, including:

The field station generates an authentication command through a cryptoAPI function, and encrypts the authentication command through security handshake negotiation encryption;

The field station transmits the encrypted authentication command to a field terminal based on a standard APDU.

Preferably, the construction of the network transmission layer includes:

message verification and digital signature verification algorithms are added based on the message format of GOOSE/SMV protocol;

Based on TLS protocol library facing multi-class embedded and hardware architecture, adding TLS/SSL protocol layer between MMS and TCP/IP protocol;

And constructing the network transmission layer by customizing TLS configuration parameters and adopting an asymmetric algorithm.

Preferably, the message format based on GOOSE/SMV protocol, adding message verification and digital signature verification algorithm, includes:

calculating CRC value of the first 8 words of VLAN message, storing in reserved field 2, and constructing message verification;

and adding a GOOSE message extension signature at the tail part of the PDU, and storing the extension length in a reserved 1 field to construct a digital signature verification algorithm.

A comprehensive safety protection method for a grid-connected power station industrial control system comprises the following steps:

the field terminal performs access authentication on the field station;

And after the operation data pass, the field terminal sends the operation data to the field station.

Preferably, the access authentication of the field station to the field terminal includes:

The field terminal decrypts the encrypted authentication command sent by the field station through a hardware password program and formulates a feedback command;

And the field terminal sends the feedback command to a field station in a standard APDU command format to construct a security handshake authentication.

An integrated safety protection system for a grid-connected power station industrial control system, the system comprising:

A field station and a field terminal;

the field station is used for initiating access authentication to the field terminal; after passing the authentication, acquiring operation data of the field terminal;

The field station is further used for encrypting and transmitting the operation data to the external master station based on a network transmission layer pre-constructed between the field station and the external master station;

the field terminal is used for: performing access authentication on a field station, and after the access authentication is passed, transmitting operation data to the field station by a field terminal;

Wherein the network transmission layer connects the field station with an external master station.

Preferably, the field station includes:

the device comprises an instruction generation module, a communication module and a negotiation encryption module;

the instruction generation module is used for formulating an authentication command;

The negotiation encryption module is used for encrypting the authentication command;

The communication module is used for sending the encrypted authentication command to the field terminal and receiving a feedback command sent by the field terminal;

the negotiation encryption module is also used for constructing a security handshake authentication according to the feedback command.

Preferably, the instruction generating module is configured to generate an authentication command according to a CryptoAPI function, and send the authentication command to the secure handshake encryption submodule.

Preferably, the communication module is specifically configured to send the encrypted authentication command to the field terminal in a standard APDU command format, and send the feedback command sent by the field terminal to the negotiation encryption module in a standard APDU command format.

Preferably, the network transmission layer includes:

a message module and a protocol module;

the message module is used for adding a message verification algorithm and a digital signature verification algorithm based on a message format of GOOSE/SMV protocol;

the protocol module is used for adding a TLS/SSL protocol layer between MMS and TCP/IP protocols based on a TLS protocol library oriented to multi-class embedded and hardware architecture;

the protocol module is further configured to build the network transport layer by customizing TLS configuration parameters and adopting an asymmetric algorithm.

Preferably, the message module includes:

The GOOSE message construction sub-module, the digital signature verification sub-module and the message verification sub-module;

The GOOSE message construction submodule is used for converting the operation data into a message and transmitting the message from the power grid field layer to the main station layer;

the digital signature verification sub-module is used for constructing the network transmission layer by customizing TLS configuration parameters and adopting an asymmetric algorithm;

the message verification sub-module is used for adding a GOOSE message extension signature at the tail of the PDU, and storing the extension length in a reserved 1 field to construct a digital signature verification algorithm.

Preferably, the field terminal includes:

A security module and a data transmission module;

the safety module is used for decrypting the encrypted authentication command and making a feedback command to be sent to the communication module;

the data transmitting module is used for transmitting the operation data to the field terminal. Compared with the prior art, the invention has the beneficial effects that:

The technical scheme provided by the invention comprises the following steps: the field station initiates access authentication to the field terminal; after passing the authentication, the field station acquires the operation data of the field terminal, and encrypts and transmits the operation data to the master station based on a pre-constructed network transmission layer between the field station and the master station. According to the scheme, a one-to-one authentication mechanism between the field station and the field terminal is constructed, and from the viewpoint of the field station, the information potential safety hazard caused by the unmatched terminal or the maliciously transmitted external terminal to the field station is effectively reduced.

In the scheme, the field terminal performs access authentication on the field station; and after the operation data pass, the field terminal sends the operation data to the field station. By receiving the access authentication of the field master station at the field terminal, the fixed security authentication is constructed between the field terminal and the field master station, and other external terminals are prevented from randomly acquiring or eavesdropping on the transmission data packet of the new energy field station system.

In the scheme, the safety encryption authentication is constructed between the field station and the field terminal, so that the safety of the new energy station system is improved in each link, the data packets transmitted in each link of the station system are prevented from being tampered and eavesdropped maliciously, and the running stability and the safety of the system are improved.

Drawings

FIG. 1 is a diagram of a comprehensive safety protection system of a grid-connected power station industrial control system;

FIG. 2 is a framework of a new energy plant terminal security module;

FIG. 3 is a construction of a new energy plant site operation and maintenance safety control technology;

FIG. 4 is a new energy plant protocol enhancement framework;

FIG. 5 is a generic and security enhanced GOOSE message structure;

FIG. 6 is a flow chart of an integrity protection design based on digital signatures;

FIG. 7 is a custom TLS confidentiality protection scheme;

FIG. 8 is a new energy plant station master station application safety monitoring framework;

FIG. 9 is an anomaly detection of converged new energy plant station services;

FIG. 10 is a flow chart of a field station security authentication process;

fig. 11 is a flow chart of a field terminal security authentication method.

Detailed Description

For a better understanding of the present invention, reference is made to the following description, drawings and examples.

Example 1:

the embodiment provides a comprehensive safety protection method for a grid-connected power station industrial control system based on field station safety certification, and a field station safety certification flow chart is shown in fig. 10.

S1: the field station initiates access authentication to the field terminal.

And analyzing the network security risk of the field layer of the new energy plant station. The new energy plant station has huge field devices, various types and weak information safety protection capability. The information interaction between a large number of field terminals and a master station lacks an effective encryption authentication mechanism, and the field devices have the risk of being imitated. Once the field device is counterfeited, an attacker can use the device to send false data to the master station or transmit malicious codes to launch attacks on the master station, affecting its normal operation.

And analyzing the network security risk of the network transmission layer of the new energy plant station. Considering the characteristic of high requirement of the power grid on the real-time performance of the service, the encryption authentication mechanism is not considered in a great number of new energy plant station protocols at present. The information transmitted by the power network is in risk of being illegally monitored, once an attacker enters the new energy station network, the network can be randomly obtained and eavesdropped to transmit data packets, and even control commands are tampered or forged, so that serious consequences can be caused.

And analyzing the network security risk of the application layer of the new energy plant station main station. The network security abnormality monitoring capability of the new energy plant station is insufficient. The network security attack of the industrial control system generally aims at specific protocols and specific business logic and has the characteristics of definite attack targets, hidden operation, long latency time and the like. The existing general network security monitoring technology is mostly aimed at conventional abnormal behaviors, and is difficult to identify customized network attacks aimed at an industrial control system.

And carrying out safety protection on access authentication of the new energy plant station site massive heterogeneous terminals. The new energy plant station terminal mainly comprises a dedicated control, a negative control, an operation, an acquisition, a wireless monitoring, an intelligent ammeter and the like. The access authentication of the massive heterogeneous terminals is one of the main tasks of the information security protection of the new energy plant station. The invention realizes the encryption of the parameter setting and control instruction of the master station system, the verification of the data integrity and the bidirectional identity authentication of the master station and the terminal by configuring the safety module on the electric power field industrial control terminal equipment. The security module of the new energy factory station mainly comprises a hardware password module (currently mainly a TF card), a security transmission program and the like, and can encrypt and decrypt SM1, SM2 and SM3 series commercial password algorithms issued by the national password administration.

S2: after passing the authentication, the field station acquires the operation data of the field terminal, and encrypts and transmits the operation data to the master station based on a pre-constructed network transmission layer between the field station and the master station

And safety enhancement is carried out on the transmission protocol of the network transmission layer of the new energy plant station. MMS and GOOSE/SMV industrial control transmission rules based on IEC61850 standard are widely applied to new energy plants. The MMS transmission protocol is mainly used for configuring parameters of equipment of the power system; the GOOSE/SMV transmission protocol is mainly used for uploading power system state sampling data and equipment state information and issuing control instructions, and has high requirement on real-time performance. Based on IEC62351 standard, the invention provides a new energy plant station transmission protocol safety enhancement technology, mainly comprising integrity enhancement and confidentiality enhancement. On the premise of ensuring real-time performance, the requirements of integrity, confidentiality and non-repudiation are met, and identity authentication and access control are realized.

And carrying out integrity enhancement on the transmission protocol of the network transmission layer of the new energy plant station. Integrity protection is one of the basic key points of information security, and mainly adopts a data hashing technology and a digital signature technology. The invention mainly aims at the GOOSE/SMV protocol to carry out integrity protection design. And expanding a data frame structure by utilizing a GOOSE/SMV reserved field, and introducing a message verification code and a digital signature algorithm to ensure the integrity and the credibility of the control instruction and the sampling data. The data frame structure is modified as follows: firstly, calculating CRC value of the first 8 words of VLAN message and storing in reserved field 2; and adding a GOOSE message extension signature at the tail part of the PDU, and storing the extension length in a reserved 1 field.

And confidentiality and safety protection are carried out on the transmission protocol of the network transmission layer of the new energy plant station. In order to realize confidentiality protection of new energy plant station transmission protocol, the invention develops a set of TLS protocol library software oriented to multi-class embedded and hardware architecture, and adds a TLS/SSL protocol layer between MMS and TCP/IP protocols. By customizing TLS configuration parameters, a secure channel is constructed by adopting an asymmetric algorithm, and channel data is encrypted by adopting a symmetric algorithm.

And designing a new energy plant station main station application layer safety monitoring framework, and improving the safety monitoring level. At present, the application layer of the main station of the new energy plant lacks global new energy plant safety monitoring capability, and cannot timely sense and process industrial control attack threats. In contrast, the invention constructs a new energy plant station main station application safety monitoring framework, which mainly comprises two parts of message acquisition, analysis and monitoring.

In the safety monitoring framework, firstly, a Libpcap is utilized to obtain a new energy station message from a bypass of a network sink node of a main station of the new energy station, the message is deeply analyzed, and the network flow characteristics, protocol instruction characteristics and the like of an industrial control system are extracted. Attack analysis is then implemented by the event generation engine based on different security monitoring rules. The rule matching algorithm is to build a rule tree taking the attribute list as a node according to the rule attribute list contained in each rule. And finally, when the session starts, carrying out load content matching on each data packet in the connection, and further identifying the attack characteristics in the network message.

And constructing an anomaly detection technology integrating the power service, and detecting anomalies of the application layer of the new energy plant station main station. An attacker invades a new energy plant station, or steals by utilizing a vulnerability, or initiates network attack, malicious operation and the like to a master station and other legal terminals by destroying service data or impersonating a new energy plant station terminal, and the attack behaviors all show certain abnormal characteristics in the real-time interaction process of the power system. Therefore, in the new energy station safety monitoring process, an anomaly detection technology based on fusion of new energy station service is mainly adopted, and by combining with service logic of the new energy station, anomaly characteristics such as illegal malicious control behaviors of an application layer of a main station of the new energy station are deeply identified.

The anomaly detection technology for the fusion power service provided by the invention is characterized in that firstly, the interactive protocol is subjected to deep analysis to obtain instruction-level load information, and grammar semantics, service instructions and attack characteristic analysis are sequentially carried out. Then, aiming at the characteristics of the new energy plant station system, a key field capable of identifying the protocol behavior is extracted, and the illegal service instruction detection is carried out on the service control logic of the new energy plant station system. And finally, matching and matching the load information with an attack feature library to realize the detection of non-business related conventional network attack features in the message, identify the attack load in the protocol standard format message of the industrial control system and comprehensively detect the abnormal attack behaviors of the business layer and the general network layer of the new energy station system.

Example 2:

The embodiment provides a comprehensive safety protection method for an industrial control system of a grid-connected power station based on field terminal safety certification, and a field terminal safety certification flow chart is shown in fig. 11.

S1: and the field terminal performs access authentication on the field station.

The protection against the industrial control field device is weak, and the risk of being counterfeited and illegally accessed into the industrial control main station exists. The field device safety access technology and the field operation and maintenance management and control technology of the new energy plant station based on the safety encryption chip are provided. The technology utilizes the security chip and the special encryption algorithm to realize bidirectional identity authentication, data encryption and field operation and maintenance management and control between the field device and the master station, and ensures the field side security of the power control system.

Aiming at network security risks brought by new energy plant station transmission protocols. Firstly, a new energy plant station transmission protocol safety enhancement framework is built. And then, the integrity and confidentiality of the transmission protocol are respectively enhanced and designed based on the framework, the transmission strength of the protocol is improved, and the safety and reliability of network transmission of the new energy plant station system are ensured.

Aiming at network threats faced by a master station layer. The network anomaly detection technology integrating the new energy station service is provided. On the premise of not influencing the normal operation of the new energy plant, the network data flow is deeply analyzed through the bypass, and the abnormal analysis rule is designed by combining the service characteristics of the new energy plant, so that the attack threat is timely found, and the safe and stable operation of the main station layer is ensured.

In order to ensure the access safety of the new energy station terminal, a mass heterogeneous terminal access authentication technology is provided, a security module is accessed to the new energy station terminal, and a framework of the new energy station terminal security module is shown in fig. 2. The secure transfer program in the figure uses the operating system CryptoAPI function to obtain cryptographic services of the hardware cryptographic module. The CryptoAPI function relies on the operating system interface to pass cryptographic service information to the communication module. And the communication module and the hardware cryptographic module perform information interaction based on the standard APDU command, so as to obtain corresponding cryptographic service.

The working principle of the hardware cryptographic module is as follows: externally, the secure transmission program realizes communication with the hardware cryptographic module through the terminal; the hardware cipher program is mainly responsible for interpreting the command sent by the secure transmission program and returning the operation result to the secure transmission program.

S2: and after the operation data pass, the field terminal sends the operation data to the field station.

The invention provides a field operation and maintenance safety control technology of a new energy plant for guaranteeing the real-time performance of the field operation and maintenance safety control of the new energy plant. The technical architecture is shown in fig. 3. In the technical architecture, the kernel layer access control technical module mainly performs IP/MAC binding condition inspection on the forwarded power data packet, filters the data packet based on a filtering rule, provides kernel packet analysis and the like, and effectively ensures the safety access of the kernel layer. The basic protection technology module is mainly responsible for filtering and identifying the whitelist and the application protocol based on IP, MAC and service, and improves the basic protection capability of on-site operation and maintenance. The deep analysis engine technical module can realize deep protection of a special electric power protocol and behavior management and control of special operation and maintenance (on-site operation) business of electric power, and based on analysis of data packet content of an instruction level, abnormal operation and maintenance operation is identified based on business behavior rules, so that operation and maintenance management and control safety of a new energy plant site layer is further ensured.

In order to enhance the security of the network transmission layer transmission protocol of the new energy plant station system. Based on IEC62351 standard, the invention provides a new energy plant station transmission protocol safety enhancement technology, mainly comprising integrity enhancement and confidentiality enhancement, and an enhancement framework is shown in figure 4. In the aspect of integrity protection enhancement, the method mainly comprises the steps of CRC (cyclic redundancy check) of an industrial control protocol message, abstract of the industrial control protocol message and signature and verification of the industrial control protocol message. On the premise of ensuring real-time performance, the requirements of integrity, confidentiality and non-repudiation are met, and identity authentication and access control are realized.

And enhancing the transmission protocol GOOSE message. Integrity protection is one of the basic key points of information security, and mainly adopts a data hashing technology and a digital signature technology. The invention aims at the GOOSE/SMV protocol to carry out integrity protection design. And expanding a data frame structure by utilizing a GOOSE/SMV reserved field, and introducing a message verification code and a digital signature algorithm to ensure the integrity and the credibility of the control instruction and the sampling data. A structural modification is shown in fig. 5. The concrete transformation is as follows: firstly, calculating CRC value of the first 8 words of VLAN message and storing in reserved field 2; and adding a GOOSE message extension signature at the tail part of the PDU, and storing the extension length in a reserved 1 field.

In order to enhance the integrity of the transmission protocol of the new energy plant station system, the invention designs a protocol integrity verification flow and a protection design flow chart, as shown in fig. 6. The basic flow is as follows: 1) Additional integrity protection fields are added by extending the transmission protocol. 2) The field signature range is defined, and the data content and the start-stop range which need to be subjected to integrity protection are definitely defined. 3) And carrying out digest calculation and digital signature on the data in the protection range before transmission. 4) And the receiver performs signing removal on the signed abstract, compares the abstract and confirms the integrity.

In order to realize confidentiality protection of new energy plant station transmission protocol, the invention develops a set of TLS protocol library software oriented to multi-class embedded and hardware architecture, and adds a TLS/SSL protocol layer between MMS and TCP/IP protocols. By customizing TLS configuration parameters, a secure channel is constructed by adopting an asymmetric algorithm, and channel data is encrypted by adopting a symmetric algorithm. A specific protection scheme is shown in fig. 7.

In order to improve the safety monitoring capability of the application layer of the new energy plant station main station, the invention constructs a power grid industrial control safety monitoring framework, and mainly comprises two parts of message acquisition and analysis monitoring. The detection frame is shown in fig. 8. In the safety monitoring framework, firstly, a Libpcap is utilized to bypass from a network sink node of a main station of a new energy plant station system to obtain a new energy plant station message, the message is deeply analyzed, and the contents such as network flow characteristics, protocol instruction characteristics and the like of an industrial control system are extracted. Attack analysis is then implemented by the event generation engine based on different security monitoring rules. The rule matching algorithm is to build a rule tree taking the attribute list as a node according to the rule attribute list contained in each rule. And finally, when the session starts, carrying out load content matching on each data packet in the connection, and further identifying the attack characteristics in the network message.

And fusing an abnormality detection technology of the power service. An attacker invades a new energy station system, steals by utilizing a vulnerability, or initiates network attack, malicious operation and the like to a master station and other legal terminals by destroying service data or impersonating a new energy station terminal, and the attack behaviors can show certain abnormal characteristics in the real-time interaction process of the power system. Therefore, in the process of monitoring the safety of the new energy plant, the invention adopts the anomaly detection based on the service of the new energy plant, as shown in fig. 9. And combining the business logic of the new energy station, and deeply identifying abnormal characteristics such as illegal malicious control behaviors of an application layer of a main station of the new energy station.

The technology firstly carries out deep analysis on the interactive protocol to obtain instruction level load information, and carries out grammar semantics, business instructions and attack characteristic analysis in sequence. Then, aiming at the characteristics of the new energy plant station system, a key field capable of identifying the protocol behavior is extracted, and the illegal service instruction detection is carried out on the service control logic of the new energy plant station system. And finally, matching and matching the load information with an attack feature library to realize the detection of non-business related conventional network attack features in the message, identify the attack load in the protocol standard format message of the industrial control system and comprehensively detect the abnormal attack behaviors of the business layer and the general network layer of the new energy station system.

Example 3:

the embodiment provides a comprehensive safety protection system of an industrial control system of a grid-connected power station, and a system structure diagram is shown in fig. 1.

The system comprises: a field station and a field terminal;

the field station is used for initiating access authentication to the field terminal; after passing the authentication, acquiring operation data of the field terminal;

The field station is further used for encrypting and transmitting the operation data to the external master station based on a network transmission layer pre-constructed between the field station and the external master station;

the field terminal is used for: performing access authentication on a field station, and after the access authentication is passed, transmitting operation data to the field station by a field terminal;

Wherein the network transmission layer connects the field station with an external master station.

The field station comprises:

the device comprises an instruction generation module, a communication module and a negotiation encryption module;

the instruction generation module is used for formulating an authentication command;

The negotiation encryption module is used for encrypting the authentication command;

The communication module is used for sending the encrypted authentication command to the field terminal and receiving a feedback command sent by the field terminal;

the negotiation encryption module is also used for constructing a security handshake authentication according to the feedback command.

The instruction generation module is used for generating an authentication command according to the CryptoAPI function and sending the authentication command to the security handshake encryption sub-module.

The communication module is specifically configured to send the encrypted authentication command to the field terminal in a standard APDU command format, and send the feedback command sent by the field terminal to the negotiation encryption module in the standard APDU command format.

The network transport layer comprises:

a message module and a protocol module;

the message module is used for adding a message verification algorithm and a digital signature verification algorithm based on a message format of GOOSE/SMV protocol;

the protocol module is used for adding a TLS/SSL protocol layer between MMS and TCP/IP protocols based on a TLS protocol library oriented to multi-class embedded and hardware architecture;

the protocol module is further configured to build the network transport layer by customizing TLS configuration parameters and adopting an asymmetric algorithm.

The message module comprises:

The GOOSE message construction sub-module, the digital signature verification sub-module and the message verification sub-module;

The GOOSE message construction submodule is used for converting the operation data into a message and transmitting the message from the power grid field layer to the main station layer;

the digital signature verification sub-module is used for constructing the network transmission layer by customizing TLS configuration parameters and adopting an asymmetric algorithm;

the message verification sub-module is used for adding a GOOSE message extension signature at the tail of the PDU, and storing the extension length in a reserved 1 field to construct a digital signature verification algorithm.

The field terminal includes:

A security module and a data transmission module;

the safety module is used for decrypting the encrypted authentication command and making a feedback command to be sent to the communication module;

The data transmitting module is used for transmitting the operation data to the field terminal.

It will be apparent that the described embodiments are some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The foregoing is illustrative of the present invention and is not to be construed as limiting thereof, but rather as providing for the use of additional embodiments and advantages of all such modifications, equivalents, improvements and similar to the present invention are intended to be included within the scope of the present invention as defined by the appended claims.

Claims (8)

1. The comprehensive safety protection method for the grid-connected power station industrial control system is characterized by comprising the following steps of:

The field station initiates access authentication to the field terminal;

After passing the authentication, the field station acquires the operation data of the field terminal, and encrypts and transmits the operation data to the master station based on a network transmission layer pre-constructed between the field station and the master station;

Further comprises:

The method comprises the steps of constructing a new energy plant station main station application safety monitoring frame, including two parts of message acquisition, analysis and monitoring;

in the safety monitoring framework, firstly, a Libpcap is utilized to obtain a new energy station message from a bypass of a network sink node of a main station of the new energy station, the message is deeply analyzed, and network flow characteristics and protocol instruction characteristics of an industrial control system are extracted; then, attack analysis is realized based on different security monitoring rules through an event generation engine; the rule matching algorithm is that a rule tree taking an attribute list as a node is established according to the rule attribute list contained in each rule; finally, when the session starts, carrying out load content matching on each data packet in the connection, and further identifying attack characteristics in the network message;

Further comprises:

Detecting the abnormality of the application layer of the new energy plant station, firstly, carrying out deep analysis on the interaction protocol to obtain instruction-level load information, and sequentially carrying out grammar semantics, business instructions and attack characteristic analysis; then, aiming at the characteristics of the new energy plant station system, extracting key fields capable of identifying protocol behaviors, and detecting illegal service instructions of the service control logic of the new energy plant station system; finally, matching and matching the load information with an attack feature library to realize the detection of non-business related conventional network attack features in the message, identifying the attack load in the protocol standard format message of the industrial control system, and comprehensively detecting the abnormal attack behaviors of the business layer and the general network layer of the new energy station system;

the field station performs access authentication on the field terminal, and the method comprises the following steps:

the field station makes an authentication command;

After encrypting the authentication command, sending the authentication command to a field terminal;

The field station receives the feedback command of the field terminal and constructs a safety handshake authentication;

the field station makes an authentication command, encrypts the authentication command and sends the authentication command to the field terminal, and the authentication command comprises:

The field station generates an authentication command through a cryptoAPI function, and encrypts the authentication command through security handshake negotiation encryption;

The field station sends the encrypted authentication command to a field terminal based on a standard APDU;

The construction of the network transmission layer comprises the following steps:

message verification and digital signature verification algorithms are added based on the message format of GOOSE/SMV protocol;

Based on TLS protocol library facing multi-class embedded and hardware architecture, adding TLS/SSL protocol layer between MMS and TCP/IP protocol;

And constructing the network transmission layer by customizing TLS configuration parameters and adopting an asymmetric algorithm.

2. The method of claim 1, wherein the GOOSE/SMV protocol based message format, adding a message authentication and digital signature authentication algorithm, comprises:

calculating CRC value of the first 8 words of VLAN message, storing in reserved field 2, and constructing message verification;

and adding a GOOSE message extension signature at the tail part of the PDU, and storing the extension length in a reserved 1 field to construct a digital signature verification algorithm.

3. The comprehensive safety protection method for the grid-connected power station industrial control system is characterized by comprising the following steps of:

the field terminal performs access authentication on the field station;

after the operation data are passed, the field terminal sends the operation data to the field station;

Further comprises:

The method comprises the steps of constructing a new energy plant station main station application safety monitoring frame, including two parts of message acquisition, analysis and monitoring;

in the safety monitoring framework, firstly, a Libpcap is utilized to obtain a new energy station message from a bypass of a network sink node of a main station of the new energy station, the message is deeply analyzed, and network flow characteristics and protocol instruction characteristics of an industrial control system are extracted; then, attack analysis is realized based on different security monitoring rules through an event generation engine; the rule matching algorithm is that a rule tree taking an attribute list as a node is established according to the rule attribute list contained in each rule; finally, when the session starts, carrying out load content matching on each data packet in the connection, and further identifying attack characteristics in the network message;

Further comprises:

Detecting the abnormality of the application layer of the new energy plant station, firstly, carrying out deep analysis on the interaction protocol to obtain instruction-level load information, and sequentially carrying out grammar semantics, business instructions and attack characteristic analysis; then, aiming at the characteristics of the new energy plant station system, extracting key fields capable of identifying protocol behaviors, and detecting illegal service instructions of the service control logic of the new energy plant station system; and finally, matching and matching the load information with an attack feature library to realize the detection of non-business related conventional network attack features in the message, identify the attack load in the protocol standard format message of the industrial control system and comprehensively detect the abnormal attack behaviors of the business layer and the general network layer of the new energy station system.

4. The method of claim 3, wherein the field station performs access authentication for a field terminal, comprising:

The field terminal decrypts the encrypted authentication command sent by the field station through a hardware password program and formulates a feedback command;

And the field terminal sends the feedback command to a field station in a standard APDU command format to construct a security handshake authentication.

5. An integrated safety protection system for an industrial control system of a grid-connected power station, which is characterized by comprising:

A field station and a field terminal;

the field station is used for initiating access authentication to the field terminal; after passing the authentication, acquiring operation data of the field terminal;

The field station is further used for encrypting and transmitting the operation data to the external master station based on a network transmission layer pre-constructed between the field station and the external master station;

the field terminal is used for: performing access authentication on a field station, and after the access authentication is passed, transmitting operation data to the field station by a field terminal;

Wherein the network transmission layer connects the field station with an external master station;

the field station comprises:

the device comprises an instruction generation module, a communication module and a negotiation encryption module;

the instruction generation module is used for formulating an authentication command;

The negotiation encryption module is used for encrypting the authentication command;

The communication module is used for sending the encrypted authentication command to the field terminal and receiving a feedback command sent by the field terminal;

the negotiation encryption module is also used for constructing a safety handshake authentication according to the feedback command;

the instruction generation module is used for generating an authentication command according to the CryptoAPI function and sending the authentication command to the security handshake encryption sub-module;

The network transport layer comprises:

a message module and a protocol module;

the message module is used for adding a message verification algorithm and a digital signature verification algorithm based on a message format of GOOSE/SMV protocol;

the protocol module is used for adding a TLS/SSL protocol layer between MMS and TCP/IP protocols based on a TLS protocol library oriented to multi-class embedded and hardware architecture;

the protocol module is further used for constructing the network transmission layer by customizing TLS configuration parameters and adopting an asymmetric algorithm;

the system further comprises:

A new energy plant station main station;

the new energy plant station main station is used for constructing a new energy plant station main station application safety monitoring frame and comprises two parts of message acquisition, analysis and monitoring;

in the safety monitoring framework, firstly, a Libpcap is utilized to obtain a new energy station message from a bypass of a network sink node of a main station of the new energy station, the message is deeply analyzed, and network flow characteristics and protocol instruction characteristics of an industrial control system are extracted; then, attack analysis is realized based on different security monitoring rules through an event generation engine; the rule matching algorithm is that a rule tree taking an attribute list as a node is established according to the rule attribute list contained in each rule; finally, when the session starts, carrying out load content matching on each data packet in the connection, and further identifying attack characteristics in the network message;

The new energy plant station master station is used for detecting the abnormality of the application layer of the new energy plant station master station, firstly, the interaction protocol is deeply analyzed to obtain instruction-level load information, and grammar semantics, business instructions and attack characteristic analysis are sequentially carried out; then, aiming at the characteristics of the new energy plant station system, extracting key fields capable of identifying protocol behaviors, and detecting illegal service instructions of the service control logic of the new energy plant station system; and finally, matching and matching the load information with an attack feature library to realize the detection of non-business related conventional network attack features in the message, identify the attack load in the protocol standard format message of the industrial control system and comprehensively detect the abnormal attack behaviors of the business layer and the general network layer of the new energy station system.

6. The system of claim 5, wherein,

The communication module is specifically configured to send the encrypted authentication command to the field terminal in a standard APDU command format, and send the feedback command sent by the field terminal to the negotiation encryption module in the standard APDU command format.

7. The system of claim 5, wherein the message module comprises:

The GOOSE message construction sub-module, the digital signature verification sub-module and the message verification sub-module;

The GOOSE message construction submodule is used for converting the operation data into a message and transmitting the message from a power grid field layer to a main station layer;

the digital signature verification sub-module is used for constructing the network transmission layer by customizing TLS configuration parameters and adopting an asymmetric algorithm;

the message verification sub-module is used for adding a GOOSE message extension signature at the tail of the PDU, and storing the extension length in a reserved 1 field to construct a digital signature verification algorithm.

8. The system of claim 5, wherein the field terminal comprises:

A security module and a data transmission module;

the safety module is used for decrypting the encrypted authentication command and making a feedback command to be sent to the communication module;

The data transmitting module is used for transmitting the operation data to the field terminal.